[master]

[ISC-Bugs #26108]
Add a compile time option, enable-secs-byteorder, to deal with
clients that do the byte ordering on the secs field incorrectly.
This field should be in network byte order but some clients
get it wrong.  When this option is enabled the server will examine
the secs field and if it looks wrong (high byte non zero and low
byte zero) swap the bytes.  The default is disabled.  This option
is only useful when doing load balancing within failover.

3 files changed, 226 insertions, 18 deletions

diff --git a/server/failover.c b/server/failover.c
index 5a6d37fc..56b07aa9 100644
--- a/server/failover.c
+++ b/server/failover.c
@@ -5840,38 +5840,52 @@ int load_balance_mine (struct packet *packet, dhcp_failover_state_t *state)
 	struct data_string ds;
 	unsigned char hbaix;
 	int hm;
+	u_int16_t ec; 
 
-	if (state -> load_balance_max_secs < ntohs (packet -> raw -> secs)) {
-		return 1;
+	ec = ntohs(packet->raw->secs);
+
+#if defined(SECS_BYTEORDER)
+	/*
+	 * If desired check to see if the secs field may have been byte
+	 * swapped.  We assume it has if the high order byte isn't cleared
+	 * while the low order byte is cleared.  In this case we swap the
+	 * bytes and continue processing.
+	 */
+	if ((ec > 255) && ((ec & 0xff) == 0)) {
+		ec = (ec >> 8) | (ec << 8);
+	}
+#endif
+
+	if (state->load_balance_max_secs < ec) {
+		return (1);
 	}
 
 	/* If we don't have a hash bucket array, we can't tell if this
 	   one's ours, so we assume it's not. */
-	if (!state -> hba)
-		return 0;
+	if (!state->hba)
+		return (0);
 
-	oc = lookup_option (&dhcp_universe, packet -> options,
-			    DHO_DHCP_CLIENT_IDENTIFIER);
-	memset (&ds, 0, sizeof ds);
+	oc = lookup_option(&dhcp_universe, packet->options,
+			   DHO_DHCP_CLIENT_IDENTIFIER);
+	memset(&ds, 0, sizeof ds);
 	if (oc &&
-	    evaluate_option_cache (&ds, packet, (struct lease *)0,
-				   (struct client_state *)0,
-				   packet -> options, (struct option_state *)0,
-				   &global_scope, oc, MDL)) {
-		hbaix = loadb_p_hash (ds.data, ds.len);
+	    evaluate_option_cache(&ds, packet, NULL, NULL,
+				  packet->options, NULL,
+				  &global_scope, oc, MDL)) {
+		hbaix = loadb_p_hash(ds.data, ds.len);
 
 		data_string_forget(&ds, MDL);
 	} else {
-		hbaix = loadb_p_hash (packet -> raw -> chaddr,
-				      packet -> raw -> hlen);
+		hbaix = loadb_p_hash(packet->raw->chaddr,
+				     packet->raw->hlen);
 	}
 
 	hm = state->hba[(hbaix >> 3) & 0x1F] & (1 << (hbaix & 0x07));
 
-	if (state -> i_am == primary)
-		return hm;
+	if (state->i_am == primary)
+		return (hm);
 	else
-		return !hm;
+		return (!hm);
 }
 
 /* The inverse of load_balance_mine ("load balance theirs").  We can't
diff --git a/server/tests/Makefile.am b/server/tests/Makefile.am
index e840fd08..6e5b79e0 100644
--- a/server/tests/Makefile.am
+++ b/server/tests/Makefile.am
@@ -28,7 +28,7 @@ if HAVE_ATF
 check: $(ATF_TESTS)
 	atf-run | atf-report
 
-ATF_TESTS += dhcpd_unittests legacy_unittests hash_unittests
+ATF_TESTS += dhcpd_unittests legacy_unittests hash_unittests load_bal_unittests
 
 dhcpd_unittests_SOURCES = $(DHCPSRC)
 dhcpd_unittests_SOURCES += simple_unittest.c
@@ -46,6 +46,9 @@ hash_unittests_LDADD = $(DHCPLIBS) $(ATF_LDFLAGS)
 legacy_unittests_SOURCES = $(DHCPSRC) mdb6_unittest.c
 legacy_unittests_LDADD = $(DHCPLIBS) $(ATF_LDFLAGS)
 
+load_bal_unittests_SOURCES = $(DHCPSRC) load_bal_unittest.c
+load_bal_unittests_LDADD = $(DHCPLIBS) $(ATF_LDFLAGS)
+
 endif
 
 check_PROGRAMS = $(ATF_TESTS) $(TESTS)
diff --git a/server/tests/load_bal_unittest.c b/server/tests/load_bal_unittest.c
new file mode 100644
index 00000000..1500f34d
--- /dev/null
+++ b/server/tests/load_bal_unittest.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <config.h>
+
+#include "dhcpd.h"
+
+#include <atf-c.h>
+
+/*
+ * Test the load balancing code.  
+ *
+ * The two main variables are:
+ * packet => the "packet" being processed
+ * state  => the "state" of the failover peer
+ * We only fill in the fields necessary for our testing
+ * packet->raw->secs   => amount of time the client has been trying
+ * packet->raw->hlen   => the length of the mac address of the client
+ * packet->raw->chaddr => the mac address of the client
+ * To simplify the tests the mac address will be only 1 byte long and
+ * not really matter.  Instead the hba will be all 1s and the tests
+ * will use the primary/secondary flag to change the expected result.
+ *
+ * state->i_am => primary or secondary
+ * state->load_balance_max_secs => maxixum time for a client to be trying
+ *                                 before the other peer responds
+ *                                 set to 5 for these tests
+ * state->hba = array of hash buckets assigning the hash to primary or secondary
+ *              set to all ones (all primary) for theses tests
+ */
+
+ATF_TC(load_balance);
+
+ATF_TC_HEAD(load_balance, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "This test case checks that "
+			  "load balancing works.");
+}
+
+ATF_TC_BODY(load_balance, tc)
+{
+	struct packet packet;
+	struct dhcp_packet raw;
+	dhcp_failover_state_t pstate, sstate;
+	u_int8_t hba[256];
+
+	memset(&packet, 0, sizeof(struct packet));
+	memset(&raw, 0, sizeof(struct dhcp_packet));
+	packet.raw = &raw;
+	raw.hlen = 1;
+	raw.chaddr[0] = 14;
+
+	memset(hba, 0xFF, 256);
+
+	/* primary state */
+	memset(&pstate, 0, sizeof(dhcp_failover_state_t));
+	pstate.i_am = primary;
+	pstate.load_balance_max_secs = 5;
+	pstate.hba = hba;
+
+	/* secondary state, we can reuse the hba as it doesn't change */
+	memset(&sstate, 0, sizeof(dhcp_failover_state_t));
+	sstate.i_am = secondary;
+	sstate.load_balance_max_secs = 5;
+	sstate.hba = hba;
+
+	/* Basic check, primary accepted, secondary not */
+	raw.secs = htons(0);
+	if (load_balance_mine(&packet, &pstate) != 1) {
+		atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
+	}
+
+	if (load_balance_mine(&packet, &sstate) != 0) {
+		atf_tc_fail("ERROR: secondary accepted %s:%d", MDL);
+	}
+	
+
+	/* Timeout not exceeded, primary accepted, secondary not */
+	raw.secs = htons(2);
+	if (load_balance_mine(&packet, &pstate) != 1) {
+		atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
+	}
+
+	if (load_balance_mine(&packet, &sstate) != 0) {
+		atf_tc_fail("ERROR: secondary accepted %s:%d", MDL);
+	}
+	
+	/* Timeout exceeded, both accepted */
+	raw.secs = htons(6);
+	if (load_balance_mine(&packet, &pstate) != 1) {
+		atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
+	}
+
+	if (load_balance_mine(&packet, &sstate) != 1) {
+		atf_tc_fail("ERROR: secondary not accepted %s:%d", MDL);
+	}
+
+	/* Timeout exeeded with a large value, both accepted */
+	raw.secs = htons(257);
+	if (load_balance_mine(&packet, &pstate) != 1) {
+		atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
+	}
+
+	if (load_balance_mine(&packet, &sstate) != 1) {
+		atf_tc_fail("ERROR: secondary not accepted %s:%d", MDL);
+	}
+	
+}
+
+ATF_TC(load_balance_swap);
+
+ATF_TC_HEAD(load_balance_swap, tc)
+{
+	atf_tc_set_md_var(tc, "descr", "This test case checks that "
+			  "load balancing works with byteswapping.");
+}
+
+ATF_TC_BODY(load_balance_swap, tc)
+{
+#if defined(SECS_BYTEORDER)
+	struct packet packet;
+	struct dhcp_packet raw;
+	dhcp_failover_state_t pstate, sstate;
+	u_int8_t hba[256];
+
+	memset(&packet, 0, sizeof(struct packet));
+	memset(&raw, 0, sizeof(struct dhcp_packet));
+	packet.raw = &raw;
+	raw.hlen = 1;
+	raw.chaddr[0] = 14;
+
+	memset(hba, 0xFF, 256);
+
+	/* primary state */
+	memset(&pstate, 0, sizeof(dhcp_failover_state_t));
+	pstate.i_am = primary;
+	pstate.load_balance_max_secs = 5;
+	pstate.hba = hba;
+
+	/* secondary state, we can reuse the hba as it doesn't change */
+	memset(&sstate, 0, sizeof(dhcp_failover_state_t));
+	sstate.i_am = secondary;
+	sstate.load_balance_max_secs = 5;
+	sstate.hba = hba;
+
+	/* Small byteswapped timeout, primary accepted, secondary not*/
+	raw.secs = htons(256);
+	if (load_balance_mine(&packet, &pstate) != 1) {
+		atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
+	}
+
+	if (load_balance_mine(&packet, &sstate) != 0) {
+		atf_tc_fail("ERROR: secondary accepted %s:%d", MDL);
+	}
+
+	/* Large byteswapped timeout, both accepted*/
+	raw.secs = htons(256 * 6);
+	if (load_balance_mine(&packet, &pstate) != 1) {
+		atf_tc_fail("ERROR: primary not accepted %s:%d", MDL);
+	}
+
+	if (load_balance_mine(&packet, &sstate) != 1) {
+		atf_tc_fail("ERROR: secondary not accepted %s:%d", MDL);
+	}
+	
+#else
+	atf_tc_skip("SECS_BYTEORDER not defined");
+#endif
+}
+
+
+ATF_TP_ADD_TCS(tp)
+{
+	ATF_TP_ADD_TC(tp, load_balance);
+	ATF_TP_ADD_TC(tp, load_balance_swap);
+
+	return (atf_no_error());
+}