dhcp_options xlat with ERX-Dhcp-Options

Peter Lambrechtsen peter at crypt.co.nz
Mon Apr 15 06:59:10 CEST 2013


On Mon, Apr 15, 2013 at 8:45 AM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

> >
> >
> > I suspect I may need to fully re-write the PROTO_DHCP module to get it
> to complie without too much drama onto FreeRadius 2.1.12 as that's the
> version we are running due to it being supported by RHEL 6.3.  Or hack it
> with a rlm_perl script.
> >
>
> V2 head also has the xlat function, see xlat.c. Bundle it and its
> dependencies in a new module if you're intent on using 2.1.12.
>

Cheers, I have managed to hack something together which seems to work, and
I am getting the decode I expect after I modified the dictionary.dhcp to
have the DHCP-Relay-Circuit-Id and DHCP-Relay-Remote-Id to be string rather
than octet.

++[files] returns ok
        DHCP-Message-Type += DHCP-Discover
        DHCP-Client-Identifier += 00:19:c7:f9:fb:df
        DHCP-Vendor-Class-Identifier += "dslforum.org"
        DHCP-DHCP-Maximum-Msg-Size += 576
        DHCP-Parameter-Request-List += DHCP-Subnet-Mask
        DHCP-Parameter-Request-List += DHCP-Router-Address
        DHCP-Parameter-Request-List += DHCP-Domain-Name-Server
        DHCP-Parameter-Request-List += DHCP-Hostname
        DHCP-Parameter-Request-List += DHCP-Domain-Name
        DHCP-Parameter-Request-List += DHCP-Broadcast-Address
        DHCP-Parameter-Request-List += DHCP-NTP-Servers
        DHCP-Parameter-Request-List += DHCP-Vendor
        DHCP-Parameter-Request-List += DHCP-TFTP-Server-Name
        DHCP-Relay-Circuit-Id = "WN-POLT01 eth 1/1/01/05/5/14/1:10"
        DHCP-Relay-Remote-Id = "CHORUS1634567895"
        expand: %{dhcp_options:ERX-Dhcp-Options} -> 15
++[request] returns ok

Which is brilliant :)

Now I just need to figure out how to re-encode into the hex string from the
TLVs of Option 43.

 > Any suggestions on the best way to manipulate the octet string?
>
> Regex with capture groups. Binary attributes get converted to hex strings
> for the purpose of regex. When you assign a hex string (prefixed with 0x)
> to an attribute of type octets FreeRADIUS will do the conversion for you.
>

I think this may be the only way.

Ideally I would like to reverse what the decode is doing, and be able to
set TLV VSAs and have the regex preform the opposite.  But my c fu isn't
that strong so I am going to hunt down someone who may be able to help.

IE going from:

        DHCP-Vendor-ACS = "http://sip.config.co.nz:8080/openacs/acs"
        DHCP-Vendor-User = "USR1"
        DHCP-Vendor-Password = "USR1"

With this in the dictionary.dhcp:

# N Vendor Specific Information
ATTRIBUTE       DHCP-Vendor                             43      tlv
BEGIN-TLV       DHCP-Vendor
ATTRIBUTE       DHCP-Vendor-ACS                         1       string
ATTRIBUTE       DHCP-Vendor-User                        2       string
ATTRIBUTE       DHCP-Vendor-Password                    254     string
END-TLV         DHCP-Vendor


Using something like:

        update reply {
                ERX-Dhcp-Options :=
"%{encode_dhcp_options:DHCP-Vendor-ACS,DHCP-Vendor-User,DHCP-Vendor-Password}"
        }

Or just specify the top level VSA so the encode knows to take all the TLVs
underneath so:

        update reply {
                ERX-Dhcp-Options := "%{encode_dhcp_options:DHCP-Vendor}"
        }

Would suffice and end up with something like:

ERX-Dhcp-Options :=
0x2b360128687474703a2f2f7369702e636f6e6669672e636f2e6e7a3a383038302f6f70656e6163732f616373020455535231fe0455535231

That would be handy :)


>
> Arran Cudbard-Bell <a.cudbardb at freeradius.org>
> FreeRADIUS Development Team
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130415/549ed08b/attachment.html>


More information about the Freeradius-Devel mailing list