dhcp_options xlat with ERX-Dhcp-Options
Peter Lambrechtsen
peter at crypt.co.nz
Mon Apr 15 06:59:10 CEST 2013
On Mon, Apr 15, 2013 at 8:45 AM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:
> >
> >
> > I suspect I may need to fully re-write the PROTO_DHCP module to get it
> to complie without too much drama onto FreeRadius 2.1.12 as that's the
> version we are running due to it being supported by RHEL 6.3. Or hack it
> with a rlm_perl script.
> >
>
> V2 head also has the xlat function, see xlat.c. Bundle it and its
> dependencies in a new module if you're intent on using 2.1.12.
>
Cheers, I have managed to hack something together which seems to work, and
I am getting the decode I expect after I modified the dictionary.dhcp to
have the DHCP-Relay-Circuit-Id and DHCP-Relay-Remote-Id to be string rather
than octet.
++[files] returns ok
DHCP-Message-Type += DHCP-Discover
DHCP-Client-Identifier += 00:19:c7:f9:fb:df
DHCP-Vendor-Class-Identifier += "dslforum.org"
DHCP-DHCP-Maximum-Msg-Size += 576
DHCP-Parameter-Request-List += DHCP-Subnet-Mask
DHCP-Parameter-Request-List += DHCP-Router-Address
DHCP-Parameter-Request-List += DHCP-Domain-Name-Server
DHCP-Parameter-Request-List += DHCP-Hostname
DHCP-Parameter-Request-List += DHCP-Domain-Name
DHCP-Parameter-Request-List += DHCP-Broadcast-Address
DHCP-Parameter-Request-List += DHCP-NTP-Servers
DHCP-Parameter-Request-List += DHCP-Vendor
DHCP-Parameter-Request-List += DHCP-TFTP-Server-Name
DHCP-Relay-Circuit-Id = "WN-POLT01 eth 1/1/01/05/5/14/1:10"
DHCP-Relay-Remote-Id = "CHORUS1634567895"
expand: %{dhcp_options:ERX-Dhcp-Options} -> 15
++[request] returns ok
Which is brilliant :)
Now I just need to figure out how to re-encode into the hex string from the
TLVs of Option 43.
> Any suggestions on the best way to manipulate the octet string?
>
> Regex with capture groups. Binary attributes get converted to hex strings
> for the purpose of regex. When you assign a hex string (prefixed with 0x)
> to an attribute of type octets FreeRADIUS will do the conversion for you.
>
I think this may be the only way.
Ideally I would like to reverse what the decode is doing, and be able to
set TLV VSAs and have the regex preform the opposite. But my c fu isn't
that strong so I am going to hunt down someone who may be able to help.
IE going from:
DHCP-Vendor-ACS = "http://sip.config.co.nz:8080/openacs/acs"
DHCP-Vendor-User = "USR1"
DHCP-Vendor-Password = "USR1"
With this in the dictionary.dhcp:
# N Vendor Specific Information
ATTRIBUTE DHCP-Vendor 43 tlv
BEGIN-TLV DHCP-Vendor
ATTRIBUTE DHCP-Vendor-ACS 1 string
ATTRIBUTE DHCP-Vendor-User 2 string
ATTRIBUTE DHCP-Vendor-Password 254 string
END-TLV DHCP-Vendor
Using something like:
update reply {
ERX-Dhcp-Options :=
"%{encode_dhcp_options:DHCP-Vendor-ACS,DHCP-Vendor-User,DHCP-Vendor-Password}"
}
Or just specify the top level VSA so the encode knows to take all the TLVs
underneath so:
update reply {
ERX-Dhcp-Options := "%{encode_dhcp_options:DHCP-Vendor}"
}
Would suffice and end up with something like:
ERX-Dhcp-Options :=
0x2b360128687474703a2f2f7369702e636f6e6669672e636f2e6e7a3a383038302f6f70656e6163732f616373020455535231fe0455535231
That would be handy :)
>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130415/549ed08b/attachment.html>
More information about the Freeradius-Devel
mailing list