2 * dhcp.c Functions to send/receive dhcp packets.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/libradius.h>
28 #include <freeradius-devel/udpfromto.h>
29 #include <freeradius-devel/dhcp.h>
32 * This doesn't appear to work right now.
37 #define DHCP_CHADDR_LEN (16)
38 #define DHCP_SNAME_LEN (64)
39 #define DHCP_FILE_LEN (128)
40 #define DHCP_VEND_LEN (308)
41 #define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
43 #ifndef INADDR_BROADCAST
44 #define INADDR_BROADCAST INADDR_NONE
47 typedef struct dhcp_packet_t {
53 uint16_t secs; /* 8 */
55 uint32_t ciaddr; /* 12 */
56 uint32_t yiaddr; /* 16 */
57 uint32_t siaddr; /* 20 */
58 uint32_t giaddr; /* 24 */
59 uint8_t chaddr[DHCP_CHADDR_LEN]; /* 28 */
60 uint8_t sname[DHCP_SNAME_LEN]; /* 44 */
61 uint8_t file[DHCP_FILE_LEN]; /* 108 */
62 uint32_t option_format; /* 236 */
63 uint8_t options[DHCP_VEND_LEN];
66 typedef struct dhcp_option_t {
72 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 DISCOVER
73 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 OFFER
74 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 REQUEST
75 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 ACK
77 static const char *dhcp_header_names[] = {
80 "DHCP-Hardware-Address-Length",
82 "DHCP-Transaction-Id",
83 "DHCP-Number-of-Seconds",
85 "DHCP-Client-IP-Address",
86 "DHCP-Your-IP-Address",
87 "DHCP-Server-IP-Address",
88 "DHCP-Gateway-IP-Address",
89 "DHCP-Client-Hardware-Address",
90 "DHCP-Server-Host-Name",
96 static const char *dhcp_message_types[] = {
109 static int dhcp_header_sizes[] = {
120 * Some clients silently ignore responses less than 300 bytes.
122 #define MIN_PACKET_SIZE (244)
123 #define DEFAULT_PACKET_SIZE (300)
124 #define MAX_PACKET_SIZE (1500 - 40)
126 #define DHCP_OPTION_FIELD (0)
127 #define DHCP_FILE_FIELD (1)
128 #define DHCP_SNAME_FIELD (2)
130 static uint8_t *dhcp_get_option(dhcp_packet_t *packet, size_t packet_size,
135 int field = DHCP_OPTION_FIELD;
137 uint8_t *data = packet->options;
140 size = packet_size - offsetof(dhcp_packet_t, options);
141 data = &packet->options[where];
143 while (where < size) {
144 if (data[0] == 0) { /* padding */
149 if (data[0] == 255) { /* end of options */
150 if ((field == DHCP_OPTION_FIELD) &&
151 (overload & DHCP_FILE_FIELD)) {
154 size = sizeof(packet->file);
155 field = DHCP_FILE_FIELD;
158 } else if ((field == DHCP_FILE_FIELD) &&
159 (overload && DHCP_SNAME_FIELD)) {
160 data = packet->sname;
162 size = sizeof(packet->sname);
163 field = DHCP_SNAME_FIELD;
171 * We MUST have a real option here.
173 if ((where + 2) > size) {
174 fr_strerror_printf("Options overflow field at %u",
175 (unsigned int) (data - (uint8_t *) packet));
179 if ((where + 2 + data[1]) > size) {
180 fr_strerror_printf("Option length overflows field at %u",
181 (unsigned int) (data - (uint8_t *) packet));
185 if (data[0] == option) return data;
187 if (data[0] == 52) { /* overload sname and/or file */
191 where += data[1] + 2;
199 * DHCPv4 is only for IPv4. Broadcast only works if udpfromto is
202 RADIUS_PACKET *fr_dhcp_recv(int sockfd)
205 struct sockaddr_storage src;
206 struct sockaddr_storage dst;
207 socklen_t sizeof_src;
208 socklen_t sizeof_dst;
209 RADIUS_PACKET *packet;
213 packet = rad_alloc(0);
215 fr_strerror_printf("Failed allocating packet");
218 memset(packet, 0, sizeof(packet));
220 packet->data = malloc(MAX_PACKET_SIZE);
222 fr_strerror_printf("Failed in malloc");
227 packet->sockfd = sockfd;
228 sizeof_src = sizeof(src);
229 #ifdef WITH_UDPFROMTO
230 sizeof_dst = sizeof(dst);
231 packet->data_len = recvfromto(sockfd, packet->data, MAX_PACKET_SIZE, 0,
232 (struct sockaddr *)&src, &sizeof_src,
233 (struct sockaddr *)&dst, &sizeof_dst);
235 packet->data_len = recvfrom(sockfd, packet->data, MAX_PACKET_SIZE, 0,
236 (struct sockaddr *)&src, &sizeof_src);
239 if (packet->data_len <= 0) {
240 fr_strerror_printf("Failed reading DHCP socket: %s", strerror(errno));
245 if (packet->data_len < MIN_PACKET_SIZE) {
246 fr_strerror_printf("DHCP packet is too small (%d < %d)",
247 (int) packet->data_len, MIN_PACKET_SIZE);
252 if (packet->data[1] != 1) {
253 fr_strerror_printf("DHCP can only receive ethernet requests, not type %02x",
259 if (packet->data[2] != 6) {
260 fr_strerror_printf("Ethernet HW length is wrong length %d",
266 memcpy(&magic, packet->data + 236, 4);
267 magic = ntohl(magic);
268 if (magic != DHCP_OPTION_MAGIC_NUMBER) {
269 fr_strerror_printf("Cannot do BOOTP");
275 * Create unique keys for the packet.
277 memcpy(&magic, packet->data + 4, 4);
278 packet->id = ntohl(magic);
280 code = dhcp_get_option((dhcp_packet_t *) packet->data,
281 packet->data_len, 53);
283 fr_strerror_printf("No message-type option was found in the packet");
288 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
289 fr_strerror_printf("Unknown value for message-type option");
294 packet->code = code[2] | PW_DHCP_OFFSET;
297 * Create a unique vector from the MAC address and the
298 * DHCP opcode. This is a hack for the RADIUS
299 * infrastructure in the rest of the server.
301 * Note: packet->data[2] == 6, which is smaller than
302 * sizeof(packet->vector)
304 * FIXME: Look for client-identifier in packet,
307 memset(packet->vector, 0, sizeof(packet->vector));
308 memcpy(packet->vector, packet->data + 28, packet->data[2]);
309 packet->vector[packet->data[2]] = packet->code & 0xff;
312 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
313 * FIXME: for OFFER / ACK : src_port = dst_port - 1
317 * Unique keys are xid, client mac, and client ID?
321 * FIXME: More checks, like DHCP packet type?
324 sizeof_dst = sizeof(dst);
326 #ifndef WITH_UDPFROMTO
328 * This should never fail...
330 getsockname(sockfd, (struct sockaddr *) &dst, &sizeof_dst);
333 fr_sockaddr2ipaddr(&dst, sizeof_dst, &packet->dst_ipaddr, &port);
334 packet->dst_port = port;
336 fr_sockaddr2ipaddr(&src, sizeof_src, &packet->src_ipaddr, &port);
337 packet->src_port = port;
339 if (fr_debug_flag > 1) {
341 const char *name = type_buf;
342 char src_ip_buf[256], dst_ip_buf[256];
344 if ((packet->code >= PW_DHCP_DISCOVER) &&
345 (packet->code <= PW_DHCP_INFORM)) {
346 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
348 snprintf(type_buf, sizeof(type_buf), "%d",
349 packet->code - PW_DHCP_OFFSET);
352 DEBUG("Received %s of id %08x from %s:%d to %s:%d\n",
353 name, (unsigned int) packet->id,
354 inet_ntop(packet->src_ipaddr.af,
355 &packet->src_ipaddr.ipaddr,
356 src_ip_buf, sizeof(src_ip_buf)),
358 inet_ntop(packet->dst_ipaddr.af,
359 &packet->dst_ipaddr.ipaddr,
360 dst_ip_buf, sizeof(dst_ip_buf)),
369 * Send a DHCP packet.
371 int fr_dhcp_send(RADIUS_PACKET *packet)
373 struct sockaddr_storage dst;
374 socklen_t sizeof_dst;
375 #ifdef WITH_UDPFROMTO
376 struct sockaddr_storage src;
377 socklen_t sizeof_src;
380 fr_ipaddr2sockaddr(&packet->dst_ipaddr, packet->dst_port,
384 * The client doesn't yet have an IP address, but is
385 * expecting an ethernet packet unicast to it's MAC
386 * address. We need to build a raw frame.
388 if (packet->offset == 0) {
390 * FIXME: Insert code here!
394 #ifndef WITH_UDPFROMTO
396 * Assume that the packet is encoded before sending it.
398 return sendto(packet->sockfd, packet->data, packet->data_len, 0,
399 (struct sockaddr *)&dst, sizeof_dst);
401 fr_ipaddr2sockaddr(&packet->src_ipaddr, packet->src_port,
404 return sendfromto(packet->sockfd,
405 packet->data, packet->data_len, 0,
406 (struct sockaddr *)&src, sizeof_src,
407 (struct sockaddr *)&dst, sizeof_dst);
411 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen);
413 static int decode_tlv(VALUE_PAIR *tlv, const uint8_t *data, size_t data_len)
416 VALUE_PAIR *head, **tail, *vp;
419 * Take a pass at parsing it.
422 while (p < (data + data_len)) {
423 if ((p + 2) > (data + data_len)) goto make_tlv;
425 if ((p + p[1] + 2) > (data + data_len)) goto make_tlv;
430 * Got here... must be well formed.
436 while (p < (data + data_len)) {
437 vp = paircreate(tlv->attribute | (p[0] << 8), DHCP_MAGIC_VENDOR, PW_TYPE_OCTETS);
443 if (fr_dhcp_attr2vp(vp, p + 2, p[1]) < 0) {
454 * The caller allocated TLV, so we need to copy the FIRST
455 * attribute over top of that.
458 memcpy(tlv, head, sizeof(*tlv));
466 tlv->vp_tlv = malloc(data_len);
468 fr_strerror_printf("No memory");
471 memcpy(tlv->vp_tlv, data, data_len);
472 tlv->length = data_len;
479 * Decode ONE value into a VP
481 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen)
485 if (alen != 1) goto raw;
486 vp->vp_integer = p[0];
490 if (alen != 2) goto raw;
491 vp->vp_integer = (p[0] << 8) | p[1];
494 case PW_TYPE_INTEGER:
495 if (alen != 4) goto raw;
496 memcpy(&vp->vp_integer, p, 4);
497 vp->vp_integer = ntohl(vp->vp_integer);
501 if (alen != 4) goto raw;
502 memcpy(&vp->vp_ipaddr, p , 4);
507 if (alen > 253) return -1;
508 memcpy(vp->vp_strvalue, p , alen);
509 vp->vp_strvalue[alen] = '\0';
513 vp->type = PW_TYPE_OCTETS;
516 if (alen > 253) return -1;
517 memcpy(vp->vp_octets, p, alen);
521 return decode_tlv(vp, p, alen);
524 fr_strerror_printf("Internal sanity check %d %d", vp->type, __LINE__);
526 } /* switch over type */
532 int fr_dhcp_decode(RADIUS_PACKET *packet)
537 VALUE_PAIR *head, *vp, **tail;
538 VALUE_PAIR *maxms, *mtu;
544 if ((fr_debug_flag > 2) && fr_log_fp) {
545 for (i = 0; i < packet->data_len; i++) {
546 if ((i & 0x0f) == 0x00) fr_strerror_printf("%d: ", i);
547 fprintf(fr_log_fp, "%02x ", packet->data[i]);
548 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
550 fprintf(fr_log_fp, "\n");
553 if (packet->data[1] != 1) {
554 fr_strerror_printf("Packet is not Ethernet: %u",
562 for (i = 0; i < 14; i++) {
563 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
565 fr_strerror_printf("Parse error %s", fr_strerror());
571 (packet->data[1] == 1) &&
572 (packet->data[2] == 6)) {
573 vp->type = PW_TYPE_ETHERNET;
578 vp->vp_integer = p[0];
583 vp->vp_integer = (p[0] << 8) | p[1];
587 case PW_TYPE_INTEGER:
588 memcpy(&vp->vp_integer, p, 4);
589 vp->vp_integer = ntohl(vp->vp_integer);
594 memcpy(&vp->vp_ipaddr, p, 4);
599 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
600 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
601 vp->length = strlen(vp->vp_strvalue);
602 if (vp->length == 0) {
608 memcpy(vp->vp_octets, p, packet->data[2]);
609 vp->length = packet->data[2];
612 case PW_TYPE_ETHERNET:
613 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
614 vp->length = sizeof(vp->vp_ether);
618 fr_strerror_printf("BAD TYPE %d", vp->type);
622 p += dhcp_header_sizes[i];
632 * Loop over the options.
634 next = packet->data + 240;
637 * FIXME: This should also check sname && file fields.
638 * See the dhcp_get_option() function above.
640 while (next < (packet->data + packet->data_len)) {
641 int num_entries, alen;
647 if (*p == 255) break; /* end of options signifier */
648 if ((p + 2) > (packet->data + packet->data_len)) break;
653 fr_strerror_printf("Attribute too long %u %u",
658 da = dict_attrbyvalue(p[0], DHCP_MAGIC_VENDOR);
660 fr_strerror_printf("Attribute not in our dictionary: %u",
671 * Could be an array of bytes, integers, etc.
673 if (da->flags.array) {
680 case PW_TYPE_SHORT: /* ignore any trailing data */
681 num_entries = alen >> 1;
686 case PW_TYPE_INTEGER:
687 case PW_TYPE_DATE: /* ignore any trailing data */
688 num_entries = alen >> 2;
694 break; /* really an internal sanity failure */
699 * Loop over all of the entries, building VPs
701 for (i = 0; i < num_entries; i++) {
702 vp = pairmake(da->name, NULL, T_OP_EQ);
704 fr_strerror_printf("Cannot build attribute %s",
711 * Hack for ease of use.
713 if ((da->attr == 0x3d) &&
715 (alen == 7) && (*p == 1) && (num_entries == 1)) {
716 vp->type = PW_TYPE_ETHERNET;
717 memcpy(vp->vp_octets, p + 1, 6);
720 } else if (fr_dhcp_attr2vp(vp, p, alen) < 0) {
729 tail = &(*tail)->next;
732 } /* loop over array entries */
733 } /* loop over the entire packet */
736 * If DHCP request, set ciaddr to zero.
740 * Set broadcast flag for broken vendors, but only if
743 memcpy(&giaddr, packet->data + 24, sizeof(giaddr));
744 if (giaddr == htonl(INADDR_ANY)) {
746 * DHCP Opcode is request
748 vp = pairfind(head, 256, DHCP_MAGIC_VENDOR);
749 if (vp && vp->vp_integer == 3) {
751 * Vendor is "MSFT 98"
753 vp = pairfind(head, 63, DHCP_MAGIC_VENDOR);
754 if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
755 vp = pairfind(head, 262, DHCP_MAGIC_VENDOR);
758 * Reply should be broadcast.
760 if (vp) vp->vp_integer |= 0x8000;
761 packet->data[10] |= 0x80;
767 * FIXME: Nuke attributes that aren't used in the normal
768 * header for discover/requests.
773 * Client can request a LARGER size, but not a smaller
774 * one. They also cannot request a size larger than MTU.
776 maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR);
777 mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR);
779 if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
780 fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification.");
784 if (maxms && (maxms->vp_integer < DEFAULT_PACKET_SIZE)) {
785 fr_strerror_printf("DHCP WARNING: Client says maximum message size is smaller than minimum permitted by the specification: fixing it");
786 maxms->vp_integer = DEFAULT_PACKET_SIZE;
789 if (maxms && mtu && (maxms->vp_integer > mtu->vp_integer)) {
790 fr_strerror_printf("DHCP WARNING: Client says MTU is smaller than maximum message size: fixing it");
791 maxms->vp_integer = mtu->vp_integer;
794 if (fr_debug_flag > 0) {
795 for (vp = packet->vps; vp != NULL; vp = vp->next) {
800 if (fr_debug_flag) fflush(stdout);
806 static int attr_cmp(const void *one, const void *two)
808 const VALUE_PAIR * const *a = one;
809 const VALUE_PAIR * const *b = two;
812 * DHCP-Message-Type is first, for simplicity.
814 if (((*a)->attribute == 53) &&
815 (*b)->attribute != 53) return -1;
818 * Relay-Agent is last
820 if (((*a)->attribute == 82) &&
821 (*b)->attribute != 82) return +1;
823 return ((*a)->attribute - (*b)->attribute);
827 static size_t fr_dhcp_vp2attr(VALUE_PAIR *vp, uint8_t *p, size_t room)
835 room = room; /* -Wunused */
838 * Search for all attributes of the same
839 * type, and pack them into the same
845 *p = vp->vp_integer & 0xff;
850 p[0] = (vp->vp_integer >> 8) & 0xff;
851 p[1] = vp->vp_integer & 0xff;
854 case PW_TYPE_INTEGER:
856 lvalue = htonl(vp->vp_integer);
857 memcpy(p, &lvalue, 4);
862 memcpy(p, &vp->vp_ipaddr, 4);
865 case PW_TYPE_ETHERNET:
867 memcpy(p, &vp->vp_ether, 6);
871 memcpy(p, vp->vp_strvalue, vp->length);
875 case PW_TYPE_TLV: /* FIXME: split it on 255? */
876 memcpy(p, vp->vp_tlv, vp->length);
881 memcpy(p, vp->vp_octets, vp->length);
886 fr_strerror_printf("BAD TYPE2 %d", vp->type);
894 static VALUE_PAIR *fr_dhcp_vp2suboption(VALUE_PAIR *vps)
897 unsigned int attribute;
899 VALUE_PAIR *vp, *tlv;
901 attribute = vps->attribute & 0xffff00ff;
903 tlv = paircreate(attribute, DHCP_MAGIC_VENDOR, PW_TYPE_TLV);
904 if (!tlv) return NULL;
907 for (vp = vps; vp != NULL; vp = vp->next) {
909 * Group the attributes ONLY until we see a
912 if (!vp->flags.is_tlv ||
913 vp->flags.extended ||
914 ((vp->attribute & 0xffff00ff) != attribute)) {
918 tlv->length += vp->length + 2;
926 tlv->vp_tlv = malloc(tlv->length);
933 for (vp = vps; vp != NULL; vp = vp->next) {
934 if (!vp->flags.is_tlv ||
935 vp->flags.extended ||
936 ((vp->attribute & 0xffff00ff) != attribute)) {
940 length = fr_dhcp_vp2attr(vp, ptr + 2,
941 tlv->vp_tlv + tlv->length - ptr);
942 if (length > 255) return NULL;
945 * Pack the attribute.
947 ptr[0] = (vp->attribute & 0xff00) >> 8;
951 vp->flags.extended = 1;
958 int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original)
963 uint32_t lvalue, mms;
964 size_t dhcp_size, length;
968 if (packet->data) return 0;
970 packet->data = malloc(MAX_PACKET_SIZE);
971 if (!packet->data) return -1;
973 packet->data_len = MAX_PACKET_SIZE;
975 if (packet->code == 0) packet->code = PW_DHCP_NAK;
978 * If there's a request, use it as a template.
979 * Otherwise, assume that the caller has set up
980 * everything appropriately.
983 packet->dst_ipaddr.af = AF_INET;
984 packet->src_ipaddr.af = AF_INET;
986 packet->dst_port = original->src_port;
987 packet->src_port = original->dst_port;
990 * Note that for DHCP, we NEVER send the response
991 * to the source IP address of the request. It
992 * may have traversed multiple relays, and we
993 * need to send the request to the relay closest
996 * if giaddr, send to giaddr.
997 * if NAK, send broadcast.
998 * if broadcast flag, send broadcast.
999 * if ciaddr is empty, send broadcast.
1000 * otherwise unicast to ciaddr.
1004 * FIXME: alignment issues. We likely don't want to
1005 * de-reference the packet structure directly..
1007 dhcp = (dhcp_packet_t *) original->data;
1010 * Default to sending it via sendto(), without using
1015 if (dhcp->giaddr != htonl(INADDR_ANY)) {
1016 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->giaddr;
1018 if (dhcp->giaddr != htonl(INADDR_LOOPBACK)) {
1019 packet->dst_port = original->dst_port;
1021 packet->dst_port = original->src_port; /* debugging */
1024 } else if ((packet->code == PW_DHCP_NAK) ||
1025 ((dhcp->flags & 0x8000) != 0) ||
1026 (dhcp->ciaddr == htonl(INADDR_ANY))) {
1028 * The kernel will take care of sending it to
1029 * the broadcast MAC.
1031 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_BROADCAST);
1035 * It was broadcast to us: we need to
1036 * broadcast the response.
1038 if (packet->src_ipaddr.ipaddr.ip4addr.s_addr != dhcp->ciaddr) {
1041 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->ciaddr;
1045 * Rewrite the source IP to be our own, if we know it.
1047 if (packet->src_ipaddr.ipaddr.ip4addr.s_addr == htonl(INADDR_BROADCAST)) {
1048 packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_ANY);
1051 memset(packet->data, 0, packet->data_len);
1054 if (fr_debug_flag > 1) {
1056 const char *name = type_buf;
1057 char src_ip_buf[256], dst_ip_buf[256];
1059 if ((packet->code >= PW_DHCP_DISCOVER) &&
1060 (packet->code <= PW_DHCP_INFORM)) {
1061 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
1063 snprintf(type_buf, sizeof(type_buf), "%d",
1064 packet->code - PW_DHCP_OFFSET);
1067 DEBUG("Sending %s of id %08x from %s:%d to %s:%d\n",
1068 name, (unsigned int) packet->id,
1069 inet_ntop(packet->src_ipaddr.af,
1070 &packet->src_ipaddr.ipaddr,
1071 src_ip_buf, sizeof(src_ip_buf)),
1073 inet_ntop(packet->dst_ipaddr.af,
1074 &packet->dst_ipaddr.ipaddr,
1075 dst_ip_buf, sizeof(dst_ip_buf)),
1078 if (fr_debug_flag) {
1079 for (i = 256; i < 269; i++) {
1080 vp = pairfind(packet->vps, i,
1091 mms = DEFAULT_PACKET_SIZE; /* maximum message size */
1095 * Clients can request a LARGER size, but not a
1096 * smaller one. They also cannot request a size
1099 vp = pairfind(original->vps, 57, DHCP_MAGIC_VENDOR);
1100 if (vp && (vp->vp_integer > mms)) {
1101 mms = vp->vp_integer;
1103 if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE;
1108 * RFC 3118: Authentication option.
1110 vp = pairfind(packet->vps, 90, DHCP_MAGIC_VENDOR);
1112 if (vp->length < 2) {
1113 memset(vp->vp_octets + vp->length, 0,
1118 if (vp->length < 3) {
1121 gettimeofday(&tv, NULL);
1122 vp->vp_octets[2] = 0;
1123 timeval2ntp(&tv, vp->vp_octets + 3);
1128 * Configuration token (clear-text token)
1130 if (vp->vp_octets[0] == 0) {
1132 vp->vp_octets[1] = 0;
1134 pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, DHCP_MAGIC_VENDOR);
1136 length = pass->length;
1137 if ((length + 11) > sizeof(vp->vp_octets)) {
1138 length -= ((length + 11) - sizeof(vp->vp_octets));
1140 memcpy(vp->vp_octets + 11, pass->vp_strvalue,
1142 vp->length = length + 11;
1144 vp->length = 11 + 8;
1145 memset(vp->vp_octets + 11, 0, 8);
1146 vp->length = 11 + 8;
1148 } else { /* we don't support this type! */
1149 fr_strerror_printf("DHCP-Authentication %d unsupported",
1154 vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR);
1156 *p++ = vp->vp_integer & 0xff;
1159 *p++ = 1; /* client message */
1161 *p++ = 2; /* server message */
1164 *p++ = 1; /* hardware type = ethernet */
1165 *p++ = 6; /* 6 bytes of ethernet */
1167 vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR);
1169 *p++ = vp->vp_integer & 0xff;
1171 *p++ = 0; /* hops */
1174 if (original) { /* Xid */
1175 memcpy(p, original->data + 4, 4);
1178 memcpy(p, &lvalue, 4);
1182 memset(p, 0, 2); /* secs are zero */
1186 memcpy(p, original->data + 10, 6); /* copy flags && ciaddr */
1190 * Allow the admin to set the broadcast flag.
1192 vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR);
1194 p[0] |= (vp->vp_integer & 0xff00) >> 8;
1195 p[1] |= (vp->vp_integer & 0xff);
1201 * Set client IP address.
1203 vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR); /* Your IP address */
1205 lvalue = vp->vp_ipaddr;
1207 lvalue = htonl(INADDR_ANY);
1209 memcpy(p, &lvalue, 4); /* your IP address */
1212 vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR); /* server IP address */
1213 if (!vp) vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR); /* identifier */
1215 lvalue = vp->vp_ipaddr;
1217 lvalue = htonl(INADDR_ANY);
1219 memcpy(p, &lvalue, 4); /* Server IP address */
1223 memcpy(p, original->data + 24, 4); /* copy gateway IP address */
1225 vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR);
1227 lvalue = vp->vp_ipaddr;
1229 lvalue = htonl(INADDR_NONE);
1231 memcpy(p, &lvalue, 4);
1236 memcpy(p, original->data + 28, DHCP_CHADDR_LEN);
1238 vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR);
1240 if (vp->length > DHCP_CHADDR_LEN) {
1241 memcpy(p, vp->vp_octets, DHCP_CHADDR_LEN);
1243 memcpy(p, vp->vp_octets, vp->length);
1247 p += DHCP_CHADDR_LEN;
1250 * Zero our sname && filename fields.
1252 memset(p, 0, DHCP_SNAME_LEN + DHCP_FILE_LEN);
1253 p += DHCP_SNAME_LEN;
1256 * Copy over DHCP-Boot-Filename.
1258 * FIXME: This copy should be delayed until AFTER the options
1259 * have been processed. If there are too many options for
1260 * the packet, then they go into the sname && filename fields.
1261 * When that happens, the boot filename is passed as an option,
1262 * instead of being placed verbatim in the filename field.
1264 vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR);
1266 if (vp->length > DHCP_FILE_LEN) {
1267 memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
1269 memcpy(p, vp->vp_strvalue, vp->length);
1274 lvalue = htonl(DHCP_OPTION_MAGIC_NUMBER); /* DHCP magic number */
1275 memcpy(p, &lvalue, 4);
1281 if (fr_debug_flag > 1) {
1286 for (i = 0; i < 14; i++) {
1287 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
1289 fr_strerror_printf("Parse error %s", fr_strerror());
1295 vp->vp_integer = p[0];
1300 vp->vp_integer = (p[0] << 8) | p[1];
1304 case PW_TYPE_INTEGER:
1305 memcpy(&vp->vp_integer, p, 4);
1306 vp->vp_integer = ntohl(vp->vp_integer);
1310 case PW_TYPE_IPADDR:
1311 memcpy(&vp->vp_ipaddr, p, 4);
1315 case PW_TYPE_STRING:
1316 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
1317 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
1318 vp->length = strlen(vp->vp_strvalue);
1321 case PW_TYPE_OCTETS: /* only for Client HW Address */
1322 memcpy(vp->vp_octets, p, packet->data[2]);
1323 vp->length = packet->data[2];
1326 case PW_TYPE_ETHERNET: /* only for Client HW Address */
1327 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1328 vp->length = sizeof(vp->vp_ether);
1332 fr_strerror_printf("Internal sanity check failed %d %d", vp->type, __LINE__);
1337 p += dhcp_header_sizes[i];
1339 vp_prints(buffer, sizeof(buffer), vp);
1340 fr_strerror_printf("\t%s", buffer);
1345 * Jump over DHCP magic number, response, etc.
1351 * Before packing the attributes, re-order them so that
1352 * the array ones are all contiguous. This simplifies
1356 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1360 VALUE_PAIR **array, **last;
1362 array = malloc(num_vps * sizeof(VALUE_PAIR *));
1365 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1370 * Sort the attributes.
1372 qsort(array, (size_t) num_vps, sizeof(VALUE_PAIR *),
1375 last = &packet->vps;
1376 for (i = 0; i < num_vps; i++) {
1378 array[i]->next = NULL;
1379 last = &(array[i]->next);
1384 p[0] = 0x35; /* DHCP-Message-Type */
1386 p[2] = packet->code - PW_DHCP_OFFSET;
1390 * Pack in the attributes.
1394 int num_entries = 1;
1396 uint8_t *plength, *pattr;
1398 if (vp->vendor != DHCP_MAGIC_VENDOR) goto next;
1399 if (vp->attribute == 53) goto next; /* already done */
1400 if ((vp->attribute > 255) &&
1401 (DHCP_BASE_ATTR(vp->attribute) != PW_DHCP_OPTION_82)) goto next;
1404 if (vp->flags.extended) goto next;
1406 length = vp->length;
1408 for (same = vp->next; same != NULL; same = same->next) {
1409 if (same->attribute != vp->attribute) break;
1414 * For client-identifier
1416 if ((vp->type == PW_TYPE_ETHERNET) &&
1417 (vp->length == 6) &&
1418 (num_entries == 1)) {
1419 vp->type = PW_TYPE_OCTETS;
1420 memmove(vp->vp_octets + 1, vp->vp_octets, 6);
1421 vp->vp_octets[0] = 1;
1425 *(p++) = vp->attribute & 0xff;
1427 *(p++) = 0; /* header isn't included in attr length */
1429 for (i = 0; i < num_entries; i++) {
1430 if (fr_debug_flag > 1) {
1431 vp_prints(buffer, sizeof(buffer), vp);
1432 fr_strerror_printf("\t%s", buffer);
1435 if (vp->flags.is_tlv) {
1439 * Should NOT have been encoded yet!
1441 tlv = fr_dhcp_vp2suboption(vp);
1444 * Ignore it if there's an issue
1447 if (!tlv) goto next;
1449 tlv->next = vp->next;
1454 length = fr_dhcp_vp2attr(vp, p, 0);
1457 * This will never happen due to FreeRADIUS
1458 * limitations: sizeof(vp->vp_octets) < 255
1461 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->name);
1466 * More than one attribute of the same type
1467 * in a row: they are packed together
1468 * into the same TLV. If we overflow,
1471 if ((*plength + length) > 255) {
1472 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->name);
1480 (vp->next->attribute == vp->attribute))
1482 } /* loop over num_entries */
1488 p[0] = 0xff; /* end of option option */
1491 dhcp_size = p - packet->data;
1494 * FIXME: if (dhcp_size > mms),
1495 * then we put the extra options into the "sname" and "file"
1496 * fields, AND set the "end option option" in the "options"
1497 * field. We also set the "overload option",
1498 * and put options into the "file" field, followed by
1499 * the "sname" field. Where each option is completely
1500 * enclosed in the "file" and/or "sname" field, AND
1501 * followed by the "end of option", and MUST be followed
1502 * by padding option.
1504 * Yuck. That sucks...
1506 packet->data_len = dhcp_size;
1510 * FIXME: This may set it to broadcast, which we don't
1511 * want. Instead, set it to the real address of the
1514 packet->src_ipaddr = original->dst_ipaddr;
1516 packet->sockfd = original->sockfd;
1519 if (packet->data_len < DEFAULT_PACKET_SIZE) {
1520 memset(packet->data + packet->data_len, 0,
1521 DEFAULT_PACKET_SIZE - packet->data_len);
1522 packet->data_len = DEFAULT_PACKET_SIZE;
1525 if ((fr_debug_flag > 2) && fr_log_fp) {
1526 for (i = 0; i < packet->data_len; i++) {
1527 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", i);
1528 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1529 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1531 fprintf(fr_log_fp, "\n");
1537 int fr_dhcp_add_arp_entry(int fd, const char *interface,
1538 VALUE_PAIR *macaddr, VALUE_PAIR *ip)
1541 struct sockaddr_in *sin
1544 if (macaddr->length > sizeof (req.arp_ha.sa_data)) {
1545 fr_strerror_printf("ERROR: DHCP only supports up to %d octets for "
1546 "Client Hardware Address (got %d octets)\n",
1547 sizeof(req.arp_ha.sa_data),
1552 memset(&req, 0, sizeof(req));
1553 sin = (struct sockaddr_in *) &req.arp_pa;
1554 sin->sin_family = AF_INET;
1555 sin->sin_addr.s_addr = ip->vp_ipaddr;
1556 strlcpy(req.arp_dev, interface, sizeof(req.arp_dev));
1557 memcpy(&req.arp_ha.sa_data, macaddr->vp_octets, macaddr->length);
1559 req.arp_flags = ATF_COM;
1560 if (ioctl(fd, SIOCSARP, &req) < 0) {
1561 fr_strerror_printf("DHCP: Failed to add entry in ARP cache: %s (%d)",
1562 strerror(errno), errno);
1568 fd = fd; /* -Wunused */
1569 interface = interface; /* -Wunused */
1570 macaddr = macaddr; /* -Wunused */
1571 ip = ip; /* -Wunused */
1573 fr_strerror_printf("Adding ARP entry is unsupported on this system");
1578 #endif /* WITH_DHCP */