init: Implement fallback for DHCP servers without Rapid Commit

When a server answers DHCPDISCOVER with DHCPOFFER instead of an immediate ACK,
send DHCPREQUEST for the and wait for the final ACK.

This makes DHCP work on macOS hosts when using gvproxy for networking.

Signed-off-by: Matej Hrica <mhrica@redhat.com>

Author: mtjhrc

init/dhcp.c

@@ -26,6 +26,8 @@
 #include <unistd.h>
 
 #define DHCP_BUFFER_SIZE 576
+#define DHCP_MSG_OFFER 2
+#define DHCP_MSG_ACK 5
 
 /* Helper function to send netlink message */
 static int nl_send(int sock, struct nlmsghdr *nlh)
@@ -255,6 +257,137 @@ static unsigned char count_leading_ones(uint32_t val)
     return count;
 }
 
+/* Return the DHCP message type (option 53) from a response, or 0 */
+static unsigned char get_dhcp_msg_type(const unsigned char *response,
+                                       ssize_t len)
+{
+    /* Walk DHCP options (TLV chain starting after the magic cookie) */
+    size_t p = 240;
+    while (p < (size_t)len) {
+        unsigned char opt = response[p];
+
+        if (opt == 0xff) /* end */
+            break;
+        if (opt == 0) { /* padding */
+            p++;
+            continue;
+        }
+
+        unsigned char opt_len = response[p + 1];
+        p += 2;
+
+        if (p + opt_len > (size_t)len)
+            break;
+        if (opt == 53 && opt_len >= 1) /* Message Type */
+            return response[p];
+
+        p += opt_len;
+    }
+    return 0;
+}
+
+/* Parse a DHCP ACK and configure the interface. Returns 0 or -1 on error. */
+static int handle_dhcp_ack(int nl_sock, int iface_index,
+                           const unsigned char *response, ssize_t len)
+{
+    /* Need at least 240 bytes (DHCP header + magic cookie) + 1 for options */
+    if (len < 241) {
+        printf("DHCPACK too short (%zd bytes)\n", len);
+        return -1;
+    }
+
+    /* Parse DHCP response */
+    struct in_addr addr;
+    /* yiaddr is at offset 16-19 in network byte order */
+    memcpy(&addr.s_addr, &response[16], sizeof(addr.s_addr));
+
+    if (addr.s_addr == INADDR_ANY) {
+        printf("DHCPACK has no address (yiaddr is 0.0.0.0)\n");
+        return -1;
+    }
+
+    struct in_addr netmask = {.s_addr = INADDR_ANY};
+    struct in_addr router = {.s_addr = INADDR_ANY};
+    /* Clamp MTU to passt's limit */
+    uint16_t mtu = 65520;
+
+    FILE *resolv = fopen("/etc/resolv.conf", "w");
+    if (!resolv) {
+        perror("Failed to open /etc/resolv.conf");
+    }
+
+    /* Parse DHCP options (start at offset 240 after magic cookie) */
+    size_t p = 240;
+    while (p < (size_t)len) {
+        unsigned char opt = response[p];
+
+        if (opt == 0xff) {
+            /* Option 255: End (of options) */
+            break;
+        }
+
+        if (opt == 0) { /* Padding */
+            p++;
+            continue;
+        }
+
+        unsigned char opt_len = response[p + 1];
+        p += 2; /* Length doesn't include code and length field itself */
+
+        if (p + opt_len > (size_t)len) {
+            /* Malformed packet, option length exceeds packet boundary */
+            break;
+        }
+
+        if (opt == 1 && opt_len >= 4) {
+            /* Option 1: Subnet Mask */
+            memcpy(&netmask.s_addr, &response[p], sizeof(netmask.s_addr));
+        } else if (opt == 3 && opt_len >= 4) {
+            /* Option 3: Router */
+            memcpy(&router.s_addr, &response[p], sizeof(router.s_addr));
+        } else if (opt == 6 && opt_len >= 4) {
+            /* Option 6: Domain Name Server */
+            if (resolv) {
+                for (int dns_p = p; dns_p + 4 <= p + opt_len; dns_p += 4) {
+                    fprintf(resolv, "nameserver %d.%d.%d.%d\n", response[dns_p],
+                            response[dns_p + 1], response[dns_p + 2],
+                            response[dns_p + 3]);
+                }
+            }
+        } else if (opt == 26 && opt_len >= 2) {
+            /* Option 26: Interface MTU */
+            mtu = (response[p] << 8) | response[p + 1];
+
+            /* We don't know yet if IPv6 is available: don't go below 1280 B
+             */
+            if (mtu < 1280)
+                mtu = 1280;
+            if (mtu > 65520)
+                mtu = 65520;
+        }
+
+        p += opt_len;
+    }
+
+    if (resolv) {
+        fclose(resolv);
+    }
+
+    /* Calculate prefix length from netmask */
+    unsigned char prefix_len = count_leading_ones(ntohl(netmask.s_addr));
+
+    if (mod_addr4(nl_sock, iface_index, RTM_NEWADDR, addr, prefix_len) != 0) {
+        printf("couldn't add the address provided by the DHCP server\n");
+        return -1;
+    }
+    if (mod_route4(nl_sock, iface_index, RTM_NEWROUTE, router) != 0) {
+        printf("couldn't add the default route provided by the DHCP server\n");
+        return -1;
+    }
+    set_mtu(nl_sock, iface_index, mtu);
+    return 0;
+}
+
 /* Send DISCOVER with Rapid Commit, process ACK, configure address and route */
 int do_dhcp(const char *iface)
 {
@@ -386,106 +519,90 @@ int do_dhcp(const char *iface)
         goto cleanup;
     }
 
-    /* Get and process response (DHCPACK) if any */
+    /* Get response: DHCPACK (Rapid Commit) or DHCPOFFER */
     struct sockaddr_in from_addr;
     socklen_t from_len = sizeof(from_addr);
     ssize_t len = recvfrom(sock, response, sizeof(response), 0,
                            (struct sockaddr *)&from_addr, &from_len);
 
-    close(sock);
-    sock = -1;
-
-    if (len > 0) {
-        /* Parse DHCP response */
-        struct in_addr addr;
-        /* yiaddr is at offset 16-19 in network byte order */
-        memcpy(&addr.s_addr, &response[16], sizeof(addr.s_addr));
+    if (len <= 0)
+        goto done; /* No DHCP response — not an error, VM may be IPv6-only */
 
-        struct in_addr netmask = {.s_addr = INADDR_ANY};
-        struct in_addr router = {.s_addr = INADDR_ANY};
-        /* Clamp MTU to passt's limit */
-        uint16_t mtu = 65520;
+    unsigned char msg_type = get_dhcp_msg_type(response, len);
 
-        FILE *resolv = fopen("/etc/resolv.conf", "w");
-        if (!resolv) {
-            perror("Failed to open /etc/resolv.conf");
+    if (msg_type == DHCP_MSG_ACK) {
+        /* Rapid Commit — server sent ACK directly */
+        close(sock);
+        sock = -1;
+        if (handle_dhcp_ack(nl_sock, iface_index, response, len) != 0)
+            goto cleanup;
+    } else if (msg_type == DHCP_MSG_OFFER) {
+        /*
+         * DHCPOFFER — complete the 4-way handshake by sending DHCPREQUEST
+         * and waiting for DHCPACK. Servers without Rapid Commit (e.g.
+         * gvproxy) require this.
+         */
+        struct in_addr offered_addr;
+        memcpy(&offered_addr.s_addr, &response[16],
+               sizeof(offered_addr.s_addr));
+
+        /* Build DHCPREQUEST */
+        memset(request.options, 0, sizeof(request.options));
+        opt_offset = 0;
+
+        /* Option 53: DHCP Message Type = REQUEST (3) */
+        request.options[opt_offset++] = 53;
+        request.options[opt_offset++] = 1;
+        request.options[opt_offset++] = 3;
+
+        /* Option 50: Requested IP Address */
+        request.options[opt_offset++] = 50;
+        request.options[opt_offset++] = 4;
+        memcpy(&request.options[opt_offset], &offered_addr.s_addr, 4);
+        opt_offset += 4;
+
+        /* Option 54: Server Identifier (from_addr) */
+        request.options[opt_offset++] = 54;
+        request.options[opt_offset++] = 4;
+        memcpy(&request.options[opt_offset], &from_addr.sin_addr.s_addr, 4);
+        opt_offset += 4;
+
+        /* Option 255: End */
+        request.options[opt_offset++] = 0xff;
+
+        if (sendto(sock, &request, sizeof(request), 0,
+                   (struct sockaddr *)&dest_addr, sizeof(dest_addr)) < 0) {
+            perror("sendto DHCPREQUEST failed");
+            goto cleanup;
         }
 
-        /* Parse DHCP options (start at offset 240 after magic cookie) */
-        size_t p = 240;
-        while (p < (size_t)len) {
-            unsigned char opt = response[p];
+        from_len = sizeof(from_addr);
+        len = recvfrom(sock, response, sizeof(response), 0,
+                       (struct sockaddr *)&from_addr, &from_len);
 
-            if (opt == 0xff) {
-                /* Option 255: End (of options) */
-                break;
-            }
-
-            if (opt == 0) { /* Padding */
-                p++;
-                continue;
-            }
-
-            unsigned char opt_len = response[p + 1];
-            p += 2; /* Length doesn't include code and length field itself */
-
-            if (p + opt_len > (size_t)len) {
-                /* Malformed packet, option length exceeds packet boundary */
-                break;
-            }
-
-            if (opt == 1) {
-                /* Option 1: Subnet Mask */
-                memcpy(&netmask.s_addr, &response[p], sizeof(netmask.s_addr));
-            } else if (opt == 3) {
-                /* Option 3: Router */
-                memcpy(&router.s_addr, &response[p], sizeof(router.s_addr));
-            } else if (opt == 6) {
-                /* Option 6: Domain Name Server */
-                if (resolv) {
-                    for (int dns_p = p; dns_p + 3 < p + opt_len; dns_p += 4) {
-                        fprintf(resolv, "nameserver %d.%d.%d.%d\n",
-                                response[dns_p], response[dns_p + 1],
-                                response[dns_p + 2], response[dns_p + 3]);
-                    }
-                }
-            } else if (opt == 26) {
-                /* Option 26: Interface MTU */
-                mtu = (response[p] << 8) | response[p + 1];
-
-                /* We don't know yet if IPv6 is available: don't go below 1280 B
-                 */
-                if (mtu < 1280)
-                    mtu = 1280;
-                if (mtu > 65520)
-                    mtu = 65520;
-            }
-
-            p += opt_len;
-        }
+        close(sock);
+        sock = -1;
 
-        if (resolv) {
-            fclose(resolv);
+        if (len <= 0) {
+            printf("no DHCPACK received\n");
+            goto cleanup;
         }
 
-        /* Calculate prefix length from netmask */
-        unsigned char prefix_len = count_leading_ones(ntohl(netmask.s_addr));
-
-        if (mod_addr4(nl_sock, iface_index, RTM_NEWADDR, addr, prefix_len) !=
-            0) {
-            printf("couldn't add the address provided by the DHCP server\n");
+        if (get_dhcp_msg_type(response, len) != DHCP_MSG_ACK) {
+            printf("expected DHCPACK but got message type %d\n",
+                   get_dhcp_msg_type(response, len));
             goto cleanup;
         }
-        if (mod_route4(nl_sock, iface_index, RTM_NEWROUTE, router) != 0) {
-            printf(
-                "couldn't add the default route provided by the DHCP server\n");
+
+        if (handle_dhcp_ack(nl_sock, iface_index, response, len) != 0)
             goto cleanup;
-        }
-        set_mtu(nl_sock, iface_index, mtu);
+    } else {
+        printf("unexpected DHCP message type %d\n", msg_type);
+        goto cleanup;
     }
 
+done:
     ret = 0;
-
 cleanup:
     if (sock >= 0) {
         close(sock);

init/dhcp.h

@@ -37,15 +37,17 @@ struct dhcp_packet {
  * Perform DHCP discovery and configuration for a network interface
  *
  * This function:
- * 1. Sets up a temporary link-local address (169.254.1.1/16)
+ * 1. Binds a UDP socket to the interface using SO_BINDTODEVICE
  * 2. Sends a DHCP DISCOVER message with Rapid Commit option
- * 3. Waits up to 100ms for a DHCP ACK response
- * 4. Parses the response and configures:
+ * 3. Waits up to 100ms for a response:
+ *    - If DHCPACK (Rapid Commit): applies configuration directly
+ *    - If DHCPOFFER: sends DHCPREQUEST and waits for DHCPACK
+ *    - If no response: returns success (VM may be IPv6-only)
+ * 4. Parses the ACK and configures:
  *    - IPv4 address with appropriate prefix length
  *    - Default gateway route
  *    - DNS servers (overwriting /etc/resolv.conf)
  *    - Interface MTU
- * 5. Cleans up temporary configuration
  *
  * Parameters:
  *   iface - The name of the network interface to be configured.