--enable-developer

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sat Nov 3 22:16:13 CET 2012 

On 3 Nov 2012, at 14:19, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:

> 
> On 3 Nov 2012, at 12:31, Bjørn Mork <bjorn at mork.no> wrote:
> 
>> Arran Cudbard-Bell <a.cudbardb at freeradius.org> writes:
>> 
>>> There's also a new xlat expansion %{dhcp_options:}. Some switch
>>> vendors offer DHCP to RADIUS gateways, but don't define their own VSAs
>>> to represent DHCP options, so include the DHCP options from the DHCP
>>> packet as an opaque blob of binary data packed into a single VSA.
>>> 
>>> Seeing as the server already has the code to parse dhcp options, it
>>> seemed like a fun hack to expose it as an xlat
>>> function. %{dhcp_options:} takes an attribute reference with
>>> qualifiers, and expands to the number of options in the blob. During
>>> expansion it adds all the options it finds in the blob to the request
>>> list with +=, using the FR DHCP dictionary.
>>> 
>>> If anyone knows of other vendors besides the lazy lazy French one
>>> doing this, please let me know.
>> 
>> I'm not sure what you are referring to here, but if I understand this
>> feature correctly then I believe it will be useful with Juniper JUNOS
>> and JUNOSe access routers as well.  Newer versions decode some of the
>> more useful DHCP options and provide them in separate attributes, but
>> the raw list of all DHCP options is also available.  E.g:
>> 
>> ERX-Dhcp-Options = "5\001\0012\004\224z\247\0057\0103:;\001y\003!\006R'\001\033DSA13FBU atm 1/1/01/23:8.35\002\01067676775"
>> 
>> I assume this is what the new xlat will decode?  That is very useful.
> 
> Yes. Though it looks like ERX-Dhcp-Options is defined wrongly as a string in the vendor's dictionary, i'll go fix that...

Heh. So it works as is, with no additional hacks.

        update request {
                Tmp-Octets-0 := "0x3501013204947aa7053708333a3b01790321065227011b44534131334642552061746d20312f312f30312f32333a382e333502083637363736373735"
        }

        update request {
                Tmp-Integer-0 := "%{dhcp_options:Tmp-Octets-0}"
        }

        update request {
                Tmp-String-0 := "%{string:DHCP-Relay-Circuit-Id}"
                Tmp-String-1 := "%{string:DHCP-Relay-Remote-ID}"
        }

(0)   update request {
	DHCP-Message-Type += DHCP-Discover
	DHCP-Requested-IP-Address += 148.x.x.x (removed because i'm nice :) )
	DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time
	DHCP-Parameter-Request-List += DHCP-Renewal-Time
	DHCP-Parameter-Request-List += DHCP-Rebinding-Time
	DHCP-Parameter-Request-List += DHCP-Subnet-Mask
	DHCP-Parameter-Request-List += DHCP-Classless-Static-Route
	DHCP-Parameter-Request-List += DHCP-Router-Address
	DHCP-Parameter-Request-List += DHCP-Static-Routes
	DHCP-Parameter-Request-List += DHCP-Domain-Name-Server
	DHCP-Relay-Circuit-Id = 0x44534131334642552061746d20312f312f30312f32333a382e3335
	DHCP-Relay-Remote-Id = 0x3637363736373735
(0) 	expand: %{dhcp_options:Tmp-Octets-0} -> 12
(0)   } # update request = notfound
(0)   update request {
(0) 	expand: %{string:DHCP-Relay-Circuit-Id} -> DSA13FBU atm 1/1/01/23:8.35
(0) 	expand: %{string:DHCP-Relay-Remote-ID} -> 67676775
(0)   } # update request = notfound

Sweet :)

-Arran

More information about the Freeradius-Devel mailing list