2 * dhcp.c Functions to send/receive dhcp packets.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/libradius.h>
28 #include <freeradius-devel/udpfromto.h>
29 #include <freeradius-devel/dhcp.h>
32 * This doesn't appear to work right now.
38 #include <sys/ioctl.h>
40 #ifdef HAVE_SYS_SOCKET_H
41 #include <sys/socket.h>
43 #ifdef HAVE_SYS_TYPES_H
44 #include <sys/types.h>
47 #include <net/if_arp.h>
50 #define DHCP_CHADDR_LEN (16)
51 #define DHCP_SNAME_LEN (64)
52 #define DHCP_FILE_LEN (128)
53 #define DHCP_VEND_LEN (308)
54 #define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
56 #ifndef INADDR_BROADCAST
57 #define INADDR_BROADCAST INADDR_NONE
60 typedef struct dhcp_packet_t {
66 uint16_t secs; /* 8 */
68 uint32_t ciaddr; /* 12 */
69 uint32_t yiaddr; /* 16 */
70 uint32_t siaddr; /* 20 */
71 uint32_t giaddr; /* 24 */
72 uint8_t chaddr[DHCP_CHADDR_LEN]; /* 28 */
73 uint8_t sname[DHCP_SNAME_LEN]; /* 44 */
74 uint8_t file[DHCP_FILE_LEN]; /* 108 */
75 uint32_t option_format; /* 236 */
76 uint8_t options[DHCP_VEND_LEN];
79 typedef struct dhcp_option_t {
85 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 DISCOVER
86 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 OFFER
87 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 REQUEST
88 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 ACK
90 static const char *dhcp_header_names[] = {
93 "DHCP-Hardware-Address-Length",
95 "DHCP-Transaction-Id",
96 "DHCP-Number-of-Seconds",
98 "DHCP-Client-IP-Address",
99 "DHCP-Your-IP-Address",
100 "DHCP-Server-IP-Address",
101 "DHCP-Gateway-IP-Address",
102 "DHCP-Client-Hardware-Address",
103 "DHCP-Server-Host-Name",
104 "DHCP-Boot-Filename",
109 static const char *dhcp_message_types[] = {
122 static int dhcp_header_sizes[] = {
133 * Some clients silently ignore responses less than 300 bytes.
135 #define MIN_PACKET_SIZE (244)
136 #define DEFAULT_PACKET_SIZE (300)
137 #define MAX_PACKET_SIZE (1500 - 40)
139 #define DHCP_OPTION_FIELD (0)
140 #define DHCP_FILE_FIELD (1)
141 #define DHCP_SNAME_FIELD (2)
143 static uint8_t *dhcp_get_option(dhcp_packet_t *packet, size_t packet_size,
148 int field = DHCP_OPTION_FIELD;
150 uint8_t *data = packet->options;
153 size = packet_size - offsetof(dhcp_packet_t, options);
154 data = &packet->options[where];
156 while (where < size) {
157 if (data[0] == 0) { /* padding */
162 if (data[0] == 255) { /* end of options */
163 if ((field == DHCP_OPTION_FIELD) &&
164 (overload & DHCP_FILE_FIELD)) {
167 size = sizeof(packet->file);
168 field = DHCP_FILE_FIELD;
171 } else if ((field == DHCP_FILE_FIELD) &&
172 (overload && DHCP_SNAME_FIELD)) {
173 data = packet->sname;
175 size = sizeof(packet->sname);
176 field = DHCP_SNAME_FIELD;
184 * We MUST have a real option here.
186 if ((where + 2) > size) {
187 fr_strerror_printf("Options overflow field at %u",
188 (unsigned int) (data - (uint8_t *) packet));
192 if ((where + 2 + data[1]) > size) {
193 fr_strerror_printf("Option length overflows field at %u",
194 (unsigned int) (data - (uint8_t *) packet));
198 if (data[0] == option) return data;
200 if (data[0] == 52) { /* overload sname and/or file */
204 where += data[1] + 2;
212 * DHCPv4 is only for IPv4. Broadcast only works if udpfromto is
215 RADIUS_PACKET *fr_dhcp_recv(int sockfd)
218 struct sockaddr_storage src;
219 struct sockaddr_storage dst;
220 socklen_t sizeof_src;
221 socklen_t sizeof_dst;
222 RADIUS_PACKET *packet;
226 packet = rad_alloc(0);
228 fr_strerror_printf("Failed allocating packet");
231 memset(packet, 0, sizeof(packet));
233 packet->data = malloc(MAX_PACKET_SIZE);
235 fr_strerror_printf("Failed in malloc");
240 packet->sockfd = sockfd;
241 sizeof_src = sizeof(src);
242 #ifdef WITH_UDPFROMTO
243 sizeof_dst = sizeof(dst);
244 packet->data_len = recvfromto(sockfd, packet->data, MAX_PACKET_SIZE, 0,
245 (struct sockaddr *)&src, &sizeof_src,
246 (struct sockaddr *)&dst, &sizeof_dst);
248 packet->data_len = recvfrom(sockfd, packet->data, MAX_PACKET_SIZE, 0,
249 (struct sockaddr *)&src, &sizeof_src);
252 if (packet->data_len <= 0) {
253 fr_strerror_printf("Failed reading DHCP socket: %s", strerror(errno));
258 if (packet->data_len < MIN_PACKET_SIZE) {
259 fr_strerror_printf("DHCP packet is too small (%d < %d)",
260 (int) packet->data_len, MIN_PACKET_SIZE);
265 if (packet->data[1] != 1) {
266 fr_strerror_printf("DHCP can only receive ethernet requests, not type %02x",
272 if (packet->data[2] != 6) {
273 fr_strerror_printf("Ethernet HW length is wrong length %d",
279 memcpy(&magic, packet->data + 236, 4);
280 magic = ntohl(magic);
281 if (magic != DHCP_OPTION_MAGIC_NUMBER) {
282 fr_strerror_printf("Cannot do BOOTP");
288 * Create unique keys for the packet.
290 memcpy(&magic, packet->data + 4, 4);
291 packet->id = ntohl(magic);
293 code = dhcp_get_option((dhcp_packet_t *) packet->data,
294 packet->data_len, 53);
296 fr_strerror_printf("No message-type option was found in the packet");
301 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
302 fr_strerror_printf("Unknown value for message-type option");
307 packet->code = code[2] | PW_DHCP_OFFSET;
310 * Create a unique vector from the MAC address and the
311 * DHCP opcode. This is a hack for the RADIUS
312 * infrastructure in the rest of the server.
314 * Note: packet->data[2] == 6, which is smaller than
315 * sizeof(packet->vector)
317 * FIXME: Look for client-identifier in packet,
320 memset(packet->vector, 0, sizeof(packet->vector));
321 memcpy(packet->vector, packet->data + 28, packet->data[2]);
322 packet->vector[packet->data[2]] = packet->code & 0xff;
325 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
326 * FIXME: for OFFER / ACK : src_port = dst_port - 1
330 * Unique keys are xid, client mac, and client ID?
334 * FIXME: More checks, like DHCP packet type?
337 sizeof_dst = sizeof(dst);
339 #ifndef WITH_UDPFROMTO
341 * This should never fail...
343 getsockname(sockfd, (struct sockaddr *) &dst, &sizeof_dst);
346 fr_sockaddr2ipaddr(&dst, sizeof_dst, &packet->dst_ipaddr, &port);
347 packet->dst_port = port;
349 fr_sockaddr2ipaddr(&src, sizeof_src, &packet->src_ipaddr, &port);
350 packet->src_port = port;
352 if (fr_debug_flag > 1) {
354 const char *name = type_buf;
355 char src_ip_buf[256], dst_ip_buf[256];
357 if ((packet->code >= PW_DHCP_DISCOVER) &&
358 (packet->code <= PW_DHCP_INFORM)) {
359 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
361 snprintf(type_buf, sizeof(type_buf), "%d",
362 packet->code - PW_DHCP_OFFSET);
365 DEBUG("Received %s of id %08x from %s:%d to %s:%d\n",
366 name, (unsigned int) packet->id,
367 inet_ntop(packet->src_ipaddr.af,
368 &packet->src_ipaddr.ipaddr,
369 src_ip_buf, sizeof(src_ip_buf)),
371 inet_ntop(packet->dst_ipaddr.af,
372 &packet->dst_ipaddr.ipaddr,
373 dst_ip_buf, sizeof(dst_ip_buf)),
382 * Send a DHCP packet.
384 int fr_dhcp_send(RADIUS_PACKET *packet)
386 struct sockaddr_storage dst;
387 socklen_t sizeof_dst;
388 #ifdef WITH_UDPFROMTO
389 struct sockaddr_storage src;
390 socklen_t sizeof_src;
393 fr_ipaddr2sockaddr(&packet->dst_ipaddr, packet->dst_port,
397 * The client doesn't yet have an IP address, but is
398 * expecting an ethernet packet unicast to it's MAC
399 * address. We need to build a raw frame.
401 if (packet->offset == 0) {
403 * FIXME: Insert code here!
407 #ifndef WITH_UDPFROMTO
409 * Assume that the packet is encoded before sending it.
411 return sendto(packet->sockfd, packet->data, packet->data_len, 0,
412 (struct sockaddr *)&dst, sizeof_dst);
414 fr_ipaddr2sockaddr(&packet->src_ipaddr, packet->src_port,
417 return sendfromto(packet->sockfd,
418 packet->data, packet->data_len, 0,
419 (struct sockaddr *)&src, sizeof_src,
420 (struct sockaddr *)&dst, sizeof_dst);
424 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen);
426 static int decode_tlv(VALUE_PAIR *tlv, const uint8_t *data, size_t data_len)
429 VALUE_PAIR *head, **tail, *vp;
432 * Take a pass at parsing it.
435 while (p < (data + data_len)) {
436 if ((p + 2) > (data + data_len)) goto make_tlv;
438 if ((p + p[1] + 2) > (data + data_len)) goto make_tlv;
443 * Got here... must be well formed.
449 while (p < (data + data_len)) {
450 vp = paircreate(tlv->attribute | (p[0] << 8), DHCP_MAGIC_VENDOR, PW_TYPE_OCTETS);
456 if (fr_dhcp_attr2vp(vp, p + 2, p[1]) < 0) {
467 * The caller allocated TLV, so we need to copy the FIRST
468 * attribute over top of that.
471 memcpy(tlv, head, sizeof(*tlv));
479 tlv->vp_tlv = malloc(data_len);
481 fr_strerror_printf("No memory");
484 memcpy(tlv->vp_tlv, data, data_len);
485 tlv->length = data_len;
492 * Decode ONE value into a VP
494 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen)
498 if (alen != 1) goto raw;
499 vp->vp_integer = p[0];
503 if (alen != 2) goto raw;
504 vp->vp_integer = (p[0] << 8) | p[1];
507 case PW_TYPE_INTEGER:
508 if (alen != 4) goto raw;
509 memcpy(&vp->vp_integer, p, 4);
510 vp->vp_integer = ntohl(vp->vp_integer);
514 if (alen != 4) goto raw;
515 memcpy(&vp->vp_ipaddr, p , 4);
520 if (alen > 253) return -1;
521 memcpy(vp->vp_strvalue, p , alen);
522 vp->vp_strvalue[alen] = '\0';
526 vp->type = PW_TYPE_OCTETS;
529 if (alen > 253) return -1;
530 memcpy(vp->vp_octets, p, alen);
534 return decode_tlv(vp, p, alen);
537 fr_strerror_printf("Internal sanity check %d %d", vp->type, __LINE__);
539 } /* switch over type */
545 int fr_dhcp_decode(RADIUS_PACKET *packet)
550 VALUE_PAIR *head, *vp, **tail;
551 VALUE_PAIR *maxms, *mtu;
557 if ((fr_debug_flag > 2) && fr_log_fp) {
558 for (i = 0; i < packet->data_len; i++) {
559 if ((i & 0x0f) == 0x00) fr_strerror_printf("%d: ", i);
560 fprintf(fr_log_fp, "%02x ", packet->data[i]);
561 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
563 fprintf(fr_log_fp, "\n");
566 if (packet->data[1] != 1) {
567 fr_strerror_printf("Packet is not Ethernet: %u",
575 for (i = 0; i < 14; i++) {
576 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
578 fr_strerror_printf("Parse error %s", fr_strerror());
584 (packet->data[1] == 1) &&
585 (packet->data[2] == 6)) {
586 vp->type = PW_TYPE_ETHERNET;
591 vp->vp_integer = p[0];
596 vp->vp_integer = (p[0] << 8) | p[1];
600 case PW_TYPE_INTEGER:
601 memcpy(&vp->vp_integer, p, 4);
602 vp->vp_integer = ntohl(vp->vp_integer);
607 memcpy(&vp->vp_ipaddr, p, 4);
612 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
613 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
614 vp->length = strlen(vp->vp_strvalue);
615 if (vp->length == 0) {
621 memcpy(vp->vp_octets, p, packet->data[2]);
622 vp->length = packet->data[2];
625 case PW_TYPE_ETHERNET:
626 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
627 vp->length = sizeof(vp->vp_ether);
631 fr_strerror_printf("BAD TYPE %d", vp->type);
635 p += dhcp_header_sizes[i];
645 * Loop over the options.
647 next = packet->data + 240;
650 * FIXME: This should also check sname && file fields.
651 * See the dhcp_get_option() function above.
653 while (next < (packet->data + packet->data_len)) {
654 int num_entries, alen;
660 if (*p == 255) break; /* end of options signifier */
661 if ((p + 2) > (packet->data + packet->data_len)) break;
666 fr_strerror_printf("Attribute too long %u %u",
671 da = dict_attrbyvalue(p[0], DHCP_MAGIC_VENDOR);
673 fr_strerror_printf("Attribute not in our dictionary: %u",
684 * Could be an array of bytes, integers, etc.
686 if (da->flags.array) {
693 case PW_TYPE_SHORT: /* ignore any trailing data */
694 num_entries = alen >> 1;
699 case PW_TYPE_INTEGER:
700 case PW_TYPE_DATE: /* ignore any trailing data */
701 num_entries = alen >> 2;
707 break; /* really an internal sanity failure */
712 * Loop over all of the entries, building VPs
714 for (i = 0; i < num_entries; i++) {
715 vp = pairmake(da->name, NULL, T_OP_EQ);
717 fr_strerror_printf("Cannot build attribute %s",
724 * Hack for ease of use.
726 if ((da->attr == 0x3d) &&
728 (alen == 7) && (*p == 1) && (num_entries == 1)) {
729 vp->type = PW_TYPE_ETHERNET;
730 memcpy(vp->vp_octets, p + 1, 6);
733 } else if (fr_dhcp_attr2vp(vp, p, alen) < 0) {
742 tail = &(*tail)->next;
745 } /* loop over array entries */
746 } /* loop over the entire packet */
749 * If DHCP request, set ciaddr to zero.
753 * Set broadcast flag for broken vendors, but only if
756 memcpy(&giaddr, packet->data + 24, sizeof(giaddr));
757 if (giaddr == htonl(INADDR_ANY)) {
759 * DHCP Opcode is request
761 vp = pairfind(head, 256, DHCP_MAGIC_VENDOR);
762 if (vp && vp->vp_integer == 3) {
764 * Vendor is "MSFT 98"
766 vp = pairfind(head, 63, DHCP_MAGIC_VENDOR);
767 if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
768 vp = pairfind(head, 262, DHCP_MAGIC_VENDOR);
771 * Reply should be broadcast.
773 if (vp) vp->vp_integer |= 0x8000;
774 packet->data[10] |= 0x80;
780 * FIXME: Nuke attributes that aren't used in the normal
781 * header for discover/requests.
786 * Client can request a LARGER size, but not a smaller
787 * one. They also cannot request a size larger than MTU.
789 maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR);
790 mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR);
792 if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
793 fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification.");
797 if (maxms && (maxms->vp_integer < DEFAULT_PACKET_SIZE)) {
798 fr_strerror_printf("DHCP WARNING: Client says maximum message size is smaller than minimum permitted by the specification: fixing it");
799 maxms->vp_integer = DEFAULT_PACKET_SIZE;
802 if (maxms && mtu && (maxms->vp_integer > mtu->vp_integer)) {
803 fr_strerror_printf("DHCP WARNING: Client says MTU is smaller than maximum message size: fixing it");
804 maxms->vp_integer = mtu->vp_integer;
807 if (fr_debug_flag > 0) {
808 for (vp = packet->vps; vp != NULL; vp = vp->next) {
813 if (fr_debug_flag) fflush(stdout);
819 static int attr_cmp(const void *one, const void *two)
821 const VALUE_PAIR * const *a = one;
822 const VALUE_PAIR * const *b = two;
825 * DHCP-Message-Type is first, for simplicity.
827 if (((*a)->attribute == 53) &&
828 (*b)->attribute != 53) return -1;
831 * Relay-Agent is last
833 if (((*a)->attribute == 82) &&
834 (*b)->attribute != 82) return +1;
836 return ((*a)->attribute - (*b)->attribute);
840 static size_t fr_dhcp_vp2attr(VALUE_PAIR *vp, uint8_t *p, size_t room)
848 room = room; /* -Wunused */
851 * Search for all attributes of the same
852 * type, and pack them into the same
858 *p = vp->vp_integer & 0xff;
863 p[0] = (vp->vp_integer >> 8) & 0xff;
864 p[1] = vp->vp_integer & 0xff;
867 case PW_TYPE_INTEGER:
869 lvalue = htonl(vp->vp_integer);
870 memcpy(p, &lvalue, 4);
875 memcpy(p, &vp->vp_ipaddr, 4);
878 case PW_TYPE_ETHERNET:
880 memcpy(p, &vp->vp_ether, 6);
884 memcpy(p, vp->vp_strvalue, vp->length);
888 case PW_TYPE_TLV: /* FIXME: split it on 255? */
889 memcpy(p, vp->vp_tlv, vp->length);
894 memcpy(p, vp->vp_octets, vp->length);
899 fr_strerror_printf("BAD TYPE2 %d", vp->type);
907 static VALUE_PAIR *fr_dhcp_vp2suboption(VALUE_PAIR *vps)
910 unsigned int attribute;
912 VALUE_PAIR *vp, *tlv;
914 attribute = vps->attribute & 0xffff00ff;
916 tlv = paircreate(attribute, DHCP_MAGIC_VENDOR, PW_TYPE_TLV);
917 if (!tlv) return NULL;
920 for (vp = vps; vp != NULL; vp = vp->next) {
922 * Group the attributes ONLY until we see a
925 if (!vp->flags.is_tlv ||
926 vp->flags.extended ||
927 ((vp->attribute & 0xffff00ff) != attribute)) {
931 tlv->length += vp->length + 2;
939 tlv->vp_tlv = malloc(tlv->length);
946 for (vp = vps; vp != NULL; vp = vp->next) {
947 if (!vp->flags.is_tlv ||
948 vp->flags.extended ||
949 ((vp->attribute & 0xffff00ff) != attribute)) {
953 length = fr_dhcp_vp2attr(vp, ptr + 2,
954 tlv->vp_tlv + tlv->length - ptr);
955 if (length > 255) return NULL;
958 * Pack the attribute.
960 ptr[0] = (vp->attribute & 0xff00) >> 8;
964 vp->flags.extended = 1;
971 int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original)
976 uint32_t lvalue, mms;
977 size_t dhcp_size, length;
981 if (packet->data) return 0;
983 packet->data = malloc(MAX_PACKET_SIZE);
984 if (!packet->data) return -1;
986 packet->data_len = MAX_PACKET_SIZE;
988 if (packet->code == 0) packet->code = PW_DHCP_NAK;
991 * If there's a request, use it as a template.
992 * Otherwise, assume that the caller has set up
993 * everything appropriately.
996 packet->dst_ipaddr.af = AF_INET;
997 packet->src_ipaddr.af = AF_INET;
999 packet->dst_port = original->src_port;
1000 packet->src_port = original->dst_port;
1003 * Note that for DHCP, we NEVER send the response
1004 * to the source IP address of the request. It
1005 * may have traversed multiple relays, and we
1006 * need to send the request to the relay closest
1009 * if giaddr, send to giaddr.
1010 * if NAK, send broadcast.
1011 * if broadcast flag, send broadcast.
1012 * if ciaddr is empty, send broadcast.
1013 * otherwise unicast to ciaddr.
1017 * FIXME: alignment issues. We likely don't want to
1018 * de-reference the packet structure directly..
1020 dhcp = (dhcp_packet_t *) original->data;
1023 * Default to sending it via sendto(), without using
1028 if (dhcp->giaddr != htonl(INADDR_ANY)) {
1029 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->giaddr;
1031 if (dhcp->giaddr != htonl(INADDR_LOOPBACK)) {
1032 packet->dst_port = original->dst_port;
1034 packet->dst_port = original->src_port; /* debugging */
1037 } else if ((packet->code == PW_DHCP_NAK) ||
1038 ((dhcp->flags & 0x8000) != 0) ||
1039 (dhcp->ciaddr == htonl(INADDR_ANY))) {
1041 * The kernel will take care of sending it to
1042 * the broadcast MAC.
1044 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_BROADCAST);
1048 * It was broadcast to us: we need to
1049 * broadcast the response.
1051 if (packet->src_ipaddr.ipaddr.ip4addr.s_addr != dhcp->ciaddr) {
1054 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->ciaddr;
1058 * Rewrite the source IP to be our own, if we know it.
1060 if (packet->src_ipaddr.ipaddr.ip4addr.s_addr == htonl(INADDR_BROADCAST)) {
1061 packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_ANY);
1064 memset(packet->data, 0, packet->data_len);
1067 if (fr_debug_flag > 1) {
1069 const char *name = type_buf;
1070 char src_ip_buf[256], dst_ip_buf[256];
1072 if ((packet->code >= PW_DHCP_DISCOVER) &&
1073 (packet->code <= PW_DHCP_INFORM)) {
1074 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
1076 snprintf(type_buf, sizeof(type_buf), "%d",
1077 packet->code - PW_DHCP_OFFSET);
1080 DEBUG("Sending %s of id %08x from %s:%d to %s:%d\n",
1081 name, (unsigned int) packet->id,
1082 inet_ntop(packet->src_ipaddr.af,
1083 &packet->src_ipaddr.ipaddr,
1084 src_ip_buf, sizeof(src_ip_buf)),
1086 inet_ntop(packet->dst_ipaddr.af,
1087 &packet->dst_ipaddr.ipaddr,
1088 dst_ip_buf, sizeof(dst_ip_buf)),
1091 if (fr_debug_flag) {
1092 for (i = 256; i < 269; i++) {
1093 vp = pairfind(packet->vps, i,
1104 mms = DEFAULT_PACKET_SIZE; /* maximum message size */
1108 * Clients can request a LARGER size, but not a
1109 * smaller one. They also cannot request a size
1112 vp = pairfind(original->vps, 57, DHCP_MAGIC_VENDOR);
1113 if (vp && (vp->vp_integer > mms)) {
1114 mms = vp->vp_integer;
1116 if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE;
1121 * RFC 3118: Authentication option.
1123 vp = pairfind(packet->vps, 90, DHCP_MAGIC_VENDOR);
1125 if (vp->length < 2) {
1126 memset(vp->vp_octets + vp->length, 0,
1131 if (vp->length < 3) {
1134 gettimeofday(&tv, NULL);
1135 vp->vp_octets[2] = 0;
1136 timeval2ntp(&tv, vp->vp_octets + 3);
1141 * Configuration token (clear-text token)
1143 if (vp->vp_octets[0] == 0) {
1145 vp->vp_octets[1] = 0;
1147 pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, DHCP_MAGIC_VENDOR);
1149 length = pass->length;
1150 if ((length + 11) > sizeof(vp->vp_octets)) {
1151 length -= ((length + 11) - sizeof(vp->vp_octets));
1153 memcpy(vp->vp_octets + 11, pass->vp_strvalue,
1155 vp->length = length + 11;
1157 vp->length = 11 + 8;
1158 memset(vp->vp_octets + 11, 0, 8);
1159 vp->length = 11 + 8;
1161 } else { /* we don't support this type! */
1162 fr_strerror_printf("DHCP-Authentication %d unsupported",
1167 vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR);
1169 *p++ = vp->vp_integer & 0xff;
1172 *p++ = 1; /* client message */
1174 *p++ = 2; /* server message */
1177 *p++ = 1; /* hardware type = ethernet */
1178 *p++ = 6; /* 6 bytes of ethernet */
1180 vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR);
1182 *p++ = vp->vp_integer & 0xff;
1184 *p++ = 0; /* hops */
1187 if (original) { /* Xid */
1188 memcpy(p, original->data + 4, 4);
1191 memcpy(p, &lvalue, 4);
1195 memset(p, 0, 2); /* secs are zero */
1199 memcpy(p, original->data + 10, 6); /* copy flags && ciaddr */
1203 * Allow the admin to set the broadcast flag.
1205 vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR);
1207 p[0] |= (vp->vp_integer & 0xff00) >> 8;
1208 p[1] |= (vp->vp_integer & 0xff);
1214 * Set client IP address.
1216 vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR); /* Your IP address */
1218 lvalue = vp->vp_ipaddr;
1220 lvalue = htonl(INADDR_ANY);
1222 memcpy(p, &lvalue, 4); /* your IP address */
1225 vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR); /* server IP address */
1226 if (!vp) vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR); /* identifier */
1228 lvalue = vp->vp_ipaddr;
1230 lvalue = htonl(INADDR_ANY);
1232 memcpy(p, &lvalue, 4); /* Server IP address */
1236 memcpy(p, original->data + 24, 4); /* copy gateway IP address */
1238 vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR);
1240 lvalue = vp->vp_ipaddr;
1242 lvalue = htonl(INADDR_NONE);
1244 memcpy(p, &lvalue, 4);
1249 memcpy(p, original->data + 28, DHCP_CHADDR_LEN);
1251 vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR);
1253 if (vp->length > DHCP_CHADDR_LEN) {
1254 memcpy(p, vp->vp_octets, DHCP_CHADDR_LEN);
1256 memcpy(p, vp->vp_octets, vp->length);
1260 p += DHCP_CHADDR_LEN;
1263 * Zero our sname && filename fields.
1265 memset(p, 0, DHCP_SNAME_LEN + DHCP_FILE_LEN);
1266 p += DHCP_SNAME_LEN;
1269 * Copy over DHCP-Boot-Filename.
1271 * FIXME: This copy should be delayed until AFTER the options
1272 * have been processed. If there are too many options for
1273 * the packet, then they go into the sname && filename fields.
1274 * When that happens, the boot filename is passed as an option,
1275 * instead of being placed verbatim in the filename field.
1277 vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR);
1279 if (vp->length > DHCP_FILE_LEN) {
1280 memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
1282 memcpy(p, vp->vp_strvalue, vp->length);
1287 lvalue = htonl(DHCP_OPTION_MAGIC_NUMBER); /* DHCP magic number */
1288 memcpy(p, &lvalue, 4);
1294 if (fr_debug_flag > 1) {
1299 for (i = 0; i < 14; i++) {
1300 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
1302 fr_strerror_printf("Parse error %s", fr_strerror());
1308 vp->vp_integer = p[0];
1313 vp->vp_integer = (p[0] << 8) | p[1];
1317 case PW_TYPE_INTEGER:
1318 memcpy(&vp->vp_integer, p, 4);
1319 vp->vp_integer = ntohl(vp->vp_integer);
1323 case PW_TYPE_IPADDR:
1324 memcpy(&vp->vp_ipaddr, p, 4);
1328 case PW_TYPE_STRING:
1329 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
1330 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
1331 vp->length = strlen(vp->vp_strvalue);
1334 case PW_TYPE_OCTETS: /* only for Client HW Address */
1335 memcpy(vp->vp_octets, p, packet->data[2]);
1336 vp->length = packet->data[2];
1339 case PW_TYPE_ETHERNET: /* only for Client HW Address */
1340 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1341 vp->length = sizeof(vp->vp_ether);
1345 fr_strerror_printf("Internal sanity check failed %d %d", vp->type, __LINE__);
1350 p += dhcp_header_sizes[i];
1352 vp_prints(buffer, sizeof(buffer), vp);
1353 fr_strerror_printf("\t%s", buffer);
1358 * Jump over DHCP magic number, response, etc.
1364 * Before packing the attributes, re-order them so that
1365 * the array ones are all contiguous. This simplifies
1369 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1373 VALUE_PAIR **array, **last;
1375 array = malloc(num_vps * sizeof(VALUE_PAIR *));
1378 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1383 * Sort the attributes.
1385 qsort(array, (size_t) num_vps, sizeof(VALUE_PAIR *),
1388 last = &packet->vps;
1389 for (i = 0; i < num_vps; i++) {
1391 array[i]->next = NULL;
1392 last = &(array[i]->next);
1397 p[0] = 0x35; /* DHCP-Message-Type */
1399 p[2] = packet->code - PW_DHCP_OFFSET;
1403 * Pack in the attributes.
1407 int num_entries = 1;
1409 uint8_t *plength, *pattr;
1411 if (vp->vendor != DHCP_MAGIC_VENDOR) goto next;
1412 if (vp->attribute == 53) goto next; /* already done */
1413 if ((vp->attribute > 255) &&
1414 (DHCP_BASE_ATTR(vp->attribute) != PW_DHCP_OPTION_82)) goto next;
1417 if (vp->flags.extended) goto next;
1419 length = vp->length;
1421 for (same = vp->next; same != NULL; same = same->next) {
1422 if (same->attribute != vp->attribute) break;
1427 * For client-identifier
1429 if ((vp->type == PW_TYPE_ETHERNET) &&
1430 (vp->length == 6) &&
1431 (num_entries == 1)) {
1432 vp->type = PW_TYPE_OCTETS;
1433 memmove(vp->vp_octets + 1, vp->vp_octets, 6);
1434 vp->vp_octets[0] = 1;
1438 *(p++) = vp->attribute & 0xff;
1440 *(p++) = 0; /* header isn't included in attr length */
1442 for (i = 0; i < num_entries; i++) {
1443 if (fr_debug_flag > 1) {
1444 vp_prints(buffer, sizeof(buffer), vp);
1445 fr_strerror_printf("\t%s", buffer);
1448 if (vp->flags.is_tlv) {
1452 * Should NOT have been encoded yet!
1454 tlv = fr_dhcp_vp2suboption(vp);
1457 * Ignore it if there's an issue
1460 if (!tlv) goto next;
1462 tlv->next = vp->next;
1467 length = fr_dhcp_vp2attr(vp, p, 0);
1470 * This will never happen due to FreeRADIUS
1471 * limitations: sizeof(vp->vp_octets) < 255
1474 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->name);
1479 * More than one attribute of the same type
1480 * in a row: they are packed together
1481 * into the same TLV. If we overflow,
1484 if ((*plength + length) > 255) {
1485 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->name);
1493 (vp->next->attribute == vp->attribute))
1495 } /* loop over num_entries */
1501 p[0] = 0xff; /* end of option option */
1504 dhcp_size = p - packet->data;
1507 * FIXME: if (dhcp_size > mms),
1508 * then we put the extra options into the "sname" and "file"
1509 * fields, AND set the "end option option" in the "options"
1510 * field. We also set the "overload option",
1511 * and put options into the "file" field, followed by
1512 * the "sname" field. Where each option is completely
1513 * enclosed in the "file" and/or "sname" field, AND
1514 * followed by the "end of option", and MUST be followed
1515 * by padding option.
1517 * Yuck. That sucks...
1519 packet->data_len = dhcp_size;
1523 * FIXME: This may set it to broadcast, which we don't
1524 * want. Instead, set it to the real address of the
1527 packet->src_ipaddr = original->dst_ipaddr;
1529 packet->sockfd = original->sockfd;
1532 if (packet->data_len < DEFAULT_PACKET_SIZE) {
1533 memset(packet->data + packet->data_len, 0,
1534 DEFAULT_PACKET_SIZE - packet->data_len);
1535 packet->data_len = DEFAULT_PACKET_SIZE;
1538 if ((fr_debug_flag > 2) && fr_log_fp) {
1539 for (i = 0; i < packet->data_len; i++) {
1540 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", i);
1541 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1542 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1544 fprintf(fr_log_fp, "\n");
1550 int fr_dhcp_add_arp_entry(int fd, const char *interface,
1551 VALUE_PAIR *macaddr, VALUE_PAIR *ip)
1554 struct sockaddr_in *sin;
1557 if (macaddr->length > sizeof (req.arp_ha.sa_data)) {
1558 fr_strerror_printf("ERROR: DHCP only supports up to %u octets for "
1559 "Client Hardware Address (got %zu octets)\n",
1560 sizeof(req.arp_ha.sa_data),
1565 memset(&req, 0, sizeof(req));
1566 sin = (struct sockaddr_in *) &req.arp_pa;
1567 sin->sin_family = AF_INET;
1568 sin->sin_addr.s_addr = ip->vp_ipaddr;
1569 strlcpy(req.arp_dev, interface, sizeof(req.arp_dev));
1570 memcpy(&req.arp_ha.sa_data, macaddr->vp_octets, macaddr->length);
1572 req.arp_flags = ATF_COM;
1573 if (ioctl(fd, SIOCSARP, &req) < 0) {
1574 fr_strerror_printf("DHCP: Failed to add entry in ARP cache: %s (%d)",
1575 strerror(errno), errno);
1581 fd = fd; /* -Wunused */
1582 interface = interface; /* -Wunused */
1583 macaddr = macaddr; /* -Wunused */
1584 ip = ip; /* -Wunused */
1586 fr_strerror_printf("Adding ARP entry is unsupported on this system");
1591 #endif /* WITH_DHCP */
projects / freeradius.git / blob