2 * dhcp.c Functions to send/receive dhcp packets.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/libradius.h>
28 #include <freeradius-devel/udpfromto.h>
29 #include <freeradius-devel/dhcp.h>
32 * This doesn't appear to work right now.
38 #include <sys/ioctl.h>
40 #ifdef HAVE_SYS_SOCKET_H
41 #include <sys/socket.h>
43 #ifdef HAVE_SYS_TYPES_H
44 #include <sys/types.h>
47 #include <net/if_arp.h>
50 #define DHCP_CHADDR_LEN (16)
51 #define DHCP_SNAME_LEN (64)
52 #define DHCP_FILE_LEN (128)
53 #define DHCP_VEND_LEN (308)
54 #define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
56 #ifndef INADDR_BROADCAST
57 #define INADDR_BROADCAST INADDR_NONE
60 typedef struct dhcp_packet_t {
66 uint16_t secs; /* 8 */
68 uint32_t ciaddr; /* 12 */
69 uint32_t yiaddr; /* 16 */
70 uint32_t siaddr; /* 20 */
71 uint32_t giaddr; /* 24 */
72 uint8_t chaddr[DHCP_CHADDR_LEN]; /* 28 */
73 uint8_t sname[DHCP_SNAME_LEN]; /* 44 */
74 uint8_t file[DHCP_FILE_LEN]; /* 108 */
75 uint32_t option_format; /* 236 */
76 uint8_t options[DHCP_VEND_LEN];
79 typedef struct dhcp_option_t {
85 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 DISCOVER
86 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 OFFER
87 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 REQUEST
88 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 ACK
90 static const char *dhcp_header_names[] = {
93 "DHCP-Hardware-Address-Length",
95 "DHCP-Transaction-Id",
96 "DHCP-Number-of-Seconds",
98 "DHCP-Client-IP-Address",
99 "DHCP-Your-IP-Address",
100 "DHCP-Server-IP-Address",
101 "DHCP-Gateway-IP-Address",
102 "DHCP-Client-Hardware-Address",
103 "DHCP-Server-Host-Name",
104 "DHCP-Boot-Filename",
109 static const char *dhcp_message_types[] = {
122 static int dhcp_header_sizes[] = {
133 * Some clients silently ignore responses less than 300 bytes.
135 #define MIN_PACKET_SIZE (244)
136 #define DEFAULT_PACKET_SIZE (300)
137 #define MAX_PACKET_SIZE (1500 - 40)
139 #define DHCP_OPTION_FIELD (0)
140 #define DHCP_FILE_FIELD (1)
141 #define DHCP_SNAME_FIELD (2)
143 static uint8_t *dhcp_get_option(dhcp_packet_t *packet, size_t packet_size,
148 int field = DHCP_OPTION_FIELD;
150 uint8_t *data = packet->options;
153 size = packet_size - offsetof(dhcp_packet_t, options);
154 data = &packet->options[where];
156 while (where < size) {
157 if (data[0] == 0) { /* padding */
162 if (data[0] == 255) { /* end of options */
163 if ((field == DHCP_OPTION_FIELD) &&
164 (overload & DHCP_FILE_FIELD)) {
167 size = sizeof(packet->file);
168 field = DHCP_FILE_FIELD;
171 } else if ((field == DHCP_FILE_FIELD) &&
172 (overload && DHCP_SNAME_FIELD)) {
173 data = packet->sname;
175 size = sizeof(packet->sname);
176 field = DHCP_SNAME_FIELD;
184 * We MUST have a real option here.
186 if ((where + 2) > size) {
187 fr_strerror_printf("Options overflow field at %u",
188 (unsigned int) (data - (uint8_t *) packet));
192 if ((where + 2 + data[1]) > size) {
193 fr_strerror_printf("Option length overflows field at %u",
194 (unsigned int) (data - (uint8_t *) packet));
198 if (data[0] == option) return data;
200 if (data[0] == 52) { /* overload sname and/or file */
204 where += data[1] + 2;
212 * DHCPv4 is only for IPv4. Broadcast only works if udpfromto is
215 RADIUS_PACKET *fr_dhcp_recv(int sockfd)
218 struct sockaddr_storage src;
219 struct sockaddr_storage dst;
220 socklen_t sizeof_src;
221 socklen_t sizeof_dst;
222 RADIUS_PACKET *packet;
226 packet = rad_alloc(0);
228 fr_strerror_printf("Failed allocating packet");
231 memset(packet, 0, sizeof(*packet));
233 packet->data = malloc(MAX_PACKET_SIZE);
235 fr_strerror_printf("Failed in malloc");
240 packet->sockfd = sockfd;
241 sizeof_src = sizeof(src);
242 #ifdef WITH_UDPFROMTO
243 sizeof_dst = sizeof(dst);
244 packet->data_len = recvfromto(sockfd, packet->data, MAX_PACKET_SIZE, 0,
245 (struct sockaddr *)&src, &sizeof_src,
246 (struct sockaddr *)&dst, &sizeof_dst);
248 packet->data_len = recvfrom(sockfd, packet->data, MAX_PACKET_SIZE, 0,
249 (struct sockaddr *)&src, &sizeof_src);
252 if (packet->data_len <= 0) {
253 fr_strerror_printf("Failed reading DHCP socket: %s", strerror(errno));
258 if (packet->data_len < MIN_PACKET_SIZE) {
259 fr_strerror_printf("DHCP packet is too small (%d < %d)",
260 (int) packet->data_len, MIN_PACKET_SIZE);
265 if (packet->data[1] != 1) {
266 fr_strerror_printf("DHCP can only receive ethernet requests, not type %02x",
272 if (packet->data[2] != 6) {
273 fr_strerror_printf("Ethernet HW length is wrong length %d",
279 memcpy(&magic, packet->data + 236, 4);
280 magic = ntohl(magic);
281 if (magic != DHCP_OPTION_MAGIC_NUMBER) {
282 fr_strerror_printf("Cannot do BOOTP");
288 * Create unique keys for the packet.
290 memcpy(&magic, packet->data + 4, 4);
291 packet->id = ntohl(magic);
293 code = dhcp_get_option((dhcp_packet_t *) packet->data,
294 packet->data_len, 53);
296 fr_strerror_printf("No message-type option was found in the packet");
301 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
302 fr_strerror_printf("Unknown value for message-type option");
307 packet->code = code[2] | PW_DHCP_OFFSET;
310 * Create a unique vector from the MAC address and the
311 * DHCP opcode. This is a hack for the RADIUS
312 * infrastructure in the rest of the server.
314 * Note: packet->data[2] == 6, which is smaller than
315 * sizeof(packet->vector)
317 * FIXME: Look for client-identifier in packet,
320 memset(packet->vector, 0, sizeof(packet->vector));
321 memcpy(packet->vector, packet->data + 28, packet->data[2]);
322 packet->vector[packet->data[2]] = packet->code & 0xff;
325 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
326 * FIXME: for OFFER / ACK : src_port = dst_port - 1
330 * Unique keys are xid, client mac, and client ID?
334 * FIXME: More checks, like DHCP packet type?
337 sizeof_dst = sizeof(dst);
339 #ifndef WITH_UDPFROMTO
341 * This should never fail...
343 if (getsockname(sockfd, (struct sockaddr *) &dst, &sizeof_dst) < 0) {
344 fr_strerror_printf("getsockname failed: %s", strerror(errno));
350 fr_sockaddr2ipaddr(&dst, sizeof_dst, &packet->dst_ipaddr, &port);
351 packet->dst_port = port;
353 fr_sockaddr2ipaddr(&src, sizeof_src, &packet->src_ipaddr, &port);
354 packet->src_port = port;
356 if (fr_debug_flag > 1) {
358 const char *name = type_buf;
359 char src_ip_buf[256], dst_ip_buf[256];
361 if ((packet->code >= PW_DHCP_DISCOVER) &&
362 (packet->code <= PW_DHCP_INFORM)) {
363 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
365 snprintf(type_buf, sizeof(type_buf), "%d",
366 packet->code - PW_DHCP_OFFSET);
369 DEBUG("Received %s of id %08x from %s:%d to %s:%d\n",
370 name, (unsigned int) packet->id,
371 inet_ntop(packet->src_ipaddr.af,
372 &packet->src_ipaddr.ipaddr,
373 src_ip_buf, sizeof(src_ip_buf)),
375 inet_ntop(packet->dst_ipaddr.af,
376 &packet->dst_ipaddr.ipaddr,
377 dst_ip_buf, sizeof(dst_ip_buf)),
386 * Send a DHCP packet.
388 int fr_dhcp_send(RADIUS_PACKET *packet)
390 struct sockaddr_storage dst;
391 socklen_t sizeof_dst;
392 #ifdef WITH_UDPFROMTO
393 struct sockaddr_storage src;
394 socklen_t sizeof_src;
397 if (!fr_ipaddr2sockaddr(&packet->dst_ipaddr, packet->dst_port,
398 &dst, &sizeof_dst)) {
403 * The client doesn't yet have an IP address, but is
404 * expecting an ethernet packet unicast to it's MAC
405 * address. We need to build a raw frame.
407 if (packet->offset == 0) {
409 * FIXME: Insert code here!
413 #ifndef WITH_UDPFROMTO
415 * Assume that the packet is encoded before sending it.
417 return sendto(packet->sockfd, packet->data, packet->data_len, 0,
418 (struct sockaddr *)&dst, sizeof_dst);
420 if (!fr_ipaddr2sockaddr(&packet->src_ipaddr, packet->src_port,
421 &src, &sizeof_src)) {
425 return sendfromto(packet->sockfd,
426 packet->data, packet->data_len, 0,
427 (struct sockaddr *)&src, sizeof_src,
428 (struct sockaddr *)&dst, sizeof_dst);
432 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen);
434 static int decode_tlv(VALUE_PAIR *tlv, const uint8_t *data, size_t data_len)
437 VALUE_PAIR *head, **tail, *vp;
440 * Take a pass at parsing it.
443 while (p < (data + data_len)) {
444 if ((p + 2) > (data + data_len)) goto make_tlv;
446 if ((p + p[1] + 2) > (data + data_len)) goto make_tlv;
451 * Got here... must be well formed.
457 while (p < (data + data_len)) {
458 vp = paircreate(tlv->da->attr | (p[0] << 8), DHCP_MAGIC_VENDOR);
464 if (fr_dhcp_attr2vp(vp, p + 2, p[1]) < 0) {
475 * The caller allocated TLV, so we need to copy the FIRST
476 * attribute over top of that.
479 memcpy(tlv, head, sizeof(*tlv));
487 tlv->vp_tlv = malloc(data_len);
489 fr_strerror_printf("No memory");
492 memcpy(tlv->vp_tlv, data, data_len);
493 tlv->length = data_len;
500 * Decode ONE value into a VP
502 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen)
504 switch (vp->da->type) {
506 if (alen != 1) goto raw;
507 vp->vp_integer = p[0];
511 if (alen != 2) goto raw;
512 vp->vp_integer = (p[0] << 8) | p[1];
515 case PW_TYPE_INTEGER:
516 if (alen != 4) goto raw;
517 memcpy(&vp->vp_integer, p, 4);
518 vp->vp_integer = ntohl(vp->vp_integer);
522 if (alen != 4) goto raw;
523 memcpy(&vp->vp_ipaddr, p , 4);
528 if (alen > 253) return -1;
529 memcpy(vp->vp_strvalue, p , alen);
530 vp->vp_strvalue[alen] = '\0';
534 * Value doesn't match up with attribute type, overwrite the
535 * vp's original DICT_ATTR with an unknown one.
538 if (pair2unknown(vp) < 0) return -1;
541 if (alen > 253) return -1;
542 memcpy(vp->vp_octets, p, alen);
546 return decode_tlv(vp, p, alen);
549 fr_strerror_printf("Internal sanity check %d %d", vp->da->type, __LINE__);
551 } /* switch over type */
557 ssize_t fr_dhcp_decode_options(uint8_t *data, size_t len, VALUE_PAIR **head)
560 VALUE_PAIR *vp, **tail;
567 * FIXME: This should also check sname && file fields.
568 * See the dhcp_get_option() function above.
570 while (next < (data + len)) {
571 int num_entries, alen;
577 if (*p == 255) break; /* end of options signifier */
578 if ((p + 2) > (data + len)) break;
583 fr_strerror_printf("Attribute too long %u %u",
588 da = dict_attrbyvalue(p[0], DHCP_MAGIC_VENDOR);
590 fr_strerror_printf("Attribute not in our dictionary: %u",
601 * Could be an array of bytes, integers, etc.
603 if (da->flags.array) {
610 case PW_TYPE_SHORT: /* ignore any trailing data */
611 num_entries = alen >> 1;
616 case PW_TYPE_INTEGER:
617 case PW_TYPE_DATE: /* ignore any trailing data */
618 num_entries = alen >> 2;
624 break; /* really an internal sanity failure */
629 * Loop over all of the entries, building VPs
631 for (i = 0; i < num_entries; i++) {
632 vp = pairmake(da->name, NULL, T_OP_ADD);
634 fr_strerror_printf("Cannot build attribute %s",
641 * Hack for ease of use.
643 if (fr_dhcp_attr2vp(vp, p, alen) < 0) {
652 tail = &(*tail)->next;
655 } /* loop over array entries */
656 } /* loop over the entire packet */
661 int fr_dhcp_decode(RADIUS_PACKET *packet)
666 VALUE_PAIR *head, *vp, **tail;
667 VALUE_PAIR *maxms, *mtu;
673 if ((fr_debug_flag > 2) && fr_log_fp) {
674 for (i = 0; i < packet->data_len; i++) {
675 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", (int) i);
676 fprintf(fr_log_fp, "%02x ", packet->data[i]);
677 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
679 fprintf(fr_log_fp, "\n");
682 if (packet->data[1] != 1) {
683 fr_strerror_printf("Packet is not Ethernet: %u",
691 for (i = 0; i < 14; i++) {
692 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
694 fr_strerror_printf("Parse error %s", fr_strerror());
700 (packet->data[1] == 1) &&
701 (packet->data[2] != 6)) {
702 fr_strerror_printf("chaddr of incorrect length for ethernet");
705 switch (vp->da->type) {
707 vp->vp_integer = p[0];
712 vp->vp_integer = (p[0] << 8) | p[1];
716 case PW_TYPE_INTEGER:
717 memcpy(&vp->vp_integer, p, 4);
718 vp->vp_integer = ntohl(vp->vp_integer);
723 memcpy(&vp->vp_ipaddr, p, 4);
728 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
729 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
730 vp->length = strlen(vp->vp_strvalue);
731 if (vp->length == 0) {
737 memcpy(vp->vp_octets, p, packet->data[2]);
738 vp->length = packet->data[2];
741 case PW_TYPE_ETHERNET:
742 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
743 vp->length = sizeof(vp->vp_ether);
747 fr_strerror_printf("BAD TYPE %d", vp->da->type);
751 p += dhcp_header_sizes[i];
761 * Loop over the options.
765 * Nothing uses tail after this call, if it does in the future
766 * it'll need to find the new tail...
768 if (fr_dhcp_decode_options(packet->data + 240, packet->data_len - 240,
774 * If DHCP request, set ciaddr to zero.
778 * Set broadcast flag for broken vendors, but only if
781 memcpy(&giaddr, packet->data + 24, sizeof(giaddr));
782 if (giaddr == htonl(INADDR_ANY)) {
784 * DHCP Opcode is request
786 vp = pairfind(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
787 if (vp && vp->vp_integer == 3) {
789 * Vendor is "MSFT 98"
791 vp = pairfind(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY);
792 if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
793 vp = pairfind(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
796 * Reply should be broadcast.
798 if (vp) vp->vp_integer |= 0x8000;
799 packet->data[10] |= 0x80;
805 * FIXME: Nuke attributes that aren't used in the normal
806 * header for discover/requests.
811 * Client can request a LARGER size, but not a smaller
812 * one. They also cannot request a size larger than MTU.
814 maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
815 mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY);
817 if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
818 fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification.");
822 if (maxms && (maxms->vp_integer < DEFAULT_PACKET_SIZE)) {
823 fr_strerror_printf("DHCP WARNING: Client says maximum message size is smaller than minimum permitted by the specification: fixing it");
824 maxms->vp_integer = DEFAULT_PACKET_SIZE;
827 if (maxms && mtu && (maxms->vp_integer > mtu->vp_integer)) {
828 fr_strerror_printf("DHCP WARNING: Client says MTU is smaller than maximum message size: fixing it");
829 maxms->vp_integer = mtu->vp_integer;
832 if (fr_debug_flag > 0) {
833 for (vp = packet->vps; vp != NULL; vp = vp->next) {
838 if (fr_debug_flag) fflush(stdout);
844 static int attr_cmp(const void *one, const void *two)
846 const VALUE_PAIR * const *a = one;
847 const VALUE_PAIR * const *b = two;
850 * DHCP-Message-Type is first, for simplicity.
852 if (((*a)->da->attr == 53) &&
853 (*b)->da->attr != 53) return -1;
856 * Relay-Agent is last
858 if (((*a)->da->attr == 82) &&
859 (*b)->da->attr != 82) return +1;
861 return ((*a)->da->attr - (*b)->da->attr);
865 static size_t fr_dhcp_vp2attr(VALUE_PAIR *vp, uint8_t *p, size_t room)
873 room = room; /* -Wunused */
876 * Search for all attributes of the same
877 * type, and pack them into the same
880 switch (vp->da->type) {
883 *p = vp->vp_integer & 0xff;
888 p[0] = (vp->vp_integer >> 8) & 0xff;
889 p[1] = vp->vp_integer & 0xff;
892 case PW_TYPE_INTEGER:
894 lvalue = htonl(vp->vp_integer);
895 memcpy(p, &lvalue, 4);
900 memcpy(p, &vp->vp_ipaddr, 4);
903 case PW_TYPE_ETHERNET:
905 memcpy(p, &vp->vp_ether, 6);
909 memcpy(p, vp->vp_strvalue, vp->length);
913 case PW_TYPE_TLV: /* FIXME: split it on 255? */
914 memcpy(p, vp->vp_tlv, vp->length);
919 memcpy(p, vp->vp_octets, vp->length);
924 fr_strerror_printf("BAD TYPE2 %d", vp->da->type);
932 static VALUE_PAIR *fr_dhcp_vp2suboption(VALUE_PAIR *vps)
935 unsigned int attribute;
937 VALUE_PAIR *vp, *tlv;
939 attribute = vps->da->attr & 0xffff00ff;
941 tlv = paircreate(attribute, DHCP_MAGIC_VENDOR);
942 if (!tlv) return NULL;
945 for (vp = vps; vp != NULL; vp = vp->next) {
947 * Group the attributes ONLY until we see a
950 if (!vp->da->flags.is_tlv ||
951 vp->da->flags.extended ||
952 ((vp->da->attr & 0xffff00ff) != attribute)) {
956 tlv->length += vp->length + 2;
964 tlv->vp_tlv = malloc(tlv->length);
971 for (vp = vps; vp != NULL; vp = vp->next) {
972 if (!vp->da->flags.is_tlv ||
973 vp->da->flags.extended ||
974 ((vp->da->attr & 0xffff00ff) != attribute)) {
978 length = fr_dhcp_vp2attr(vp, ptr + 2,
979 tlv->vp_tlv + tlv->length - ptr);
980 if (length > 255) return NULL;
983 * Pack the attribute.
985 ptr[0] = (vp->da->attr & 0xff00) >> 8;
995 int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original)
997 unsigned int i, num_vps;
1000 uint32_t lvalue, mms;
1001 size_t dhcp_size, length;
1002 dhcp_packet_t *dhcp;
1004 if (packet->data) return 0;
1006 packet->data = malloc(MAX_PACKET_SIZE);
1007 if (!packet->data) return -1;
1009 packet->data_len = MAX_PACKET_SIZE;
1011 if (packet->code == 0) packet->code = PW_DHCP_NAK;
1014 * If there's a request, use it as a template.
1015 * Otherwise, assume that the caller has set up
1016 * everything appropriately.
1019 packet->dst_ipaddr.af = AF_INET;
1020 packet->src_ipaddr.af = AF_INET;
1022 packet->dst_port = original->src_port;
1023 packet->src_port = original->dst_port;
1026 * Note that for DHCP, we NEVER send the response
1027 * to the source IP address of the request. It
1028 * may have traversed multiple relays, and we
1029 * need to send the request to the relay closest
1032 * if giaddr, send to giaddr.
1033 * if NAK, send broadcast.
1034 * if broadcast flag, send broadcast.
1035 * if ciaddr is empty, send broadcast.
1036 * otherwise unicast to ciaddr.
1040 * FIXME: alignment issues. We likely don't want to
1041 * de-reference the packet structure directly..
1043 dhcp = (dhcp_packet_t *) original->data;
1046 * Default to sending it via sendto(), without using
1051 if (dhcp->giaddr != htonl(INADDR_ANY)) {
1052 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->giaddr;
1054 if (dhcp->giaddr != htonl(INADDR_LOOPBACK)) {
1055 packet->dst_port = original->dst_port;
1057 packet->dst_port = original->src_port; /* debugging */
1060 } else if ((packet->code == PW_DHCP_NAK) ||
1061 ((dhcp->flags & 0x8000) != 0) ||
1062 (dhcp->ciaddr == htonl(INADDR_ANY))) {
1064 * The kernel will take care of sending it to
1065 * the broadcast MAC.
1067 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_BROADCAST);
1071 * It was broadcast to us: we need to
1072 * broadcast the response.
1074 if (packet->src_ipaddr.ipaddr.ip4addr.s_addr != dhcp->ciaddr) {
1077 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->ciaddr;
1081 * Rewrite the source IP to be our own, if we know it.
1083 if (packet->src_ipaddr.ipaddr.ip4addr.s_addr == htonl(INADDR_BROADCAST)) {
1084 packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_ANY);
1087 memset(packet->data, 0, packet->data_len);
1090 if (fr_debug_flag > 1) {
1092 const char *name = type_buf;
1093 char src_ip_buf[256], dst_ip_buf[256];
1095 if ((packet->code >= PW_DHCP_DISCOVER) &&
1096 (packet->code <= PW_DHCP_INFORM)) {
1097 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
1099 snprintf(type_buf, sizeof(type_buf), "%d",
1100 packet->code - PW_DHCP_OFFSET);
1103 DEBUG("Sending %s of id %08x from %s:%d to %s:%d\n",
1104 name, (unsigned int) packet->id,
1105 inet_ntop(packet->src_ipaddr.af,
1106 &packet->src_ipaddr.ipaddr,
1107 src_ip_buf, sizeof(src_ip_buf)),
1109 inet_ntop(packet->dst_ipaddr.af,
1110 &packet->dst_ipaddr.ipaddr,
1111 dst_ip_buf, sizeof(dst_ip_buf)),
1114 if (fr_debug_flag) {
1115 for (i = 256; i < 269; i++) {
1116 vp = pairfind(packet->vps, i, DHCP_MAGIC_VENDOR, TAG_ANY);
1126 mms = DEFAULT_PACKET_SIZE; /* maximum message size */
1130 * Clients can request a LARGER size, but not a
1131 * smaller one. They also cannot request a size
1134 vp = pairfind(original->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
1135 if (vp && (vp->vp_integer > mms)) {
1136 mms = vp->vp_integer;
1138 if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE;
1143 * RFC 3118: Authentication option.
1145 vp = pairfind(packet->vps, 90, DHCP_MAGIC_VENDOR, TAG_ANY);
1147 if (vp->length < 2) {
1148 memset(vp->vp_octets + vp->length, 0,
1153 if (vp->length < 3) {
1156 gettimeofday(&tv, NULL);
1157 vp->vp_octets[2] = 0;
1158 timeval2ntp(&tv, vp->vp_octets + 3);
1163 * Configuration token (clear-text token)
1165 if (vp->vp_octets[0] == 0) {
1167 vp->vp_octets[1] = 0;
1169 pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, DHCP_MAGIC_VENDOR, TAG_ANY);
1171 length = pass->length;
1172 if ((length + 11) > sizeof(vp->vp_octets)) {
1173 length -= ((length + 11) - sizeof(vp->vp_octets));
1175 memcpy(vp->vp_octets + 11, pass->vp_strvalue,
1177 vp->length = length + 11;
1179 vp->length = 11 + 8;
1180 memset(vp->vp_octets + 11, 0, 8);
1181 vp->length = 11 + 8;
1183 } else { /* we don't support this type! */
1184 fr_strerror_printf("DHCP-Authentication %d unsupported",
1189 vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
1191 *p++ = vp->vp_integer & 0xff;
1194 *p++ = 1; /* client message */
1196 *p++ = 2; /* server message */
1199 *p++ = 1; /* hardware type = ethernet */
1200 *p++ = 6; /* 6 bytes of ethernet */
1202 vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY);
1204 *p++ = vp->vp_integer & 0xff;
1206 *p++ = 0; /* hops */
1209 if (original) { /* Xid */
1210 memcpy(p, original->data + 4, 4);
1213 memcpy(p, &lvalue, 4);
1217 memset(p, 0, 2); /* secs are zero */
1221 memcpy(p, original->data + 10, 6); /* copy flags && ciaddr */
1225 * Allow the admin to set the broadcast flag.
1227 vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
1229 p[0] |= (vp->vp_integer & 0xff00) >> 8;
1230 p[1] |= (vp->vp_integer & 0xff);
1236 * Set client IP address.
1238 vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* Your IP address */
1240 lvalue = vp->vp_ipaddr;
1242 lvalue = htonl(INADDR_ANY);
1244 memcpy(p, &lvalue, 4); /* your IP address */
1247 vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY); /* server IP address */
1248 if (!vp) vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY); /* identifier */
1250 lvalue = vp->vp_ipaddr;
1252 lvalue = htonl(INADDR_ANY);
1254 memcpy(p, &lvalue, 4); /* Server IP address */
1258 memcpy(p, original->data + 24, 4); /* copy gateway IP address */
1260 vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY);
1262 lvalue = vp->vp_ipaddr;
1264 lvalue = htonl(INADDR_NONE);
1266 memcpy(p, &lvalue, 4);
1271 memcpy(p, original->data + 28, DHCP_CHADDR_LEN);
1273 vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY);
1275 if (vp->length > DHCP_CHADDR_LEN) {
1276 memcpy(p, vp->vp_octets, DHCP_CHADDR_LEN);
1278 memcpy(p, vp->vp_octets, vp->length);
1282 p += DHCP_CHADDR_LEN;
1285 * Zero our sname && filename fields.
1287 memset(p, 0, DHCP_SNAME_LEN + DHCP_FILE_LEN);
1288 p += DHCP_SNAME_LEN;
1291 * Copy over DHCP-Boot-Filename.
1293 * FIXME: This copy should be delayed until AFTER the options
1294 * have been processed. If there are too many options for
1295 * the packet, then they go into the sname && filename fields.
1296 * When that happens, the boot filename is passed as an option,
1297 * instead of being placed verbatim in the filename field.
1299 vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY);
1301 if (vp->length > DHCP_FILE_LEN) {
1302 memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
1304 memcpy(p, vp->vp_strvalue, vp->length);
1309 lvalue = htonl(DHCP_OPTION_MAGIC_NUMBER); /* DHCP magic number */
1310 memcpy(p, &lvalue, 4);
1316 if (fr_debug_flag > 1) {
1321 for (i = 0; i < 14; i++) {
1322 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
1324 fr_strerror_printf("Parse error %s", fr_strerror());
1328 switch (vp->da->type) {
1330 vp->vp_integer = p[0];
1335 vp->vp_integer = (p[0] << 8) | p[1];
1339 case PW_TYPE_INTEGER:
1340 memcpy(&vp->vp_integer, p, 4);
1341 vp->vp_integer = ntohl(vp->vp_integer);
1345 case PW_TYPE_IPADDR:
1346 memcpy(&vp->vp_ipaddr, p, 4);
1350 case PW_TYPE_STRING:
1351 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
1352 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
1353 vp->length = strlen(vp->vp_strvalue);
1356 case PW_TYPE_OCTETS: /* only for Client HW Address */
1357 memcpy(vp->vp_octets, p, packet->data[2]);
1358 vp->length = packet->data[2];
1361 case PW_TYPE_ETHERNET: /* only for Client HW Address */
1362 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1363 vp->length = sizeof(vp->vp_ether);
1367 fr_strerror_printf("Internal sanity check failed %d %d", vp->da->type, __LINE__);
1372 p += dhcp_header_sizes[i];
1379 * Jump over DHCP magic number, response, etc.
1385 * Before packing the attributes, re-order them so that
1386 * the array ones are all contiguous. This simplifies
1390 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1394 VALUE_PAIR **array, **last;
1396 array = malloc(num_vps * sizeof(VALUE_PAIR *));
1399 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1404 * Sort the attributes.
1406 qsort(array, (size_t) num_vps, sizeof(VALUE_PAIR *),
1409 last = &packet->vps;
1410 for (i = 0; i < num_vps; i++) {
1412 array[i]->next = NULL;
1413 last = &(array[i]->next);
1418 p[0] = 0x35; /* DHCP-Message-Type */
1420 p[2] = packet->code - PW_DHCP_OFFSET;
1424 * Pack in the attributes.
1428 unsigned int num_entries = 1;
1430 uint8_t *plength, *pattr;
1432 if (vp->da->vendor != DHCP_MAGIC_VENDOR) goto next;
1433 if (vp->da->attr == 53) goto next; /* already done */
1434 if ((vp->da->attr > 255) &&
1435 (DHCP_BASE_ATTR(vp->da->attr) != PW_DHCP_OPTION_82)) goto next;
1438 if (vp->da->flags.extended) goto next;
1440 length = vp->length;
1442 for (same = vp->next; same != NULL; same = same->next) {
1443 if (same->da->attr != vp->da->attr) break;
1448 * For client-identifier
1449 * @fixme What's this meant to be doing?!
1452 if ((vp->da->type == PW_TYPE_ETHERNET) &&
1453 (vp->length == 6) &&
1454 (num_entries == 1)) {
1455 vp->da->type = PW_TYPE_OCTETS;
1456 memmove(vp->vp_octets + 1, vp->vp_octets, 6);
1457 vp->vp_octets[0] = 1;
1461 *(p++) = vp->da->attr & 0xff;
1463 *(p++) = 0; /* header isn't included in attr length */
1465 for (i = 0; i < num_entries; i++) {
1468 if (vp->da->flags.is_tlv) {
1472 * Should NOT have been encoded yet!
1474 tlv = fr_dhcp_vp2suboption(vp);
1477 * Ignore it if there's an issue
1480 if (!tlv) goto next;
1482 tlv->next = vp->next;
1487 length = fr_dhcp_vp2attr(vp, p, 0);
1490 * This will never happen due to FreeRADIUS
1491 * limitations: sizeof(vp->vp_octets) < 255
1494 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->da->name);
1499 * More than one attribute of the same type
1500 * in a row: they are packed together
1501 * into the same TLV. If we overflow,
1504 if ((*plength + length) > 255) {
1505 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->da->name);
1513 (vp->next->da->attr == vp->da->attr))
1515 } /* loop over num_entries */
1521 p[0] = 0xff; /* end of option option */
1524 dhcp_size = p - packet->data;
1527 * FIXME: if (dhcp_size > mms),
1528 * then we put the extra options into the "sname" and "file"
1529 * fields, AND set the "end option option" in the "options"
1530 * field. We also set the "overload option",
1531 * and put options into the "file" field, followed by
1532 * the "sname" field. Where each option is completely
1533 * enclosed in the "file" and/or "sname" field, AND
1534 * followed by the "end of option", and MUST be followed
1535 * by padding option.
1537 * Yuck. That sucks...
1539 packet->data_len = dhcp_size;
1543 * FIXME: This may set it to broadcast, which we don't
1544 * want. Instead, set it to the real address of the
1547 packet->src_ipaddr = original->dst_ipaddr;
1549 packet->sockfd = original->sockfd;
1552 if (packet->data_len < DEFAULT_PACKET_SIZE) {
1553 memset(packet->data + packet->data_len, 0,
1554 DEFAULT_PACKET_SIZE - packet->data_len);
1555 packet->data_len = DEFAULT_PACKET_SIZE;
1558 if ((fr_debug_flag > 2) && fr_log_fp) {
1559 for (i = 0; i < packet->data_len; i++) {
1560 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", i);
1561 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1562 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1564 fprintf(fr_log_fp, "\n");
1570 int fr_dhcp_add_arp_entry(int fd, const char *interface,
1571 VALUE_PAIR *macaddr, VALUE_PAIR *ip)
1574 struct sockaddr_in *sin;
1577 if (macaddr->length > sizeof (req.arp_ha.sa_data)) {
1578 fr_strerror_printf("ERROR: DHCP only supports up to %zu octets "
1579 "for Client Hardware Address "
1580 "(got %zu octets)\n",
1581 sizeof(req.arp_ha.sa_data),
1586 memset(&req, 0, sizeof(req));
1587 sin = (struct sockaddr_in *) &req.arp_pa;
1588 sin->sin_family = AF_INET;
1589 sin->sin_addr.s_addr = ip->vp_ipaddr;
1590 strlcpy(req.arp_dev, interface, sizeof(req.arp_dev));
1591 memcpy(&req.arp_ha.sa_data, macaddr->vp_octets, macaddr->length);
1593 req.arp_flags = ATF_COM;
1594 if (ioctl(fd, SIOCSARP, &req) < 0) {
1595 fr_strerror_printf("DHCP: Failed to add entry in ARP cache: %s (%d)",
1596 strerror(errno), errno);
1602 fd = fd; /* -Wunused */
1603 interface = interface; /* -Wunused */
1604 macaddr = macaddr; /* -Wunused */
1605 ip = ip; /* -Wunused */
1607 fr_strerror_printf("Adding ARP entry is unsupported on this system");
1612 #endif /* WITH_DHCP */