dhcp xlat for encoding DHCP options in RADIUS attributes
Peter Lambrechtsen
peter at crypt.nz
Tue Mar 6 06:51:16 CET 2018
I wrote it in perl to encode the DHCP Option 43 TLVs.
- mods-enabled/perl.dhcpoption43
perl perl.dhcpoption43 {
filename = ${modconfdir}/${.:instance}/perlfunc.pl
func_authenticate = perlfunc
func_authorize = perlfunc
}
and
- mods-config/perl.dhcpoption43/perlfunc.pl
sub perlfunc {
my $RemoteID = $RAD_REQUEST{'RemoteID'};
my $acsstring = "http://acs:80/cpe.php";
my $PackURL = convert("val" => "1", "string" => $acsstring);
my $PackPass = convert("val" => "2", "string" => "voip" );
my $PackRemoteID = convert("val" => "254", "string" => $RemoteID );
my $TotalString = $PackURL . $PackPass . $PackRemoteID;
my $PackTotal = pack ("H*",$TotalString);
my $FinalString = convert("val" => "43", "string" => $PackTotal);
# &radiusd::radlog(1, "DHCP Option 43 Final String : $FinalString");
# Add DHCP options to radius reply
$RAD_REPLY{'Alc-ToClient-Dhcp-Options'} = pack ("H*",$FinalString);
return RLM_MODULE_OK;
}
sub convert {
my %argv = @_;
my $val = sprintf("%02x",$argv{'val'});
my $instring = $argv{'string'};
my $hexstring = unpack ("H*",$instring);
my $hexstringlength = sprintf("%02x",length($instring));
my $resultstring = $val . $hexstringlength . $hexstring;
return $resultstring
}
Enjoy
Peter
On Tue, Mar 6, 2018 at 6:33 PM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:
>
>
> > On Mar 6, 2018, at 9:06 AM, Nathan Ward <lists+freeradius at daork.net>
> wrote:
> >
> > Hi,
> >
> > I did a bit of digging around in the archives, I’m trying to do
> effectively what Peter was doing in this thread:
> http://lists.freeradius.org/pipermail/freeradius-devel/
> 2013-April/007974.html
> > Actually not effectively, quite literally, for literally the same
> service offered by the same provider in the same market :)
> >
> > I am aware of dhcp_options xlat for *decoding* DHCP options. I am
> looking to encode DHCP options for transmitting to the NAS.
> >
> > I note that Arran has implemented an xlat called ‘dhcp’ since then,
> looks like it’s based on discussions from that thread, but I’m not sure how
> it should be used. I’ve defined some attributes similar to the thread
> above, but with the ‘dot notation’ format rather than the ‘BEGIN TLV’ type
> format. Additionally, I changed the type of ‘DHCP-Vendor’ to ‘tlv’. It was
> set to “octets # tlv”.. which I’m not sure how to interpret, but FreeRADIUS
> refused to start when it was set to that as the sub options expect it to be
> a TLV, which seems reasonable.
> > This is in my dictionary.dhcp, in amongst everything else - the first
> lines is modified as I describe above, the others are new.
> > ATTRIBUTE DHCP-Vendor 43 tlv
> > ATTRIBUTE DHCP-Vendor-URL 43.1 string
> > ATTRIBUTE DHCP-Vendor-Pass 43.2 string
> > ATTRIBUTE DHCP-Vendor-CPEID 43.253 string
> >
> >
> > If I do ‘ERX-Dhcp-Options = “0x%{dhcp:DHCP-Vendor-URL}”’ after setting
> DHCP-Vendor-URL, it tells me that it’s not a DHCP option, and I get an
> empty option. If I try set it to “0x%{dhcp:DHCP-Vendor}”, it gets set to
> empty, and it doesn’t get transmitted in the RADIUS packet. I have also
> tried things like %{dhcp:&DHCP-Vendor} and so on, but same result.
>
> You have the usage right, but the options need to be defined inside the
> DHCP dictionary (share/dictionary.dhcp) inside the vendor block. The vendor
> block was a hack to avoid implementing protocol specific dictionaries
> (which are a lot of effort).
>
> -Arran
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
More information about the Freeradius-Users
mailing list