2 * dhcp.c Functions to send/receive dhcp packets.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
26 #include <freeradius-devel/libradius.h>
27 #include <freeradius-devel/udpfromto.h>
28 #include <freeradius-devel/dhcp.h>
31 #include <sys/ioctl.h>
34 #ifdef HAVE_SYS_SOCKET_H
35 #include <sys/socket.h>
37 #ifdef HAVE_SYS_TYPES_H
38 #include <sys/types.h>
42 #include <net/if_arp.h>
45 #define DHCP_CHADDR_LEN (16)
46 #define DHCP_SNAME_LEN (64)
47 #define DHCP_FILE_LEN (128)
48 #define DHCP_VEND_LEN (308)
49 #define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
51 #ifndef INADDR_BROADCAST
52 #define INADDR_BROADCAST INADDR_NONE
55 /* @todo: this is a hack */
56 # define DEBUG if (fr_debug_flag && fr_log_fp) fr_printf_log
57 void fr_strerror_printf(char const *fmt, ...);
58 # define debug_pair(vp) do { if (fr_debug_flag && fr_log_fp) { \
59 vp_print(fr_log_fp, vp); \
63 typedef struct dhcp_packet_t {
69 uint16_t secs; /* 8 */
71 uint32_t ciaddr; /* 12 */
72 uint32_t yiaddr; /* 16 */
73 uint32_t siaddr; /* 20 */
74 uint32_t giaddr; /* 24 */
75 uint8_t chaddr[DHCP_CHADDR_LEN]; /* 28 */
76 uint8_t sname[DHCP_SNAME_LEN]; /* 44 */
77 uint8_t file[DHCP_FILE_LEN]; /* 108 */
78 uint32_t option_format; /* 236 */
79 uint8_t options[DHCP_VEND_LEN];
82 typedef struct dhcp_option_t {
88 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 DISCOVER
89 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 OFFER
90 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 REQUEST
91 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 ACK
93 static char const *dhcp_header_names[] = {
96 "DHCP-Hardware-Address-Length",
98 "DHCP-Transaction-Id",
99 "DHCP-Number-of-Seconds",
101 "DHCP-Client-IP-Address",
102 "DHCP-Your-IP-Address",
103 "DHCP-Server-IP-Address",
104 "DHCP-Gateway-IP-Address",
105 "DHCP-Client-Hardware-Address",
106 "DHCP-Server-Host-Name",
107 "DHCP-Boot-Filename",
112 static char const *dhcp_message_types[] = {
125 static int dhcp_header_sizes[] = {
136 * Some clients silently ignore responses less than 300 bytes.
138 #define MIN_PACKET_SIZE (244)
139 #define DEFAULT_PACKET_SIZE (300)
140 #define MAX_PACKET_SIZE (1500 - 40)
142 #define DHCP_OPTION_FIELD (0)
143 #define DHCP_FILE_FIELD (1)
144 #define DHCP_SNAME_FIELD (2)
146 static uint8_t *dhcp_get_option(dhcp_packet_t *packet, size_t packet_size,
150 int field = DHCP_OPTION_FIELD;
152 uint8_t *data = packet->options;
155 size = packet_size - offsetof(dhcp_packet_t, options);
156 data = &packet->options[where];
158 while (where < size) {
159 if (data[0] == 0) { /* padding */
164 if (data[0] == 255) { /* end of options */
165 if ((field == DHCP_OPTION_FIELD) &&
166 (overload & DHCP_FILE_FIELD)) {
169 size = sizeof(packet->file);
170 field = DHCP_FILE_FIELD;
173 } else if ((field == DHCP_FILE_FIELD) &&
174 (overload & DHCP_SNAME_FIELD)) {
175 data = packet->sname;
177 size = sizeof(packet->sname);
178 field = DHCP_SNAME_FIELD;
186 * We MUST have a real option here.
188 if ((where + 2) > size) {
189 fr_strerror_printf("Options overflow field at %u",
190 (unsigned int) (data - (uint8_t *) packet));
194 if ((where + 2 + data[1]) > size) {
195 fr_strerror_printf("Option length overflows field at %u",
196 (unsigned int) (data - (uint8_t *) packet));
200 if (data[0] == option) return data;
202 if (data[0] == 52) { /* overload sname and/or file */
206 where += data[1] + 2;
214 * DHCPv4 is only for IPv4. Broadcast only works if udpfromto is
217 RADIUS_PACKET *fr_dhcp_recv(int sockfd)
220 struct sockaddr_storage src;
221 struct sockaddr_storage dst;
222 socklen_t sizeof_src;
223 socklen_t sizeof_dst;
224 RADIUS_PACKET *packet;
228 packet = rad_alloc(NULL, 0);
230 fr_strerror_printf("Failed allocating packet");
234 packet->data = talloc_zero_array(packet, uint8_t, MAX_PACKET_SIZE);
236 fr_strerror_printf("Out of memory");
241 packet->sockfd = sockfd;
242 sizeof_src = sizeof(src);
243 #ifdef WITH_UDPFROMTO
244 sizeof_dst = sizeof(dst);
245 packet->data_len = recvfromto(sockfd, packet->data, MAX_PACKET_SIZE, 0,
246 (struct sockaddr *)&src, &sizeof_src,
247 (struct sockaddr *)&dst, &sizeof_dst);
249 packet->data_len = recvfrom(sockfd, packet->data, MAX_PACKET_SIZE, 0,
250 (struct sockaddr *)&src, &sizeof_src);
253 if (packet->data_len <= 0) {
254 fr_strerror_printf("Failed reading DHCP socket: %s", strerror(errno));
259 if (packet->data_len < MIN_PACKET_SIZE) {
260 fr_strerror_printf("DHCP packet is too small (%zu < %d)",
261 packet->data_len, MIN_PACKET_SIZE);
266 if (packet->data[1] != 1) {
267 fr_strerror_printf("DHCP can only receive ethernet requests, not type %02x",
273 if (packet->data[2] != 6) {
274 fr_strerror_printf("Ethernet HW length is wrong length %d",
280 memcpy(&magic, packet->data + 236, 4);
281 magic = ntohl(magic);
282 if (magic != DHCP_OPTION_MAGIC_NUMBER) {
283 fr_strerror_printf("Cannot do BOOTP");
289 * Create unique keys for the packet.
291 memcpy(&magic, packet->data + 4, 4);
292 packet->id = ntohl(magic);
294 code = dhcp_get_option((dhcp_packet_t *) packet->data,
295 packet->data_len, 53);
297 fr_strerror_printf("No message-type option was found in the packet");
302 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
303 fr_strerror_printf("Unknown value for message-type option");
308 packet->code = code[2] | PW_DHCP_OFFSET;
311 * Create a unique vector from the MAC address and the
312 * DHCP opcode. This is a hack for the RADIUS
313 * infrastructure in the rest of the server.
315 * Note: packet->data[2] == 6, which is smaller than
316 * sizeof(packet->vector)
318 * FIXME: Look for client-identifier in packet,
321 memset(packet->vector, 0, sizeof(packet->vector));
322 memcpy(packet->vector, packet->data + 28, packet->data[2]);
323 packet->vector[packet->data[2]] = packet->code & 0xff;
326 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
327 * FIXME: for OFFER / ACK : src_port = dst_port - 1
331 * Unique keys are xid, client mac, and client ID?
335 * FIXME: More checks, like DHCP packet type?
338 sizeof_dst = sizeof(dst);
340 #ifndef WITH_UDPFROMTO
342 * This should never fail...
344 if (getsockname(sockfd, (struct sockaddr *) &dst, &sizeof_dst) < 0) {
345 fr_strerror_printf("getsockname failed: %s", strerror(errno));
351 fr_sockaddr2ipaddr(&dst, sizeof_dst, &packet->dst_ipaddr, &port);
352 packet->dst_port = port;
354 fr_sockaddr2ipaddr(&src, sizeof_src, &packet->src_ipaddr, &port);
355 packet->src_port = port;
357 if (fr_debug_flag > 1) {
359 char const *name = type_buf;
360 char src_ip_buf[256], dst_ip_buf[256];
362 if ((packet->code >= PW_DHCP_DISCOVER) &&
363 (packet->code <= PW_DHCP_INFORM)) {
364 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
366 snprintf(type_buf, sizeof(type_buf), "%d",
367 packet->code - PW_DHCP_OFFSET);
370 DEBUG("Received %s of id %08x from %s:%d to %s:%d\n",
371 name, (unsigned int) packet->id,
372 inet_ntop(packet->src_ipaddr.af,
373 &packet->src_ipaddr.ipaddr,
374 src_ip_buf, sizeof(src_ip_buf)),
376 inet_ntop(packet->dst_ipaddr.af,
377 &packet->dst_ipaddr.ipaddr,
378 dst_ip_buf, sizeof(dst_ip_buf)),
387 * Send a DHCP packet.
389 int fr_dhcp_send(RADIUS_PACKET *packet)
391 struct sockaddr_storage dst;
392 socklen_t sizeof_dst;
393 #ifdef WITH_UDPFROMTO
394 struct sockaddr_storage src;
395 socklen_t sizeof_src;
397 fr_ipaddr2sockaddr(&packet->src_ipaddr, packet->src_port,
401 fr_ipaddr2sockaddr(&packet->dst_ipaddr, packet->dst_port,
404 if (fr_debug_flag > 1) {
406 char const *name = type_buf;
407 #ifdef WITH_UDPFROMTO
408 char src_ip_buf[256];
410 char dst_ip_buf[256];
412 if ((packet->code >= PW_DHCP_DISCOVER) &&
413 (packet->code <= PW_DHCP_INFORM)) {
414 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
416 snprintf(type_buf, sizeof(type_buf), "%d",
417 packet->code - PW_DHCP_OFFSET);
421 #ifdef WITH_UDPFROMTO
422 "Sending %s of id %08x from %s:%d to %s:%d\n",
424 "Sending %s of id %08x to %s:%d\n",
426 name, (unsigned int) packet->id,
427 #ifdef WITH_UDPFROMTO
428 inet_ntop(packet->src_ipaddr.af,
429 &packet->src_ipaddr.ipaddr,
430 src_ip_buf, sizeof(src_ip_buf)),
433 inet_ntop(packet->dst_ipaddr.af,
434 &packet->dst_ipaddr.ipaddr,
435 dst_ip_buf, sizeof(dst_ip_buf)),
439 #ifndef WITH_UDPFROMTO
441 * Assume that the packet is encoded before sending it.
443 return sendto(packet->sockfd, packet->data, packet->data_len, 0,
444 (struct sockaddr *)&dst, sizeof_dst);
447 return sendfromto(packet->sockfd, packet->data, packet->data_len, 0,
448 (struct sockaddr *)&src, sizeof_src,
449 (struct sockaddr *)&dst, sizeof_dst);
453 static int fr_dhcp_attr2vp(RADIUS_PACKET *packet, VALUE_PAIR *vp, uint8_t const *p, size_t alen);
455 static int decode_tlv(RADIUS_PACKET *packet, VALUE_PAIR *tlv, uint8_t const *data, size_t data_len)
458 VALUE_PAIR *head, *vp;
462 * Take a pass at parsing it.
465 while (p < (data + data_len)) {
466 if ((p + 2) > (data + data_len)) goto make_tlv;
468 if ((p + p[1] + 2) > (data + data_len)) goto make_tlv;
473 * Got here... must be well formed.
476 paircursor(&cursor, &head);
479 while (p < (data + data_len)) {
480 vp = paircreate(packet, tlv->da->attr | (p[0] << 8), DHCP_MAGIC_VENDOR);
486 if (fr_dhcp_attr2vp(packet, vp, p + 2, p[1]) < 0) {
491 pairinsert(&cursor, vp);
496 * The caller allocated TLV, so we need to copy the FIRST
497 * attribute over top of that.
500 memcpy(tlv, head, sizeof(*tlv));
508 tlv->vp_tlv = talloc_array(tlv, uint8_t, data_len);
510 fr_strerror_printf("No memory");
513 memcpy(tlv->vp_tlv, data, data_len);
514 tlv->length = data_len;
521 * Decode ONE value into a VP
523 static int fr_dhcp_attr2vp(RADIUS_PACKET *packet, VALUE_PAIR *vp, uint8_t const *p, size_t alen)
527 switch (vp->da->type) {
529 if (alen != 1) goto raw;
530 vp->vp_integer = p[0];
534 if (alen != 2) goto raw;
535 memcpy(&vp->vp_integer, p, 2);
536 vp->vp_integer = ntohs(vp->vp_integer);
539 case PW_TYPE_INTEGER:
540 if (alen != 4) goto raw;
541 memcpy(&vp->vp_integer, p, 4);
542 vp->vp_integer = ntohl(vp->vp_integer);
546 if (alen != 4) goto raw;
548 * Keep value in Network Order!
550 memcpy(&vp->vp_ipaddr, p , 4);
555 vp->vp_strvalue = q = talloc_array(vp, char, alen + 1);
562 * Value doesn't match up with attribute type, overwrite the
563 * vp's original DICT_ATTR with an unknown one.
566 if (pair2unknown(vp) < 0) return -1;
569 if (alen > 253) return -1;
570 pairmemcpy(vp, p, alen);
574 return decode_tlv(packet, vp, p, alen);
577 fr_strerror_printf("Internal sanity check %d %d", vp->da->type, __LINE__);
579 } /* switch over type */
585 ssize_t fr_dhcp_decode_options(RADIUS_PACKET *packet,
586 uint8_t const *data, size_t len, VALUE_PAIR **head)
591 uint8_t const *p, *next;
595 paircursor(&cursor, head);
598 * FIXME: This should also check sname && file fields.
599 * See the dhcp_get_option() function above.
601 while (next < (data + len)) {
602 int num_entries, alen;
608 if (*p == 255) break; /* end of options signifier */
609 if ((p + 2) > (data + len)) break;
614 fr_strerror_printf("Attribute too long %u %u",
619 da = dict_attrbyvalue(p[0], DHCP_MAGIC_VENDOR);
621 fr_strerror_printf("Attribute not in our dictionary: %u",
632 * Could be an array of bytes, integers, etc.
634 if (da->flags.array) {
641 case PW_TYPE_SHORT: /* ignore any trailing data */
642 num_entries = alen >> 1;
647 case PW_TYPE_INTEGER:
648 case PW_TYPE_DATE: /* ignore any trailing data */
649 num_entries = alen >> 2;
655 break; /* really an internal sanity failure */
660 * Loop over all of the entries, building VPs
662 for (i = 0; i < num_entries; i++) {
663 vp = pairmake(packet, NULL, da->name, NULL, T_OP_ADD);
665 fr_strerror_printf("Cannot build attribute %s",
672 * Hack for ease of use.
674 if ((da->vendor == DHCP_MAGIC_VENDOR) &&
675 (da->attr == 61) && !da->flags.array &&
676 (alen == 7) && (*p == 1) && (num_entries == 1)) {
677 pairmemcpy(vp, p + 1, 6);
679 } else if (fr_dhcp_attr2vp(packet, vp, p, alen) < 0) {
685 pairinsert(&cursor, vp);
687 for (vp = paircurrent(&cursor);
689 vp = pairnext(&cursor)) {
693 } /* loop over array entries */
694 } /* loop over the entire packet */
699 int fr_dhcp_decode(RADIUS_PACKET *packet)
705 VALUE_PAIR *head = NULL, *vp;
706 VALUE_PAIR *maxms, *mtu;
708 paircursor(&cursor, &head);
711 if ((fr_debug_flag > 2) && fr_log_fp) {
712 for (i = 0; i < packet->data_len; i++) {
713 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", (int) i);
714 fprintf(fr_log_fp, "%02x ", packet->data[i]);
715 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
717 fprintf(fr_log_fp, "\n");
720 if (packet->data[1] != 1) {
721 fr_strerror_printf("Packet is not Ethernet: %u",
729 for (i = 0; i < 14; i++) {
732 vp = pairmake(packet, NULL, dhcp_header_names[i], NULL, T_OP_EQ);
735 strlcpy(buffer, fr_strerror(), sizeof(buffer));
736 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
742 (packet->data[1] == 1) &&
743 (packet->data[2] != 6)) {
744 fr_strerror_printf("chaddr of incorrect length for ethernet");
747 switch (vp->da->type) {
749 vp->vp_integer = p[0];
754 vp->vp_integer = (p[0] << 8) | p[1];
758 case PW_TYPE_INTEGER:
759 memcpy(&vp->vp_integer, p, 4);
760 vp->vp_integer = ntohl(vp->vp_integer);
765 memcpy(&vp->vp_ipaddr, p, 4);
770 vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i] + 1);
772 memcpy(q, p, dhcp_header_sizes[i]);
773 q[dhcp_header_sizes[i]] = '\0';
774 vp->length = strlen(vp->vp_strvalue);
775 if (vp->length == 0) {
781 pairmemcpy(vp, p, packet->data[2]);
784 case PW_TYPE_ETHERNET:
785 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
786 vp->length = sizeof(vp->vp_ether);
790 fr_strerror_printf("BAD TYPE %d", vp->da->type);
794 p += dhcp_header_sizes[i];
799 pairinsert(&cursor, vp);
803 * Loop over the options.
807 * Nothing uses tail after this call, if it does in the future
808 * it'll need to find the new tail...
811 VALUE_PAIR *options = NULL;
813 if (fr_dhcp_decode_options(packet,
814 packet->data + 240, packet->data_len - 240,
820 pairinsert(&cursor, options);
825 * If DHCP request, set ciaddr to zero.
829 * Set broadcast flag for broken vendors, but only if
832 memcpy(&giaddr, packet->data + 24, sizeof(giaddr));
833 if (giaddr == htonl(INADDR_ANY)) {
835 * DHCP Opcode is request
837 vp = pairfind(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
838 if (vp && vp->vp_integer == 3) {
840 * Vendor is "MSFT 98"
842 vp = pairfind(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY);
843 if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
844 vp = pairfind(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
847 * Reply should be broadcast.
849 if (vp) vp->vp_integer |= 0x8000;
850 packet->data[10] |= 0x80;
856 * FIXME: Nuke attributes that aren't used in the normal
857 * header for discover/requests.
862 * Client can request a LARGER size, but not a smaller
863 * one. They also cannot request a size larger than MTU.
865 maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
866 mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY);
868 if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
869 fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification.");
873 if (maxms && (maxms->vp_integer < DEFAULT_PACKET_SIZE)) {
874 fr_strerror_printf("DHCP WARNING: Client says maximum message size is smaller than minimum permitted by the specification: fixing it");
875 maxms->vp_integer = DEFAULT_PACKET_SIZE;
878 if (maxms && mtu && (maxms->vp_integer > mtu->vp_integer)) {
879 fr_strerror_printf("DHCP WARNING: Client says MTU is smaller than maximum message size: fixing it");
880 maxms->vp_integer = mtu->vp_integer;
883 if (fr_debug_flag) fflush(stdout);
889 static int attr_cmp(void const *one, void const *two)
891 const VALUE_PAIR * const *a = one;
892 const VALUE_PAIR * const *b = two;
895 * DHCP-Message-Type is first, for simplicity.
897 if (((*a)->da->attr == 53) &&
898 (*b)->da->attr != 53) return -1;
901 * Relay-Agent is last
903 if (((*a)->da->attr == 82) &&
904 (*b)->da->attr != 82) return 1;
906 return ((*a)->da->attr - (*b)->da->attr);
912 static size_t fr_dhcp_vp2attr(VALUE_PAIR *vp, uint8_t *p, UNUSED size_t room)
918 * Search for all attributes of the same
919 * type, and pack them into the same
922 switch (vp->da->type) {
925 *p = vp->vp_integer & 0xff;
930 p[0] = (vp->vp_integer >> 8) & 0xff;
931 p[1] = vp->vp_integer & 0xff;
934 case PW_TYPE_INTEGER:
936 lvalue = htonl(vp->vp_integer);
937 memcpy(p, &lvalue, 4);
942 memcpy(p, &vp->vp_ipaddr, 4);
945 case PW_TYPE_ETHERNET:
947 memcpy(p, &vp->vp_ether, 6);
951 memcpy(p, vp->vp_strvalue, vp->length);
955 case PW_TYPE_TLV: /* FIXME: split it on 255? */
956 memcpy(p, vp->vp_tlv, vp->length);
961 memcpy(p, vp->vp_octets, vp->length);
966 fr_strerror_printf("BAD TYPE2 %d", vp->da->type);
974 static VALUE_PAIR *fr_dhcp_vp2suboption(RADIUS_PACKET *packet, VALUE_PAIR *vps)
977 unsigned int attribute;
980 VALUE_PAIR *vp, *tlv;
982 attribute = vps->da->attr & 0xffff00ff;
984 tlv = paircreate(packet, attribute, DHCP_MAGIC_VENDOR);
985 if (!tlv) return NULL;
988 for (vp = paircursor(&cursor, &vps);
990 vp = pairnext(&cursor)) {
992 * Group the attributes ONLY until we see a
995 if (!vp->da->flags.is_tlv ||
996 vp->da->flags.extended ||
997 ((vp->da->attr & 0xffff00ff) != attribute)) {
1001 tlv->length += vp->length + 2;
1009 tlv->vp_tlv = talloc_array(tlv, uint8_t, tlv->length);
1016 for (vp = paircursor(&cursor, &vps);
1018 vp = pairnext(&cursor)) {
1019 if (!vp->da->flags.is_tlv ||
1020 vp->da->flags.extended ||
1021 ((vp->da->attr & 0xffff00ff) != attribute)) {
1025 length = fr_dhcp_vp2attr(vp, ptr + 2,
1026 tlv->vp_tlv + tlv->length - ptr);
1033 * Pack the attribute.
1035 ptr[0] = (vp->da->attr & 0xff00) >> 8;
1045 int fr_dhcp_encode(RADIUS_PACKET *packet)
1047 unsigned int i, num_vps;
1051 uint32_t lvalue, mms;
1052 size_t dhcp_size, length;
1055 # ifdef WITH_UDPFROMTO
1056 char src_ip_buf[256];
1058 char dst_ip_buf[256];
1061 if (packet->data) return 0;
1063 packet->data_len = MAX_PACKET_SIZE;
1064 packet->data = talloc_zero_array(packet, uint8_t, packet->data_len);
1066 /* XXX Ugly ... should be set by the caller */
1067 if (packet->code == 0) packet->code = PW_DHCP_NAK;
1070 if ((packet->code >= PW_DHCP_DISCOVER) &&
1071 (packet->code <= PW_DHCP_INFORM)) {
1072 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
1078 #ifdef WITH_UDPFROMTO
1079 "Encoding %s of id %08x from %s:%d to %s:%d\n",
1081 "Encoding %s of id %08x to %s:%d\n",
1083 name, (unsigned int) packet->id,
1084 #ifdef WITH_UDPFROMTO
1085 inet_ntop(packet->src_ipaddr.af,
1086 &packet->src_ipaddr.ipaddr,
1087 src_ip_buf, sizeof(src_ip_buf)),
1090 inet_ntop(packet->dst_ipaddr.af,
1091 &packet->dst_ipaddr.ipaddr,
1092 dst_ip_buf, sizeof(dst_ip_buf)),
1098 mms = DEFAULT_PACKET_SIZE; /* maximum message size */
1101 * Clients can request a LARGER size, but not a
1102 * smaller one. They also cannot request a size
1106 /* DHCP-DHCP-Maximum-Msg-Size */
1107 vp = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
1108 if (vp && (vp->vp_integer > mms)) {
1109 mms = vp->vp_integer;
1111 if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE;
1114 vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
1116 *p++ = vp->vp_integer & 0xff;
1118 *p++ = 1; /* client message */
1121 /* DHCP-Hardware-Type */
1122 if ((vp = pairfind(packet->vps, 257, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1123 *p++ = vp->vp_integer & 0xFF;
1125 *p++ = 1; /* hardware type = ethernet */
1128 /* DHCP-Hardware-Address-Length */
1129 if ((vp = pairfind(packet->vps, 258, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1130 *p++ = vp->vp_integer & 0xFF;
1132 *p++ = 6; /* 6 bytes of ethernet */
1135 /* DHCP-Hop-Count */
1136 if ((vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1137 *p = vp->vp_integer & 0xff;
1141 /* DHCP-Transaction-Id */
1142 if ((vp = pairfind(packet->vps, 260, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1143 lvalue = htonl(vp->vp_integer);
1147 memcpy(p, &lvalue, 4);
1150 /* DHCP-Number-of-Seconds */
1151 if ((vp = pairfind(packet->vps, 261, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1152 lvalue = htonl(vp->vp_integer);
1153 memcpy(p, &lvalue, 2);
1158 if ((vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1159 lvalue = htons(vp->vp_integer);
1160 memcpy(p, &lvalue, 2);
1164 /* DHCP-Client-IP-Address */
1165 if ((vp = pairfind(packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1166 memcpy(p, &vp->vp_ipaddr, 4);
1170 /* DHCP-Your-IP-address */
1171 if ((vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1172 lvalue = vp->vp_ipaddr;
1174 lvalue = htonl(INADDR_ANY);
1176 memcpy(p, &lvalue, 4);
1179 /* DHCP-Server-IP-Address */
1180 vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY);
1182 /* DHCP-DHCP-Server-Identifier */
1183 if (!vp && (vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1184 lvalue = vp->vp_ipaddr;
1186 lvalue = htonl(INADDR_ANY);
1188 memcpy(p, &lvalue, 4);
1192 * DHCP-Gateway-IP-Address
1194 if ((vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1195 lvalue = vp->vp_ipaddr;
1197 lvalue = htonl(INADDR_ANY);
1199 memcpy(p, &lvalue, 4);
1202 /* DHCP-Client-Hardware-Address */
1203 if ((vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1204 if (vp->length > DHCP_CHADDR_LEN) {
1205 memcpy(p, vp->vp_octets, DHCP_CHADDR_LEN);
1207 memcpy(p, vp->vp_octets, vp->length);
1210 p += DHCP_CHADDR_LEN;
1212 /* DHCP-Server-Host-Name */
1213 if ((vp = pairfind(packet->vps, 268, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1214 if (vp->length > DHCP_SNAME_LEN) {
1215 memcpy(p, vp->vp_strvalue, DHCP_SNAME_LEN);
1217 memcpy(p, vp->vp_strvalue, vp->length);
1220 p += DHCP_SNAME_LEN;
1223 * Copy over DHCP-Boot-Filename.
1225 * FIXME: This copy should be delayed until AFTER the options
1226 * have been processed. If there are too many options for
1227 * the packet, then they go into the sname && filename fields.
1228 * When that happens, the boot filename is passed as an option,
1229 * instead of being placed verbatim in the filename field.
1232 /* DHCP-Boot-Filename */
1233 if ((vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1234 if (vp->length > DHCP_FILE_LEN) {
1235 memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
1237 memcpy(p, vp->vp_strvalue, vp->length);
1242 /* DHCP magic number */
1243 lvalue = htonl(DHCP_OPTION_MAGIC_NUMBER);
1244 memcpy(p, &lvalue, 4);
1250 if (fr_debug_flag > 1) {
1255 for (i = 0; i < 14; i++) {
1258 vp = pairmake(packet, NULL,
1259 dhcp_header_names[i], NULL, T_OP_EQ);
1262 strlcpy(buffer, fr_strerror(), sizeof(buffer));
1263 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
1267 switch (vp->da->type) {
1269 vp->vp_integer = p[0];
1274 vp->vp_integer = (p[0] << 8) | p[1];
1278 case PW_TYPE_INTEGER:
1279 memcpy(&vp->vp_integer, p, 4);
1280 vp->vp_integer = ntohl(vp->vp_integer);
1284 case PW_TYPE_IPADDR:
1285 memcpy(&vp->vp_ipaddr, p, 4);
1289 case PW_TYPE_STRING:
1290 vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i]);
1292 memcpy(q, p, dhcp_header_sizes[i]);
1293 q[dhcp_header_sizes[i]] = '\0';
1294 vp->length = strlen(vp->vp_strvalue);
1297 case PW_TYPE_OCTETS: /* only for Client HW Address */
1298 pairmemcpy(vp, p, packet->data[2]);
1301 case PW_TYPE_ETHERNET: /* only for Client HW Address */
1302 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1303 vp->length = sizeof(vp->vp_ether);
1307 fr_strerror_printf("Internal sanity check failed %d %d", vp->da->type, __LINE__);
1312 p += dhcp_header_sizes[i];
1319 * Jump over DHCP magic number, response, etc.
1325 * Before packing the attributes, re-order them so that
1326 * the array ones are all contiguous. This simplifies
1330 for (vp = paircursor(&cursor, &packet->vps);
1332 vp = pairnext(&cursor)) {
1338 array = talloc_array(packet, VALUE_PAIR*, num_vps);
1341 for (vp = paircursor(&cursor, &packet->vps);
1343 vp = pairnext(&cursor)) {
1348 * Sort the attributes.
1350 qsort(array, (size_t) num_vps, sizeof(VALUE_PAIR *), attr_cmp);
1352 paircursor(&cursor, &packet->vps);
1353 for (i = 0; i < num_vps; i++) {
1354 pairinsert(&cursor, array[i]->next);
1359 p[0] = 0x35; /* DHCP-Message-Type */
1361 p[2] = packet->code - PW_DHCP_OFFSET;
1365 * Pack in the attributes.
1369 unsigned int num_entries = 1;
1373 if (vp->da->vendor != DHCP_MAGIC_VENDOR) goto next;
1374 if (vp->da->attr == 53) goto next; /* already done */
1375 if ((vp->da->attr > 255) &&
1376 (DHCP_BASE_ATTR(vp->da->attr) != PW_DHCP_OPTION_82)) goto next;
1379 if (vp->da->flags.extended) goto next;
1381 length = vp->length;
1383 for (same = paircursor(&cursor, &vp->next);
1385 same = pairnext(&cursor)) {
1386 if (same->da->attr != vp->da->attr) break;
1391 * For client-identifier
1392 * @todo What's this meant to be doing?!
1395 if ((vp->da->type == PW_TYPE_ETHERNET) &&
1396 (vp->length == 6) &&
1397 (num_entries == 1)) {
1398 vp->da->type = PW_TYPE_OCTETS;
1399 memmove(vp->vp_octets + 1, vp->vp_octets, 6);
1400 vp->vp_octets[0] = 1;
1403 *(p++) = vp->da->attr & 0xff;
1405 *(p++) = 0; /* header isn't included in attr length */
1407 for (i = 0; i < num_entries; i++) {
1408 if (i != 0) debug_pair(vp);
1410 if (vp->da->flags.is_tlv) {
1414 * Should NOT have been encoded yet!
1416 tlv = fr_dhcp_vp2suboption(packet, vp);
1419 * Ignore it if there's an issue
1422 if (!tlv) goto next;
1424 tlv->next = vp->next;
1429 length = fr_dhcp_vp2attr(vp, p, 0);
1432 * This will never happen due to FreeRADIUS
1433 * limitations: sizeof(vp->vp_octets) < 255
1436 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->da->name);
1441 * More than one attribute of the same type
1442 * in a row: they are packed together
1443 * into the same TLV. If we overflow,
1446 if ((*plength + length) > 255) {
1447 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->da->name);
1455 (vp->next->da->attr == vp->da->attr))
1457 } /* loop over num_entries */
1463 p[0] = 0xff; /* end of option option */
1466 dhcp_size = p - packet->data;
1469 * FIXME: if (dhcp_size > mms),
1470 * then we put the extra options into the "sname" and "file"
1471 * fields, AND set the "end option option" in the "options"
1472 * field. We also set the "overload option",
1473 * and put options into the "file" field, followed by
1474 * the "sname" field. Where each option is completely
1475 * enclosed in the "file" and/or "sname" field, AND
1476 * followed by the "end of option", and MUST be followed
1477 * by padding option.
1479 * Yuck. That sucks...
1481 packet->data_len = dhcp_size;
1483 if (packet->data_len < DEFAULT_PACKET_SIZE) {
1484 memset(packet->data + packet->data_len, 0,
1485 DEFAULT_PACKET_SIZE - packet->data_len);
1486 packet->data_len = DEFAULT_PACKET_SIZE;
1489 if ((fr_debug_flag > 2) && fr_log_fp) {
1490 for (i = 0; i < packet->data_len; i++) {
1491 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", i);
1492 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1493 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1495 fprintf(fr_log_fp, "\n");
1502 int fr_dhcp_add_arp_entry(int fd, char const *interface,
1503 VALUE_PAIR *macaddr, VALUE_PAIR *ip)
1505 struct sockaddr_in *sin;
1508 if (macaddr->length > sizeof (req.arp_ha.sa_data)) {
1509 fr_strerror_printf("ERROR: DHCP only supports up to %zu octets "
1510 "for Client Hardware Address "
1511 "(got %zu octets)\n",
1512 sizeof(req.arp_ha.sa_data),
1517 memset(&req, 0, sizeof(req));
1518 sin = (struct sockaddr_in *) &req.arp_pa;
1519 sin->sin_family = AF_INET;
1520 sin->sin_addr.s_addr = ip->vp_ipaddr;
1521 strlcpy(req.arp_dev, interface, sizeof(req.arp_dev));
1522 memcpy(&req.arp_ha.sa_data, macaddr->vp_octets, macaddr->length);
1524 req.arp_flags = ATF_COM;
1525 if (ioctl(fd, SIOCSARP, &req) < 0) {
1526 fr_strerror_printf("DHCP: Failed to add entry in ARP cache: %s (%d)",
1527 strerror(errno), errno);
1534 int fr_dhcp_add_arp_entry(UNUSED int fd, UNUSED char const *interface,
1535 UNUSED VALUE_PAIR *macaddr, UNUSED VALUE_PAIR *ip)
1537 fr_strerror_printf("Adding ARP entry is unsupported on this system");