2 * dhcp.c Functions to send/receive dhcp packets.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2008 The FreeRADIUS server project
21 * Copyright 2008 Alan DeKok <aland@deployingradius.com>
26 #include <freeradius-devel/libradius.h>
27 #include <freeradius-devel/udpfromto.h>
28 #include <freeradius-devel/dhcp.h>
31 #include <sys/ioctl.h>
34 #ifdef HAVE_SYS_SOCKET_H
35 #include <sys/socket.h>
37 #ifdef HAVE_SYS_TYPES_H
38 #include <sys/types.h>
42 #include <net/if_arp.h>
45 #define DHCP_CHADDR_LEN (16)
46 #define DHCP_SNAME_LEN (64)
47 #define DHCP_FILE_LEN (128)
48 #define DHCP_VEND_LEN (308)
49 #define DHCP_OPTION_MAGIC_NUMBER (0x63825363)
51 #ifndef INADDR_BROADCAST
52 #define INADDR_BROADCAST INADDR_NONE
55 /* @todo: this is a hack */
56 # define DEBUG if (fr_debug_flag && fr_log_fp) fr_printf_log
57 # define debug_pair(vp) do { if (fr_debug_flag && fr_log_fp) { \
58 vp_print(fr_log_fp, vp); \
62 typedef struct dhcp_packet_t {
68 uint16_t secs; /* 8 */
70 uint32_t ciaddr; /* 12 */
71 uint32_t yiaddr; /* 16 */
72 uint32_t siaddr; /* 20 */
73 uint32_t giaddr; /* 24 */
74 uint8_t chaddr[DHCP_CHADDR_LEN]; /* 28 */
75 uint8_t sname[DHCP_SNAME_LEN]; /* 44 */
76 uint8_t file[DHCP_FILE_LEN]; /* 108 */
77 uint32_t option_format; /* 236 */
78 uint8_t options[DHCP_VEND_LEN];
81 typedef struct dhcp_option_t {
87 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 DISCOVER
88 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 OFFER
89 * INADDR_ANY : 68 -> INADDR_BROADCAST : 67 REQUEST
90 * INADDR_BROADCAST : 68 <- SERVER_IP : 67 ACK
92 static char const *dhcp_header_names[] = {
95 "DHCP-Hardware-Address-Length",
97 "DHCP-Transaction-Id",
98 "DHCP-Number-of-Seconds",
100 "DHCP-Client-IP-Address",
101 "DHCP-Your-IP-Address",
102 "DHCP-Server-IP-Address",
103 "DHCP-Gateway-IP-Address",
104 "DHCP-Client-Hardware-Address",
105 "DHCP-Server-Host-Name",
106 "DHCP-Boot-Filename",
111 static char const *dhcp_message_types[] = {
124 static int dhcp_header_sizes[] = {
135 * Some clients silently ignore responses less than 300 bytes.
137 #define MIN_PACKET_SIZE (244)
138 #define DEFAULT_PACKET_SIZE (300)
139 #define MAX_PACKET_SIZE (1500 - 40)
141 #define DHCP_OPTION_FIELD (0)
142 #define DHCP_FILE_FIELD (1)
143 #define DHCP_SNAME_FIELD (2)
145 static uint8_t *dhcp_get_option(dhcp_packet_t *packet, size_t packet_size,
149 int field = DHCP_OPTION_FIELD;
154 size = packet_size - offsetof(dhcp_packet_t, options);
155 data = &packet->options[where];
157 while (where < size) {
158 if (data[0] == 0) { /* padding */
163 if (data[0] == 255) { /* end of options */
164 if ((field == DHCP_OPTION_FIELD) &&
165 (overload & DHCP_FILE_FIELD)) {
168 size = sizeof(packet->file);
169 field = DHCP_FILE_FIELD;
172 } else if ((field == DHCP_FILE_FIELD) &&
173 (overload & DHCP_SNAME_FIELD)) {
174 data = packet->sname;
176 size = sizeof(packet->sname);
177 field = DHCP_SNAME_FIELD;
185 * We MUST have a real option here.
187 if ((where + 2) > size) {
188 fr_strerror_printf("Options overflow field at %u",
189 (unsigned int) (data - (uint8_t *) packet));
193 if ((where + 2 + data[1]) > size) {
194 fr_strerror_printf("Option length overflows field at %u",
195 (unsigned int) (data - (uint8_t *) packet));
199 if (data[0] == option) return data;
201 if (data[0] == 52) { /* overload sname and/or file */
205 where += data[1] + 2;
213 * DHCPv4 is only for IPv4. Broadcast only works if udpfromto is
216 RADIUS_PACKET *fr_dhcp_recv(int sockfd)
219 struct sockaddr_storage src;
220 struct sockaddr_storage dst;
221 socklen_t sizeof_src;
222 socklen_t sizeof_dst;
223 RADIUS_PACKET *packet;
228 packet = rad_alloc(NULL, false);
230 fr_strerror_printf("Failed allocating packet");
234 packet->data = talloc_zero_array(packet, uint8_t, MAX_PACKET_SIZE);
236 fr_strerror_printf("Out of memory");
241 packet->sockfd = sockfd;
242 sizeof_src = sizeof(src);
243 #ifdef WITH_UDPFROMTO
244 sizeof_dst = sizeof(dst);
245 data_len = recvfromto(sockfd, packet->data, MAX_PACKET_SIZE, 0,
246 (struct sockaddr *)&src, &sizeof_src,
247 (struct sockaddr *)&dst, &sizeof_dst);
249 data_len = recvfrom(sockfd, packet->data, MAX_PACKET_SIZE, 0,
250 (struct sockaddr *)&src, &sizeof_src);
254 fr_strerror_printf("Failed reading DHCP socket: %s", fr_syserror(errno));
259 packet->data_len = data_len;
260 if (packet->data_len < MIN_PACKET_SIZE) {
261 fr_strerror_printf("DHCP packet is too small (%zu < %d)",
262 packet->data_len, MIN_PACKET_SIZE);
267 if (packet->data_len > MAX_PACKET_SIZE) {
268 fr_strerror_printf("DHCP packet is too large (%zx > %d)",
269 packet->data_len, MAX_PACKET_SIZE);
274 if (packet->data[1] != 1) {
275 fr_strerror_printf("DHCP can only receive ethernet requests, not type %02x",
281 if (packet->data[2] != 6) {
282 fr_strerror_printf("Ethernet HW length is wrong length %d",
288 memcpy(&magic, packet->data + 236, 4);
289 magic = ntohl(magic);
290 if (magic != DHCP_OPTION_MAGIC_NUMBER) {
291 fr_strerror_printf("Cannot do BOOTP");
297 * Create unique keys for the packet.
299 memcpy(&magic, packet->data + 4, 4);
300 packet->id = ntohl(magic);
302 code = dhcp_get_option((dhcp_packet_t *) packet->data,
303 packet->data_len, 53);
305 fr_strerror_printf("No message-type option was found in the packet");
310 if ((code[1] < 1) || (code[2] == 0) || (code[2] > 8)) {
311 fr_strerror_printf("Unknown value for message-type option");
316 packet->code = code[2] | PW_DHCP_OFFSET;
319 * Create a unique vector from the MAC address and the
320 * DHCP opcode. This is a hack for the RADIUS
321 * infrastructure in the rest of the server.
323 * Note: packet->data[2] == 6, which is smaller than
324 * sizeof(packet->vector)
326 * FIXME: Look for client-identifier in packet,
329 memset(packet->vector, 0, sizeof(packet->vector));
330 memcpy(packet->vector, packet->data + 28, packet->data[2]);
331 packet->vector[packet->data[2]] = packet->code & 0xff;
334 * FIXME: for DISCOVER / REQUEST: src_port == dst_port + 1
335 * FIXME: for OFFER / ACK : src_port = dst_port - 1
339 * Unique keys are xid, client mac, and client ID?
343 * FIXME: More checks, like DHCP packet type?
346 sizeof_dst = sizeof(dst);
348 #ifndef WITH_UDPFROMTO
350 * This should never fail...
352 if (getsockname(sockfd, (struct sockaddr *) &dst, &sizeof_dst) < 0) {
353 fr_strerror_printf("getsockname failed: %s", fr_syserror(errno));
359 fr_sockaddr2ipaddr(&dst, sizeof_dst, &packet->dst_ipaddr, &port);
360 packet->dst_port = port;
362 fr_sockaddr2ipaddr(&src, sizeof_src, &packet->src_ipaddr, &port);
363 packet->src_port = port;
365 if (fr_debug_flag > 1) {
367 char const *name = type_buf;
368 char src_ip_buf[256], dst_ip_buf[256];
370 if ((packet->code >= PW_DHCP_DISCOVER) &&
371 (packet->code <= PW_DHCP_INFORM)) {
372 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
374 snprintf(type_buf, sizeof(type_buf), "%d",
375 packet->code - PW_DHCP_OFFSET);
378 DEBUG("Received %s of Id %08x from %s:%d to %s:%d\n",
379 name, (unsigned int) packet->id,
380 inet_ntop(packet->src_ipaddr.af,
381 &packet->src_ipaddr.ipaddr,
382 src_ip_buf, sizeof(src_ip_buf)),
384 inet_ntop(packet->dst_ipaddr.af,
385 &packet->dst_ipaddr.ipaddr,
386 dst_ip_buf, sizeof(dst_ip_buf)),
395 * Send a DHCP packet.
397 int fr_dhcp_send(RADIUS_PACKET *packet)
399 struct sockaddr_storage dst;
400 socklen_t sizeof_dst;
401 #ifdef WITH_UDPFROMTO
402 struct sockaddr_storage src;
403 socklen_t sizeof_src;
405 fr_ipaddr2sockaddr(&packet->src_ipaddr, packet->src_port,
409 fr_ipaddr2sockaddr(&packet->dst_ipaddr, packet->dst_port,
412 if (packet->data_len == 0) {
413 fr_strerror_printf("No data to send");
417 if (fr_debug_flag > 1) {
419 char const *name = type_buf;
420 #ifdef WITH_UDPFROMTO
421 char src_ip_buf[INET6_ADDRSTRLEN];
423 char dst_ip_buf[INET6_ADDRSTRLEN];
425 if ((packet->code >= PW_DHCP_DISCOVER) &&
426 (packet->code <= PW_DHCP_INFORM)) {
427 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
429 snprintf(type_buf, sizeof(type_buf), "%d",
430 packet->code - PW_DHCP_OFFSET);
434 #ifdef WITH_UDPFROMTO
435 "Sending %s Id %08x from %s:%d to %s:%d\n",
437 "Sending %s Id %08x to %s:%d\n",
439 name, (unsigned int) packet->id,
440 #ifdef WITH_UDPFROMTO
441 inet_ntop(packet->src_ipaddr.af, &packet->src_ipaddr.ipaddr, src_ip_buf, sizeof(src_ip_buf)),
444 inet_ntop(packet->dst_ipaddr.af, &packet->dst_ipaddr.ipaddr, dst_ip_buf, sizeof(dst_ip_buf)),
448 #ifndef WITH_UDPFROMTO
450 * Assume that the packet is encoded before sending it.
452 return sendto(packet->sockfd, packet->data, packet->data_len, 0,
453 (struct sockaddr *)&dst, sizeof_dst);
456 return sendfromto(packet->sockfd, packet->data, packet->data_len, 0,
457 (struct sockaddr *)&src, sizeof_src,
458 (struct sockaddr *)&dst, sizeof_dst);
462 static int fr_dhcp_attr2vp(RADIUS_PACKET *packet, VALUE_PAIR *vp, uint8_t const *p, size_t alen);
464 static int fr_dhcp_decode_suboption(RADIUS_PACKET *packet, VALUE_PAIR *tlv, uint8_t const *data, size_t data_len)
466 uint8_t const *p, *q;
467 VALUE_PAIR *head, *vp;
471 * Take a pass at parsing it.
477 * The RFC 3046 is very specific about not allowing termination
478 * with a 255 sub-option. But vendors are stupid, so allow it
479 * and the 0 padding sub-option.
480 * This requirement really should be a SHOULD anyway...
492 * Check if reading length would take us past the end of the buffer
494 if (++p >= q) goto malformed;
498 * Check if length > the length of the buffer we have left
500 if (p >= q) goto malformed;
505 * Got here... must be well formed.
508 fr_cursor_init(&cursor, &head);
512 vp = paircreate(packet, tlv->da->attr | (p[0] << 8), DHCP_MAGIC_VENDOR);
518 if (fr_dhcp_attr2vp(packet, vp, p + 2, p[1]) < 0) {
523 fr_cursor_insert(&cursor, vp);
528 * The caller allocated TLV, so we need to copy the FIRST
529 * attribute over top of that.
531 * This is a pretty awful hack, but we should be able to
532 * clean it up when we get nested VPs so lets leave it for
536 /* Cleanup any old TLV data */
537 talloc_free(tlv->vp_tlv);
540 memcpy(tlv, head, sizeof(*tlv));
542 /* If the VP has a talloced value we need to reparent it to the original TLV attribute */
543 switch (head->da->type) {
547 (void) talloc_steal(tlv, head->data.ptr);
552 tlv->next = head->next;
559 tlv->vp_tlv = talloc_array(tlv, uint8_t, data_len);
561 fr_strerror_printf("No memory");
564 memcpy(tlv->vp_tlv, data, data_len);
565 tlv->length = data_len;
572 * Decode ONE value into a VP
574 static int fr_dhcp_attr2vp(RADIUS_PACKET *packet, VALUE_PAIR *vp, uint8_t const *p, size_t alen)
578 switch (vp->da->type) {
580 if (alen != 1) goto raw;
585 if (alen != 2) goto raw;
586 memcpy(&vp->vp_short, p, 2);
587 vp->vp_short = ntohs(vp->vp_short);
590 case PW_TYPE_INTEGER:
591 if (alen != 4) goto raw;
592 memcpy(&vp->vp_integer, p, 4);
593 vp->vp_integer = ntohl(vp->vp_integer);
596 case PW_TYPE_IPV4_ADDR:
597 if (alen != 4) goto raw;
599 * Keep value in Network Order!
601 memcpy(&vp->vp_ipaddr, p , 4);
606 vp->vp_strvalue = q = talloc_array(vp, char, alen + 1);
612 case PW_TYPE_ETHERNET:
613 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
614 vp->length = sizeof(vp->vp_ether);
618 * Value doesn't match up with attribute type, overwrite the
619 * vp's original DICT_ATTR with an unknown one.
622 if (pair2unknown(vp) < 0) return -1;
625 if (alen > 255) return -1;
626 pairmemcpy(vp, p, alen);
630 * For option 82 et al...
633 return fr_dhcp_decode_suboption(packet, vp, p, alen);
636 fr_strerror_printf("Internal sanity check %d %d", vp->da->type, __LINE__);
638 } /* switch over type */
644 ssize_t fr_dhcp_decode_options(RADIUS_PACKET *packet,
645 uint8_t const *data, size_t len, VALUE_PAIR **head)
650 uint8_t const *p, *next;
654 fr_cursor_init(&cursor, head);
657 * FIXME: This should also check sname && file fields.
658 * See the dhcp_get_option() function above.
660 while (next < (data + len)) {
661 int num_entries, alen;
666 if (*p == 0) { /* 0x00 - Padding option */
670 if (*p == 255) break; /* 0xff - End of options signifier */
672 if ((p + 2) > (data + len)) break;
676 da = dict_attrbyvalue(p[0], DHCP_MAGIC_VENDOR);
678 fr_strerror_printf("Attribute not in our dictionary: %u", p[0]);
688 * Could be an array of bytes, integers, etc.
690 if (da->flags.array) {
697 case PW_TYPE_SHORT: /* ignore any trailing data */
698 num_entries = alen >> 1;
702 case PW_TYPE_IPV4_ADDR:
703 case PW_TYPE_INTEGER:
704 case PW_TYPE_DATE: /* ignore any trailing data */
705 num_entries = alen >> 2;
711 break; /* really an internal sanity failure */
716 * Loop over all of the entries, building VPs
718 for (i = 0; i < num_entries; i++) {
719 vp = pairmake(packet, NULL, da->name, NULL, T_OP_ADD);
721 fr_strerror_printf("Cannot build attribute %s", fr_strerror());
726 if (fr_dhcp_attr2vp(packet, vp, p, alen) < 0) {
732 fr_cursor_insert(&cursor, vp);
734 for (vp = fr_cursor_current(&cursor);
736 vp = fr_cursor_next(&cursor)) {
740 } /* loop over array entries */
741 } /* loop over the entire packet */
746 int fr_dhcp_decode(RADIUS_PACKET *packet)
752 VALUE_PAIR *head = NULL, *vp;
753 VALUE_PAIR *maxms, *mtu;
755 fr_cursor_init(&cursor, &head);
758 if ((fr_debug_flag > 2) && fr_log_fp) {
759 for (i = 0; i < packet->data_len; i++) {
760 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", (int) i);
761 fprintf(fr_log_fp, "%02x ", packet->data[i]);
762 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
764 fprintf(fr_log_fp, "\n");
767 if (packet->data[1] != 1) {
768 fr_strerror_printf("Packet is not Ethernet: %u",
776 for (i = 0; i < 14; i++) {
779 vp = pairmake(packet, NULL, dhcp_header_names[i], NULL, T_OP_EQ);
782 strlcpy(buffer, fr_strerror(), sizeof(buffer));
783 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
789 * If chaddr does != 6 bytes it's probably not ethernet, and we should store
790 * it as an opaque type (octets).
792 if ((i == 11) && (packet->data[1] == 1) && (packet->data[2] != sizeof(vp->vp_ether))) {
793 DICT_ATTR const *da = dict_attrunknown(vp->da->attr, vp->da->vendor, true);
800 switch (vp->da->type) {
807 vp->vp_short = (p[0] << 8) | p[1];
811 case PW_TYPE_INTEGER:
812 memcpy(&vp->vp_integer, p, 4);
813 vp->vp_integer = ntohl(vp->vp_integer);
817 case PW_TYPE_IPV4_ADDR:
818 memcpy(&vp->vp_ipaddr, p, 4);
823 vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i] + 1);
825 memcpy(q, p, dhcp_header_sizes[i]);
826 q[dhcp_header_sizes[i]] = '\0';
827 vp->length = strlen(vp->vp_strvalue);
828 if (vp->length == 0) {
834 pairmemcpy(vp, p, packet->data[2]);
837 case PW_TYPE_ETHERNET:
838 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
839 vp->length = sizeof(vp->vp_ether);
843 fr_strerror_printf("BAD TYPE %d", vp->da->type);
847 p += dhcp_header_sizes[i];
852 fr_cursor_insert(&cursor, vp);
856 * Loop over the options.
860 * Nothing uses tail after this call, if it does in the future
861 * it'll need to find the new tail...
864 VALUE_PAIR *options = NULL;
866 if (fr_dhcp_decode_options(packet,
867 packet->data + 240, packet->data_len - 240,
873 fr_cursor_insert(&cursor, options);
878 * If DHCP request, set ciaddr to zero.
882 * Set broadcast flag for broken vendors, but only if
885 memcpy(&giaddr, packet->data + 24, sizeof(giaddr));
886 if (giaddr == htonl(INADDR_ANY)) {
888 * DHCP Opcode is request
890 vp = pairfind(head, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
891 if (vp && vp->vp_integer == 3) {
893 * Vendor is "MSFT 98"
895 vp = pairfind(head, 63, DHCP_MAGIC_VENDOR, TAG_ANY);
896 if (vp && (strcmp(vp->vp_strvalue, "MSFT 98") == 0)) {
897 vp = pairfind(head, 262, DHCP_MAGIC_VENDOR, TAG_ANY);
900 * Reply should be broadcast.
902 if (vp) vp->vp_integer |= 0x8000;
903 packet->data[10] |= 0x80;
909 * FIXME: Nuke attributes that aren't used in the normal
910 * header for discover/requests.
915 * Client can request a LARGER size, but not a smaller
916 * one. They also cannot request a size larger than MTU.
918 maxms = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
919 mtu = pairfind(packet->vps, 26, DHCP_MAGIC_VENDOR, TAG_ANY);
921 if (mtu && (mtu->vp_integer < DEFAULT_PACKET_SIZE)) {
922 fr_strerror_printf("DHCP Fatal: Client says MTU is smaller than minimum permitted by the specification");
926 if (maxms && (maxms->vp_integer < DEFAULT_PACKET_SIZE)) {
927 fr_strerror_printf("DHCP WARNING: Client says maximum message size is smaller than minimum permitted by the specification: fixing it");
928 maxms->vp_integer = DEFAULT_PACKET_SIZE;
931 if (maxms && mtu && (maxms->vp_integer > mtu->vp_integer)) {
932 fr_strerror_printf("DHCP WARNING: Client says MTU is smaller than maximum message size: fixing it");
933 maxms->vp_integer = mtu->vp_integer;
936 if (fr_debug_flag) fflush(stdout);
942 int8_t fr_dhcp_attr_cmp(void const *a, void const *b)
944 VALUE_PAIR const *my_a = a;
945 VALUE_PAIR const *my_b = b;
951 * DHCP-Message-Type is first, for simplicity.
953 if ((my_a->da->attr == 53) && (my_b->da->attr != 53)) return -1;
956 * Relay-Agent is last
958 if ((my_a->da->attr == 82) && (my_b->da->attr != 82)) return 1;
960 if (my_a->da->attr < my_b->da->attr) return -1;
961 if (my_a->da->attr > my_b->da->attr) return 1;
966 /** Write DHCP option value into buffer
968 * Does not include DHCP option length or number.
970 * @param out where to write the DHCP option.
971 * @param outlen length of output buffer.
972 * @param vp option to encode.
973 * @return the length of data writen, -1 if out of buffer, -2 if unsupported type.
975 static ssize_t fr_dhcp_vp2attr(uint8_t *out, size_t outlen, VALUE_PAIR *vp)
980 if (outlen < vp->length) {
984 switch (vp->da->type) {
990 p[0] = (vp->vp_short >> 8) & 0xff;
991 p[1] = vp->vp_short & 0xff;
994 case PW_TYPE_INTEGER:
995 lvalue = htonl(vp->vp_integer);
996 memcpy(p, &lvalue, 4);
999 case PW_TYPE_IPV4_ADDR:
1000 memcpy(p, &vp->vp_ipaddr, 4);
1003 case PW_TYPE_ETHERNET:
1004 memcpy(p, &vp->vp_ether, 6);
1007 case PW_TYPE_STRING:
1008 memcpy(p, vp->vp_strvalue, vp->length);
1011 case PW_TYPE_TLV: /* FIXME: split it on 255? */
1012 memcpy(p, vp->vp_tlv, vp->length);
1015 case PW_TYPE_OCTETS:
1016 memcpy(p, vp->vp_octets, vp->length);
1020 fr_strerror_printf("Unsupported option type %d", vp->da->type);
1027 /** Create a new TLV attribute from multiple sub options
1029 * @param[in,out] ctx to allocate new attribute in.
1030 * @param[in,out] cursor should be set to the start of the list of TLV attributes.
1031 * Will be advanced to the first non-TLV attribute.
1032 * @return attribute holding the concatenation of the values of the sub options.
1034 static VALUE_PAIR *fr_dhcp_vp2suboption(TALLOC_CTX *ctx, vp_cursor_t *cursor)
1037 unsigned int parent; /* Parent attribute of suboption */
1039 uint8_t *p, *opt_len = NULL;
1040 vp_cursor_t to_pack;
1041 VALUE_PAIR *vp, *tlv;
1043 #define SUBOPTION_PARENT(_x) (_x & 0xffff00ff)
1044 #define SUBOPTION_ATTR(_x) ((_x & 0xff00) >> 8)
1046 vp = fr_cursor_current(cursor);
1047 if (!vp) return NULL;
1049 parent = SUBOPTION_PARENT(vp->da->attr);
1050 tlv = paircreate(ctx, parent, DHCP_MAGIC_VENDOR);
1051 if (!tlv) return NULL;
1053 fr_cursor_copy(&to_pack, cursor);
1056 * Loop over TLVs to determine how much memory we need to allocate
1058 * We advanced the cursor we were passed, so if we fail encoding,
1059 * the cursor is at the right position for the next potentially
1062 for (vp = fr_cursor_current(cursor);
1063 vp && vp->da->flags.is_tlv && !vp->da->flags.extended && (SUBOPTION_PARENT(vp->da->attr) == parent);
1064 vp = fr_cursor_next(cursor)) {
1066 * If it's not an array type or is an array type, but is not the same
1067 * as the previous attribute, we add 2 for the additional sub-option
1070 if (!vp->da->flags.array || (SUBOPTION_ATTR(vp->da->attr) != attr)) {
1071 attr = SUBOPTION_ATTR(vp->da->attr);
1074 tlv->length += vp->length;
1077 tlv->vp_tlv = talloc_array(tlv, uint8_t, tlv->length);
1085 for (vp = fr_cursor_current(&to_pack);
1086 vp && vp->da->flags.is_tlv && !vp->da->flags.extended && (SUBOPTION_PARENT(vp->da->attr) == parent);
1087 vp = fr_cursor_next(&to_pack)) {
1088 if (SUBOPTION_ATTR(vp->da->attr) == 0) {
1089 fr_strerror_printf("Invalid attribute number 0");
1093 /* Don't write out the header, were packing array options */
1094 if (!vp->da->flags.array || (attr != SUBOPTION_ATTR(vp->da->attr))) {
1095 attr = SUBOPTION_ATTR(vp->da->attr);
1100 length = fr_dhcp_vp2attr(p, (tlv->vp_tlv + tlv->length) - p, vp);
1101 if ((length < 0) || (length > 255)) {
1114 /** Encode a DHCP option and any sub-options.
1116 * @param out Where to write encoded DHCP attributes.
1117 * @param outlen Length of out buffer.
1118 * @param ctx to use for any allocated memory.
1119 * @param cursor with current VP set to the option to be encoded. Will be advanced to the next option to encode.
1120 * @return > 0 length of data written, < 0 error, 0 not valid option (skipping).
1122 ssize_t fr_dhcp_encode_option(uint8_t *out, size_t outlen, TALLOC_CTX *ctx, vp_cursor_t *cursor)
1125 DICT_ATTR const *previous;
1126 uint8_t *opt_len, *p = out;
1127 size_t freespace = outlen;
1130 vp = fr_cursor_current(cursor);
1133 if (vp->da->vendor != DHCP_MAGIC_VENDOR) goto next; /* not a DHCP option */
1134 if (vp->da->attr == 53) goto next; /* already done */
1135 if ((vp->da->attr > 255) && (DHCP_BASE_ATTR(vp->da->attr) != PW_DHCP_OPTION_82)) goto next;
1137 if (vp->da->flags.extended) {
1139 fr_strerror_printf("Attribute \"%s\" is not a DHCP option", vp->da->name);
1140 fr_cursor_next(cursor);
1144 /* Write out the option number */
1145 *(p++) = vp->da->attr & 0xff;
1147 /* Pointer to the length field of the option */
1150 /* Zero out the option's length field */
1153 /* We just consumed two bytes for the header */
1156 /* DHCP options with the same number get coalesced into a single option */
1158 VALUE_PAIR *tlv = NULL;
1161 if (vp->da->flags.is_tlv) {
1163 * Coalesce TLVs into one sub-option.
1164 * Cursor will be advanced to next non-TLV attribute.
1166 tlv = vp = fr_dhcp_vp2suboption(ctx, cursor);
1169 * Skip if there's an issue coalescing the sub-options.
1170 * Cursor will still have been advanced to next non-TLV attribute.
1174 * If not calling fr_dhcp_vp2suboption() advance the cursor, so fr_cursor_current()
1175 * returns the next attribute.
1178 fr_cursor_next(cursor);
1181 if ((*opt_len + vp->length) > 255) {
1182 fr_strerror_printf("Skipping \"%s\": Option splitting not supported "
1183 "(option > 255 bytes)", vp->da->name);
1188 len = fr_dhcp_vp2attr(p, freespace, vp);
1191 /* Failed encoding option */
1200 } while ((vp = fr_cursor_current(cursor)) && (previous == vp->da) && vp->da->flags.array);
1205 int fr_dhcp_encode(RADIUS_PACKET *packet)
1216 # ifdef WITH_UDPFROMTO
1217 char src_ip_buf[256];
1219 char dst_ip_buf[256];
1222 if (packet->data) return 0;
1224 packet->data_len = MAX_PACKET_SIZE;
1225 packet->data = talloc_zero_array(packet, uint8_t, packet->data_len);
1227 /* XXX Ugly ... should be set by the caller */
1228 if (packet->code == 0) packet->code = PW_DHCP_NAK;
1231 if ((packet->code >= PW_DHCP_DISCOVER) &&
1232 (packet->code <= PW_DHCP_INFORM)) {
1233 name = dhcp_message_types[packet->code - PW_DHCP_OFFSET];
1239 # ifdef WITH_UDPFROMTO
1240 "Encoding %s of id %08x from %s:%d to %s:%d\n",
1242 "Encoding %s of id %08x to %s:%d\n",
1244 name, (unsigned int) packet->id,
1245 # ifdef WITH_UDPFROMTO
1246 inet_ntop(packet->src_ipaddr.af,
1247 &packet->src_ipaddr.ipaddr,
1248 src_ip_buf, sizeof(src_ip_buf)),
1251 inet_ntop(packet->dst_ipaddr.af,
1252 &packet->dst_ipaddr.ipaddr,
1253 dst_ip_buf, sizeof(dst_ip_buf)),
1260 * @todo: Make this work again.
1263 mms = DEFAULT_PACKET_SIZE; /* maximum message size */
1266 * Clients can request a LARGER size, but not a
1267 * smaller one. They also cannot request a size
1271 /* DHCP-DHCP-Maximum-Msg-Size */
1272 vp = pairfind(packet->vps, 57, DHCP_MAGIC_VENDOR, TAG_ANY);
1273 if (vp && (vp->vp_integer > mms)) {
1274 mms = vp->vp_integer;
1276 if (mms > MAX_PACKET_SIZE) mms = MAX_PACKET_SIZE;
1280 vp = pairfind(packet->vps, 256, DHCP_MAGIC_VENDOR, TAG_ANY);
1282 *p++ = vp->vp_integer & 0xff;
1284 *p++ = 1; /* client message */
1287 /* DHCP-Hardware-Type */
1288 if ((vp = pairfind(packet->vps, 257, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1289 *p++ = vp->vp_integer & 0xFF;
1291 *p++ = 1; /* hardware type = ethernet */
1294 /* DHCP-Hardware-Address-Length */
1295 if ((vp = pairfind(packet->vps, 258, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1296 *p++ = vp->vp_integer & 0xFF;
1298 *p++ = 6; /* 6 bytes of ethernet */
1301 /* DHCP-Hop-Count */
1302 if ((vp = pairfind(packet->vps, 259, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1303 *p = vp->vp_integer & 0xff;
1307 /* DHCP-Transaction-Id */
1308 if ((vp = pairfind(packet->vps, 260, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1309 lvalue = htonl(vp->vp_integer);
1313 memcpy(p, &lvalue, 4);
1316 /* DHCP-Number-of-Seconds */
1317 if ((vp = pairfind(packet->vps, 261, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1318 lvalue = htonl(vp->vp_integer);
1319 memcpy(p, &lvalue, 2);
1324 if ((vp = pairfind(packet->vps, 262, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1325 lvalue = htons(vp->vp_integer);
1326 memcpy(p, &lvalue, 2);
1330 /* DHCP-Client-IP-Address */
1331 if ((vp = pairfind(packet->vps, 263, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1332 memcpy(p, &vp->vp_ipaddr, 4);
1336 /* DHCP-Your-IP-address */
1337 if ((vp = pairfind(packet->vps, 264, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1338 lvalue = vp->vp_ipaddr;
1340 lvalue = htonl(INADDR_ANY);
1342 memcpy(p, &lvalue, 4);
1345 /* DHCP-Server-IP-Address */
1346 vp = pairfind(packet->vps, 265, DHCP_MAGIC_VENDOR, TAG_ANY);
1348 /* DHCP-DHCP-Server-Identifier */
1349 if (!vp && (vp = pairfind(packet->vps, 54, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1350 lvalue = vp->vp_ipaddr;
1352 lvalue = htonl(INADDR_ANY);
1354 memcpy(p, &lvalue, 4);
1358 * DHCP-Gateway-IP-Address
1360 if ((vp = pairfind(packet->vps, 266, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1361 lvalue = vp->vp_ipaddr;
1363 lvalue = htonl(INADDR_ANY);
1365 memcpy(p, &lvalue, 4);
1368 /* DHCP-Client-Hardware-Address */
1369 if ((vp = pairfind(packet->vps, 267, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1370 if (vp->length == sizeof(vp->vp_ether)) {
1371 memcpy(p, vp->vp_ether, vp->length);
1372 } /* else ignore it */
1374 p += DHCP_CHADDR_LEN;
1376 /* DHCP-Server-Host-Name */
1377 if ((vp = pairfind(packet->vps, 268, DHCP_MAGIC_VENDOR, TAG_ANY))) {
1378 if (vp->length > DHCP_SNAME_LEN) {
1379 memcpy(p, vp->vp_strvalue, DHCP_SNAME_LEN);
1381 memcpy(p, vp->vp_strvalue, vp->length);
1384 p += DHCP_SNAME_LEN;
1387 * Copy over DHCP-Boot-Filename.
1389 * FIXME: This copy should be delayed until AFTER the options
1390 * have been processed. If there are too many options for
1391 * the packet, then they go into the sname && filename fields.
1392 * When that happens, the boot filename is passed as an option,
1393 * instead of being placed verbatim in the filename field.
1396 /* DHCP-Boot-Filename */
1397 vp = pairfind(packet->vps, 269, DHCP_MAGIC_VENDOR, TAG_ANY);
1399 if (vp->length > DHCP_FILE_LEN) {
1400 memcpy(p, vp->vp_strvalue, DHCP_FILE_LEN);
1402 memcpy(p, vp->vp_strvalue, vp->length);
1407 /* DHCP magic number */
1408 lvalue = htonl(DHCP_OPTION_MAGIC_NUMBER);
1409 memcpy(p, &lvalue, 4);
1415 if (fr_debug_flag > 1) {
1420 for (i = 0; i < 14; i++) {
1423 vp = pairmake(packet, NULL,
1424 dhcp_header_names[i], NULL, T_OP_EQ);
1427 strlcpy(buffer, fr_strerror(), sizeof(buffer));
1428 fr_strerror_printf("Cannot decode packet due to internal error: %s", buffer);
1432 switch (vp->da->type) {
1438 vp->vp_short = (p[0] << 8) | p[1];
1441 case PW_TYPE_INTEGER:
1442 memcpy(&vp->vp_integer, p, 4);
1443 vp->vp_integer = ntohl(vp->vp_integer);
1446 case PW_TYPE_IPV4_ADDR:
1447 memcpy(&vp->vp_ipaddr, p, 4);
1450 case PW_TYPE_STRING:
1451 vp->vp_strvalue = q = talloc_array(vp, char, dhcp_header_sizes[i] + 1);
1453 memcpy(q, p, dhcp_header_sizes[i]);
1454 q[dhcp_header_sizes[i]] = '\0';
1455 vp->length = strlen(vp->vp_strvalue);
1458 case PW_TYPE_OCTETS: /* only for Client HW Address */
1459 pairmemcpy(vp, p, packet->data[2]);
1462 case PW_TYPE_ETHERNET: /* only for Client HW Address */
1463 memcpy(vp->vp_ether, p, sizeof(vp->vp_ether));
1467 fr_strerror_printf("Internal sanity check failed %d %d", vp->da->type, __LINE__);
1472 p += dhcp_header_sizes[i];
1479 * Jump over DHCP magic number, response, etc.
1484 p[0] = 0x35; /* DHCP-Message-Type */
1486 p[2] = packet->code - PW_DHCP_OFFSET;
1491 * Pre-sort attributes into contiguous blocks so that fr_dhcp_encode_option
1492 * operates correctly. This changes the order of the list, but never mind...
1494 pairsort(&packet->vps, fr_dhcp_attr_cmp);
1495 fr_cursor_init(&cursor, &packet->vps);
1498 * Each call to fr_dhcp_encode_option will encode one complete DHCP option,
1501 while ((vp = fr_cursor_current(&cursor))) {
1502 len = fr_dhcp_encode_option(p, packet->data_len - (p - packet->data), packet, &cursor);
1504 if (len > 0) debug_pair(vp);
1508 p[0] = 0xff; /* end of option option */
1511 dhcp_size = p - packet->data;
1514 * FIXME: if (dhcp_size > mms),
1515 * then we put the extra options into the "sname" and "file"
1516 * fields, AND set the "end option option" in the "options"
1517 * field. We also set the "overload option",
1518 * and put options into the "file" field, followed by
1519 * the "sname" field. Where each option is completely
1520 * enclosed in the "file" and/or "sname" field, AND
1521 * followed by the "end of option", and MUST be followed
1522 * by padding option.
1524 * Yuck. That sucks...
1526 packet->data_len = dhcp_size;
1528 if (packet->data_len < DEFAULT_PACKET_SIZE) {
1529 memset(packet->data + packet->data_len, 0,
1530 DEFAULT_PACKET_SIZE - packet->data_len);
1531 packet->data_len = DEFAULT_PACKET_SIZE;
1534 if ((fr_debug_flag > 2) && fr_log_fp) {
1535 fprintf(fr_log_fp, "DHCP Sending %zu bytes\n", packet->data_len);
1536 for (i = 0; i < packet->data_len; i++) {
1537 if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, "%d: ", i);
1538 fprintf(fr_log_fp, "%02x ", packet->data[i]);
1539 if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
1541 fprintf(fr_log_fp, "\n");
1548 int fr_dhcp_add_arp_entry(int fd, char const *interface,
1549 VALUE_PAIR *macaddr, VALUE_PAIR *ip)
1551 struct sockaddr_in *sin;
1555 fr_strerror_printf("No interface specified. Cannot update ARP table");
1559 if (!fr_assert(macaddr) ||
1560 !fr_assert((macaddr->da->type == PW_TYPE_ETHERNET) || (macaddr->da->type == PW_TYPE_OCTETS))) {
1561 fr_strerror_printf("Wrong VP type (%s) for chaddr",
1562 fr_int2str(dict_attr_types, macaddr->da->type, "<invalid>"));
1566 if (macaddr->length > sizeof(req.arp_ha.sa_data)) {
1567 fr_strerror_printf("arp sa_data field too small (%zu octets) to contain chaddr (%zu octets)",
1568 sizeof(req.arp_ha.sa_data), macaddr->length);
1572 memset(&req, 0, sizeof(req));
1573 sin = (struct sockaddr_in *) &req.arp_pa;
1574 sin->sin_family = AF_INET;
1575 sin->sin_addr.s_addr = ip->vp_ipaddr;
1577 strlcpy(req.arp_dev, interface, sizeof(req.arp_dev));
1579 if (macaddr->da->type == PW_TYPE_ETHERNET) {
1580 memcpy(&req.arp_ha.sa_data, &macaddr->vp_ether, sizeof(macaddr->vp_ether));
1582 memcpy(&req.arp_ha.sa_data, macaddr->vp_octets, macaddr->length);
1585 req.arp_flags = ATF_COM;
1586 if (ioctl(fd, SIOCSARP, &req) < 0) {
1587 fr_strerror_printf("Failed to add entry in ARP cache: %s (%d)", fr_syserror(errno), errno);
1594 int fr_dhcp_add_arp_entry(UNUSED int fd, UNUSED char const *interface,
1595 UNUSED VALUE_PAIR *macaddr, UNUSED VALUE_PAIR *ip)
1597 fr_strerror_printf("Adding ARP entry is unsupported on this system");
projects / freeradius.git / blob