dhcp_options xlat with ERX-Dhcp-Options
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Apr 15 22:59:21 CEST 2013
On 15 Apr 2013, at 00:59, Peter Lambrechtsen <peter at crypt.co.nz> wrote:
> On Mon, Apr 15, 2013 at 8:45 AM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> >
> >
> > I suspect I may need to fully re-write the PROTO_DHCP module to get it to complie without too much drama onto FreeRadius 2.1.12 as that's the version we are running due to it being supported by RHEL 6.3. Or hack it with a rlm_perl script.
> >
>
> V2 head also has the xlat function, see xlat.c. Bundle it and its dependencies in a new module if you're intent on using 2.1.12.
>
> Cheers, I have managed to hack something together which seems to work, and I am getting the decode I expect after I modified the dictionary.dhcp to have the DHCP-Relay-Circuit-Id and DHCP-Relay-Remote-Id to be string rather than octet.
You can use %{string:} to expand a binary attribute to a string. They're octets because that's what the RFCs say they should be.
> ++[files] returns ok
> DHCP-Message-Type += DHCP-Discover
> DHCP-Client-Identifier += 00:19:c7:f9:fb:df
> DHCP-Vendor-Class-Identifier += "dslforum.org"
> DHCP-DHCP-Maximum-Msg-Size += 576
> DHCP-Parameter-Request-List += DHCP-Subnet-Mask
> DHCP-Parameter-Request-List += DHCP-Router-Address
> DHCP-Parameter-Request-List += DHCP-Domain-Name-Server
> DHCP-Parameter-Request-List += DHCP-Hostname
> DHCP-Parameter-Request-List += DHCP-Domain-Name
> DHCP-Parameter-Request-List += DHCP-Broadcast-Address
> DHCP-Parameter-Request-List += DHCP-NTP-Servers
> DHCP-Parameter-Request-List += DHCP-Vendor
> DHCP-Parameter-Request-List += DHCP-TFTP-Server-Name
> DHCP-Relay-Circuit-Id = "WN-POLT01 eth 1/1/01/05/5/14/1:10"
> DHCP-Relay-Remote-Id = "CHORUS1634567895"
> expand: %{dhcp_options:ERX-Dhcp-Options} -> 15
> ++[request] returns ok
>
> Which is brilliant :)
Yeah it's a fun hack.
> Ideally I would like to reverse what the decode is doing, and be able to set TLV VSAs and have the regex preform the opposite. But my c fu isn't that strong so I am going to hunt down someone who may be able to help.
>
> IE going from:
>
> DHCP-Vendor-ACS = "http://sip.config.co.nz:8080/openacs/acs"
> DHCP-Vendor-User = "USR1"
> DHCP-Vendor-Password = "USR1"
>
> With this in the dictionary.dhcp:
>
> # N Vendor Specific Information
> ATTRIBUTE DHCP-Vendor 43 tlv
> BEGIN-TLV DHCP-Vendor
> ATTRIBUTE DHCP-Vendor-ACS 1 string
> ATTRIBUTE DHCP-Vendor-User 2 string
> ATTRIBUTE DHCP-Vendor-Password 254 string
> END-TLV DHCP-Vendor
>
>
> Using something like:
>
> update reply {
> ERX-Dhcp-Options := "%{encode_dhcp_options:DHCP-Vendor-ACS,DHCP-Vendor-User,DHCP-Vendor-Password}"
> }
>
> Or just specify the top level VSA so the encode knows to take all the TLVs underneath so:
>
> update reply {
> ERX-Dhcp-Options := "%{encode_dhcp_options:DHCP-Vendor}"
> }
>
> Would suffice and end up with something like:
>
> ERX-Dhcp-Options := 0x2b360128687474703a2f2f7369702e636f6e6669672e636f2e6e7a3a383038302f6f70656e6163732f616373020455535231fe0455535231
>
> That would be handy :)
The best way to do it would probably be "0x%{dhcp_option:<attribute ref>}%{dhcp_option:<attribute ref>}".
There are examples of xlats processing attribute references in xlat.c, you could probably just snprintf fields from the VP to the buffer as hex.
vp->attribute ~> code (DHCP and RADIUS both use 8bit attribute/option identifiers)
vp->length ~> length
vp->vp_octets ~> data
You may need specific encoding for some options, but I think the ones you're interested in should be ok.
-Arran
More information about the Freeradius-Devel
mailing list