2 * dhcp.c Functions to send/receive dhcp packets.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/libradius.h>
28 #include <freeradius-devel/udpfromto.h>
29 #include <freeradius-devel/dhcp.h>
32 * This doesn't appear to work right now.
38 #include <sys/ioctl.h>
40 #ifdef HAVE_SYS_SOCKET_H
41 #include <sys/socket.h>
43 #ifdef HAVE_SYS_TYPES_H
44 #include <sys/types.h>
47 #include <net/if_arp.h>
50 #define DHCP_CHADDR_LEN (16)
51 #define DHCP_SNAME_LEN (64)
52 #define DHCP_FILE_LEN (128)
53 #define DHCP_VEND_LEN (308)
54 #define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
56 #ifndef INADDR_BROADCAST
57 #define INADDR_BROADCAST INADDR_NONE
60 typedef struct dhcp_packet_t {
66 uint16_t secs; /* 8 */
68 uint32_t ciaddr; /* 12 */
69 uint32_t yiaddr; /* 16 */
70 uint32_t siaddr; /* 20 */
71 uint32_t giaddr; /* 24 */
72 uint8_t chaddr[DHCP_CHADDR_LEN]; /* 28 */
73 uint8_t sname[DHCP_SNAME_LEN]; /* 44 */
74 uint8_t file[DHCP_FILE_LEN]; /* 108 */
75 uint32_t option_format; /* 236 */
76 uint8_t options[DHCP_VEND_LEN];
79 typedef struct dhcp_option_t {
85 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 DISCOVER
86 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 OFFER
87 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 REQUEST
88 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 ACK
90 static const char *dhcp_header_names[] = {
93 "DHCP-Hardware-Address-Length",
95 "DHCP-Transaction-Id",
96 "DHCP-Number-of-Seconds",
98 "DHCP-Client-IP-Address",
99 "DHCP-Your-IP-Address",
100 "DHCP-Server-IP-Address",
101 "DHCP-Gateway-IP-Address",
102 "DHCP-Client-Hardware-Address",
103 "DHCP-Server-Host-Name",
104 "DHCP-Boot-Filename",
109 static const char *dhcp_message_types[] = {
122 static int dhcp_header_sizes[] = {
133 * Some clients silently ignore responses less than 300 bytes.
135 #define MIN_PACKET_SIZE (244)
136 #define DEFAULT_PACKET_SIZE (300)
137 #define MAX_PACKET_SIZE (1500 - 40)
139 #define DHCP_OPTION_FIELD (0)
140 #define DHCP_FILE_FIELD (1)
141 #define DHCP_SNAME_FIELD (2)
143 static uint8_t *dhcp_get_option(dhcp_packet_t *packet, size_t packet_size,
148 int field = DHCP_OPTION_FIELD;
150 uint8_t *data = packet->options;
153 size = packet_size - offsetof(dhcp_packet_t, options);
154 data = &packet->options[where];
156 while (where < size) {
157 if (data[0] == 0) { /* padding */
162 if (data[0] == 255) { /* end of options */
163 if ((field == DHCP_OPTION_FIELD) &&
164 (overload & DHCP_FILE_FIELD)) {
167 size = sizeof(packet->file);
168 field = DHCP_FILE_FIELD;
171 } else if ((field == DHCP_FILE_FIELD) &&
172 (overload && DHCP_SNAME_FIELD)) {
173 data = packet->sname;
175 size = sizeof(packet->sname);
176 field = DHCP_SNAME_FIELD;
184 * We MUST have a real option here.
186 if ((where + 2) > size) {
187 fr_strerror_printf("Options overflow field at %u",
188 (unsigned int) (data - (uint8_t *) packet));
192 if ((where + 2 + data[1]) > size) {
193 fr_strerror_printf("Option length overflows field at %u",
194 (unsigned int) (data - (uint8_t *) packet));
198 if (data[0] == option) return data;
200 if (data[0] == 52) { /* overload sname and/or file */
204 where += data[1] + 2;
212 * DHCPv4 is only for IPv4. Broadcast only works if udpfromto is
215 RADIUS_PACKET *fr_dhcp_recv(int sockfd)
219 struct sockaddr_storage src;
220 struct sockaddr_storage dst;
221 socklen_t sizeof_src;
222 socklen_t sizeof_dst;
223 RADIUS_PACKET *packet;
227 packet = rad_alloc(NULL, 0);
229 fr_strerror_printf("Failed allocating packet");
232 memset(packet, 0, sizeof(*packet));
234 packet->data = malloc(MAX_PACKET_SIZE);
236 fr_strerror_printf("Failed in malloc");
241 packet->sockfd = sockfd;
242 sizeof_src = sizeof(src);
243 #ifdef WITH_UDPFROMTO
244 sizeof_dst = sizeof(dst);
245 len = recvfromto(sockfd, packet->data, MAX_PACKET_SIZE, 0,
246 (struct sockaddr *)&src, &sizeof_src,
247 (struct sockaddr *)&dst, &sizeof_dst);
249 len = recvfrom(sockfd, packet->data, MAX_PACKET_SIZE, 0,
250 (struct sockaddr *)&src, &sizeof_src);
254 fr_strerror_printf("Failed reading DHCP socket: %s", strerror(errno));
259 if (len < MIN_PACKET_SIZE) {
260 fr_strerror_printf("DHCP packet is too small (%d < %d)",
261 (int) len, MIN_PACKET_SIZE);
266 if (packet->data[1] != 1) {
267 fr_strerror_printf("DHCP can only receive ethernet requests, not type %02x",
273 if (packet->data[2] != 6) {
274 fr_strerror_printf("Ethernet HW length is wrong length %d",
280 packet->data_len = len;
282 memcpy(&magic, packet->data + 236, 4);
283 magic = ntohl(magic);
284 if (magic != DHCP_OPTION_MAGIC_NUMBER) {
285 fr_strerror_printf("Cannot do BOOTP");
291 * Create unique keys for the packet.
293 memcpy(&magic, packet->data + 4, 4);
294 packet->id = ntohl(magic);
296 code = dhcp_get_option((dhcp_packet_t *) packet->data,
297 packet->data_len, 53);
299 fr_strerror_printf("No message-type option was found in the packet");
304 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
305 fr_strerror_printf("Unknown value for message-type option");
310 packet->code = code[2] | PW_DHCP_OFFSET;
313 * Create a unique vector from the MAC address and the
314 * DHCP opcode. This is a hack for the RADIUS
315 * infrastructure in the rest of the server.
317 * Note: packet->data[2] == 6, which is smaller than
318 * sizeof(packet->vector)
320 * FIXME: Look for client-identifier in packet,
323 memset(packet->vector, 0, sizeof(packet->vector));
324 memcpy(packet->vector, packet->data + 28, packet->data[2]);
325 packet->vector[packet->data[2]] = packet->code & 0xff;
328 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
329 * FIXME: for OFFER / ACK : src_port = dst_port - 1
333 * Unique keys are xid, client mac, and client ID?
337 * FIXME: More checks, like DHCP packet type?
340 sizeof_dst = sizeof(dst);
342 #ifndef WITH_UDPFROMTO
344 * This should never fail...
346 if (getsockname(sockfd, (struct sockaddr *) &dst, &sizeof_dst) < 0) {
347 fr_strerror_printf("getsockname failed: %s", strerror(errno));
353 fr_sockaddr2ipaddr(&dst, sizeof_dst, &packet->dst_ipaddr, &port);
354 packet->dst_port = port;
356 fr_sockaddr2ipaddr(&src, sizeof_src, &packet->src_ipaddr, &port);
357 packet->src_port = port;
359 if (fr_debug_flag > 1) {
361 const char *name = type_buf;
362 char src_ip_buf[256], dst_ip_buf[256];
364 if ((packet->code >= PW_DHCP_DISCOVER) &&
365 (packet->code <= PW_DHCP_INFORM)) {
366 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
368 snprintf(type_buf, sizeof(type_buf), "%d",
369 packet->code - PW_DHCP_OFFSET);
372 DEBUG("Received %s of id %08x from %s:%d to %s:%d\n",
373 name, (unsigned int) packet->id,
374 inet_ntop(packet->src_ipaddr.af,
375 &packet->src_ipaddr.ipaddr,
376 src_ip_buf, sizeof(src_ip_buf)),
378 inet_ntop(packet->dst_ipaddr.af,
379 &packet->dst_ipaddr.ipaddr,
380 dst_ip_buf, sizeof(dst_ip_buf)),
389 * Send a DHCP packet.
391 int fr_dhcp_send(RADIUS_PACKET *packet)
393 struct sockaddr_storage dst;
394 socklen_t sizeof_dst;
395 #ifdef WITH_UDPFROMTO
396 struct sockaddr_storage src;
397 socklen_t sizeof_src;
400 if (!fr_ipaddr2sockaddr(&packet->dst_ipaddr, packet->dst_port,
401 &dst, &sizeof_dst)) {
406 * The client doesn't yet have an IP address, but is
407 * expecting an ethernet packet unicast to it's MAC
408 * address. We need to build a raw frame.
410 if (packet->offset == 0) {
412 * FIXME: Insert code here!
416 #ifndef WITH_UDPFROMTO
418 * Assume that the packet is encoded before sending it.
420 return sendto(packet->sockfd, packet->data, packet->data_len, 0,
421 (struct sockaddr *)&dst, sizeof_dst);
423 if (!fr_ipaddr2sockaddr(&packet->src_ipaddr, packet->src_port,
424 &src, &sizeof_src)) {
428 return sendfromto(packet->sockfd,
429 packet->data, packet->data_len, 0,
430 (struct sockaddr *)&src, sizeof_src,
431 (struct sockaddr *)&dst, sizeof_dst);
435 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen);
437 static int decode_tlv(VALUE_PAIR *tlv, const uint8_t *data, size_t data_len)
440 VALUE_PAIR *head, **tail, *vp;
443 * Take a pass at parsing it.
446 while (p < (data + data_len)) {
447 if ((p + 2) > (data + data_len)) goto make_tlv;
449 if ((p + p[1] + 2) > (data + data_len)) goto make_tlv;
454 * Got here... must be well formed.
460 while (p < (data + data_len)) {
461 vp = paircreate(tlv->da->attr | (p[0] << 8), DHCP_MAGIC_VENDOR);
467 if (fr_dhcp_attr2vp(vp, p + 2, p[1]) < 0) {
478 * The caller allocated TLV, so we need to copy the FIRST
479 * attribute over top of that.
482 memcpy(tlv, head, sizeof(*tlv));
490 tlv->vp_tlv = malloc(data_len);
492 fr_strerror_printf("No memory");
495 memcpy(tlv->vp_tlv, data, data_len);
496 tlv->length = data_len;
503 * Decode ONE value into a VP
505 static int fr_dhcp_attr2vp(VALUE_PAIR *vp, const uint8_t *p, size_t alen)
507 switch (vp->da->type) {
509 if (alen != 1) goto raw;
510 vp->vp_integer = p[0];
514 if (alen != 2) goto raw;
515 vp->vp_integer = (p[0] << 8) | p[1];
518 case PW_TYPE_INTEGER:
519 if (alen != 4) goto raw;
520 memcpy(&vp->vp_integer, p, 4);
521 vp->vp_integer = ntohl(vp->vp_integer);
525 if (alen != 4) goto raw;
526 memcpy(&vp->vp_ipaddr, p , 4);
531 if (alen > 253) return -1;
532 memcpy(vp->vp_strvalue, p , alen);
533 vp->vp_strvalue[alen] = '\0';
537 * Value doesn't match up with attribute type, overwrite the
538 * vp's original DICT_ATTR with an unknown one.
541 if (pair2unknown(vp) < 0) return -1;
544 if (alen > 253) return -1;
545 memcpy(vp->vp_octets, p, alen);
549 return decode_tlv(vp, p, alen);
552 fr_strerror_printf("Internal sanity check %d %d", vp->da->type, __LINE__);
554 } /* switch over type */
560 ssize_t fr_dhcp_decode_options(uint8_t *data, size_t len, VALUE_PAIR **head)
563 VALUE_PAIR *vp, **tail;
570 * FIXME: This should also check sname && file fields.
571 * See the dhcp_get_option() function above.
573 while (next < (data + len)) {
574 int num_entries, alen;
580 if (*p == 255) break; /* end of options signifier */
581 if ((p + 2) > (data + len)) break;
586 fr_strerror_printf("Attribute too long %u %u",
591 da = dict_attrbyvalue(p[0], DHCP_MAGIC_VENDOR);
593 fr_strerror_printf("Attribute not in our dictionary: %u",
604 * Could be an array of bytes, integers, etc.
606 if (da->flags.array) {
613 case PW_TYPE_SHORT: /* ignore any trailing data */
614 num_entries = alen >> 1;
619 case PW_TYPE_INTEGER:
620 case PW_TYPE_DATE: /* ignore any trailing data */
621 num_entries = alen >> 2;
627 break; /* really an internal sanity failure */
632 * Loop over all of the entries, building VPs
634 for (i = 0; i < num_entries; i++) {
635 vp = pairmake(da->name, NULL, T_OP_ADD);
637 fr_strerror_printf("Cannot build attribute %s",
644 * Hack for ease of use.
646 if (fr_dhcp_attr2vp(vp, p, alen) < 0) {
655 tail = &(*tail)->next;
658 } /* loop over array entries */
659 } /* loop over the entire packet */
664 int fr_dhcp_decode(RADIUS_PACKET *packet)
669 VALUE_PAIR *head, *vp, **tail;
670 VALUE_PAIR *maxms, *mtu;
676 if ((fr_debug_flag > 2) && fr_log_fp) {
677 for (i = 0; i < packet->data_len; i++) {
678 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", (int) i);
679 fprintf(fr_log_fp, "%02x ", packet->data[i]);
680 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
682 fprintf(fr_log_fp, "\n");
685 if (packet->data[1] != 1) {
686 fr_strerror_printf("Packet is not Ethernet: %u",
694 for (i = 0; i < 14; i++) {
695 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
698 strlcpy(buffer, fr_strerror(), sizeof(buffer));
699 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
705 (packet->data[1] == 1) &&
706 (packet->data[2] != 6)) {
707 fr_strerror_printf("chaddr of incorrect length for ethernet");
710 switch (vp->da->type) {
712 vp->vp_integer = p[0];
717 vp->vp_integer = (p[0] << 8) | p[1];
721 case PW_TYPE_INTEGER:
722 memcpy(&vp->vp_integer, p, 4);
723 vp->vp_integer = ntohl(vp->vp_integer);
728 memcpy(&vp->vp_ipaddr, p, 4);
733 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
734 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
735 vp->length = strlen(vp->vp_strvalue);
736 if (vp->length == 0) {
742 memcpy(vp->vp_octets, p, packet->data[2]);
743 vp->length = packet->data[2];
746 case PW_TYPE_ETHERNET:
747 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
748 vp->length = sizeof(vp->vp_ether);
752 fr_strerror_printf("BAD TYPE %d", vp->da->type);
756 p += dhcp_header_sizes[i];
766 * Loop over the options.
770 * Nothing uses tail after this call, if it does in the future
771 * it'll need to find the new tail...
773 if (fr_dhcp_decode_options(packet->data + 240, packet->data_len - 240,
779 * If DHCP request, set ciaddr to zero.
783 * Set broadcast flag for broken vendors, but only if
786 memcpy(&giaddr, packet->data + 24, sizeof(giaddr));
787 if (giaddr == htonl(INADDR_ANY)) {
789 * DHCP Opcode is request
791 vp = pairfind(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
792 if (vp && vp->vp_integer == 3) {
794 * Vendor is "MSFT 98"
796 vp = pairfind(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY);
797 if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
798 vp = pairfind(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
801 * Reply should be broadcast.
803 if (vp) vp->vp_integer |= 0x8000;
804 packet->data[10] |= 0x80;
810 * FIXME: Nuke attributes that aren't used in the normal
811 * header for discover/requests.
816 * Client can request a LARGER size, but not a smaller
817 * one. They also cannot request a size larger than MTU.
819 maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
820 mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY);
822 if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
823 fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification.");
827 if (maxms && (maxms->vp_integer < DEFAULT_PACKET_SIZE)) {
828 fr_strerror_printf("DHCP WARNING: Client says maximum message size is smaller than minimum permitted by the specification: fixing it");
829 maxms->vp_integer = DEFAULT_PACKET_SIZE;
832 if (maxms && mtu && (maxms->vp_integer > mtu->vp_integer)) {
833 fr_strerror_printf("DHCP WARNING: Client says MTU is smaller than maximum message size: fixing it");
834 maxms->vp_integer = mtu->vp_integer;
837 if (fr_debug_flag > 0) {
838 for (vp = packet->vps; vp != NULL; vp = vp->next) {
843 if (fr_debug_flag) fflush(stdout);
849 static int attr_cmp(const void *one, const void *two)
851 const VALUE_PAIR * const *a = one;
852 const VALUE_PAIR * const *b = two;
855 * DHCP-Message-Type is first, for simplicity.
857 if (((*a)->da->attr == 53) &&
858 (*b)->da->attr != 53) return -1;
861 * Relay-Agent is last
863 if (((*a)->da->attr == 82) &&
864 (*b)->da->attr != 82) return +1;
866 return ((*a)->da->attr - (*b)->da->attr);
870 static size_t fr_dhcp_vp2attr(VALUE_PAIR *vp, uint8_t *p, size_t room)
878 room = room; /* -Wunused */
881 * Search for all attributes of the same
882 * type, and pack them into the same
885 switch (vp->da->type) {
888 *p = vp->vp_integer & 0xff;
893 p[0] = (vp->vp_integer >> 8) & 0xff;
894 p[1] = vp->vp_integer & 0xff;
897 case PW_TYPE_INTEGER:
899 lvalue = htonl(vp->vp_integer);
900 memcpy(p, &lvalue, 4);
905 memcpy(p, &vp->vp_ipaddr, 4);
908 case PW_TYPE_ETHERNET:
910 memcpy(p, &vp->vp_ether, 6);
914 memcpy(p, vp->vp_strvalue, vp->length);
918 case PW_TYPE_TLV: /* FIXME: split it on 255? */
919 memcpy(p, vp->vp_tlv, vp->length);
924 memcpy(p, vp->vp_octets, vp->length);
929 fr_strerror_printf("BAD TYPE2 %d", vp->da->type);
937 static VALUE_PAIR *fr_dhcp_vp2suboption(VALUE_PAIR *vps)
940 unsigned int attribute;
942 VALUE_PAIR *vp, *tlv;
944 attribute = vps->da->attr & 0xffff00ff;
946 tlv = paircreate(attribute, DHCP_MAGIC_VENDOR);
947 if (!tlv) return NULL;
950 for (vp = vps; vp != NULL; vp = vp->next) {
952 * Group the attributes ONLY until we see a
955 if (!vp->da->flags.is_tlv ||
956 vp->da->flags.extended ||
957 ((vp->da->attr & 0xffff00ff) != attribute)) {
961 tlv->length += vp->length + 2;
969 tlv->vp_tlv = malloc(tlv->length);
976 for (vp = vps; vp != NULL; vp = vp->next) {
977 if (!vp->da->flags.is_tlv ||
978 vp->da->flags.extended ||
979 ((vp->da->attr & 0xffff00ff) != attribute)) {
983 length = fr_dhcp_vp2attr(vp, ptr + 2,
984 tlv->vp_tlv + tlv->length - ptr);
991 * Pack the attribute.
993 ptr[0] = (vp->da->attr & 0xff00) >> 8;
1003 int fr_dhcp_encode(RADIUS_PACKET *packet, RADIUS_PACKET *original)
1005 unsigned int i, num_vps;
1008 uint32_t lvalue, mms;
1009 size_t dhcp_size, length;
1010 dhcp_packet_t *dhcp;
1012 if (packet->data) return 0;
1014 packet->data = malloc(MAX_PACKET_SIZE);
1015 if (!packet->data) return -1;
1017 packet->data_len = MAX_PACKET_SIZE;
1019 if (packet->code == 0) packet->code = PW_DHCP_NAK;
1022 * If there's a request, use it as a template.
1023 * Otherwise, assume that the caller has set up
1024 * everything appropriately.
1027 packet->dst_ipaddr.af = AF_INET;
1028 packet->src_ipaddr.af = AF_INET;
1030 packet->dst_port = original->src_port;
1031 packet->src_port = original->dst_port;
1034 * Note that for DHCP, we NEVER send the response
1035 * to the source IP address of the request. It
1036 * may have traversed multiple relays, and we
1037 * need to send the request to the relay closest
1040 * if giaddr, send to giaddr.
1041 * if NAK, send broadcast.
1042 * if broadcast flag, send broadcast.
1043 * if ciaddr is empty, send broadcast.
1044 * otherwise unicast to ciaddr.
1048 * FIXME: alignment issues. We likely don't want to
1049 * de-reference the packet structure directly..
1051 dhcp = (dhcp_packet_t *) original->data;
1054 * Default to sending it via sendto(), without using
1059 if (dhcp->giaddr != htonl(INADDR_ANY)) {
1060 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->giaddr;
1062 if (dhcp->giaddr != htonl(INADDR_LOOPBACK)) {
1063 packet->dst_port = original->dst_port;
1065 packet->dst_port = original->src_port; /* debugging */
1068 } else if ((packet->code == PW_DHCP_NAK) ||
1069 ((dhcp->flags & 0x8000) != 0) ||
1070 (dhcp->ciaddr == htonl(INADDR_ANY))) {
1072 * The kernel will take care of sending it to
1073 * the broadcast MAC.
1075 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_BROADCAST);
1079 * It was broadcast to us: we need to
1080 * broadcast the response.
1082 if (packet->src_ipaddr.ipaddr.ip4addr.s_addr != dhcp->ciaddr) {
1085 packet->dst_ipaddr.ipaddr.ip4addr.s_addr = dhcp->ciaddr;
1089 * Rewrite the source IP to be our own, if we know it.
1091 if (packet->src_ipaddr.ipaddr.ip4addr.s_addr == htonl(INADDR_BROADCAST)) {
1092 packet->src_ipaddr.ipaddr.ip4addr.s_addr = htonl(INADDR_ANY);
1095 memset(packet->data, 0, packet->data_len);
1098 if (fr_debug_flag > 1) {
1100 const char *name = type_buf;
1101 char src_ip_buf[256], dst_ip_buf[256];
1103 if ((packet->code >= PW_DHCP_DISCOVER) &&
1104 (packet->code <= PW_DHCP_INFORM)) {
1105 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
1107 snprintf(type_buf, sizeof(type_buf), "%d",
1108 packet->code - PW_DHCP_OFFSET);
1111 DEBUG("Sending %s of id %08x from %s:%d to %s:%d\n",
1112 name, (unsigned int) packet->id,
1113 inet_ntop(packet->src_ipaddr.af,
1114 &packet->src_ipaddr.ipaddr,
1115 src_ip_buf, sizeof(src_ip_buf)),
1117 inet_ntop(packet->dst_ipaddr.af,
1118 &packet->dst_ipaddr.ipaddr,
1119 dst_ip_buf, sizeof(dst_ip_buf)),
1122 if (fr_debug_flag) {
1123 for (i = 256; i < 269; i++) {
1124 vp = pairfind(packet->vps, i, DHCP_MAGIC_VENDOR, TAG_ANY);
1134 mms = DEFAULT_PACKET_SIZE; /* maximum message size */
1138 * Clients can request a LARGER size, but not a
1139 * smaller one. They also cannot request a size
1142 vp = pairfind(original->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
1143 if (vp && (vp->vp_integer > mms)) {
1144 mms = vp->vp_integer;
1146 if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE;
1151 * RFC 3118: Authentication option.
1153 vp = pairfind(packet->vps, 90, DHCP_MAGIC_VENDOR, TAG_ANY);
1155 if (vp->length < 2) {
1156 memset(vp->vp_octets + vp->length, 0,
1161 if (vp->length < 3) {
1164 gettimeofday(&tv, NULL);
1165 vp->vp_octets[2] = 0;
1166 timeval2ntp(&tv, vp->vp_octets + 3);
1171 * Configuration token (clear-text token)
1173 if (vp->vp_octets[0] == 0) {
1175 vp->vp_octets[1] = 0;
1177 pass = pairfind(packet->vps, PW_CLEARTEXT_PASSWORD, DHCP_MAGIC_VENDOR, TAG_ANY);
1179 length = pass->length;
1180 if ((length + 11) > sizeof(vp->vp_octets)) {
1181 length -= ((length + 11) - sizeof(vp->vp_octets));
1183 memcpy(vp->vp_octets + 11, pass->vp_strvalue,
1185 vp->length = length + 11;
1187 vp->length = 11 + 8;
1188 memset(vp->vp_octets + 11, 0, 8);
1189 vp->length = 11 + 8;
1191 } else { /* we don't support this type! */
1192 fr_strerror_printf("DHCP-Authentication %d unsupported",
1197 vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
1199 *p++ = vp->vp_integer & 0xff;
1202 *p++ = 1; /* client message */
1204 *p++ = 2; /* server message */
1207 *p++ = 1; /* hardware type = ethernet */
1208 *p++ = 6; /* 6 bytes of ethernet */
1210 vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY);
1212 *p++ = vp->vp_integer & 0xff;
1214 *p++ = 0; /* hops */
1217 if (original) { /* Xid */
1218 memcpy(p, original->data + 4, 4);
1221 memcpy(p, &lvalue, 4);
1225 memset(p, 0, 2); /* secs are zero */
1229 memcpy(p, original->data + 10, 6); /* copy flags && ciaddr */
1233 * Allow the admin to set the broadcast flag.
1235 vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
1237 p[0] |= (vp->vp_integer & 0xff00) >> 8;
1238 p[1] |= (vp->vp_integer & 0xff);
1244 * Set client IP address.
1246 vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY); /* Your IP address */
1248 lvalue = vp->vp_ipaddr;
1250 lvalue = htonl(INADDR_ANY);
1252 memcpy(p, &lvalue, 4); /* your IP address */
1255 vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY); /* server IP address */
1256 if (!vp) vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY); /* identifier */
1258 lvalue = vp->vp_ipaddr;
1260 lvalue = htonl(INADDR_ANY);
1262 memcpy(p, &lvalue, 4); /* Server IP address */
1266 memcpy(p, original->data + 24, 4); /* copy gateway IP address */
1268 vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY);
1270 lvalue = vp->vp_ipaddr;
1272 lvalue = htonl(INADDR_NONE);
1274 memcpy(p, &lvalue, 4);
1279 memcpy(p, original->data + 28, DHCP_CHADDR_LEN);
1281 vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY);
1283 if (vp->length > DHCP_CHADDR_LEN) {
1284 memcpy(p, vp->vp_octets, DHCP_CHADDR_LEN);
1286 memcpy(p, vp->vp_octets, vp->length);
1290 p += DHCP_CHADDR_LEN;
1293 * Zero our sname && filename fields.
1295 memset(p, 0, DHCP_SNAME_LEN + DHCP_FILE_LEN);
1296 p += DHCP_SNAME_LEN;
1299 * Copy over DHCP-Boot-Filename.
1301 * FIXME: This copy should be delayed until AFTER the options
1302 * have been processed. If there are too many options for
1303 * the packet, then they go into the sname && filename fields.
1304 * When that happens, the boot filename is passed as an option,
1305 * instead of being placed verbatim in the filename field.
1307 vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY);
1309 if (vp->length > DHCP_FILE_LEN) {
1310 memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
1312 memcpy(p, vp->vp_strvalue, vp->length);
1317 lvalue = htonl(DHCP_OPTION_MAGIC_NUMBER); /* DHCP magic number */
1318 memcpy(p, &lvalue, 4);
1324 if (fr_debug_flag > 1) {
1329 for (i = 0; i < 14; i++) {
1330 vp = pairmake(dhcp_header_names[i], NULL, T_OP_EQ);
1333 strlcpy(buffer, fr_strerror(), sizeof(buffer));
1334 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
1338 switch (vp->da->type) {
1340 vp->vp_integer = p[0];
1345 vp->vp_integer = (p[0] << 8) | p[1];
1349 case PW_TYPE_INTEGER:
1350 memcpy(&vp->vp_integer, p, 4);
1351 vp->vp_integer = ntohl(vp->vp_integer);
1355 case PW_TYPE_IPADDR:
1356 memcpy(&vp->vp_ipaddr, p, 4);
1360 case PW_TYPE_STRING:
1361 memcpy(vp->vp_strvalue, p, dhcp_header_sizes[i]);
1362 vp->vp_strvalue[dhcp_header_sizes[i]] = '\0';
1363 vp->length = strlen(vp->vp_strvalue);
1366 case PW_TYPE_OCTETS: /* only for Client HW Address */
1367 memcpy(vp->vp_octets, p, packet->data[2]);
1368 vp->length = packet->data[2];
1371 case PW_TYPE_ETHERNET: /* only for Client HW Address */
1372 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1373 vp->length = sizeof(vp->vp_ether);
1377 fr_strerror_printf("Internal sanity check failed %d %d", vp->da->type, __LINE__);
1382 p += dhcp_header_sizes[i];
1389 * Jump over DHCP magic number, response, etc.
1395 * Before packing the attributes, re-order them so that
1396 * the array ones are all contiguous. This simplifies
1400 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1404 VALUE_PAIR **array, **last;
1406 array = malloc(num_vps * sizeof(VALUE_PAIR *));
1409 for (vp = packet->vps; vp != NULL; vp = vp->next) {
1414 * Sort the attributes.
1416 qsort(array, (size_t) num_vps, sizeof(VALUE_PAIR *),
1419 last = &packet->vps;
1420 for (i = 0; i < num_vps; i++) {
1422 array[i]->next = NULL;
1423 last = &(array[i]->next);
1428 p[0] = 0x35; /* DHCP-Message-Type */
1430 p[2] = packet->code - PW_DHCP_OFFSET;
1434 * Pack in the attributes.
1438 unsigned int num_entries = 1;
1440 uint8_t *plength, *pattr;
1442 if (vp->da->vendor != DHCP_MAGIC_VENDOR) goto next;
1443 if (vp->da->attr == 53) goto next; /* already done */
1444 if ((vp->da->attr > 255) &&
1445 (DHCP_BASE_ATTR(vp->da->attr) != PW_DHCP_OPTION_82)) goto next;
1448 if (vp->da->flags.extended) goto next;
1450 length = vp->length;
1452 for (same = vp->next; same != NULL; same = same->next) {
1453 if (same->da->attr != vp->da->attr) break;
1458 * For client-identifier
1459 * @fixme What's this meant to be doing?!
1462 if ((vp->da->type == PW_TYPE_ETHERNET) &&
1463 (vp->length == 6) &&
1464 (num_entries == 1)) {
1465 vp->da->type = PW_TYPE_OCTETS;
1466 memmove(vp->vp_octets + 1, vp->vp_octets, 6);
1467 vp->vp_octets[0] = 1;
1471 *(p++) = vp->da->attr & 0xff;
1473 *(p++) = 0; /* header isn't included in attr length */
1475 for (i = 0; i < num_entries; i++) {
1478 if (vp->da->flags.is_tlv) {
1482 * Should NOT have been encoded yet!
1484 tlv = fr_dhcp_vp2suboption(vp);
1487 * Ignore it if there's an issue
1490 if (!tlv) goto next;
1492 tlv->next = vp->next;
1497 length = fr_dhcp_vp2attr(vp, p, 0);
1500 * This will never happen due to FreeRADIUS
1501 * limitations: sizeof(vp->vp_octets) < 255
1504 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->da->name);
1509 * More than one attribute of the same type
1510 * in a row: they are packed together
1511 * into the same TLV. If we overflow,
1514 if ((*plength + length) > 255) {
1515 fr_strerror_printf("WARNING Ignoring too long attribute %s!", vp->da->name);
1523 (vp->next->da->attr == vp->da->attr))
1525 } /* loop over num_entries */
1531 p[0] = 0xff; /* end of option option */
1534 dhcp_size = p - packet->data;
1537 * FIXME: if (dhcp_size > mms),
1538 * then we put the extra options into the "sname" and "file"
1539 * fields, AND set the "end option option" in the "options"
1540 * field. We also set the "overload option",
1541 * and put options into the "file" field, followed by
1542 * the "sname" field. Where each option is completely
1543 * enclosed in the "file" and/or "sname" field, AND
1544 * followed by the "end of option", and MUST be followed
1545 * by padding option.
1547 * Yuck. That sucks...
1549 packet->data_len = dhcp_size;
1553 * FIXME: This may set it to broadcast, which we don't
1554 * want. Instead, set it to the real address of the
1557 packet->src_ipaddr = original->dst_ipaddr;
1559 packet->sockfd = original->sockfd;
1562 if (packet->data_len < DEFAULT_PACKET_SIZE) {
1563 memset(packet->data + packet->data_len, 0,
1564 DEFAULT_PACKET_SIZE - packet->data_len);
1565 packet->data_len = DEFAULT_PACKET_SIZE;
1568 if ((fr_debug_flag > 2) && fr_log_fp) {
1569 for (i = 0; i < packet->data_len; i++) {
1570 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", i);
1571 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1572 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1574 fprintf(fr_log_fp, "\n");
1580 int fr_dhcp_add_arp_entry(int fd, const char *interface,
1581 VALUE_PAIR *macaddr, VALUE_PAIR *ip)
1584 struct sockaddr_in *sin;
1587 if (macaddr->length > sizeof (req.arp_ha.sa_data)) {
1588 fr_strerror_printf("ERROR: DHCP only supports up to %zu octets "
1589 "for Client Hardware Address "
1590 "(got %zu octets)\n",
1591 sizeof(req.arp_ha.sa_data),
1596 memset(&req, 0, sizeof(req));
1597 sin = (struct sockaddr_in *) &req.arp_pa;
1598 sin->sin_family = AF_INET;
1599 sin->sin_addr.s_addr = ip->vp_ipaddr;
1600 strlcpy(req.arp_dev, interface, sizeof(req.arp_dev));
1601 memcpy(&req.arp_ha.sa_data, macaddr->vp_octets, macaddr->length);
1603 req.arp_flags = ATF_COM;
1604 if (ioctl(fd, SIOCSARP, &req) < 0) {
1605 fr_strerror_printf("DHCP: Failed to add entry in ARP cache: %s (%d)",
1606 strerror(errno), errno);
1612 fd = fd; /* -Wunused */
1613 interface = interface; /* -Wunused */
1614 macaddr = macaddr; /* -Wunused */
1615 ip = ip; /* -Wunused */
1617 fr_strerror_printf("Adding ARP entry is unsupported on this system");
1622 #endif /* WITH_DHCP */