2 * dhcp.c Functions to send/receive dhcp packets.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * the Free Software Foundation; either version 2 of the License, or (at
9 * your option) any later version. either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 * Copyright 2008 The FreeRADIUS server project
22 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
27 #include <freeradius-devel/libradius.h>
28 #include <freeradius-devel/udpfromto.h>
29 #include <freeradius-devel/dhcp.h>
30 #include <freeradius-devel/net.h>
33 #include <sys/ioctl.h>
36 #ifdef HAVE_SYS_SOCKET_H
37 #include <sys/socket.h>
39 #ifdef HAVE_SYS_TYPES_H
40 #include <sys/types.h>
44 #include <net/if_arp.h>
47 #define DHCP_CHADDR_LEN (16)
48 #define DHCP_SNAME_LEN (64)
49 #define DHCP_FILE_LEN (128)
50 #define DHCP_VEND_LEN (308)
51 #define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
53 #ifndef INADDR_BROADCAST
54 #define INADDR_BROADCAST INADDR_NONE
57 /* @todo: this is a hack */
58 # define DEBUG if (fr_debug_flag && fr_log_fp) fr_printf_log
59 # define debug_pair(vp) do { if (fr_debug_flag && fr_log_fp) { \
60 vp_print(fr_log_fp, vp); \
64 #ifdef HAVE_LINUX_IF_PACKET_H
65 #define ETH_HDR_SIZE 14
66 #define IP_HDR_SIZE 20
67 #define UDP_HDR_SIZE 8
68 #define ETH_ADDR_LEN 6
69 #define ETH_TYPE_IP 0x0800
70 #define ETH_P_ALL 0x0003
72 static uint8_t eth_bcast[ETH_ADDR_LEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
74 /* Discard raw packets which we are not interested in. Allow to trace why we discard. */
75 #define DISCARD_RP(...) { \
76 if (fr_debug_flag > 2) { \
77 fprintf(stdout, "dhcpclient: discarding received packet: "); \
78 fprintf(stdout, ## __VA_ARGS__); \
79 fprintf(stdout, "\n"); \
86 typedef struct dhcp_packet_t {
92 uint16_t secs; /* 8 */
94 uint32_t ciaddr; /* 12 */
95 uint32_t yiaddr; /* 16 */
96 uint32_t siaddr; /* 20 */
97 uint32_t giaddr; /* 24 */
98 uint8_t chaddr[DHCP_CHADDR_LEN]; /* 28 */
99 uint8_t sname[DHCP_SNAME_LEN]; /* 44 */
100 uint8_t file[DHCP_FILE_LEN]; /* 108 */
101 uint32_t option_format; /* 236 */
102 uint8_t options[DHCP_VEND_LEN];
105 typedef struct dhcp_option_t {
111 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 DISCOVER
112 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 OFFER
113 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 REQUEST
114 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 ACK
116 static char const *dhcp_header_names[] = {
118 "DHCP-Hardware-Type",
119 "DHCP-Hardware-Address-Length",
121 "DHCP-Transaction-Id",
122 "DHCP-Number-of-Seconds",
124 "DHCP-Client-IP-Address",
125 "DHCP-Your-IP-Address",
126 "DHCP-Server-IP-Address",
127 "DHCP-Gateway-IP-Address",
128 "DHCP-Client-Hardware-Address",
129 "DHCP-Server-Host-Name",
130 "DHCP-Boot-Filename",
135 static char const *dhcp_message_types[] = {
148 static int dhcp_header_sizes[] = {
159 * Some clients silently ignore responses less than 300 bytes.
161 #define MIN_PACKET_SIZE (244)
162 #define DEFAULT_PACKET_SIZE (300)
163 #define MAX_PACKET_SIZE (1500 - 40)
165 #define DHCP_OPTION_FIELD (0)
166 #define DHCP_FILE_FIELD (1)
167 #define DHCP_SNAME_FIELD (2)
169 static uint8_t *dhcp_get_option(dhcp_packet_t *packet, size_t packet_size,
173 int field = DHCP_OPTION_FIELD;
178 size = packet_size - offsetof(dhcp_packet_t, options);
179 data = &packet->options[where];
181 while (where < size) {
182 if (data[0] == 0) { /* padding */
187 if (data[0] == 255) { /* end of options */
188 if ((field == DHCP_OPTION_FIELD) &&
189 (overload & DHCP_FILE_FIELD)) {
192 size = sizeof(packet->file);
193 field = DHCP_FILE_FIELD;
196 } else if ((field == DHCP_FILE_FIELD) &&
197 (overload & DHCP_SNAME_FIELD)) {
198 data = packet->sname;
200 size = sizeof(packet->sname);
201 field = DHCP_SNAME_FIELD;
209 * We MUST have a real option here.
211 if ((where + 2) > size) {
212 fr_strerror_printf("Options overflow field at %u",
213 (unsigned int) (data - (uint8_t *) packet));
217 if ((where + 2 + data[1]) > size) {
218 fr_strerror_printf("Option length overflows field at %u",
219 (unsigned int) (data - (uint8_t *) packet));
223 if (data[0] == option) return data;
225 if (data[0] == 52) { /* overload sname and/or file */
229 where += data[1] + 2;
237 * DHCPv4 is only for IPv4. Broadcast only works if udpfromto is
240 RADIUS_PACKET *fr_dhcp_recv(int sockfd)
243 struct sockaddr_storage src;
244 struct sockaddr_storage dst;
245 socklen_t sizeof_src;
246 socklen_t sizeof_dst;
247 RADIUS_PACKET *packet;
252 packet = rad_alloc(NULL, false);
254 fr_strerror_printf("Failed allocating packet");
258 packet->data = talloc_zero_array(packet, uint8_t, MAX_PACKET_SIZE);
260 fr_strerror_printf("Out of memory");
265 packet->sockfd = sockfd;
266 sizeof_src = sizeof(src);
267 #ifdef WITH_UDPFROMTO
268 sizeof_dst = sizeof(dst);
269 data_len = recvfromto(sockfd, packet->data, MAX_PACKET_SIZE, 0,
270 (struct sockaddr *)&src, &sizeof_src,
271 (struct sockaddr *)&dst, &sizeof_dst);
273 data_len = recvfrom(sockfd, packet->data, MAX_PACKET_SIZE, 0,
274 (struct sockaddr *)&src, &sizeof_src);
278 fr_strerror_printf("Failed reading DHCP socket: %s", fr_syserror(errno));
283 packet->data_len = data_len;
284 if (packet->data_len < MIN_PACKET_SIZE) {
285 fr_strerror_printf("DHCP packet is too small (%zu < %d)",
286 packet->data_len, MIN_PACKET_SIZE);
291 if (packet->data_len > MAX_PACKET_SIZE) {
292 fr_strerror_printf("DHCP packet is too large (%zx > %d)",
293 packet->data_len, MAX_PACKET_SIZE);
298 if (packet->data[1] != 1) {
299 fr_strerror_printf("DHCP can only receive ethernet requests, not type %02x",
305 if (packet->data[2] != 6) {
306 fr_strerror_printf("Ethernet HW length is wrong length %d",
312 memcpy(&magic, packet->data + 236, 4);
313 magic = ntohl(magic);
314 if (magic != DHCP_OPTION_MAGIC_NUMBER) {
315 fr_strerror_printf("Cannot do BOOTP");
321 * Create unique keys for the packet.
323 memcpy(&magic, packet->data + 4, 4);
324 packet->id = ntohl(magic);
326 code = dhcp_get_option((dhcp_packet_t *) packet->data,
327 packet->data_len, 53);
329 fr_strerror_printf("No message-type option was found in the packet");
334 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
335 fr_strerror_printf("Unknown value for message-type option");
340 packet->code = code[2] | PW_DHCP_OFFSET;
343 * Create a unique vector from the MAC address and the
344 * DHCP opcode. This is a hack for the RADIUS
345 * infrastructure in the rest of the server.
347 * Note: packet->data[2] == 6, which is smaller than
348 * sizeof(packet->vector)
350 * FIXME: Look for client-identifier in packet,
353 memset(packet->vector, 0, sizeof(packet->vector));
354 memcpy(packet->vector, packet->data + 28, packet->data[2]);
355 packet->vector[packet->data[2]] = packet->code & 0xff;
358 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
359 * FIXME: for OFFER / ACK : src_port = dst_port - 1
363 * Unique keys are xid, client mac, and client ID?
367 * FIXME: More checks, like DHCP packet type?
370 sizeof_dst = sizeof(dst);
372 #ifndef WITH_UDPFROMTO
374 * This should never fail...
376 if (getsockname(sockfd, (struct sockaddr *) &dst, &sizeof_dst) < 0) {
377 fr_strerror_printf("getsockname failed: %s", fr_syserror(errno));
383 fr_sockaddr2ipaddr(&dst, sizeof_dst, &packet->dst_ipaddr, &port);
384 packet->dst_port = port;
386 fr_sockaddr2ipaddr(&src, sizeof_src, &packet->src_ipaddr, &port);
387 packet->src_port = port;
389 if (fr_debug_flag > 1) {
391 char const *name = type_buf;
392 char src_ip_buf[256], dst_ip_buf[256];
394 if ((packet->code >= PW_DHCP_DISCOVER) &&
395 (packet->code <= PW_DHCP_INFORM)) {
396 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
398 snprintf(type_buf, sizeof(type_buf), "%d",
399 packet->code - PW_DHCP_OFFSET);
402 DEBUG("Received %s of Id %08x from %s:%d to %s:%d\n",
403 name, (unsigned int) packet->id,
404 inet_ntop(packet->src_ipaddr.af,
405 &packet->src_ipaddr.ipaddr,
406 src_ip_buf, sizeof(src_ip_buf)),
408 inet_ntop(packet->dst_ipaddr.af,
409 &packet->dst_ipaddr.ipaddr,
410 dst_ip_buf, sizeof(dst_ip_buf)),
419 * Send a DHCP packet.
421 int fr_dhcp_send(RADIUS_PACKET *packet)
423 struct sockaddr_storage dst;
424 socklen_t sizeof_dst;
425 #ifdef WITH_UDPFROMTO
426 struct sockaddr_storage src;
427 socklen_t sizeof_src;
429 fr_ipaddr2sockaddr(&packet->src_ipaddr, packet->src_port,
433 fr_ipaddr2sockaddr(&packet->dst_ipaddr, packet->dst_port,
436 if (packet->data_len == 0) {
437 fr_strerror_printf("No data to send");
441 if (fr_debug_flag > 1) {
443 char const *name = type_buf;
444 #ifdef WITH_UDPFROMTO
445 char src_ip_buf[INET6_ADDRSTRLEN];
447 char dst_ip_buf[INET6_ADDRSTRLEN];
449 if ((packet->code >= PW_DHCP_DISCOVER) &&
450 (packet->code <= PW_DHCP_INFORM)) {
451 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
453 snprintf(type_buf, sizeof(type_buf), "%d",
454 packet->code - PW_DHCP_OFFSET);
458 #ifdef WITH_UDPFROMTO
459 "Sending %s Id %08x from %s:%d to %s:%d\n",
461 "Sending %s Id %08x to %s:%d\n",
463 name, (unsigned int) packet->id,
464 #ifdef WITH_UDPFROMTO
465 inet_ntop(packet->src_ipaddr.af, &packet->src_ipaddr.ipaddr, src_ip_buf, sizeof(src_ip_buf)),
468 inet_ntop(packet->dst_ipaddr.af, &packet->dst_ipaddr.ipaddr, dst_ip_buf, sizeof(dst_ip_buf)),
472 #ifndef WITH_UDPFROMTO
474 * Assume that the packet is encoded before sending it.
476 return sendto(packet->sockfd, packet->data, packet->data_len, 0,
477 (struct sockaddr *)&dst, sizeof_dst);
480 return sendfromto(packet->sockfd, packet->data, packet->data_len, 0,
481 (struct sockaddr *)&src, sizeof_src,
482 (struct sockaddr *)&dst, sizeof_dst);
486 static int fr_dhcp_attr2vp(TALLOC_CTX *ctx, VALUE_PAIR **vp_p, uint8_t const *p, size_t alen);
488 /** Returns the number of array members for arrays with fixed element sizes
491 static int fr_dhcp_array_members(size_t *len, DICT_ATTR const *da)
496 * Could be an array of bytes, integers, etc.
498 if (da->flags.array) switch (da->type) {
504 case PW_TYPE_SHORT: /* ignore any trailing data */
505 num_entries = *len >> 1;
509 case PW_TYPE_IPV4_ADDR:
510 case PW_TYPE_INTEGER:
511 case PW_TYPE_DATE: /* ignore any trailing data */
512 num_entries = *len >> 2;
516 case PW_TYPE_IPV6_ADDR:
517 num_entries = *len >> 4;
528 /** RFC 4243 Vendor Specific Suboptions
530 * Vendor specific suboptions are in the format.
533 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
534 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
535 | Enterprise Number 0 |
536 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
538 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
540 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
541 | Enterprise Number n |
542 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
544 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
546 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
549 * So although the vendor is identified, the format of the data isn't specified
550 * so we can't actually resolve the suboption to an attribute.
552 * To get around that, we create an attribute with a vendor matching the
553 * enterprise number, and attr 0.
555 * How the suboption data is then processed, is dependent on what type
556 * \<iana\>.0 is defined as in the dictionary.
558 * @param[in,out] tlv to decode. *tlv will be set to the head of the list of suboptions and original will be freed.
559 * @param[in] ctx context to alloc new attributes in.
560 * @param[in] data to parse.
561 * @param[in] len length of data to parse.
563 static int fr_dhcp_decode_vsa(TALLOC_CTX *ctx, VALUE_PAIR **tlv, uint8_t const *data, size_t len)
565 uint8_t const *p, *q;
570 if (len < 4) goto malformed;
575 if (p + 5 >= q) goto malformed;
576 p += sizeof(uint32_t);
580 * Check if length > the length of the buffer we have left
582 if (p >= q) goto malformed;
587 fr_cursor_init(&cursor, &head);
590 * Now we know its sane, start decoding!
598 vendor = ntohl(*((uint32_t const *) p));
600 * This is pretty much all we can do. RFC 4243 doesn't specify
601 * an attribute field, so it's up to vendors to figure out how
602 * they want to encode their attributes.
604 da = dict_attrbyvalue(0, vendor);
606 da = dict_unknown_afrom_fields(ctx, 0, vendor);
612 vp = pairalloc(ctx, da);
618 pairsteal(ctx, vp); /* for unknown attributes hack */
620 if (fr_dhcp_attr2vp(ctx, &vp, p + 5, p[4]) < 0) {
626 fr_cursor_merge(&cursor, vp);
627 dict_attr_free(&da); /* for unknown attributes hack */
629 p += 4 + 1 + p[4]; /* vendor id (4) + len (1) + vsa len (n) */
633 * The caller allocated TLV, if decoding it generated additional
634 * attributes, we now need to free it, and write the HEAD of our
635 * new list of attributes in its place.
638 vp_cursor_t tlv_cursor;
641 * Free the old TLV attribute
646 * Cursor not necessary but means we don't have to set
649 fr_cursor_init(&tlv_cursor, tlv);
650 fr_cursor_merge(&tlv_cursor, head);
656 (*tlv)->vp_tlv = talloc_array(*tlv, uint8_t, len);
657 if (!(*tlv)->vp_tlv) {
658 fr_strerror_printf("No memory");
661 memcpy((*tlv)->vp_tlv, data, len);
662 (*tlv)->vp_length = len;
667 /** Decode DHCP suboptions
669 * @param[in,out] tlv to decode. *tlv will be set to the head of the list of suboptions and original will be freed.
670 * @param[in] ctx context to alloc new attributes in.
671 * @param[in] data to parse.
672 * @param[in] len length of data to parse.
674 static int fr_dhcp_decode_suboption(TALLOC_CTX *ctx, VALUE_PAIR **tlv, uint8_t const *data, size_t len)
676 uint8_t const *p, *q;
677 VALUE_PAIR *head, *vp;
681 * TLV must already point to a VALUE_PAIR.
686 * Take a pass at parsing it.
692 * RFC 3046 is very specific about not allowing termination
693 * with a 255 sub-option. But it's required for decoding
694 * option 43, and vendors will probably screw it up
707 * Check if reading length would take us past the end of the buffer
709 if (++p >= q) goto malformed;
713 * Check if length > the length of the buffer we have left
715 if (p >= q) goto malformed;
720 * Got here... must be well formed.
723 fr_cursor_init(&cursor, &head);
735 * The initial OID string looks like:
738 * If <iana>.0 is type TLV then we attempt to decode its contents as more
739 * DHCP suboptions, which gives us:
742 * If <iana>.0 is not defined in the dictionary or is type octets, we leave
743 * the attribute as is.
745 attr = (*tlv)->da->attr ? ((*tlv)->da->attr | (p[0] << 8)) : p[0];
748 * Use the vendor of the parent TLV which is not necessarily
751 * Note: This does not deal with dictionary numbering clashes. If
752 * the vendor uses different numbers for DHCP suboptions and RADIUS
753 * attributes then it's time to break out %{hex:} and regular
756 da = dict_attrbyvalue(attr, (*tlv)->da->vendor);
758 da = dict_unknown_afrom_fields(ctx, attr, (*tlv)->da->vendor);
767 num_entries = fr_dhcp_array_members(&a_len, da);
768 for (i = 0; i < num_entries; i++) {
769 vp = pairalloc(ctx, da);
775 pairsteal(ctx, vp); /* for unknown attributes hack */
777 if (fr_dhcp_attr2vp(ctx, &vp, a_p, a_len) < 0) {
782 fr_cursor_merge(&cursor, vp);
787 dict_attr_free(&da); /* for unknown attributes hack */
789 p += 2 + p[1]; /* code (1) + len (1) + suboption len (n)*/
793 * The caller allocated a TLV, if decoding it generated
794 * additional attributes, we now need to free it, and write
795 * the HEAD of our new list of attributes in its place.
798 vp_cursor_t tlv_cursor;
801 * Free the old TLV attribute
806 * Cursor not necessary but means we don't have to set
809 fr_cursor_init(&tlv_cursor, tlv);
810 fr_cursor_merge(&tlv_cursor, head);
816 (*tlv)->vp_tlv = talloc_array(*tlv, uint8_t, len);
817 if (!(*tlv)->vp_tlv) {
818 fr_strerror_printf("No memory");
821 memcpy((*tlv)->vp_tlv, data, len);
822 (*tlv)->vp_length = len;
828 * Decode ONE value into a VP
830 static int fr_dhcp_attr2vp(TALLOC_CTX *ctx, VALUE_PAIR **vp_p, uint8_t const *data, size_t len)
832 VALUE_PAIR *vp = *vp_p;
835 switch (vp->da->type) {
837 if (len != 1) goto raw;
838 vp->vp_byte = data[0];
842 if (len != 2) goto raw;
843 memcpy(&vp->vp_short, data, 2);
844 vp->vp_short = ntohs(vp->vp_short);
847 case PW_TYPE_INTEGER:
848 if (len != 4) goto raw;
849 memcpy(&vp->vp_integer, data, 4);
850 vp->vp_integer = ntohl(vp->vp_integer);
853 case PW_TYPE_IPV4_ADDR:
854 if (len != 4) goto raw;
856 * Keep value in Network Order!
858 memcpy(&vp->vp_ipaddr, data, 4);
863 * In DHCPv4, string options which can also be arrays,
864 * have their values '\0' delimited.
869 uint8_t const *q, *end;
873 q = end = data + len;
875 if (!vp->da->flags.array) {
876 pairstrncpy(vp, (char const *)p, q - p);
881 * Initialise the cursor as we may be inserting
882 * multiple additional VPs
884 fr_cursor_init(&cursor, vp_p);
886 q = memchr(p, '\0', q - p);
887 /* Malformed but recoverable */
890 pairstrncpy(vp, (char const *)p, q - p);
893 /* Need another VP for the next round */
895 vp = pairalloc(ctx, vp->da);
900 fr_cursor_insert(&cursor, vp);
908 case PW_TYPE_ETHERNET:
909 memcpy(vp->vp_ether, data, sizeof(vp->vp_ether));
910 vp->vp_length = sizeof(vp->vp_ether);
914 * Value doesn't match up with attribute type, overwrite the
915 * vp's original DICT_ATTR with an unknown one.
918 if (pair2unknown(vp) < 0) return -1;
921 if (len > 255) return -1;
922 pairmemcpy(vp, data, len);
926 * For option 82 et al...
929 return fr_dhcp_decode_suboption(ctx, vp_p, data, len);
935 return fr_dhcp_decode_vsa(ctx, vp_p, data, len);
938 fr_strerror_printf("Internal sanity check %d %d", vp->da->type, __LINE__);
940 } /* switch over type */
946 /** Decode DHCP options
948 * @param[in,out] out Where to write the decoded options.
949 * @param[in] ctx context to alloc new attributes in.
950 * @param[in] data to parse.
951 * @param[in] len of data to parse.
953 ssize_t fr_dhcp_decode_options(TALLOC_CTX *ctx, VALUE_PAIR **out, uint8_t const *data, size_t len)
957 uint8_t const *p, *q;
960 fr_cursor_init(&cursor, out);
963 * FIXME: This should also check sname && file fields.
964 * See the dhcp_get_option() function above.
975 if (*p == 0) { /* 0x00 - Padding option */
980 if (*p == 255) { /* 0xff - End of options signifier */
984 if ((p + 2) > q) break;
990 * Unknown attribute, create an octets type
991 * attribute with the contents of the sub-option.
993 da = dict_attrbyvalue(p[0], DHCP_MAGIC_VENDOR);
995 da = dict_unknown_afrom_fields(ctx, p[0], DHCP_MAGIC_VENDOR);
1000 vp = pairalloc(ctx, da);
1005 pairmemcpy(vp, a_p, a_len);
1006 fr_cursor_insert(&cursor, vp);
1012 * Array type sub-option create a new VALUE_PAIR
1013 * for each array element.
1015 num_entries = fr_dhcp_array_members(&a_len, da);
1016 for (i = 0; i < num_entries; i++) {
1017 vp = pairalloc(ctx, da);
1024 if (fr_dhcp_attr2vp(ctx, &vp, a_p, a_len) < 0) {
1029 fr_cursor_merge(&cursor, vp);
1031 for (vp = fr_cursor_current(&cursor);
1033 vp = fr_cursor_next(&cursor)) {
1037 } /* loop over array entries */
1039 p += 2 + p[1]; /* code (1) + len (1) + option len (n)*/
1040 } /* loop over the entire packet */
1045 int fr_dhcp_decode(RADIUS_PACKET *packet)
1051 VALUE_PAIR *head = NULL, *vp;
1052 VALUE_PAIR *maxms, *mtu;
1054 fr_cursor_init(&cursor, &head);
1057 if ((fr_debug_flag > 2) && fr_log_fp) {
1058 for (i = 0; i < packet->data_len; i++) {
1059 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", (int) i);
1060 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1061 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1063 fprintf(fr_log_fp, "\n");
1066 if (packet->data[1] != 1) {
1067 fr_strerror_printf("Packet is not Ethernet: %u",
1073 * Decode the header.
1075 for (i = 0; i < 14; i++) {
1078 vp = pairmake(packet, NULL, dhcp_header_names[i], NULL, T_OP_EQ);
1081 strlcpy(buffer, fr_strerror(), sizeof(buffer));
1082 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
1088 * If chaddr does != 6 bytes it's probably not ethernet, and we should store
1089 * it as an opaque type (octets).
1091 if ((i == 11) && (packet->data[1] == 1) && (packet->data[2] != sizeof(vp->vp_ether))) {
1092 DICT_ATTR const *da = dict_unknown_afrom_fields(packet, vp->da->attr, vp->da->vendor);
1099 switch (vp->da->type) {
1106 vp->vp_short = (p[0] << 8) | p[1];
1110 case PW_TYPE_INTEGER:
1111 memcpy(&vp->vp_integer, p, 4);
1112 vp->vp_integer = ntohl(vp->vp_integer);
1116 case PW_TYPE_IPV4_ADDR:
1117 memcpy(&vp->vp_ipaddr, p, 4);
1121 case PW_TYPE_STRING:
1122 vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i] + 1);
1124 memcpy(q, p, dhcp_header_sizes[i]);
1125 q[dhcp_header_sizes[i]] = '\0';
1126 vp->vp_length = strlen(vp->vp_strvalue);
1127 if (vp->vp_length == 0) {
1132 case PW_TYPE_OCTETS:
1133 pairmemcpy(vp, p, packet->data[2]);
1136 case PW_TYPE_ETHERNET:
1137 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1138 vp->vp_length = sizeof(vp->vp_ether);
1142 fr_strerror_printf("BAD TYPE %d", vp->da->type);
1146 p += dhcp_header_sizes[i];
1151 fr_cursor_insert(&cursor, vp);
1155 * Loop over the options.
1159 * Nothing uses tail after this call, if it does in the future
1160 * it'll need to find the new tail...
1163 VALUE_PAIR *options = NULL;
1165 if (fr_dhcp_decode_options(packet, &options, packet->data + 240, packet->data_len - 240) < 0) {
1169 if (options) fr_cursor_merge(&cursor, options);
1173 * If DHCP request, set ciaddr to zero.
1177 * Set broadcast flag for broken vendors, but only if
1180 memcpy(&giaddr, packet->data + 24, sizeof(giaddr));
1181 if (giaddr == htonl(INADDR_ANY)) {
1183 * DHCP Opcode is request
1185 vp = pairfind(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
1186 if (vp && vp->vp_integer == 3) {
1188 * Vendor is "MSFT 98"
1190 vp = pairfind(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY);
1191 if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
1192 vp = pairfind(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
1195 * Reply should be broadcast.
1197 if (vp) vp->vp_integer |= 0x8000;
1198 packet->data[10] |= 0x80;
1204 * FIXME: Nuke attributes that aren't used in the normal
1205 * header for discover/requests.
1210 * Client can request a LARGER size, but not a smaller
1211 * one. They also cannot request a size larger than MTU.
1213 maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
1214 mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY);
1216 if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
1217 fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification");
1221 if (maxms && (maxms->vp_integer < DEFAULT_PACKET_SIZE)) {
1222 fr_strerror_printf("DHCP WARNING: Client says maximum message size is smaller than minimum permitted by the specification: fixing it");
1223 maxms->vp_integer = DEFAULT_PACKET_SIZE;
1226 if (maxms && mtu && (maxms->vp_integer > mtu->vp_integer)) {
1227 fr_strerror_printf("DHCP WARNING: Client says MTU is smaller than maximum message size: fixing it");
1228 maxms->vp_integer = mtu->vp_integer;
1231 if (fr_debug_flag) fflush(stdout);
1237 int8_t fr_dhcp_attr_cmp(void const *a, void const *b)
1239 VALUE_PAIR const *my_a = a;
1240 VALUE_PAIR const *my_b = b;
1246 * DHCP-Message-Type is first, for simplicity.
1248 if ((my_a->da->attr == 53) && (my_b->da->attr != 53)) return -1;
1251 * Relay-Agent is last
1253 if ((my_a->da->attr == 82) && (my_b->da->attr != 82)) return 1;
1255 if (my_a->da->attr < my_b->da->attr) return -1;
1256 if (my_a->da->attr > my_b->da->attr) return 1;
1261 /** Write DHCP option value into buffer
1263 * Does not include DHCP option length or number.
1265 * @param out where to write the DHCP option.
1266 * @param outlen length of output buffer.
1267 * @param vp option to encode.
1268 * @return the length of data writen, -1 if out of buffer, -2 if unsupported type.
1270 static ssize_t fr_dhcp_vp2attr(uint8_t *out, size_t outlen, VALUE_PAIR *vp)
1275 if (outlen < vp->vp_length) {
1279 switch (vp->da->type) {
1285 p[0] = (vp->vp_short >> 8) & 0xff;
1286 p[1] = vp->vp_short & 0xff;
1289 case PW_TYPE_INTEGER:
1290 lvalue = htonl(vp->vp_integer);
1291 memcpy(p, &lvalue, 4);
1294 case PW_TYPE_IPV4_ADDR:
1295 memcpy(p, &vp->vp_ipaddr, 4);
1298 case PW_TYPE_ETHERNET:
1299 memcpy(p, vp->vp_ether, 6);
1302 case PW_TYPE_STRING:
1303 memcpy(p, vp->vp_strvalue, vp->vp_length);
1306 case PW_TYPE_TLV: /* FIXME: split it on 255? */
1307 memcpy(p, vp->vp_tlv, vp->vp_length);
1310 case PW_TYPE_OCTETS:
1311 memcpy(p, vp->vp_octets, vp->vp_length);
1315 fr_strerror_printf("Unsupported option type %d", vp->da->type);
1319 return vp->vp_length;
1322 /** Create a new TLV attribute from multiple sub options
1324 * @param[in,out] ctx to allocate new attribute in.
1325 * @param[in,out] cursor should be set to the start of the list of TLV attributes.
1326 * Will be advanced to the first non-TLV attribute.
1327 * @return attribute holding the concatenation of the values of the sub options.
1329 static VALUE_PAIR *fr_dhcp_vp2suboption(TALLOC_CTX *ctx, vp_cursor_t *cursor)
1332 unsigned int parent; /* Parent attribute of suboption */
1334 uint8_t *p, *opt_len = NULL;
1335 vp_cursor_t to_pack;
1336 VALUE_PAIR *vp, *tlv;
1338 #define SUBOPTION_PARENT(_x) (_x & 0xffff00ff)
1339 #define SUBOPTION_ATTR(_x) ((_x & 0xff00) >> 8)
1341 vp = fr_cursor_current(cursor);
1342 if (!vp) return NULL;
1344 parent = SUBOPTION_PARENT(vp->da->attr);
1345 tlv = paircreate(ctx, parent, DHCP_MAGIC_VENDOR);
1346 if (!tlv) return NULL;
1348 fr_cursor_copy(&to_pack, cursor);
1351 * Loop over TLVs to determine how much memory we need to allocate
1353 * We advanced the cursor we were passed, so if we fail encoding,
1354 * the cursor is at the right position for the next potentially
1357 for (vp = fr_cursor_current(cursor);
1358 vp && vp->da->flags.is_tlv && !vp->da->flags.extended && (SUBOPTION_PARENT(vp->da->attr) == parent);
1359 vp = fr_cursor_next(cursor)) {
1361 * If it's not an array type or is an array type, but is not the same
1362 * as the previous attribute, we add 2 for the additional sub-option
1365 if (!vp->da->flags.array || (SUBOPTION_ATTR(vp->da->attr) != attr)) {
1366 attr = SUBOPTION_ATTR(vp->da->attr);
1367 tlv->vp_length += 2;
1369 tlv->vp_length += vp->vp_length;
1372 tlv->vp_tlv = talloc_zero_array(tlv, uint8_t, tlv->vp_length);
1380 for (vp = fr_cursor_current(&to_pack);
1381 vp && vp->da->flags.is_tlv && !vp->da->flags.extended && (SUBOPTION_PARENT(vp->da->attr) == parent);
1382 vp = fr_cursor_next(&to_pack)) {
1383 if (SUBOPTION_ATTR(vp->da->attr) == 0) {
1384 fr_strerror_printf("Invalid attribute number 0");
1388 /* Don't write out the header, were packing array options */
1389 if (!vp->da->flags.array || (attr != SUBOPTION_ATTR(vp->da->attr))) {
1390 attr = SUBOPTION_ATTR(vp->da->attr);
1395 length = fr_dhcp_vp2attr(p, (tlv->vp_tlv + tlv->vp_length) - p, vp);
1396 if ((length < 0) || (length > 255)) {
1409 /** Encode a DHCP option and any sub-options.
1411 * @param out Where to write encoded DHCP attributes.
1412 * @param outlen Length of out buffer.
1413 * @param ctx to use for any allocated memory.
1414 * @param cursor with current VP set to the option to be encoded. Will be advanced to the next option to encode.
1415 * @return > 0 length of data written, < 0 error, 0 not valid option (skipping).
1417 ssize_t fr_dhcp_encode_option(TALLOC_CTX *ctx, uint8_t *out, size_t outlen, vp_cursor_t *cursor)
1420 DICT_ATTR const *previous;
1421 uint8_t *opt_len, *p = out;
1422 size_t freespace = outlen;
1425 vp = fr_cursor_current(cursor);
1428 if (vp->da->vendor != DHCP_MAGIC_VENDOR) goto next; /* not a DHCP option */
1429 if (vp->da->attr == 53) goto next; /* already done */
1430 if ((vp->da->attr > 255) && (DHCP_BASE_ATTR(vp->da->attr) != PW_DHCP_OPTION_82)) goto next;
1432 if (vp->da->flags.extended) {
1434 fr_strerror_printf("Attribute \"%s\" is not a DHCP option", vp->da->name);
1435 fr_cursor_next(cursor);
1439 /* Write out the option number */
1440 *(p++) = vp->da->attr & 0xff;
1442 /* Pointer to the length field of the option */
1445 /* Zero out the option's length field */
1448 /* We just consumed two bytes for the header */
1451 /* DHCP options with the same number get coalesced into a single option */
1453 VALUE_PAIR *tlv = NULL;
1456 if (vp->da->flags.is_tlv) {
1458 * Coalesce TLVs into one sub-option.
1459 * Cursor will be advanced to next non-TLV attribute.
1461 tlv = vp = fr_dhcp_vp2suboption(ctx, cursor);
1464 * Skip if there's an issue coalescing the sub-options.
1465 * Cursor will still have been advanced to next non-TLV attribute.
1469 * If not calling fr_dhcp_vp2suboption() advance the cursor, so fr_cursor_current()
1470 * returns the next attribute.
1473 fr_cursor_next(cursor);
1476 if ((*opt_len + vp->vp_length) > 255) {
1477 fr_strerror_printf("Skipping \"%s\": Option splitting not supported "
1478 "(option > 255 bytes)", vp->da->name);
1483 len = fr_dhcp_vp2attr(p, freespace, vp);
1486 /* Failed encoding option */
1495 } while ((vp = fr_cursor_current(cursor)) && (previous == vp->da) && vp->da->flags.array);
1500 int fr_dhcp_encode(RADIUS_PACKET *packet)
1511 # ifdef WITH_UDPFROMTO
1512 char src_ip_buf[256];
1514 char dst_ip_buf[256];
1517 if (packet->data) return 0;
1519 packet->data_len = MAX_PACKET_SIZE;
1520 packet->data = talloc_zero_array(packet, uint8_t, packet->data_len);
1522 /* XXX Ugly ... should be set by the caller */
1523 if (packet->code == 0) packet->code = PW_DHCP_NAK;
1526 if ((vp = pairfind(packet->vps, 260, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1527 packet->id = vp->vp_integer;
1529 packet->id = fr_rand();
1533 if ((packet->code >= PW_DHCP_DISCOVER) &&
1534 (packet->code <= PW_DHCP_INFORM)) {
1535 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
1541 # ifdef WITH_UDPFROMTO
1542 "Encoding %s of id %08x from %s:%d to %s:%d\n",
1544 "Encoding %s of id %08x to %s:%d\n",
1546 name, (unsigned int) packet->id,
1547 # ifdef WITH_UDPFROMTO
1548 inet_ntop(packet->src_ipaddr.af,
1549 &packet->src_ipaddr.ipaddr,
1550 src_ip_buf, sizeof(src_ip_buf)),
1553 inet_ntop(packet->dst_ipaddr.af,
1554 &packet->dst_ipaddr.ipaddr,
1555 dst_ip_buf, sizeof(dst_ip_buf)),
1562 * @todo: Make this work again.
1565 mms = DEFAULT_PACKET_SIZE; /* maximum message size */
1568 * Clients can request a LARGER size, but not a
1569 * smaller one. They also cannot request a size
1573 /* DHCP-DHCP-Maximum-Msg-Size */
1574 vp = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
1575 if (vp && (vp->vp_integer > mms)) {
1576 mms = vp->vp_integer;
1578 if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE;
1582 vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
1584 *p++ = vp->vp_integer & 0xff;
1586 *p++ = 1; /* client message */
1589 /* DHCP-Hardware-Type */
1590 if ((vp = pairfind(packet->vps, 257, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1591 *p++ = vp->vp_integer & 0xFF;
1593 *p++ = 1; /* hardware type = ethernet */
1596 /* DHCP-Hardware-Address-Length */
1597 if ((vp = pairfind(packet->vps, 258, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1598 *p++ = vp->vp_integer & 0xFF;
1600 *p++ = 6; /* 6 bytes of ethernet */
1603 /* DHCP-Hop-Count */
1604 if ((vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1605 *p = vp->vp_integer & 0xff;
1609 /* DHCP-Transaction-Id */
1610 lvalue = htonl(packet->id);
1611 memcpy(p, &lvalue, 4);
1614 /* DHCP-Number-of-Seconds */
1615 if ((vp = pairfind(packet->vps, 261, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1616 lvalue = htonl(vp->vp_integer);
1617 memcpy(p, &lvalue, 2);
1622 if ((vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1623 lvalue = htons(vp->vp_integer);
1624 memcpy(p, &lvalue, 2);
1628 /* DHCP-Client-IP-Address */
1629 if ((vp = pairfind(packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1630 memcpy(p, &vp->vp_ipaddr, 4);
1634 /* DHCP-Your-IP-address */
1635 if ((vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1636 lvalue = vp->vp_ipaddr;
1638 lvalue = htonl(INADDR_ANY);
1640 memcpy(p, &lvalue, 4);
1643 /* DHCP-Server-IP-Address */
1644 vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY);
1646 lvalue = vp->vp_ipaddr;
1648 lvalue = htonl(INADDR_ANY);
1650 memcpy(p, &lvalue, 4);
1654 * DHCP-Gateway-IP-Address
1656 if ((vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1657 lvalue = vp->vp_ipaddr;
1659 lvalue = htonl(INADDR_ANY);
1661 memcpy(p, &lvalue, 4);
1664 /* DHCP-Client-Hardware-Address */
1665 if ((vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1666 if (vp->vp_length == sizeof(vp->vp_ether)) {
1667 memcpy(p, vp->vp_ether, vp->vp_length);
1668 } /* else ignore it */
1670 p += DHCP_CHADDR_LEN;
1672 /* DHCP-Server-Host-Name */
1673 if ((vp = pairfind(packet->vps, 268, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1674 if (vp->vp_length > DHCP_SNAME_LEN) {
1675 memcpy(p, vp->vp_strvalue, DHCP_SNAME_LEN);
1677 memcpy(p, vp->vp_strvalue, vp->vp_length);
1680 p += DHCP_SNAME_LEN;
1683 * Copy over DHCP-Boot-Filename.
1685 * FIXME: This copy should be delayed until AFTER the options
1686 * have been processed. If there are too many options for
1687 * the packet, then they go into the sname && filename fields.
1688 * When that happens, the boot filename is passed as an option,
1689 * instead of being placed verbatim in the filename field.
1692 /* DHCP-Boot-Filename */
1693 vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY);
1695 if (vp->vp_length > DHCP_FILE_LEN) {
1696 memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
1698 memcpy(p, vp->vp_strvalue, vp->vp_length);
1703 /* DHCP magic number */
1704 lvalue = htonl(DHCP_OPTION_MAGIC_NUMBER);
1705 memcpy(p, &lvalue, 4);
1711 if (fr_debug_flag > 1) {
1716 for (i = 0; i < 14; i++) {
1719 vp = pairmake(packet, NULL,
1720 dhcp_header_names[i], NULL, T_OP_EQ);
1723 strlcpy(buffer, fr_strerror(), sizeof(buffer));
1724 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
1728 switch (vp->da->type) {
1734 vp->vp_short = (p[0] << 8) | p[1];
1737 case PW_TYPE_INTEGER:
1738 memcpy(&vp->vp_integer, p, 4);
1739 vp->vp_integer = ntohl(vp->vp_integer);
1742 case PW_TYPE_IPV4_ADDR:
1743 memcpy(&vp->vp_ipaddr, p, 4);
1746 case PW_TYPE_STRING:
1747 vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i] + 1);
1749 memcpy(q, p, dhcp_header_sizes[i]);
1750 q[dhcp_header_sizes[i]] = '\0';
1751 vp->vp_length = strlen(vp->vp_strvalue);
1754 case PW_TYPE_OCTETS: /* only for Client HW Address */
1755 pairmemcpy(vp, p, packet->data[2]);
1758 case PW_TYPE_ETHERNET: /* only for Client HW Address */
1759 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1763 fr_strerror_printf("Internal sanity check failed %d %d", vp->da->type, __LINE__);
1768 p += dhcp_header_sizes[i];
1775 * Jump over DHCP magic number, response, etc.
1780 p[0] = 0x35; /* DHCP-Message-Type */
1782 p[2] = packet->code - PW_DHCP_OFFSET;
1787 * Pre-sort attributes into contiguous blocks so that fr_dhcp_encode_option
1788 * operates correctly. This changes the order of the list, but never mind...
1790 pairsort(&packet->vps, fr_dhcp_attr_cmp);
1791 fr_cursor_init(&cursor, &packet->vps);
1794 * Each call to fr_dhcp_encode_option will encode one complete DHCP option,
1797 while ((vp = fr_cursor_current(&cursor))) {
1798 len = fr_dhcp_encode_option(packet, p, packet->data_len - (p - packet->data), &cursor);
1800 if (len > 0) debug_pair(vp);
1804 p[0] = 0xff; /* end of option option */
1807 dhcp_size = p - packet->data;
1810 * FIXME: if (dhcp_size > mms),
1811 * then we put the extra options into the "sname" and "file"
1812 * fields, AND set the "end option option" in the "options"
1813 * field. We also set the "overload option",
1814 * and put options into the "file" field, followed by
1815 * the "sname" field. Where each option is completely
1816 * enclosed in the "file" and/or "sname" field, AND
1817 * followed by the "end of option", and MUST be followed
1818 * by padding option.
1820 * Yuck. That sucks...
1822 packet->data_len = dhcp_size;
1824 if (packet->data_len < DEFAULT_PACKET_SIZE) {
1825 memset(packet->data + packet->data_len, 0,
1826 DEFAULT_PACKET_SIZE - packet->data_len);
1827 packet->data_len = DEFAULT_PACKET_SIZE;
1830 if ((fr_debug_flag > 2) && fr_log_fp) {
1831 fprintf(fr_log_fp, "DHCP Sending %zu bytes\n", packet->data_len);
1832 for (i = 0; i < packet->data_len; i++) {
1833 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", (int) i);
1834 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1835 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1837 fprintf(fr_log_fp, "\n");
1844 int fr_dhcp_add_arp_entry(int fd, char const *interface,
1845 VALUE_PAIR *macaddr, VALUE_PAIR *ip)
1847 struct sockaddr_in *sin;
1851 fr_strerror_printf("No interface specified. Cannot update ARP table");
1855 if (!fr_assert(macaddr) ||
1856 !fr_assert((macaddr->da->type == PW_TYPE_ETHERNET) || (macaddr->da->type == PW_TYPE_OCTETS))) {
1857 fr_strerror_printf("Wrong VP type (%s) for chaddr",
1858 fr_int2str(dict_attr_types, macaddr->da->type, "<invalid>"));
1862 if (macaddr->vp_length > sizeof(req.arp_ha.sa_data)) {
1863 fr_strerror_printf("arp sa_data field too small (%zu octets) to contain chaddr (%zu octets)",
1864 sizeof(req.arp_ha.sa_data), macaddr->vp_length);
1868 memset(&req, 0, sizeof(req));
1869 sin = (struct sockaddr_in *) &req.arp_pa;
1870 sin->sin_family = AF_INET;
1871 sin->sin_addr.s_addr = ip->vp_ipaddr;
1873 strlcpy(req.arp_dev, interface, sizeof(req.arp_dev));
1875 if (macaddr->da->type == PW_TYPE_ETHERNET) {
1876 memcpy(&req.arp_ha.sa_data, macaddr->vp_ether, sizeof(macaddr->vp_ether));
1878 memcpy(&req.arp_ha.sa_data, macaddr->vp_octets, macaddr->vp_length);
1881 req.arp_flags = ATF_COM;
1882 if (ioctl(fd, SIOCSARP, &req) < 0) {
1883 fr_strerror_printf("Failed to add entry in ARP cache: %s (%d)", fr_syserror(errno), errno);
1890 int fr_dhcp_add_arp_entry(UNUSED int fd, UNUSED char const *interface,
1891 UNUSED VALUE_PAIR *macaddr, UNUSED VALUE_PAIR *ip)
1893 fr_strerror_printf("Adding ARP entry is unsupported on this system");
1899 #ifdef HAVE_LINUX_IF_PACKET_H
1901 * Open a packet interface raw socket.
1902 * Bind it to the specified interface using a device independent physical layer address.
1904 int fr_socket_packet(int iface_index, struct sockaddr_ll *p_ll)
1908 /* PF_PACKET - packet interface on device level.
1909 using a raw socket allows packet data to be unchanged by the device driver.
1911 lsockfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
1913 fr_strerror_printf("cannot open socket: %s", fr_syserror(errno));
1917 /* Set link layer parameters */
1918 memset(p_ll, 0, sizeof(struct sockaddr_ll));
1920 p_ll->sll_family = AF_PACKET;
1921 p_ll->sll_protocol = htons(ETH_P_ALL);
1922 p_ll->sll_ifindex = iface_index;
1923 p_ll->sll_hatype = ARPHRD_ETHER;
1924 p_ll->sll_pkttype = PACKET_OTHERHOST;
1925 p_ll->sll_halen = 6;
1927 if (bind(lsockfd, (struct sockaddr *)p_ll, sizeof(struct sockaddr_ll)) < 0) {
1929 fr_strerror_printf("cannot bind raw socket: %s", fr_syserror(errno));
1937 * Encode and send a DHCP packet on a raw packet socket.
1939 int fr_dhcp_send_raw_packet(int sockfd, struct sockaddr_ll *p_ll, RADIUS_PACKET *packet)
1942 u_char dhcp_packet[1518] = { 0 };
1944 /* set ethernet source address to our MAC address (DHCP-Client-Hardware-Address). */
1945 u_char dhmac[ETH_ADDR_LEN] = { 0 };
1946 if ((vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1947 if (vp->length == sizeof(vp->vp_ether)) {
1948 memcpy(dhmac, vp->vp_ether, vp->length);
1952 /* fill in Ethernet layer (L2) */
1953 struct ethernet_header *ethhdr = (struct ethernet_header *)dhcp_packet;
1954 memcpy(ethhdr->ether_dst, eth_bcast, ETH_ADDR_LEN);
1955 memcpy(ethhdr->ether_src, dhmac, ETH_ADDR_LEN);
1956 ethhdr->ether_type = htons(ETH_TYPE_IP);
1958 /* fill in IP layer (L3) */
1959 struct ip_header *iph = (struct ip_header *)(dhcp_packet + ETH_HDR_SIZE);
1960 iph->ip_vhl = IP_VHL(4, 5);
1962 iph->ip_len = htons(IP_HDR_SIZE + UDP_HDR_SIZE + packet->data_len);
1967 iph->ip_sum = 0; /* Filled later */
1969 /* saddr: Packet-Src-IP-Address (default: 0.0.0.0). */
1970 iph->ip_src.s_addr = packet->src_ipaddr.ipaddr.ip4addr.s_addr;
1972 /* daddr: packet destination IP addr (should be 255.255.255.255 for broadcast). */
1973 iph->ip_dst.s_addr = packet->dst_ipaddr.ipaddr.ip4addr.s_addr;
1975 /* IP header checksum */
1976 iph->ip_sum = fr_iph_checksum((uint8_t const *)iph, 5);
1978 /* fill in UDP layer (L4) */
1979 udp_header_t *uh = (udp_header_t *) (dhcp_packet + ETH_HDR_SIZE + IP_HDR_SIZE);
1981 uh->src = htons(68);
1982 uh->dst = htons(67);
1983 u_int16_t l4_len = (UDP_HDR_SIZE + packet->data_len);
1984 uh->len = htons(l4_len);
1985 uh->checksum = 0; /* UDP checksum will be done after dhcp header */
1987 /* DHCP layer (L7) */
1988 dhcp_packet_t *dhpointer = (dhcp_packet_t *)(dhcp_packet + ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE);
1989 /* just copy what FreeRADIUS has encoded for us. */
1990 memcpy(dhpointer, packet->data, packet->data_len);
1992 /* UDP checksum is done here */
1993 uh->checksum = fr_udp_checksum((uint8_t const *)(dhcp_packet + ETH_HDR_SIZE + IP_HDR_SIZE), ntohs(uh->len), uh->checksum,
1994 packet->src_ipaddr.ipaddr.ip4addr, packet->dst_ipaddr.ipaddr.ip4addr);
1996 if (fr_debug_flag > 1) {
1998 char const *name = type_buf;
1999 char src_ip_buf[INET6_ADDRSTRLEN];
2000 char dst_ip_buf[INET6_ADDRSTRLEN];
2002 if ((packet->code >= PW_DHCP_DISCOVER) &&
2003 (packet->code <= PW_DHCP_INFORM)) {
2004 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
2006 snprintf(type_buf, sizeof(type_buf), "%d",
2007 packet->code - PW_DHCP_OFFSET);
2011 "Sending %s Id %08x from %s:%d to %s:%d\n",
2012 name, (unsigned int) packet->id,
2013 inet_ntop(packet->src_ipaddr.af, &packet->src_ipaddr.ipaddr, src_ip_buf, sizeof(src_ip_buf)), packet->src_port,
2014 inet_ntop(packet->dst_ipaddr.af, &packet->dst_ipaddr.ipaddr, dst_ip_buf, sizeof(dst_ip_buf)), packet->dst_port);
2017 return sendto(sockfd, dhcp_packet,
2018 (ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE + packet->data_len),
2019 0, (struct sockaddr *) p_ll, sizeof(struct sockaddr_ll));
2023 * print an ethernet address in a buffer
2025 char * ether_addr_print(const uint8_t *addr, char *buf)
2027 sprintf (buf, "%02x:%02x:%02x:%02x:%02x:%02x",
2028 addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
2033 * For a client, receive a DHCP packet from a raw packet
2034 * socket. Make sure it matches the ongoing request.
2036 * FIXME: split this into two, recv_raw_packet, and verify(packet, original)
2038 RADIUS_PACKET *fr_dhcp_recv_raw_packet(int sockfd, struct sockaddr_ll *p_ll, RADIUS_PACKET *request)
2041 RADIUS_PACKET *packet;
2043 uint32_t magic, xid;
2046 uint8_t *raw_packet;
2047 ethernet_header_t *eth_hdr;
2048 struct ip_header *ip_hdr;
2049 udp_header_t *udp_hdr;
2050 dhcp_packet_t *dhcp_hdr;
2051 uint16_t udp_src_port;
2052 uint16_t udp_dst_port;
2053 size_t dhcp_data_len;
2058 packet = rad_alloc(NULL, false);
2060 fr_strerror_printf("Failed allocating packet");
2064 raw_packet = talloc_zero_array(packet, uint8_t, MAX_PACKET_SIZE);
2066 fr_strerror_printf("Out of memory");
2071 packet->sockfd = sockfd;
2073 /* a packet was received (but maybe it is not for us) */
2074 sock_len = sizeof(struct sockaddr_ll);
2075 data_len = recvfrom(sockfd, raw_packet, MAX_PACKET_SIZE, 0,
2076 (struct sockaddr *)p_ll, &sock_len);
2078 uint8_t data_offset = ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE; // DHCP data starts after Ethernet, IP, UDP.
2080 if (data_len <= data_offset) DISCARD_RP("Payload (%d) smaller than required for layers 2+3+4", (int)data_len);
2082 /* map raw packet to packet header of the different layers (Ethernet, IP, UDP) */
2083 eth_hdr = (ethernet_header_t *)raw_packet;
2085 /* a. Check Ethernet layer data (L2) */
2086 if (ntohs(eth_hdr->ether_type) != ETH_TYPE_IP) DISCARD_RP("Ethernet type (%d) != IP", ntohs(eth_hdr->ether_type));
2088 /* If Ethernet destination is not broadcast (ff:ff:ff:ff:ff:ff)
2089 * Check if it matches the source HW address used (DHCP-Client-Hardware-Address = 267)
2091 if ( (memcmp(ð_bcast, ð_hdr->ether_dst, ETH_ADDR_LEN) != 0) &&
2092 (vp = pairfind(request->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY)) &&
2093 (vp->length == sizeof(vp->vp_ether)) &&
2094 (memcmp(vp->vp_ether, ð_hdr->ether_dst, ETH_ADDR_LEN) != 0) ) {
2096 char eth_dest[17+1];
2097 char eth_req_src[17+1];
2098 DISCARD_RP("Ethernet destination (%s) is not broadcast and doesn't match request source (%s)",
2099 ether_addr_print(eth_hdr->ether_dst, eth_dest),
2100 ether_addr_print(vp->vp_ether, eth_req_src));
2104 * Ethernet is OK. Now look at IP.
2106 ip_hdr = (struct ip_header *)(raw_packet + ETH_HDR_SIZE);
2108 /* b. Check IPv4 layer data (L3) */
2109 if (ip_hdr->ip_p != IPPROTO_UDP) DISCARD_RP("IP protocol (%d) != UDP", ip_hdr->ip_p);
2112 * note: checking the destination IP address is not
2113 * useful (it would be the offered IP address - which we
2114 * don't know beforehand, or the broadcast address).
2120 udp_hdr = (udp_header_t *)(raw_packet + ETH_HDR_SIZE + IP_HDR_SIZE);
2122 /* c. Check UDP layer data (L4) */
2123 udp_src_port = ntohs(udp_hdr->src);
2124 udp_dst_port = ntohs(udp_hdr->dst);
2127 * A DHCP server will always respond to port 68 (to a
2128 * client) or 67 (to a relay). Just check that both
2129 * ports are 67 or 68.
2131 if (udp_src_port != 67 && udp_src_port != 68) DISCARD_RP("UDP src port (%d) != DHCP (67 or 68)", udp_src_port);
2132 if (udp_dst_port != 67 && udp_dst_port != 68) DISCARD_RP("UDP dst port (%d) != DHCP (67 or 68)", udp_dst_port);
2134 /* d. Check DHCP layer data */
2135 dhcp_data_len = data_len - data_offset;
2137 if (dhcp_data_len < MIN_PACKET_SIZE) DISCARD_RP("DHCP packet is too small (%d < %d)", dhcp_data_len, MIN_PACKET_SIZE);
2138 if (dhcp_data_len > MAX_PACKET_SIZE) DISCARD_RP("DHCP packet is too large (%d > %d)", dhcp_data_len, MAX_PACKET_SIZE);
2140 dhcp_hdr = (dhcp_packet_t *)(raw_packet + ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE);
2142 if (dhcp_hdr->htype != 1) DISCARD_RP("DHCP hardware type (%d) != Ethernet (1)", dhcp_hdr->htype);
2143 if (dhcp_hdr->hlen != 6) DISCARD_RP("DHCP hardware address length (%d) != 6", dhcp_hdr->hlen);
2145 magic = ntohl(dhcp_hdr->option_format);
2147 if (magic != DHCP_OPTION_MAGIC_NUMBER) DISCARD_RP("DHCP magic cookie (0x%04x) != DHCP (0x%04x)", magic, DHCP_OPTION_MAGIC_NUMBER);
2150 * Reply transaction id must match value from request.
2152 xid = ntohl(dhcp_hdr->xid);
2153 if (xid != (uint32_t)request->id) DISCARD_RP("DHCP transaction ID (0x%04x) != xid from request (0x%04x)", xid, request->id)
2155 /* all checks ok! this is a DHCP reply we're interested in. */
2156 packet->data_len = dhcp_data_len;
2157 packet->data = talloc_memdup(packet, raw_packet + data_offset, dhcp_data_len);
2158 TALLOC_FREE(raw_packet);
2161 code = dhcp_get_option((dhcp_packet_t *) packet->data,
2162 packet->data_len, 53);
2164 fr_strerror_printf("No message-type option was found in the packet");
2169 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
2170 fr_strerror_printf("Unknown value for message-type option");
2175 packet->code = code[2] | PW_DHCP_OFFSET;
2178 * Create a unique vector from the MAC address and the
2179 * DHCP opcode. This is a hack for the RADIUS
2180 * infrastructure in the rest of the server.
2182 * Note: packet->data[2] == 6, which is smaller than
2183 * sizeof(packet->vector)
2185 * FIXME: Look for client-identifier in packet,
2186 * and use that, too?
2188 memset(packet->vector, 0, sizeof(packet->vector));
2189 memcpy(packet->vector, packet->data + 28, packet->data[2]);
2190 packet->vector[packet->data[2]] = packet->code & 0xff;
2192 packet->src_port = udp_src_port;
2193 packet->dst_port = udp_dst_port;
2195 packet->src_ipaddr.af = AF_INET;
2196 packet->src_ipaddr.ipaddr.ip4addr.s_addr = ip_hdr->ip_src.s_addr;
2197 packet->dst_ipaddr.af = AF_INET;
2198 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = ip_hdr->ip_dst.s_addr;
2200 if (fr_debug_flag > 1) {
2202 char const *name = type_buf;
2203 char src_ip_buf[256], dst_ip_buf[256];
2205 if ((packet->code >= PW_DHCP_DISCOVER) &&
2206 (packet->code <= PW_DHCP_INFORM)) {
2207 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
2209 snprintf(type_buf, sizeof(type_buf), "%d", packet->code - PW_DHCP_OFFSET);
2212 DEBUG("Received %s of Id %08x from %s:%d to %s:%d\n",
2213 name, (unsigned int) packet->id,
2214 inet_ntop(packet->src_ipaddr.af, &packet->src_ipaddr.ipaddr, src_ip_buf, sizeof(src_ip_buf)),
2216 inet_ntop(packet->dst_ipaddr.af, &packet->dst_ipaddr.ipaddr, dst_ip_buf, sizeof(dst_ip_buf)),