2 * dhcp.c Functions to send/receive dhcp packets.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
26 #include <freeradius-devel/libradius.h>
27 #include <freeradius-devel/udpfromto.h>
28 #include <freeradius-devel/dhcp.h>
29 #include <freeradius-devel/net.h>
32 #include <sys/ioctl.h>
35 #ifdef HAVE_SYS_SOCKET_H
36 #include <sys/socket.h>
38 #ifdef HAVE_SYS_TYPES_H
39 #include <sys/types.h>
43 #include <net/if_arp.h>
46 #define DHCP_CHADDR_LEN (16)
47 #define DHCP_SNAME_LEN (64)
48 #define DHCP_FILE_LEN (128)
49 #define DHCP_VEND_LEN (308)
50 #define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
52 #ifndef INADDR_BROADCAST
53 #define INADDR_BROADCAST INADDR_NONE
56 /* @todo: this is a hack */
57 # define DEBUG if (fr_debug_lvl && fr_log_fp) fr_printf_log
58 # define debug_pair(vp) do { if (fr_debug_lvl && fr_log_fp) { \
59 vp_print(fr_log_fp, vp); \
63 #ifdef HAVE_LINUX_IF_PACKET_H
64 #define ETH_HDR_SIZE 14
65 #define IP_HDR_SIZE 20
66 #define UDP_HDR_SIZE 8
67 #define ETH_ADDR_LEN 6
68 #define ETH_TYPE_IP 0x0800
69 #define ETH_P_ALL 0x0003
71 static uint8_t eth_bcast[ETH_ADDR_LEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
73 /* Discard raw packets which we are not interested in. Allow to trace why we discard. */
74 #define DISCARD_RP(...) { \
75 if (fr_debug_lvl > 2) { \
76 fprintf(stdout, "dhcpclient: discarding received packet: "); \
77 fprintf(stdout, ## __VA_ARGS__); \
78 fprintf(stdout, "\n"); \
85 typedef struct dhcp_packet_t {
91 uint16_t secs; /* 8 */
93 uint32_t ciaddr; /* 12 */
94 uint32_t yiaddr; /* 16 */
95 uint32_t siaddr; /* 20 */
96 uint32_t giaddr; /* 24 */
97 uint8_t chaddr[DHCP_CHADDR_LEN]; /* 28 */
98 uint8_t sname[DHCP_SNAME_LEN]; /* 44 */
99 uint8_t file[DHCP_FILE_LEN]; /* 108 */
100 uint32_t option_format; /* 236 */
101 uint8_t options[DHCP_VEND_LEN];
104 typedef struct dhcp_option_t {
110 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 DISCOVER
111 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 OFFER
112 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 REQUEST
113 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 ACK
115 static char const *dhcp_header_names[] = {
117 "DHCP-Hardware-Type",
118 "DHCP-Hardware-Address-Length",
120 "DHCP-Transaction-Id",
121 "DHCP-Number-of-Seconds",
123 "DHCP-Client-IP-Address",
124 "DHCP-Your-IP-Address",
125 "DHCP-Server-IP-Address",
126 "DHCP-Gateway-IP-Address",
127 "DHCP-Client-Hardware-Address",
128 "DHCP-Server-Host-Name",
129 "DHCP-Boot-Filename",
134 static char const *dhcp_message_types[] = {
147 static int dhcp_header_sizes[] = {
158 * Some clients silently ignore responses less than 300 bytes.
160 #define MIN_PACKET_SIZE (244)
161 #define DEFAULT_PACKET_SIZE (300)
162 #define MAX_PACKET_SIZE (1500 - 40)
164 #define DHCP_OPTION_FIELD (0)
165 #define DHCP_FILE_FIELD (1)
166 #define DHCP_SNAME_FIELD (2)
168 static uint8_t *dhcp_get_option(dhcp_packet_t *packet, size_t packet_size,
172 int field = DHCP_OPTION_FIELD;
177 size = packet_size - offsetof(dhcp_packet_t, options);
178 data = &packet->options[where];
180 while (where < size) {
181 if (data[0] == 0) { /* padding */
186 if (data[0] == 255) { /* end of options */
187 if ((field == DHCP_OPTION_FIELD) &&
188 (overload & DHCP_FILE_FIELD)) {
191 size = sizeof(packet->file);
192 field = DHCP_FILE_FIELD;
195 } else if ((field == DHCP_FILE_FIELD) &&
196 (overload & DHCP_SNAME_FIELD)) {
197 data = packet->sname;
199 size = sizeof(packet->sname);
200 field = DHCP_SNAME_FIELD;
208 * We MUST have a real option here.
210 if ((where + 2) > size) {
211 fr_strerror_printf("Options overflow field at %u",
212 (unsigned int) (data - (uint8_t *) packet));
216 if ((where + 2 + data[1]) > size) {
217 fr_strerror_printf("Option length overflows field at %u",
218 (unsigned int) (data - (uint8_t *) packet));
222 if (data[0] == option) return data;
224 if (data[0] == 52) { /* overload sname and/or file */
228 where += data[1] + 2;
236 * DHCPv4 is only for IPv4. Broadcast only works if udpfromto is
239 RADIUS_PACKET *fr_dhcp_recv(int sockfd)
242 struct sockaddr_storage src;
243 struct sockaddr_storage dst;
244 socklen_t sizeof_src;
245 socklen_t sizeof_dst;
246 RADIUS_PACKET *packet;
251 packet = rad_alloc(NULL, false);
253 fr_strerror_printf("Failed allocating packet");
257 packet->data = talloc_zero_array(packet, uint8_t, MAX_PACKET_SIZE);
259 fr_strerror_printf("Out of memory");
264 packet->sockfd = sockfd;
265 sizeof_src = sizeof(src);
266 #ifdef WITH_UDPFROMTO
267 sizeof_dst = sizeof(dst);
268 data_len = recvfromto(sockfd, packet->data, MAX_PACKET_SIZE, 0,
269 (struct sockaddr *)&src, &sizeof_src,
270 (struct sockaddr *)&dst, &sizeof_dst);
272 data_len = recvfrom(sockfd, packet->data, MAX_PACKET_SIZE, 0,
273 (struct sockaddr *)&src, &sizeof_src);
277 fr_strerror_printf("Failed reading DHCP socket: %s", fr_syserror(errno));
282 packet->data_len = data_len;
283 if (packet->data_len < MIN_PACKET_SIZE) {
284 fr_strerror_printf("DHCP packet is too small (%zu < %d)",
285 packet->data_len, MIN_PACKET_SIZE);
290 if (packet->data_len > MAX_PACKET_SIZE) {
291 fr_strerror_printf("DHCP packet is too large (%zx > %d)",
292 packet->data_len, MAX_PACKET_SIZE);
297 if (packet->data[1] != 1) {
298 fr_strerror_printf("DHCP can only receive ethernet requests, not type %02x",
304 if (packet->data[2] != 6) {
305 fr_strerror_printf("Ethernet HW length is wrong length %d",
311 memcpy(&magic, packet->data + 236, 4);
312 magic = ntohl(magic);
313 if (magic != DHCP_OPTION_MAGIC_NUMBER) {
314 fr_strerror_printf("Cannot do BOOTP");
320 * Create unique keys for the packet.
322 memcpy(&magic, packet->data + 4, 4);
323 packet->id = ntohl(magic);
325 code = dhcp_get_option((dhcp_packet_t *) packet->data,
326 packet->data_len, 53);
328 fr_strerror_printf("No message-type option was found in the packet");
333 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
334 fr_strerror_printf("Unknown value for message-type option");
339 packet->code = code[2] | PW_DHCP_OFFSET;
342 * Create a unique vector from the MAC address and the
343 * DHCP opcode. This is a hack for the RADIUS
344 * infrastructure in the rest of the server.
346 * Note: packet->data[2] == 6, which is smaller than
347 * sizeof(packet->vector)
349 * FIXME: Look for client-identifier in packet,
352 memset(packet->vector, 0, sizeof(packet->vector));
353 memcpy(packet->vector, packet->data + 28, packet->data[2]);
354 packet->vector[packet->data[2]] = packet->code & 0xff;
357 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
358 * FIXME: for OFFER / ACK : src_port = dst_port - 1
362 * Unique keys are xid, client mac, and client ID?
366 * FIXME: More checks, like DHCP packet type?
369 sizeof_dst = sizeof(dst);
371 #ifndef WITH_UDPFROMTO
373 * This should never fail...
375 if (getsockname(sockfd, (struct sockaddr *) &dst, &sizeof_dst) < 0) {
376 fr_strerror_printf("getsockname failed: %s", fr_syserror(errno));
382 fr_sockaddr2ipaddr(&dst, sizeof_dst, &packet->dst_ipaddr, &port);
383 packet->dst_port = port;
385 fr_sockaddr2ipaddr(&src, sizeof_src, &packet->src_ipaddr, &port);
386 packet->src_port = port;
388 if (fr_debug_lvl > 1) {
390 char const *name = type_buf;
391 char src_ip_buf[256], dst_ip_buf[256];
393 if ((packet->code >= PW_DHCP_DISCOVER) &&
394 (packet->code <= PW_DHCP_INFORM)) {
395 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
397 snprintf(type_buf, sizeof(type_buf), "%d",
398 packet->code - PW_DHCP_OFFSET);
401 DEBUG("Received %s of Id %08x from %s:%d to %s:%d\n",
402 name, (unsigned int) packet->id,
403 inet_ntop(packet->src_ipaddr.af,
404 &packet->src_ipaddr.ipaddr,
405 src_ip_buf, sizeof(src_ip_buf)),
407 inet_ntop(packet->dst_ipaddr.af,
408 &packet->dst_ipaddr.ipaddr,
409 dst_ip_buf, sizeof(dst_ip_buf)),
418 * Send a DHCP packet.
420 int fr_dhcp_send(RADIUS_PACKET *packet)
422 struct sockaddr_storage dst;
423 socklen_t sizeof_dst;
424 #ifdef WITH_UDPFROMTO
425 struct sockaddr_storage src;
426 socklen_t sizeof_src;
428 fr_ipaddr2sockaddr(&packet->src_ipaddr, packet->src_port,
432 fr_ipaddr2sockaddr(&packet->dst_ipaddr, packet->dst_port,
435 if (packet->data_len == 0) {
436 fr_strerror_printf("No data to send");
440 if (fr_debug_lvl > 1) {
442 char const *name = type_buf;
443 #ifdef WITH_UDPFROMTO
444 char src_ip_buf[INET6_ADDRSTRLEN];
446 char dst_ip_buf[INET6_ADDRSTRLEN];
448 if ((packet->code >= PW_DHCP_DISCOVER) &&
449 (packet->code <= PW_DHCP_INFORM)) {
450 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
452 snprintf(type_buf, sizeof(type_buf), "%d",
453 packet->code - PW_DHCP_OFFSET);
457 #ifdef WITH_UDPFROMTO
458 "Sending %s Id %08x from %s:%d to %s:%d\n",
460 "Sending %s Id %08x to %s:%d\n",
462 name, (unsigned int) packet->id,
463 #ifdef WITH_UDPFROMTO
464 inet_ntop(packet->src_ipaddr.af, &packet->src_ipaddr.ipaddr, src_ip_buf, sizeof(src_ip_buf)),
467 inet_ntop(packet->dst_ipaddr.af, &packet->dst_ipaddr.ipaddr, dst_ip_buf, sizeof(dst_ip_buf)),
471 #ifndef WITH_UDPFROMTO
473 * Assume that the packet is encoded before sending it.
475 return sendto(packet->sockfd, packet->data, packet->data_len, 0,
476 (struct sockaddr *)&dst, sizeof_dst);
479 return sendfromto(packet->sockfd, packet->data, packet->data_len, 0,
480 (struct sockaddr *)&src, sizeof_src,
481 (struct sockaddr *)&dst, sizeof_dst);
485 static int fr_dhcp_attr2vp(TALLOC_CTX *ctx, VALUE_PAIR **vp_p, uint8_t const *p, size_t alen);
487 /** Returns the number of array members for arrays with fixed element sizes
490 static int fr_dhcp_array_members(size_t *len, DICT_ATTR const *da)
495 * Could be an array of bytes, integers, etc.
497 if (da->flags.array) switch (da->type) {
503 case PW_TYPE_SHORT: /* ignore any trailing data */
504 num_entries = *len >> 1;
508 case PW_TYPE_IPV4_ADDR:
509 case PW_TYPE_INTEGER:
510 case PW_TYPE_DATE: /* ignore any trailing data */
511 num_entries = *len >> 2;
515 case PW_TYPE_IPV6_ADDR:
516 num_entries = *len >> 4;
527 /** RFC 4243 Vendor Specific Suboptions
529 * Vendor specific suboptions are in the format.
532 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
533 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
534 | Enterprise Number 0 |
535 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
537 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
539 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
540 | Enterprise Number n |
541 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
543 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
545 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
548 * So although the vendor is identified, the format of the data isn't specified
549 * so we can't actually resolve the suboption to an attribute.
551 * To get around that, we create an attribute with a vendor matching the
552 * enterprise number, and attr 0.
554 * How the suboption data is then processed, is dependent on what type
555 * \<iana\>.0 is defined as in the dictionary.
557 * @param[in,out] tlv to decode. *tlv will be set to the head of the list of suboptions and original will be freed.
558 * @param[in] ctx context to alloc new attributes in.
559 * @param[in] data to parse.
560 * @param[in] len length of data to parse.
562 static int fr_dhcp_decode_vsa(TALLOC_CTX *ctx, VALUE_PAIR **tlv, uint8_t const *data, size_t len)
564 uint8_t const *p, *q;
569 if (len < 4) goto malformed;
574 if (p + 5 >= q) goto malformed;
575 p += sizeof(uint32_t);
579 * Check if length > the length of the buffer we have left
581 if (p >= q) goto malformed;
586 fr_cursor_init(&cursor, &head);
589 * Now we know its sane, start decoding!
597 vendor = ntohl(*((uint32_t const *) p));
599 * This is pretty much all we can do. RFC 4243 doesn't specify
600 * an attribute field, so it's up to vendors to figure out how
601 * they want to encode their attributes.
603 da = dict_attrbyvalue(0, vendor);
605 da = dict_unknown_afrom_fields(ctx, 0, vendor);
611 vp = pairalloc(ctx, da);
617 pairsteal(ctx, vp); /* for unknown attributes hack */
619 if (fr_dhcp_attr2vp(ctx, &vp, p + 5, p[4]) < 0) {
625 fr_cursor_merge(&cursor, vp);
626 dict_attr_free(&da); /* for unknown attributes hack */
628 p += 4 + 1 + p[4]; /* vendor id (4) + len (1) + vsa len (n) */
632 * The caller allocated TLV, if decoding it generated additional
633 * attributes, we now need to free it, and write the HEAD of our
634 * new list of attributes in its place.
637 vp_cursor_t tlv_cursor;
640 * Free the old TLV attribute
645 * Cursor not necessary but means we don't have to set
648 fr_cursor_init(&tlv_cursor, tlv);
649 fr_cursor_merge(&tlv_cursor, head);
655 (*tlv)->vp_tlv = talloc_array(*tlv, uint8_t, len);
656 if (!(*tlv)->vp_tlv) {
657 fr_strerror_printf("No memory");
660 memcpy((*tlv)->vp_tlv, data, len);
661 (*tlv)->vp_length = len;
666 /** Decode DHCP suboptions
668 * @param[in,out] tlv to decode. *tlv will be set to the head of the list of suboptions and original will be freed.
669 * @param[in] ctx context to alloc new attributes in.
670 * @param[in] data to parse.
671 * @param[in] len length of data to parse.
673 static int fr_dhcp_decode_suboption(TALLOC_CTX *ctx, VALUE_PAIR **tlv, uint8_t const *data, size_t len)
675 uint8_t const *p, *q;
676 VALUE_PAIR *head, *vp;
680 * TLV must already point to a VALUE_PAIR.
685 * Take a pass at parsing it.
691 * RFC 3046 is very specific about not allowing termination
692 * with a 255 sub-option. But it's required for decoding
693 * option 43, and vendors will probably screw it up
706 * Check if reading length would take us past the end of the buffer
708 if (++p >= q) goto malformed;
712 * Check if length > the length of the buffer we have left
714 if (p >= q) goto malformed;
719 * Got here... must be well formed.
722 fr_cursor_init(&cursor, &head);
734 * The initial OID string looks like:
737 * If <iana>.0 is type TLV then we attempt to decode its contents as more
738 * DHCP suboptions, which gives us:
741 * If <iana>.0 is not defined in the dictionary or is type octets, we leave
742 * the attribute as is.
744 attr = (*tlv)->da->attr ? ((*tlv)->da->attr | (p[0] << 8)) : p[0];
747 * Use the vendor of the parent TLV which is not necessarily
750 * Note: This does not deal with dictionary numbering clashes. If
751 * the vendor uses different numbers for DHCP suboptions and RADIUS
752 * attributes then it's time to break out %{hex:} and regular
755 da = dict_attrbyvalue(attr, (*tlv)->da->vendor);
757 da = dict_unknown_afrom_fields(ctx, attr, (*tlv)->da->vendor);
766 num_entries = fr_dhcp_array_members(&a_len, da);
767 for (i = 0; i < num_entries; i++) {
768 vp = pairalloc(ctx, da);
774 pairsteal(ctx, vp); /* for unknown attributes hack */
776 if (fr_dhcp_attr2vp(ctx, &vp, a_p, a_len) < 0) {
781 fr_cursor_merge(&cursor, vp);
786 dict_attr_free(&da); /* for unknown attributes hack */
788 p += 2 + p[1]; /* code (1) + len (1) + suboption len (n)*/
792 * The caller allocated a TLV, if decoding it generated
793 * additional attributes, we now need to free it, and write
794 * the HEAD of our new list of attributes in its place.
797 vp_cursor_t tlv_cursor;
800 * Free the old TLV attribute
805 * Cursor not necessary but means we don't have to set
808 fr_cursor_init(&tlv_cursor, tlv);
809 fr_cursor_merge(&tlv_cursor, head);
815 (*tlv)->vp_tlv = talloc_array(*tlv, uint8_t, len);
816 if (!(*tlv)->vp_tlv) {
817 fr_strerror_printf("No memory");
820 memcpy((*tlv)->vp_tlv, data, len);
821 (*tlv)->vp_length = len;
827 * Decode ONE value into a VP
829 static int fr_dhcp_attr2vp(TALLOC_CTX *ctx, VALUE_PAIR **vp_p, uint8_t const *data, size_t len)
831 VALUE_PAIR *vp = *vp_p;
834 switch (vp->da->type) {
836 if (len != 1) goto raw;
837 vp->vp_byte = data[0];
841 if (len != 2) goto raw;
842 memcpy(&vp->vp_short, data, 2);
843 vp->vp_short = ntohs(vp->vp_short);
846 case PW_TYPE_INTEGER:
847 if (len != 4) goto raw;
848 memcpy(&vp->vp_integer, data, 4);
849 vp->vp_integer = ntohl(vp->vp_integer);
852 case PW_TYPE_IPV4_ADDR:
853 if (len != 4) goto raw;
855 * Keep value in Network Order!
857 memcpy(&vp->vp_ipaddr, data, 4);
862 * In DHCPv4, string options which can also be arrays,
863 * have their values '\0' delimited.
868 uint8_t const *q, *end;
872 q = end = data + len;
874 if (!vp->da->flags.array) {
875 pairbstrncpy(vp, (char const *)p, q - p);
880 * Initialise the cursor as we may be inserting
881 * multiple additional VPs
883 fr_cursor_init(&cursor, vp_p);
885 q = memchr(p, '\0', q - p);
886 /* Malformed but recoverable */
889 pairbstrncpy(vp, (char const *)p, q - p);
892 /* Need another VP for the next round */
894 vp = pairalloc(ctx, vp->da);
899 fr_cursor_insert(&cursor, vp);
907 case PW_TYPE_ETHERNET:
908 memcpy(vp->vp_ether, data, sizeof(vp->vp_ether));
909 vp->vp_length = sizeof(vp->vp_ether);
913 * Value doesn't match up with attribute type, overwrite the
914 * vp's original DICT_ATTR with an unknown one.
917 if (pair2unknown(vp) < 0) return -1;
920 if (len > 255) return -1;
921 pairmemcpy(vp, data, len);
925 * For option 82 et al...
928 return fr_dhcp_decode_suboption(ctx, vp_p, data, len);
934 return fr_dhcp_decode_vsa(ctx, vp_p, data, len);
937 fr_strerror_printf("Internal sanity check %d %d", vp->da->type, __LINE__);
939 } /* switch over type */
945 /** Decode DHCP options
947 * @param[in,out] out Where to write the decoded options.
948 * @param[in] ctx context to alloc new attributes in.
949 * @param[in] data to parse.
950 * @param[in] len of data to parse.
952 ssize_t fr_dhcp_decode_options(TALLOC_CTX *ctx, VALUE_PAIR **out, uint8_t const *data, size_t len)
956 uint8_t const *p, *q;
959 fr_cursor_init(&cursor, out);
962 * FIXME: This should also check sname && file fields.
963 * See the dhcp_get_option() function above.
974 if (*p == 0) { /* 0x00 - Padding option */
979 if (*p == 255) { /* 0xff - End of options signifier */
983 if ((p + 2) > q) break;
989 * Unknown attribute, create an octets type
990 * attribute with the contents of the sub-option.
992 da = dict_attrbyvalue(p[0], DHCP_MAGIC_VENDOR);
994 da = dict_unknown_afrom_fields(ctx, p[0], DHCP_MAGIC_VENDOR);
999 vp = pairalloc(ctx, da);
1004 pairmemcpy(vp, a_p, a_len);
1005 fr_cursor_insert(&cursor, vp);
1011 * Array type sub-option create a new VALUE_PAIR
1012 * for each array element.
1014 num_entries = fr_dhcp_array_members(&a_len, da);
1015 for (i = 0; i < num_entries; i++) {
1016 vp = pairalloc(ctx, da);
1023 if (fr_dhcp_attr2vp(ctx, &vp, a_p, a_len) < 0) {
1028 fr_cursor_merge(&cursor, vp);
1030 } /* loop over array entries */
1032 p += 2 + p[1]; /* code (1) + len (1) + option len (n)*/
1033 } /* loop over the entire packet */
1038 int fr_dhcp_decode(RADIUS_PACKET *packet)
1044 VALUE_PAIR *head = NULL, *vp;
1045 VALUE_PAIR *maxms, *mtu;
1047 fr_cursor_init(&cursor, &head);
1050 if ((fr_debug_lvl > 2) && fr_log_fp) {
1051 for (i = 0; i < packet->data_len; i++) {
1052 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", (int) i);
1053 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1054 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1056 fprintf(fr_log_fp, "\n");
1059 if (packet->data[1] != 1) {
1060 fr_strerror_printf("Packet is not Ethernet: %u",
1066 * Decode the header.
1068 for (i = 0; i < 14; i++) {
1071 vp = pairmake(packet, NULL, dhcp_header_names[i], NULL, T_OP_EQ);
1074 strlcpy(buffer, fr_strerror(), sizeof(buffer));
1075 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
1081 * If chaddr does != 6 bytes it's probably not ethernet, and we should store
1082 * it as an opaque type (octets).
1084 if ((i == 11) && (packet->data[1] == 1) && (packet->data[2] != sizeof(vp->vp_ether))) {
1085 DICT_ATTR const *da = dict_unknown_afrom_fields(packet, vp->da->attr, vp->da->vendor);
1092 switch (vp->da->type) {
1099 vp->vp_short = (p[0] << 8) | p[1];
1103 case PW_TYPE_INTEGER:
1104 memcpy(&vp->vp_integer, p, 4);
1105 vp->vp_integer = ntohl(vp->vp_integer);
1109 case PW_TYPE_IPV4_ADDR:
1110 memcpy(&vp->vp_ipaddr, p, 4);
1114 case PW_TYPE_STRING:
1115 vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i] + 1);
1117 memcpy(q, p, dhcp_header_sizes[i]);
1118 q[dhcp_header_sizes[i]] = '\0';
1119 vp->vp_length = strlen(vp->vp_strvalue);
1120 if (vp->vp_length == 0) {
1125 case PW_TYPE_OCTETS:
1126 pairmemcpy(vp, p, packet->data[2]);
1129 case PW_TYPE_ETHERNET:
1130 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1131 vp->vp_length = sizeof(vp->vp_ether);
1135 fr_strerror_printf("BAD TYPE %d", vp->da->type);
1139 p += dhcp_header_sizes[i];
1144 fr_cursor_insert(&cursor, vp);
1148 * Loop over the options.
1152 * Nothing uses tail after this call, if it does in the future
1153 * it'll need to find the new tail...
1156 VALUE_PAIR *options = NULL;
1157 vp_cursor_t options_cursor;
1159 if (fr_dhcp_decode_options(packet, &options, packet->data + 240, packet->data_len - 240) < 0) {
1164 for (vp = fr_cursor_init(&options_cursor, options);
1166 vp = fr_cursor_next(&options_cursor)) {
1169 fr_cursor_merge(&cursor, options);
1174 * If DHCP request, set ciaddr to zero.
1178 * Set broadcast flag for broken vendors, but only if
1181 memcpy(&giaddr, packet->data + 24, sizeof(giaddr));
1182 if (giaddr == htonl(INADDR_ANY)) {
1184 * DHCP Opcode is request
1186 vp = pairfind(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
1187 if (vp && vp->vp_integer == 3) {
1189 * Vendor is "MSFT 98"
1191 vp = pairfind(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY);
1192 if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
1193 vp = pairfind(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
1196 * Reply should be broadcast.
1198 if (vp) vp->vp_integer |= 0x8000;
1199 packet->data[10] |= 0x80;
1205 * FIXME: Nuke attributes that aren't used in the normal
1206 * header for discover/requests.
1211 * Client can request a LARGER size, but not a smaller
1212 * one. They also cannot request a size larger than MTU.
1214 maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
1215 mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY);
1217 if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
1218 fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification");
1222 if (maxms && (maxms->vp_integer < DEFAULT_PACKET_SIZE)) {
1223 fr_strerror_printf("DHCP WARNING: Client says maximum message size is smaller than minimum permitted by the specification: fixing it");
1224 maxms->vp_integer = DEFAULT_PACKET_SIZE;
1227 if (maxms && mtu && (maxms->vp_integer > mtu->vp_integer)) {
1228 fr_strerror_printf("DHCP WARNING: Client says MTU is smaller than maximum message size: fixing it");
1229 maxms->vp_integer = mtu->vp_integer;
1232 if (fr_debug_lvl) fflush(stdout);
1238 int8_t fr_dhcp_attr_cmp(void const *a, void const *b)
1240 VALUE_PAIR const *my_a = a;
1241 VALUE_PAIR const *my_b = b;
1247 * DHCP-Message-Type is first, for simplicity.
1249 if ((my_a->da->attr == 53) && (my_b->da->attr != 53)) return -1;
1252 * Relay-Agent is last
1254 if ((my_a->da->attr == 82) && (my_b->da->attr != 82)) return 1;
1256 if (my_a->da->attr < my_b->da->attr) return -1;
1257 if (my_a->da->attr > my_b->da->attr) return 1;
1262 /** Write DHCP option value into buffer
1264 * Does not include DHCP option length or number.
1266 * @param out where to write the DHCP option.
1267 * @param outlen length of output buffer.
1268 * @param vp option to encode.
1269 * @return the length of data writen, -1 if out of buffer, -2 if unsupported type.
1271 static ssize_t fr_dhcp_vp2attr(uint8_t *out, size_t outlen, VALUE_PAIR *vp)
1276 if (outlen < vp->vp_length) {
1280 switch (vp->da->type) {
1286 p[0] = (vp->vp_short >> 8) & 0xff;
1287 p[1] = vp->vp_short & 0xff;
1290 case PW_TYPE_INTEGER:
1291 lvalue = htonl(vp->vp_integer);
1292 memcpy(p, &lvalue, 4);
1295 case PW_TYPE_IPV4_ADDR:
1296 memcpy(p, &vp->vp_ipaddr, 4);
1299 case PW_TYPE_ETHERNET:
1300 memcpy(p, vp->vp_ether, 6);
1303 case PW_TYPE_STRING:
1304 memcpy(p, vp->vp_strvalue, vp->vp_length);
1307 case PW_TYPE_TLV: /* FIXME: split it on 255? */
1308 memcpy(p, vp->vp_tlv, vp->vp_length);
1311 case PW_TYPE_OCTETS:
1312 memcpy(p, vp->vp_octets, vp->vp_length);
1316 fr_strerror_printf("Unsupported option type %d", vp->da->type);
1320 return vp->vp_length;
1323 /** Create a new TLV attribute from multiple sub options
1325 * @param[in,out] ctx to allocate new attribute in.
1326 * @param[in,out] cursor should be set to the start of the list of TLV attributes.
1327 * Will be advanced to the first non-TLV attribute.
1328 * @return attribute holding the concatenation of the values of the sub options.
1330 static VALUE_PAIR *fr_dhcp_vp2suboption(TALLOC_CTX *ctx, vp_cursor_t *cursor)
1333 unsigned int parent; /* Parent attribute of suboption */
1335 uint8_t *p, *opt_len = NULL;
1336 vp_cursor_t to_pack;
1337 VALUE_PAIR *vp, *tlv;
1339 #define SUBOPTION_PARENT(_x) (_x & 0xffff00ff)
1340 #define SUBOPTION_ATTR(_x) ((_x & 0xff00) >> 8)
1342 vp = fr_cursor_current(cursor);
1343 if (!vp) return NULL;
1345 parent = SUBOPTION_PARENT(vp->da->attr);
1346 tlv = paircreate(ctx, parent, DHCP_MAGIC_VENDOR);
1347 if (!tlv) return NULL;
1349 fr_cursor_copy(&to_pack, cursor);
1352 * Loop over TLVs to determine how much memory we need to allocate
1354 * We advanced the cursor we were passed, so if we fail encoding,
1355 * the cursor is at the right position for the next potentially
1358 for (vp = fr_cursor_current(cursor);
1359 vp && vp->da->flags.is_tlv && !vp->da->flags.extended && (SUBOPTION_PARENT(vp->da->attr) == parent);
1360 vp = fr_cursor_next(cursor)) {
1362 * If it's not an array type or is an array type, but is not the same
1363 * as the previous attribute, we add 2 for the additional sub-option
1366 if (!vp->da->flags.array || (SUBOPTION_ATTR(vp->da->attr) != attr)) {
1367 attr = SUBOPTION_ATTR(vp->da->attr);
1368 tlv->vp_length += 2;
1370 tlv->vp_length += vp->vp_length;
1373 tlv->vp_tlv = talloc_zero_array(tlv, uint8_t, tlv->vp_length);
1381 for (vp = fr_cursor_current(&to_pack);
1382 vp && vp->da->flags.is_tlv && !vp->da->flags.extended && (SUBOPTION_PARENT(vp->da->attr) == parent);
1383 vp = fr_cursor_next(&to_pack)) {
1384 if (SUBOPTION_ATTR(vp->da->attr) == 0) {
1385 fr_strerror_printf("Invalid attribute number 0");
1389 /* Don't write out the header, were packing array options */
1390 if (!vp->da->flags.array || (attr != SUBOPTION_ATTR(vp->da->attr))) {
1391 attr = SUBOPTION_ATTR(vp->da->attr);
1396 length = fr_dhcp_vp2attr(p, (tlv->vp_tlv + tlv->vp_length) - p, vp);
1397 if ((length < 0) || (length > 255)) {
1410 /** Encode a DHCP option and any sub-options.
1412 * @param out Where to write encoded DHCP attributes.
1413 * @param outlen Length of out buffer.
1414 * @param ctx to use for any allocated memory.
1415 * @param cursor with current VP set to the option to be encoded. Will be advanced to the next option to encode.
1416 * @return > 0 length of data written, < 0 error, 0 not valid option (skipping).
1418 ssize_t fr_dhcp_encode_option(TALLOC_CTX *ctx, uint8_t *out, size_t outlen, vp_cursor_t *cursor)
1421 DICT_ATTR const *previous;
1422 uint8_t *opt_len, *p = out;
1423 size_t freespace = outlen;
1426 vp = fr_cursor_current(cursor);
1429 if (vp->da->vendor != DHCP_MAGIC_VENDOR) goto next; /* not a DHCP option */
1430 if (vp->da->attr == 53) goto next; /* already done */
1431 if ((vp->da->attr > 255) && (DHCP_BASE_ATTR(vp->da->attr) != PW_DHCP_OPTION_82)) goto next;
1433 if (vp->da->flags.extended) {
1435 fr_strerror_printf("Attribute \"%s\" is not a DHCP option", vp->da->name);
1436 fr_cursor_next(cursor);
1440 /* Write out the option number */
1441 *(p++) = vp->da->attr & 0xff;
1443 /* Pointer to the length field of the option */
1446 /* Zero out the option's length field */
1449 /* We just consumed two bytes for the header */
1452 /* DHCP options with the same number get coalesced into a single option */
1454 VALUE_PAIR *tlv = NULL;
1457 if (vp->da->flags.is_tlv) {
1459 * Coalesce TLVs into one sub-option.
1460 * Cursor will be advanced to next non-TLV attribute.
1462 tlv = vp = fr_dhcp_vp2suboption(ctx, cursor);
1465 * Skip if there's an issue coalescing the sub-options.
1466 * Cursor will still have been advanced to next non-TLV attribute.
1470 * If not calling fr_dhcp_vp2suboption() advance the cursor, so fr_cursor_current()
1471 * returns the next attribute.
1474 fr_cursor_next(cursor);
1477 if ((*opt_len + vp->vp_length) > 255) {
1478 fr_strerror_printf("Skipping \"%s\": Option splitting not supported "
1479 "(option > 255 bytes)", vp->da->name);
1484 len = fr_dhcp_vp2attr(p, freespace, vp);
1487 /* Failed encoding option */
1496 } while ((vp = fr_cursor_current(cursor)) && (previous == vp->da) && vp->da->flags.array);
1501 int fr_dhcp_encode(RADIUS_PACKET *packet)
1512 # ifdef WITH_UDPFROMTO
1513 char src_ip_buf[256];
1515 char dst_ip_buf[256];
1518 if (packet->data) return 0;
1520 packet->data_len = MAX_PACKET_SIZE;
1521 packet->data = talloc_zero_array(packet, uint8_t, packet->data_len);
1523 /* XXX Ugly ... should be set by the caller */
1524 if (packet->code == 0) packet->code = PW_DHCP_NAK;
1527 if ((vp = pairfind(packet->vps, 260, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1528 packet->id = vp->vp_integer;
1530 packet->id = fr_rand();
1534 if ((packet->code >= PW_DHCP_DISCOVER) &&
1535 (packet->code <= PW_DHCP_INFORM)) {
1536 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
1542 # ifdef WITH_UDPFROMTO
1543 "Encoding %s of id %08x from %s:%d to %s:%d\n",
1545 "Encoding %s of id %08x to %s:%d\n",
1547 name, (unsigned int) packet->id,
1548 # ifdef WITH_UDPFROMTO
1549 inet_ntop(packet->src_ipaddr.af,
1550 &packet->src_ipaddr.ipaddr,
1551 src_ip_buf, sizeof(src_ip_buf)),
1554 inet_ntop(packet->dst_ipaddr.af,
1555 &packet->dst_ipaddr.ipaddr,
1556 dst_ip_buf, sizeof(dst_ip_buf)),
1563 * @todo: Make this work again.
1566 mms = DEFAULT_PACKET_SIZE; /* maximum message size */
1569 * Clients can request a LARGER size, but not a
1570 * smaller one. They also cannot request a size
1574 /* DHCP-DHCP-Maximum-Msg-Size */
1575 vp = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
1576 if (vp && (vp->vp_integer > mms)) {
1577 mms = vp->vp_integer;
1579 if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE;
1583 vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
1585 *p++ = vp->vp_integer & 0xff;
1587 *p++ = 1; /* client message */
1590 /* DHCP-Hardware-Type */
1591 if ((vp = pairfind(packet->vps, 257, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1592 *p++ = vp->vp_integer & 0xFF;
1594 *p++ = 1; /* hardware type = ethernet */
1597 /* DHCP-Hardware-Address-Length */
1598 if ((vp = pairfind(packet->vps, 258, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1599 *p++ = vp->vp_integer & 0xFF;
1601 *p++ = 6; /* 6 bytes of ethernet */
1604 /* DHCP-Hop-Count */
1605 if ((vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1606 *p = vp->vp_integer & 0xff;
1610 /* DHCP-Transaction-Id */
1611 lvalue = htonl(packet->id);
1612 memcpy(p, &lvalue, 4);
1615 /* DHCP-Number-of-Seconds */
1616 if ((vp = pairfind(packet->vps, 261, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1617 lvalue = htonl(vp->vp_integer);
1618 memcpy(p, &lvalue, 2);
1623 if ((vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1624 lvalue = htons(vp->vp_integer);
1625 memcpy(p, &lvalue, 2);
1629 /* DHCP-Client-IP-Address */
1630 if ((vp = pairfind(packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1631 memcpy(p, &vp->vp_ipaddr, 4);
1635 /* DHCP-Your-IP-address */
1636 if ((vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1637 lvalue = vp->vp_ipaddr;
1639 lvalue = htonl(INADDR_ANY);
1641 memcpy(p, &lvalue, 4);
1644 /* DHCP-Server-IP-Address */
1645 vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY);
1647 lvalue = vp->vp_ipaddr;
1649 lvalue = htonl(INADDR_ANY);
1651 memcpy(p, &lvalue, 4);
1655 * DHCP-Gateway-IP-Address
1657 if ((vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1658 lvalue = vp->vp_ipaddr;
1660 lvalue = htonl(INADDR_ANY);
1662 memcpy(p, &lvalue, 4);
1665 /* DHCP-Client-Hardware-Address */
1666 if ((vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1667 if (vp->vp_length == sizeof(vp->vp_ether)) {
1668 memcpy(p, vp->vp_ether, vp->vp_length);
1669 } /* else ignore it */
1671 p += DHCP_CHADDR_LEN;
1673 /* DHCP-Server-Host-Name */
1674 if ((vp = pairfind(packet->vps, 268, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1675 if (vp->vp_length > DHCP_SNAME_LEN) {
1676 memcpy(p, vp->vp_strvalue, DHCP_SNAME_LEN);
1678 memcpy(p, vp->vp_strvalue, vp->vp_length);
1681 p += DHCP_SNAME_LEN;
1684 * Copy over DHCP-Boot-Filename.
1686 * FIXME: This copy should be delayed until AFTER the options
1687 * have been processed. If there are too many options for
1688 * the packet, then they go into the sname && filename fields.
1689 * When that happens, the boot filename is passed as an option,
1690 * instead of being placed verbatim in the filename field.
1693 /* DHCP-Boot-Filename */
1694 vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY);
1696 if (vp->vp_length > DHCP_FILE_LEN) {
1697 memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
1699 memcpy(p, vp->vp_strvalue, vp->vp_length);
1704 /* DHCP magic number */
1705 lvalue = htonl(DHCP_OPTION_MAGIC_NUMBER);
1706 memcpy(p, &lvalue, 4);
1712 if (fr_debug_lvl > 1) {
1717 for (i = 0; i < 14; i++) {
1720 vp = pairmake(packet, NULL,
1721 dhcp_header_names[i], NULL, T_OP_EQ);
1724 strlcpy(buffer, fr_strerror(), sizeof(buffer));
1725 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
1729 switch (vp->da->type) {
1735 vp->vp_short = (p[0] << 8) | p[1];
1738 case PW_TYPE_INTEGER:
1739 memcpy(&vp->vp_integer, p, 4);
1740 vp->vp_integer = ntohl(vp->vp_integer);
1743 case PW_TYPE_IPV4_ADDR:
1744 memcpy(&vp->vp_ipaddr, p, 4);
1747 case PW_TYPE_STRING:
1748 vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i] + 1);
1750 memcpy(q, p, dhcp_header_sizes[i]);
1751 q[dhcp_header_sizes[i]] = '\0';
1752 vp->vp_length = strlen(vp->vp_strvalue);
1755 case PW_TYPE_OCTETS: /* only for Client HW Address */
1756 pairmemcpy(vp, p, packet->data[2]);
1759 case PW_TYPE_ETHERNET: /* only for Client HW Address */
1760 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1764 fr_strerror_printf("Internal sanity check failed %d %d", vp->da->type, __LINE__);
1769 p += dhcp_header_sizes[i];
1776 * Jump over DHCP magic number, response, etc.
1781 p[0] = 0x35; /* DHCP-Message-Type */
1783 p[2] = packet->code - PW_DHCP_OFFSET;
1788 * Pre-sort attributes into contiguous blocks so that fr_dhcp_encode_option
1789 * operates correctly. This changes the order of the list, but never mind...
1791 pairsort(&packet->vps, fr_dhcp_attr_cmp);
1792 fr_cursor_init(&cursor, &packet->vps);
1795 * Each call to fr_dhcp_encode_option will encode one complete DHCP option,
1798 while ((vp = fr_cursor_current(&cursor))) {
1799 len = fr_dhcp_encode_option(packet, p, packet->data_len - (p - packet->data), &cursor);
1801 if (len > 0) debug_pair(vp);
1805 p[0] = 0xff; /* end of option option */
1808 dhcp_size = p - packet->data;
1811 * FIXME: if (dhcp_size > mms),
1812 * then we put the extra options into the "sname" and "file"
1813 * fields, AND set the "end option option" in the "options"
1814 * field. We also set the "overload option",
1815 * and put options into the "file" field, followed by
1816 * the "sname" field. Where each option is completely
1817 * enclosed in the "file" and/or "sname" field, AND
1818 * followed by the "end of option", and MUST be followed
1819 * by padding option.
1821 * Yuck. That sucks...
1823 packet->data_len = dhcp_size;
1825 if (packet->data_len < DEFAULT_PACKET_SIZE) {
1826 memset(packet->data + packet->data_len, 0,
1827 DEFAULT_PACKET_SIZE - packet->data_len);
1828 packet->data_len = DEFAULT_PACKET_SIZE;
1831 if ((fr_debug_lvl > 2) && fr_log_fp) {
1832 fprintf(fr_log_fp, "DHCP Sending %zu bytes\n", packet->data_len);
1833 for (i = 0; i < packet->data_len; i++) {
1834 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", (int) i);
1835 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1836 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1838 fprintf(fr_log_fp, "\n");
1845 int fr_dhcp_add_arp_entry(int fd, char const *interface,
1846 VALUE_PAIR *macaddr, VALUE_PAIR *ip)
1848 struct sockaddr_in *sin;
1852 fr_strerror_printf("No interface specified. Cannot update ARP table");
1856 if (!fr_assert(macaddr) ||
1857 !fr_assert((macaddr->da->type == PW_TYPE_ETHERNET) || (macaddr->da->type == PW_TYPE_OCTETS))) {
1858 fr_strerror_printf("Wrong VP type (%s) for chaddr",
1859 fr_int2str(dict_attr_types, macaddr->da->type, "<invalid>"));
1863 if (macaddr->vp_length > sizeof(req.arp_ha.sa_data)) {
1864 fr_strerror_printf("arp sa_data field too small (%zu octets) to contain chaddr (%zu octets)",
1865 sizeof(req.arp_ha.sa_data), macaddr->vp_length);
1869 memset(&req, 0, sizeof(req));
1870 sin = (struct sockaddr_in *) &req.arp_pa;
1871 sin->sin_family = AF_INET;
1872 sin->sin_addr.s_addr = ip->vp_ipaddr;
1874 strlcpy(req.arp_dev, interface, sizeof(req.arp_dev));
1876 if (macaddr->da->type == PW_TYPE_ETHERNET) {
1877 memcpy(&req.arp_ha.sa_data, macaddr->vp_ether, sizeof(macaddr->vp_ether));
1879 memcpy(&req.arp_ha.sa_data, macaddr->vp_octets, macaddr->vp_length);
1882 req.arp_flags = ATF_COM;
1883 if (ioctl(fd, SIOCSARP, &req) < 0) {
1884 fr_strerror_printf("Failed to add entry in ARP cache: %s (%d)", fr_syserror(errno), errno);
1891 int fr_dhcp_add_arp_entry(UNUSED int fd, UNUSED char const *interface,
1892 UNUSED VALUE_PAIR *macaddr, UNUSED VALUE_PAIR *ip)
1894 fr_strerror_printf("Adding ARP entry is unsupported on this system");
1900 #ifdef HAVE_LINUX_IF_PACKET_H
1902 * Open a packet interface raw socket.
1903 * Bind it to the specified interface using a device independent physical layer address.
1905 int fr_socket_packet(int iface_index, struct sockaddr_ll *p_ll)
1909 /* PF_PACKET - packet interface on device level.
1910 using a raw socket allows packet data to be unchanged by the device driver.
1912 lsockfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
1914 fr_strerror_printf("cannot open socket: %s", fr_syserror(errno));
1918 /* Set link layer parameters */
1919 memset(p_ll, 0, sizeof(struct sockaddr_ll));
1921 p_ll->sll_family = AF_PACKET;
1922 p_ll->sll_protocol = htons(ETH_P_ALL);
1923 p_ll->sll_ifindex = iface_index;
1924 p_ll->sll_hatype = ARPHRD_ETHER;
1925 p_ll->sll_pkttype = PACKET_OTHERHOST;
1926 p_ll->sll_halen = 6;
1928 if (bind(lsockfd, (struct sockaddr *)p_ll, sizeof(struct sockaddr_ll)) < 0) {
1930 fr_strerror_printf("cannot bind raw socket: %s", fr_syserror(errno));
1938 * Encode and send a DHCP packet on a raw packet socket.
1940 int fr_dhcp_send_raw_packet(int sockfd, struct sockaddr_ll *p_ll, RADIUS_PACKET *packet)
1943 u_char dhcp_packet[1518] = { 0 };
1945 /* set ethernet source address to our MAC address (DHCP-Client-Hardware-Address). */
1946 u_char dhmac[ETH_ADDR_LEN] = { 0 };
1947 if ((vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1948 if (vp->length == sizeof(vp->vp_ether)) {
1949 memcpy(dhmac, vp->vp_ether, vp->length);
1953 /* fill in Ethernet layer (L2) */
1954 struct ethernet_header *ethhdr = (struct ethernet_header *)dhcp_packet;
1955 memcpy(ethhdr->ether_dst, eth_bcast, ETH_ADDR_LEN);
1956 memcpy(ethhdr->ether_src, dhmac, ETH_ADDR_LEN);
1957 ethhdr->ether_type = htons(ETH_TYPE_IP);
1959 /* fill in IP layer (L3) */
1960 struct ip_header *iph = (struct ip_header *)(dhcp_packet + ETH_HDR_SIZE);
1961 iph->ip_vhl = IP_VHL(4, 5);
1963 iph->ip_len = htons(IP_HDR_SIZE + UDP_HDR_SIZE + packet->data_len);
1968 iph->ip_sum = 0; /* Filled later */
1970 /* saddr: Packet-Src-IP-Address (default: 0.0.0.0). */
1971 iph->ip_src.s_addr = packet->src_ipaddr.ipaddr.ip4addr.s_addr;
1973 /* daddr: packet destination IP addr (should be 255.255.255.255 for broadcast). */
1974 iph->ip_dst.s_addr = packet->dst_ipaddr.ipaddr.ip4addr.s_addr;
1976 /* IP header checksum */
1977 iph->ip_sum = fr_iph_checksum((uint8_t const *)iph, 5);
1979 /* fill in UDP layer (L4) */
1980 udp_header_t *uh = (udp_header_t *) (dhcp_packet + ETH_HDR_SIZE + IP_HDR_SIZE);
1982 uh->src = htons(68);
1983 uh->dst = htons(67);
1984 u_int16_t l4_len = (UDP_HDR_SIZE + packet->data_len);
1985 uh->len = htons(l4_len);
1986 uh->checksum = 0; /* UDP checksum will be done after dhcp header */
1988 /* DHCP layer (L7) */
1989 dhcp_packet_t *dhpointer = (dhcp_packet_t *)(dhcp_packet + ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE);
1990 /* just copy what FreeRADIUS has encoded for us. */
1991 memcpy(dhpointer, packet->data, packet->data_len);
1993 /* UDP checksum is done here */
1994 uh->checksum = fr_udp_checksum((uint8_t const *)(dhcp_packet + ETH_HDR_SIZE + IP_HDR_SIZE), ntohs(uh->len), uh->checksum,
1995 packet->src_ipaddr.ipaddr.ip4addr, packet->dst_ipaddr.ipaddr.ip4addr);
1997 if (fr_debug_lvl > 1) {
1999 char const *name = type_buf;
2000 char src_ip_buf[INET6_ADDRSTRLEN];
2001 char dst_ip_buf[INET6_ADDRSTRLEN];
2003 if ((packet->code >= PW_DHCP_DISCOVER) &&
2004 (packet->code <= PW_DHCP_INFORM)) {
2005 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
2007 snprintf(type_buf, sizeof(type_buf), "%d",
2008 packet->code - PW_DHCP_OFFSET);
2012 "Sending %s Id %08x from %s:%d to %s:%d\n",
2013 name, (unsigned int) packet->id,
2014 inet_ntop(packet->src_ipaddr.af, &packet->src_ipaddr.ipaddr, src_ip_buf, sizeof(src_ip_buf)), packet->src_port,
2015 inet_ntop(packet->dst_ipaddr.af, &packet->dst_ipaddr.ipaddr, dst_ip_buf, sizeof(dst_ip_buf)), packet->dst_port);
2018 return sendto(sockfd, dhcp_packet,
2019 (ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE + packet->data_len),
2020 0, (struct sockaddr *) p_ll, sizeof(struct sockaddr_ll));
2024 * print an ethernet address in a buffer
2026 char * ether_addr_print(const uint8_t *addr, char *buf)
2028 sprintf (buf, "%02x:%02x:%02x:%02x:%02x:%02x",
2029 addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
2034 * For a client, receive a DHCP packet from a raw packet
2035 * socket. Make sure it matches the ongoing request.
2037 * FIXME: split this into two, recv_raw_packet, and verify(packet, original)
2039 RADIUS_PACKET *fr_dhcp_recv_raw_packet(int sockfd, struct sockaddr_ll *p_ll, RADIUS_PACKET *request)
2042 RADIUS_PACKET *packet;
2044 uint32_t magic, xid;
2047 uint8_t *raw_packet;
2048 ethernet_header_t *eth_hdr;
2049 struct ip_header *ip_hdr;
2050 udp_header_t *udp_hdr;
2051 dhcp_packet_t *dhcp_hdr;
2052 uint16_t udp_src_port;
2053 uint16_t udp_dst_port;
2054 size_t dhcp_data_len;
2059 packet = rad_alloc(NULL, false);
2061 fr_strerror_printf("Failed allocating packet");
2065 raw_packet = talloc_zero_array(packet, uint8_t, MAX_PACKET_SIZE);
2067 fr_strerror_printf("Out of memory");
2072 packet->sockfd = sockfd;
2074 /* a packet was received (but maybe it is not for us) */
2075 sock_len = sizeof(struct sockaddr_ll);
2076 data_len = recvfrom(sockfd, raw_packet, MAX_PACKET_SIZE, 0,
2077 (struct sockaddr *)p_ll, &sock_len);
2079 uint8_t data_offset = ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE; // DHCP data starts after Ethernet, IP, UDP.
2081 if (data_len <= data_offset) DISCARD_RP("Payload (%d) smaller than required for layers 2+3+4", (int)data_len);
2083 /* map raw packet to packet header of the different layers (Ethernet, IP, UDP) */
2084 eth_hdr = (ethernet_header_t *)raw_packet;
2086 /* a. Check Ethernet layer data (L2) */
2087 if (ntohs(eth_hdr->ether_type) != ETH_TYPE_IP) DISCARD_RP("Ethernet type (%d) != IP", ntohs(eth_hdr->ether_type));
2089 /* If Ethernet destination is not broadcast (ff:ff:ff:ff:ff:ff)
2090 * Check if it matches the source HW address used (DHCP-Client-Hardware-Address = 267)
2092 if ( (memcmp(ð_bcast, ð_hdr->ether_dst, ETH_ADDR_LEN) != 0) &&
2093 (vp = pairfind(request->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY)) &&
2094 (vp->length == sizeof(vp->vp_ether)) &&
2095 (memcmp(vp->vp_ether, ð_hdr->ether_dst, ETH_ADDR_LEN) != 0) ) {
2097 char eth_dest[17+1];
2098 char eth_req_src[17+1];
2099 DISCARD_RP("Ethernet destination (%s) is not broadcast and doesn't match request source (%s)",
2100 ether_addr_print(eth_hdr->ether_dst, eth_dest),
2101 ether_addr_print(vp->vp_ether, eth_req_src));
2105 * Ethernet is OK. Now look at IP.
2107 ip_hdr = (struct ip_header *)(raw_packet + ETH_HDR_SIZE);
2109 /* b. Check IPv4 layer data (L3) */
2110 if (ip_hdr->ip_p != IPPROTO_UDP) DISCARD_RP("IP protocol (%d) != UDP", ip_hdr->ip_p);
2113 * note: checking the destination IP address is not
2114 * useful (it would be the offered IP address - which we
2115 * don't know beforehand, or the broadcast address).
2121 udp_hdr = (udp_header_t *)(raw_packet + ETH_HDR_SIZE + IP_HDR_SIZE);
2123 /* c. Check UDP layer data (L4) */
2124 udp_src_port = ntohs(udp_hdr->src);
2125 udp_dst_port = ntohs(udp_hdr->dst);
2128 * A DHCP server will always respond to port 68 (to a
2129 * client) or 67 (to a relay). Just check that both
2130 * ports are 67 or 68.
2132 if (udp_src_port != 67 && udp_src_port != 68) DISCARD_RP("UDP src port (%d) != DHCP (67 or 68)", udp_src_port);
2133 if (udp_dst_port != 67 && udp_dst_port != 68) DISCARD_RP("UDP dst port (%d) != DHCP (67 or 68)", udp_dst_port);
2135 /* d. Check DHCP layer data */
2136 dhcp_data_len = data_len - data_offset;
2138 if (dhcp_data_len < MIN_PACKET_SIZE) DISCARD_RP("DHCP packet is too small (%d < %d)", dhcp_data_len, MIN_PACKET_SIZE);
2139 if (dhcp_data_len > MAX_PACKET_SIZE) DISCARD_RP("DHCP packet is too large (%d > %d)", dhcp_data_len, MAX_PACKET_SIZE);
2141 dhcp_hdr = (dhcp_packet_t *)(raw_packet + ETH_HDR_SIZE + IP_HDR_SIZE + UDP_HDR_SIZE);
2143 if (dhcp_hdr->htype != 1) DISCARD_RP("DHCP hardware type (%d) != Ethernet (1)", dhcp_hdr->htype);
2144 if (dhcp_hdr->hlen != 6) DISCARD_RP("DHCP hardware address length (%d) != 6", dhcp_hdr->hlen);
2146 magic = ntohl(dhcp_hdr->option_format);
2148 if (magic != DHCP_OPTION_MAGIC_NUMBER) DISCARD_RP("DHCP magic cookie (0x%04x) != DHCP (0x%04x)", magic, DHCP_OPTION_MAGIC_NUMBER);
2151 * Reply transaction id must match value from request.
2153 xid = ntohl(dhcp_hdr->xid);
2154 if (xid != (uint32_t)request->id) DISCARD_RP("DHCP transaction ID (0x%04x) != xid from request (0x%04x)", xid, request->id)
2156 /* all checks ok! this is a DHCP reply we're interested in. */
2157 packet->data_len = dhcp_data_len;
2158 packet->data = talloc_memdup(packet, raw_packet + data_offset, dhcp_data_len);
2159 TALLOC_FREE(raw_packet);
2162 code = dhcp_get_option((dhcp_packet_t *) packet->data,
2163 packet->data_len, 53);
2165 fr_strerror_printf("No message-type option was found in the packet");
2170 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
2171 fr_strerror_printf("Unknown value for message-type option");
2176 packet->code = code[2] | PW_DHCP_OFFSET;
2179 * Create a unique vector from the MAC address and the
2180 * DHCP opcode. This is a hack for the RADIUS
2181 * infrastructure in the rest of the server.
2183 * Note: packet->data[2] == 6, which is smaller than
2184 * sizeof(packet->vector)
2186 * FIXME: Look for client-identifier in packet,
2187 * and use that, too?
2189 memset(packet->vector, 0, sizeof(packet->vector));
2190 memcpy(packet->vector, packet->data + 28, packet->data[2]);
2191 packet->vector[packet->data[2]] = packet->code & 0xff;
2193 packet->src_port = udp_src_port;
2194 packet->dst_port = udp_dst_port;
2196 packet->src_ipaddr.af = AF_INET;
2197 packet->src_ipaddr.ipaddr.ip4addr.s_addr = ip_hdr->ip_src.s_addr;
2198 packet->dst_ipaddr.af = AF_INET;
2199 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = ip_hdr->ip_dst.s_addr;
2201 if (fr_debug_lvl > 1) {
2203 char const *name = type_buf;
2204 char src_ip_buf[256], dst_ip_buf[256];
2206 if ((packet->code >= PW_DHCP_DISCOVER) &&
2207 (packet->code <= PW_DHCP_INFORM)) {
2208 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
2210 snprintf(type_buf, sizeof(type_buf), "%d", packet->code - PW_DHCP_OFFSET);
2213 DEBUG("Received %s of Id %08x from %s:%d to %s:%d\n",
2214 name, (unsigned int) packet->id,
2215 inet_ntop(packet->src_ipaddr.af, &packet->src_ipaddr.ipaddr, src_ip_buf, sizeof(src_ip_buf)),
2217 inet_ntop(packet->dst_ipaddr.af, &packet->dst_ipaddr.ipaddr, dst_ip_buf, sizeof(dst_ip_buf)),