2 * dhcp.c Functions to send/receive dhcp packets.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/libradius.h>
28 #include <freeradius-devel/udpfromto.h>
29 #include <freeradius-devel/dhcp.h>
32 #define DHCP_CHADDR_LEN (16)
33 #define DHCP_SNAME_LEN (64)
34 #define DHCP_FILE_LEN (128)
35 #define DHCP_VEND_LEN (308)
36 #define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
38 #ifndef INADDR_BROADCAST
39 #define INADDR_BROADCAST INADDR_NONE
42 typedef struct dhcp_packet_t {
48 uint16_t secs; /* 8 */
50 uint32_t ciaddr; /* 12 */
51 uint32_t yiaddr; /* 16 */
52 uint32_t siaddr; /* 20 */
53 uint32_t giaddr; /* 24 */
54 uint8_t chaddr[DHCP_CHADDR_LEN]; /* 28 */
55 uint8_t sname[DHCP_SNAME_LEN]; /* 44 */
56 uint8_t file[DHCP_FILE_LEN]; /* 108 */
57 uint32_t option_format; /* 236 */
58 uint8_t options[DHCP_VEND_LEN];
61 typedef struct dhcp_option_t {
67 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 DISCOVER
68 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 OFFER
69 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 REQUEST
70 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 ACK
72 static const char *dhcp_header_names[] = {
75 "DHCP-Hardware-Address-Length",
77 "DHCP-Transaction-Id",
78 "DHCP-Number-of-Seconds",
80 "DHCP-Client-IP-Address",
81 "DHCP-Your-IP-Address",
82 "DHCP-Server-IP-Address",
83 "DHCP-Gateway-IP-Address",
84 "DHCP-Client-Hardware-Address",
85 "DHCP-Server-Host-Name",
91 static const char *dhcp_message_types[] = {
104 static int dhcp_header_sizes[] = {
115 * Some clients silently ignore responses less than 300 bytes.
117 #define MIN_PACKET_SIZE (244)
118 #define DEFAULT_PACKET_SIZE (300)
119 #define MAX_PACKET_SIZE (1500 - 40)
121 #define DHCP_OPTION_FIELD (0)
122 #define DHCP_FILE_FIELD (1)
123 #define DHCP_SNAME_FIELD (2)
125 static uint8_t *dhcp_get_option(dhcp_packet_t *packet, size_t packet_size,
130 int field = DHCP_OPTION_FIELD;
132 uint8_t *data = packet->options;
135 size = packet_size - offsetof(dhcp_packet_t, options);
136 data = &packet->options[where];
138 while (where < size) {
139 if (data[0] == 0) { /* padding */
144 if (data[0] == 255) { /* end of options */
145 if ((field == DHCP_OPTION_FIELD) &&
146 (overload & DHCP_FILE_FIELD)) {
149 size = sizeof(packet->file);
150 field = DHCP_FILE_FIELD;
153 } else if ((field == DHCP_FILE_FIELD) &&
154 (overload && DHCP_SNAME_FIELD)) {
155 data = packet->sname;
157 size = sizeof(packet->sname);
158 field = DHCP_SNAME_FIELD;
166 * We MUST have a real option here.
168 if ((where + 2) > size) {
169 fr_strerror_printf("Options overflow field at %u",
170 (unsigned int) (data - (uint8_t *) packet));
174 if ((where + 2 + data[1]) > size) {
175 fr_strerror_printf("Option length overflows field at %u",
176 (unsigned int) (data - (uint8_t *) packet));
180 if (data[0] == option) return data;
182 if (data[0] == 52) { /* overload sname and/or file */
186 where += data[1] + 2;
194 * DHCPv4 is only for IPv4. Broadcast only works if udpfromto is
197 RADIUS_PACKET *fr_dhcp_recv(int sockfd)
200 struct sockaddr_storage src;
201 struct sockaddr_storage dst;
202 socklen_t sizeof_src;
203 socklen_t sizeof_dst;
204 RADIUS_PACKET *packet;
208 packet = rad_alloc(0);
210 fr_strerror_printf("Failed allocating packet");
213 memset(packet, 0, sizeof(packet));
215 packet->data = malloc(MAX_PACKET_SIZE);
217 fr_strerror_printf("Failed in malloc");
222 packet->sockfd = sockfd;
223 sizeof_src = sizeof(src);
224 #ifdef WITH_UDPFROMTO
225 sizeof_dst = sizeof(dst);
226 packet->data_len = recvfromto(sockfd, packet->data, MAX_PACKET_SIZE, 0,
227 (struct sockaddr *)&src, &sizeof_src,
228 (struct sockaddr *)&dst, &sizeof_dst);
230 packet->data_len = recvfrom(sockfd, packet->data, MAX_PACKET_SIZE, 0,
231 (struct sockaddr *)&src, &sizeof_src);
234 if (packet->data_len <= 0) {
235 fr_strerror_printf("Failed reading DHCP socket: %s", strerror(errno));
240 if (packet->data_len < MIN_PACKET_SIZE) {
241 fr_strerror_printf("DHCP packet is too small (%d < %d)",
242 packet->data_len, MIN_PACKET_SIZE);
247 if (packet->data[1] != 1) {
248 fr_strerror_printf("DHCP can only receive ethernet requests, not type %02x",
254 if (packet->data[2] != 6) {
255 fr_strerror_printf("Ethernet HW length is wrong length %d",
261 memcpy(&magic, packet->data + 236, 4);
262 magic = ntohl(magic);
263 if (magic != DHCP_OPTION_MAGIC_NUMBER) {
264 fr_strerror_printf("Cannot do BOOTP");
270 * Create unique keys for the packet.
272 memcpy(&magic, packet->data + 4, 4);
273 packet->id = ntohl(magic);
275 code = dhcp_get_option((dhcp_packet_t *) packet->data,
276 packet->data_len, 53);
278 fr_strerror_printf("No message-type option was found in the packet");
283 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
284 fr_strerror_printf("Unknown value for message-type option");
289 packet->code = code[2] | PW_DHCP_OFFSET;
292 * Create a unique vector from the MAC address and the
293 * DHCP opcode. This is a hack for the RADIUS
294 * infrastructure in the rest of the server.
296 * Note: packet->data[2] == 6, which is smaller than
297 * sizeof(packet->vector)
299 * FIXME: Look for client-identifier in packet,
302 memset(packet->vector, 0, sizeof(packet->vector));
303 memcpy(packet->vector, packet->data + 28, packet->data[2]);
304 packet->vector[packet->data[2]] = packet->code & 0xff;
307 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
308 * FIXME: for OFFER / ACK : src_port = dst_port - 1
312 * Unique keys are xid, client mac, and client ID?
316 * FIXME: More checks, like DHCP packet type?
319 sizeof_dst = sizeof(dst);
321 #ifndef WITH_UDPFROMTO
323 * This should never fail...
325 getsockname(sockfd, (struct sockaddr *) &dst, &sizeof_dst);
328 fr_sockaddr2ipaddr(&dst, sizeof_dst, &packet->dst_ipaddr, &port);
329 packet->dst_port = port;
331 fr_sockaddr2ipaddr(&src, sizeof_src, &packet->src_ipaddr, &port);
332 packet->src_port = port;
334 if (fr_debug_flag > 1) {
336 const char *name = type_buf;
337 char src_ip_buf[256], dst_ip_buf[256];
339 if ((packet->code >= PW_DHCP_DISCOVER) &&
340 (packet->code <= PW_DHCP_INFORM)) {
341 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
343 snprintf(type_buf, sizeof(type_buf), "%d",
344 packet->code - PW_DHCP_OFFSET);
347 DEBUG("Received %s of id %08x from %s:%d to %s:%d\n",
348 name, (unsigned int) packet->id,
349 inet_ntop(packet->src_ipaddr.af,
350 &packet->src_ipaddr.ipaddr,
351 src_ip_buf, sizeof(src_ip_buf)),
353 inet_ntop(packet->dst_ipaddr.af,
354 &packet->dst_ipaddr.ipaddr,
355 dst_ip_buf, sizeof(dst_ip_buf)),
364 * Send a DHCP packet.
366 int fr_dhcp_send(RADIUS_PACKET *packet)
368 struct sockaddr_storage dst;
369 socklen_t sizeof_dst;
370 #ifdef WITH_UDPFROMTO
371 struct sockaddr_storage src;
372 socklen_t sizeof_src;
375 fr_ipaddr2sockaddr(&packet->dst_ipaddr, packet->dst_port,
378 #ifndef WITH_UDPFROMTO
380 * Assume that the packet is encoded before sending it.
382 return sendto(packet->sockfd, packet->data, packet->data_len, 0,
383 (struct sockaddr *)&dst, sizeof_dst);
385 fr_ipaddr2sockaddr(&packet->src_ipaddr, packet->src_port,
388 return sendfromto(packet->sockfd,
389 packet->data, packet->data_len, 0,
390 (struct sockaddr *)&src, sizeof_src,
391 (struct sockaddr *)&dst, sizeof_dst);
395 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen);
397 static int decode_tlv(VALUE_PAIR *tlv, const uint8_t *data, size_t data_len)
400 VALUE_PAIR *head, **tail, *vp;
403 * Take a pass at parsing it.
406 while (p < (data + data_len)) {
407 if ((p + 2) > (data + data_len)) goto make_tlv;
409 if ((p + p[1] + 2) > (data + data_len)) goto make_tlv;
414 * Got here... must be well formed.
420 while (p < (data + data_len)) {
421 vp = paircreate(tlv->attribute | (p[0] << 8), PW_TYPE_OCTETS);
427 if (fr_dhcp_attr2vp(vp, p + 2, p[1]) < 0) {
438 * The caller allocated TLV, so we need to copy the FIRST
439 * attribute over top of that.
442 memcpy(tlv, head, sizeof(*tlv));
450 tlv->vp_tlv = malloc(data_len);
452 fr_strerror_printf("No memory");
455 memcpy(tlv->vp_tlv, data, data_len);
456 tlv->length = data_len;
463 * Decode ONE value into a VP
465 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen)
469 if (alen != 1) goto raw;
470 vp->vp_integer = p[0];
474 if (alen != 2) goto raw;
475 vp->vp_integer = (p[0] << 8) | p[1];
478 case PW_TYPE_INTEGER:
479 if (alen != 4) goto raw;
480 memcpy(&vp->vp_integer, p, 4);
481 vp->vp_integer = ntohl(vp->vp_integer);
485 if (alen != 4) goto raw;
486 memcpy(&vp->vp_ipaddr, p , 4);
491 if (alen > 253) return -1;
492 memcpy(vp->vp_strvalue, p , alen);
493 vp->vp_strvalue[alen] = '\0';
497 vp->type = PW_TYPE_OCTETS;
500 if (alen > 253) return -1;
501 memcpy(vp->vp_octets, p, alen);
505 return decode_tlv(vp, p, alen);
508 fr_strerror_printf("Internal sanity check %d %d", vp->type, __LINE__);
510 } /* switch over type */
516 int fr_dhcp_decode(RADIUS_PACKET *packet)
521 VALUE_PAIR *head, *vp, **tail;
522 VALUE_PAIR *maxms, *mtu;
528 if ((fr_debug_flag > 2) && fr_log_fp) {
529 for (i = 0; i < packet->data_len; i++) {
530 if ((i & 0x0f) == 0x00) fr_strerror_printf("%d: ", i);
531 fprintf(fr_log_fp, "%02x ", packet->data[i]);
532 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
534 fprintf(fr_log_fp, "\n");
537 if (packet->data[1] != 1) {
538 fr_strerror_printf("Packet is not Ethernet: %u",
546 for (i = 0; i < 14; i++) {
547 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
549 fr_strerror_printf("Parse error %s", fr_strerror());
555 (packet->data[1] == 1) &&
556 (packet->data[2] == 6)) {
557 vp->type = PW_TYPE_ETHERNET;
562 vp->vp_integer = p[0];
567 vp->vp_integer = (p[0] << 8) | p[1];
571 case PW_TYPE_INTEGER:
572 memcpy(&vp->vp_integer, p, 4);
573 vp->vp_integer = ntohl(vp->vp_integer);
578 memcpy(&vp->vp_ipaddr, p, 4);
583 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
584 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
585 vp->length = strlen(vp->vp_strvalue);
586 if (vp->length == 0) {
592 memcpy(vp->vp_octets, p, packet->data[2]);
593 vp->length = packet->data[2];
596 case PW_TYPE_ETHERNET:
597 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
598 vp->length = sizeof(vp->vp_ether);
602 fr_strerror_printf("BAD TYPE %d", vp->type);
606 p += dhcp_header_sizes[i];
616 * Loop over the options.
618 next = packet->data + 240;
621 * FIXME: This should also check sname && file fields.
622 * See the dhcp_get_option() function above.
624 while (next < (packet->data + packet->data_len)) {
625 int num_entries, alen;
631 if (*p == 255) break; /* end of options signifier */
632 if ((p + 2) > (packet->data + packet->data_len)) break;
637 fr_strerror_printf("Attribute too long %u %u",
642 da = dict_attrbyvalue(DHCP2ATTR(p[0]));
644 fr_strerror_printf("Attribute not in our dictionary: %u",
655 * Could be an array of bytes, integers, etc.
657 if (da->flags.array) {
664 case PW_TYPE_SHORT: /* ignore any trailing data */
665 num_entries = alen >> 1;
670 case PW_TYPE_INTEGER:
671 case PW_TYPE_DATE: /* ignore any trailing data */
672 num_entries = alen >> 2;
678 break; /* really an internal sanity failure */
683 * Loop over all of the entries, building VPs
685 for (i = 0; i < num_entries; i++) {
686 vp = pairmake(da->name, NULL, T_OP_EQ);
688 fr_strerror_printf("Cannot build attribute %s",
695 * Hack for ease of use.
697 if ((da->attr == DHCP2ATTR(0x3d)) &&
699 (alen == 7) && (*p == 1) && (num_entries == 1)) {
700 vp->type = PW_TYPE_ETHERNET;
701 memcpy(vp->vp_octets, p + 1, 6);
704 } else if (fr_dhcp_attr2vp(vp, p, alen) < 0) {
713 tail = &(*tail)->next;
716 } /* loop over array entries */
717 } /* loop over the entire packet */
720 * If DHCP request, set ciaddr to zero.
724 * Set broadcast flag for broken vendors, but only if
727 memcpy(&giaddr, packet->data + 24, sizeof(giaddr));
728 if (giaddr == htonl(INADDR_ANY)) {
730 * DHCP Opcode is request
732 vp = pairfind(head, DHCP2ATTR(256));
733 if (vp && vp->lvalue == 3) {
735 * Vendor is "MSFT 98"
737 vp = pairfind(head, DHCP2ATTR(63));
738 if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
739 vp = pairfind(head, DHCP2ATTR(262));
742 * Reply should be broadcast.
744 if (vp) vp->lvalue |= 0x8000;
745 packet->data[10] |= 0x80;
751 * FIXME: Nuke attributes that aren't used in the normal
752 * header for discover/requests.
757 * Client can request a LARGER size, but not a smaller
758 * one. They also cannot request a size larger than MTU.
760 maxms = pairfind(packet->vps, DHCP2ATTR(57));
761 mtu = pairfind(packet->vps, DHCP2ATTR(26));
763 if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
764 fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification.");
768 if (maxms && (maxms->vp_integer < DEFAULT_PACKET_SIZE)) {
769 fr_strerror_printf("DHCP WARNING: Client says maximum message size is smaller than minimum permitted by the specification: fixing it");
770 maxms->vp_integer = DEFAULT_PACKET_SIZE;
773 if (maxms && mtu && (maxms->vp_integer > mtu->vp_integer)) {
774 fr_strerror_printf("DHCP WARNING: Client says MTU is smaller than maximum message size: fixing it");
775 maxms->vp_integer = mtu->vp_integer;
778 if (fr_debug_flag > 0) {
779 for (vp = packet->vps; vp != NULL; vp = vp->next) {
784 if (fr_debug_flag) fflush(stdout);
790 static int attr_cmp(const void *one, const void *two)
792 const VALUE_PAIR * const *a = one;
793 const VALUE_PAIR * const *b = two;
796 * DHCP-Message-Type is first, for simplicity.
798 if (((*a)->attribute == DHCP2ATTR(53)) &&
799 (*b)->attribute != DHCP2ATTR(53)) return -1;
802 * Relay-Agent is last
804 if (((*a)->attribute == DHCP2ATTR(82)) &&
805 (*b)->attribute != DHCP2ATTR(82)) return +1;
807 return ((*a)->attribute - (*b)->attribute);
811 static size_t fr_dhcp_vp2attr(VALUE_PAIR *vp, uint8_t *p, size_t room)
819 room = room; /* -Wunused */
822 * Search for all attributes of the same
823 * type, and pack them into the same
829 *p = vp->vp_integer & 0xff;
834 p[0] = (vp->vp_integer >> 8) & 0xff;
835 p[1] = vp->vp_integer & 0xff;
838 case PW_TYPE_INTEGER:
840 lvalue = htonl(vp->vp_integer);
841 memcpy(p, &lvalue, 4);
846 memcpy(p, &vp->vp_ipaddr, 4);
849 case PW_TYPE_ETHERNET:
851 memcpy(p, &vp->vp_ether, 6);
855 memcpy(p, vp->vp_strvalue, vp->length);
859 case PW_TYPE_TLV: /* FIXME: split it on 255? */
860 memcpy(p, vp->vp_tlv, vp->length);
865 memcpy(p, vp->vp_octets, vp->length);
870 fr_strerror_printf("BAD TYPE2 %d", vp->type);
878 static VALUE_PAIR *fr_dhcp_vp2suboption(VALUE_PAIR *vps)
881 unsigned int attribute;
883 VALUE_PAIR *vp, *tlv;
885 attribute = vps->attribute & 0xffff00ff;
887 tlv = paircreate(attribute, PW_TYPE_TLV);
888 if (!tlv) return NULL;
891 for (vp = vps; vp != NULL; vp = vp->next) {
893 * Group the attributes ONLY until we see a
896 if (!vp->flags.is_tlv ||
898 ((vp->attribute & 0xffff00ff) != attribute)) {
902 tlv->length += vp->length + 2;
910 tlv->vp_tlv = malloc(tlv->length);
917 for (vp = vps; vp != NULL; vp = vp->next) {
918 if (!vp->flags.is_tlv ||
920 ((vp->attribute & 0xffff00ff) != attribute)) {
924 length = fr_dhcp_vp2attr(vp, ptr + 2,
925 tlv->vp_tlv + tlv->length - ptr);
926 if (length > 255) return NULL;
929 * Pack the attribute.
931 ptr[0] = (vp->attribute & 0xff00) >> 8;
935 vp->flags.encoded = 1;
942 int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original)
947 uint32_t lvalue, mms;
948 size_t dhcp_size, length;
952 if (packet->data) return 0;
954 packet->data = malloc(MAX_PACKET_SIZE);
955 if (!packet->data) return -1;
957 packet->data_len = MAX_PACKET_SIZE;
959 if (packet->code == 0) packet->code = PW_DHCP_NAK;
962 * If there's a request, use it as a template.
963 * Otherwise, assume that the caller has set up
964 * everything appropriately.
967 packet->dst_ipaddr.af = AF_INET;
968 packet->src_ipaddr.af = AF_INET;
970 packet->dst_port = original->src_port;
971 packet->src_port = original->dst_port;
974 * Note that for DHCP, we NEVER send the response
975 * to the source IP address of the request. It
976 * may have traversed multiple relays, and we
977 * need to send the request to the relay closest
980 * if giaddr, send to giaddr.
981 * if NAK, send broadcast packet
982 * if ciaddr, unicast to ciaddr
983 * if flags & 0x8000, broadcast (client request)
984 * if sent from 0.0.0.0, broadcast response
985 * unicast to client yiaddr
989 * FIXME: alignment issues. We likely don't want to
990 * de-reference the packet structure directly..
992 dhcp = (dhcp_packet_t *) original->data;
994 if (dhcp->giaddr != htonl(INADDR_ANY)) {
995 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->giaddr;
997 if (dhcp->giaddr != htonl(INADDR_LOOPBACK)) {
998 packet->dst_port = original->dst_port;
1000 packet->dst_port = original->src_port; /* debugging */
1003 } else if (packet->code == PW_DHCP_NAK) {
1004 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_BROADCAST);
1006 } else if (dhcp->ciaddr != htonl(INADDR_ANY)) {
1007 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->ciaddr;
1009 } else if ((dhcp->flags & 0x8000) != 0) {
1010 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_BROADCAST);
1012 } else if (packet->dst_ipaddr.ipaddr.ip4addr.s_addr == htonl(INADDR_ANY)) {
1013 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_BROADCAST);
1015 } else if (dhcp->yiaddr != htonl(INADDR_ANY)) {
1016 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->yiaddr;
1019 /* leave destination IP alone. */
1023 * Rewrite the source IP to be our own, if we know it.
1025 if (packet->src_ipaddr.ipaddr.ip4addr.s_addr == htonl(INADDR_BROADCAST)) {
1026 packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_ANY);
1029 memset(packet->data, 0, packet->data_len);
1032 if (fr_debug_flag > 1) {
1034 const char *name = type_buf;
1035 char src_ip_buf[256], dst_ip_buf[256];
1037 if ((packet->code >= PW_DHCP_DISCOVER) &&
1038 (packet->code <= PW_DHCP_INFORM)) {
1039 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
1041 snprintf(type_buf, sizeof(type_buf), "%d",
1042 packet->code - PW_DHCP_OFFSET);
1045 DEBUG("Sending %s of id %08x from %s:%d to %s:%d\n",
1046 name, (unsigned int) packet->id,
1047 inet_ntop(packet->src_ipaddr.af,
1048 &packet->src_ipaddr.ipaddr,
1049 src_ip_buf, sizeof(src_ip_buf)),
1051 inet_ntop(packet->dst_ipaddr.af,
1052 &packet->dst_ipaddr.ipaddr,
1053 dst_ip_buf, sizeof(dst_ip_buf)),
1059 mms = DEFAULT_PACKET_SIZE; /* maximum message size */
1063 * Clients can request a LARGER size, but not a
1064 * smaller one. They also cannot request a size
1067 vp = pairfind(original->vps, DHCP2ATTR(57));
1068 if (vp && (vp->vp_integer > mms)) {
1069 mms = vp->vp_integer;
1071 if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE;
1076 * RFC 3118: Authentication option.
1078 vp = pairfind(packet->vps, DHCP2ATTR(90));
1080 if (vp->length < 2) {
1081 memset(vp->vp_octets + vp->length, 0,
1086 if (vp->length < 3) {
1089 gettimeofday(&tv, NULL);
1090 vp->vp_octets[2] = 0;
1091 timeval2ntp(&tv, vp->vp_octets + 3);
1096 * Configuration token (clear-text token)
1098 if (vp->vp_octets[0] == 0) {
1100 vp->vp_octets[1] = 0;
1102 pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD);
1104 length = pass->length;
1105 if ((length + 11) > sizeof(vp->vp_octets)) {
1106 length -= ((length + 11) - sizeof(vp->vp_octets));
1108 memcpy(vp->vp_octets + 11, pass->vp_strvalue,
1110 vp->length = length + 11;
1112 vp->length = 11 + 8;
1113 memset(vp->vp_octets + 11, 0, 8);
1114 vp->length = 11 + 8;
1116 } else { /* we don't support this type! */
1117 fr_strerror_printf("DHCP-Authentication %d unsupported",
1123 *p++ = 1; /* client message */
1125 *p++ = 2; /* server message */
1127 *p++ = 1; /* hardware type = ethernet */
1128 *p++ = 6; /* 6 bytes of ethernet */
1129 *p++ = 0; /* hops */
1131 if (original) { /* Xid */
1132 memcpy(p, original->data + 4, 4);
1135 memcpy(p, &lvalue, 4);
1139 memset(p, 0, 2); /* secs are zero */
1143 memcpy(p, original->data + 10, 6); /* copy flags && ciaddr */
1147 * Allow the admin to set the broadcast flag.
1149 vp = pairfind(packet->vps, DHCP2ATTR(262));
1151 p[0] |= (vp->vp_integer & 0xff00) >> 8;
1152 p[1] |= (vp->vp_integer & 0xff);
1158 * Set client IP address.
1160 vp = pairfind(packet->vps, DHCP2ATTR(264)); /* Your IP address */
1162 lvalue = vp->vp_ipaddr;
1164 lvalue = htonl(INADDR_ANY);
1166 memcpy(p, &lvalue, 4); /* your IP address */
1169 vp = pairfind(packet->vps, DHCP2ATTR(265)); /* server IP address */
1170 if (!vp) vp = pairfind(packet->vps, DHCP2ATTR(54)); /* identifier */
1172 lvalue = vp->vp_ipaddr;
1174 lvalue = htonl(INADDR_ANY);
1176 memcpy(p, &lvalue, 4); /* Server IP address */
1180 memcpy(p, original->data + 24, 4); /* copy gateway IP address */
1182 vp = pairfind(packet->vps, DHCP2ATTR(266));
1184 lvalue = vp->vp_ipaddr;
1186 lvalue = htonl(INADDR_NONE);
1188 memcpy(p, &lvalue, 4);
1193 memcpy(p, original->data + 28, DHCP_CHADDR_LEN);
1195 vp = pairfind(packet->vps, DHCP2ATTR(267));
1197 if (vp->length > DHCP_CHADDR_LEN) {
1198 memcpy(p, vp->vp_octets, DHCP_CHADDR_LEN);
1200 memcpy(p, vp->vp_octets, vp->length);
1204 p += DHCP_CHADDR_LEN;
1207 * Zero our sname && filename fields.
1209 memset(p, 0, DHCP_SNAME_LEN + DHCP_FILE_LEN);
1210 p += DHCP_SNAME_LEN;
1213 * Copy over DHCP-Boot-Filename.
1215 * FIXME: This copy should be delayed until AFTER the options
1216 * have been processed. If there are too many options for
1217 * the packet, then they go into the sname && filename fields.
1218 * When that happens, the boot filename is passed as an option,
1219 * instead of being placed verbatim in the filename field.
1221 vp = pairfind(packet->vps, DHCP2ATTR(269));
1223 if (vp->length > DHCP_FILE_LEN) {
1224 memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
1226 memcpy(p, vp->vp_strvalue, vp->length);
1231 lvalue = htonl(DHCP_OPTION_MAGIC_NUMBER); /* DHCP magic number */
1232 memcpy(p, &lvalue, 4);
1238 if (fr_debug_flag > 1) {
1243 for (i = 0; i < 14; i++) {
1244 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
1246 fr_strerror_printf("Parse error %s", fr_strerror());
1252 vp->vp_integer = p[0];
1257 vp->vp_integer = (p[0] << 8) | p[1];
1261 case PW_TYPE_INTEGER:
1262 memcpy(&vp->vp_integer, p, 4);
1263 vp->vp_integer = ntohl(vp->vp_integer);
1267 case PW_TYPE_IPADDR:
1268 memcpy(&vp->vp_ipaddr, p, 4);
1272 case PW_TYPE_STRING:
1273 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
1274 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
1275 vp->length = strlen(vp->vp_strvalue);
1278 case PW_TYPE_OCTETS: /* only for Client HW Address */
1279 memcpy(vp->vp_octets, p, packet->data[2]);
1280 vp->length = packet->data[2];
1283 case PW_TYPE_ETHERNET: /* only for Client HW Address */
1284 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1285 vp->length = sizeof(vp->vp_ether);
1289 fr_strerror_printf("Internal sanity check failed %d %d", vp->type, __LINE__);
1294 p += dhcp_header_sizes[i];
1296 vp_prints(buffer, sizeof(buffer), vp);
1297 fr_strerror_printf("\t%s", buffer);
1302 * Jump over DHCP magic number, response, etc.
1308 * Before packing the attributes, re-order them so that
1309 * the array ones are all contiguous. This simplifies
1313 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1317 VALUE_PAIR **array, **last;
1319 array = malloc(num_vps * sizeof(VALUE_PAIR *));
1322 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1327 * Sort the attributes.
1329 qsort(array, (size_t) num_vps, sizeof(VALUE_PAIR *),
1332 last = &packet->vps;
1333 for (i = 0; i < num_vps; i++) {
1335 array[i]->next = NULL;
1336 last = &(array[i]->next);
1341 p[0] = 0x35; /* DHCP-Message-Type */
1343 p[2] = packet->code - PW_DHCP_OFFSET;
1347 * Pack in the attributes.
1351 int num_entries = 1;
1353 uint8_t *plength, *pattr;
1355 if (!IS_DHCP_ATTR(vp)) goto next;
1356 if (vp->attribute == DHCP2ATTR(53)) goto next; /* already done */
1357 if ((vp->attribute > 255) &&
1358 (DHCP_BASE_ATTR(vp->attribute) != PW_DHCP_OPTION_82)) goto next;
1361 if (vp->flags.encoded) goto next;
1363 length = vp->length;
1365 for (same = vp->next; same != NULL; same = same->next) {
1366 if (same->attribute != vp->attribute) break;
1371 * For client-identifier
1373 if ((vp->type == PW_TYPE_ETHERNET) &&
1374 (vp->length == 6) &&
1375 (num_entries == 1)) {
1376 vp->type = PW_TYPE_OCTETS;
1377 memmove(vp->vp_octets + 1, vp->vp_octets, 6);
1378 vp->vp_octets[0] = 1;
1382 *(p++) = vp->attribute & 0xff;
1384 *(p++) = 0; /* header isn't included in attr length */
1386 for (i = 0; i < num_entries; i++) {
1387 if (fr_debug_flag > 1) {
1388 vp_prints(buffer, sizeof(buffer), vp);
1389 fr_strerror_printf("\t%s", buffer);
1392 if (vp->flags.is_tlv) {
1396 * Should NOT have been encoded yet!
1398 tlv = fr_dhcp_vp2suboption(vp);
1401 * Ignore it if there's an issue
1404 if (!tlv) goto next;
1406 tlv->next = vp->next;
1411 length = fr_dhcp_vp2attr(vp, p, 0);
1414 * This will never happen due to FreeRADIUS
1415 * limitations: sizeof(vp->vp_octets) < 255
1418 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->name);
1423 * More than one attribute of the same type
1424 * in a row: they are packed together
1425 * into the same TLV. If we overflow,
1428 if ((*plength + length) > 255) {
1429 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->name);
1437 (vp->next->attribute == vp->attribute))
1439 } /* loop over num_entries */
1445 p[0] = 0xff; /* end of option option */
1448 dhcp_size = p - packet->data;
1451 * FIXME: if (dhcp_size > mms),
1452 * then we put the extra options into the "sname" and "file"
1453 * fields, AND set the "end option option" in the "options"
1454 * field. We also set the "overload option",
1455 * and put options into the "file" field, followed by
1456 * the "sname" field. Where each option is completely
1457 * enclosed in the "file" and/or "sname" field, AND
1458 * followed by the "end of option", and MUST be followed
1459 * by padding option.
1461 * Yuck. That sucks...
1463 packet->data_len = dhcp_size;
1467 * FIXME: This may set it to broadcast, which we don't
1468 * want. Instead, set it to the real address of the
1471 packet->src_ipaddr = original->dst_ipaddr;
1473 packet->sockfd = original->sockfd;
1476 if (packet->data_len < DEFAULT_PACKET_SIZE) {
1477 memset(packet->data + packet->data_len, 0,
1478 DEFAULT_PACKET_SIZE - packet->data_len);
1479 packet->data_len = DEFAULT_PACKET_SIZE;
1482 if ((fr_debug_flag > 2) && fr_log_fp) {
1483 for (i = 0; i < packet->data_len; i++) {
1484 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", i);
1485 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1486 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1488 fprintf(fr_log_fp, "\n");
1493 #endif /* WITH_DHCP */