dhcp_options xlat with ERX-Dhcp-Options

Peter Lambrechtsen peter at crypt.co.nz
Fri Apr 19 03:39:52 CEST 2013


On Tue, Apr 16, 2013 at 8:59 AM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

>
> On 15 Apr 2013, at 00:59, Peter Lambrechtsen <peter at crypt.co.nz> wrote:
>
> > On Mon, Apr 15, 2013 at 8:45 AM, Arran Cudbard-Bell <
> a.cudbardb at freeradius.org> wrote:
> > >
> > >
> > > I suspect I may need to fully re-write the PROTO_DHCP module to get it
> to complie without too much drama onto FreeRadius 2.1.12 as that's the
> version we are running due to it being supported by RHEL 6.3.  Or hack it
> with a rlm_perl script.
> > >
> >
> > V2 head also has the xlat function, see xlat.c. Bundle it and its
> dependencies in a new module if you're intent on using 2.1.12.
> >
> > Cheers, I have managed to hack something together which seems to work,
> and I am getting the decode I expect after I modified the dictionary.dhcp
> to have the DHCP-Relay-Circuit-Id and DHCP-Relay-Remote-Id to be string
> rather than octet.
>
> You can use %{string:} to expand a binary attribute to a string. They're
> octets because that's what the RFCs say they should be.
>

Cheers, that works fine for what I am looking to do.  Seems a bit strange
that RFC 4679 for the ADSL-Agent-Remote-ID does specify string, whereas RFC
3046 for the DHCP-Agent-Remote-ID is octets... How silly is that :)
But I am now working fine with the %{string: to convert the octet value.


>
> > ++[files] returns ok
> >         DHCP-Message-Type += DHCP-Discover
> >         DHCP-Client-Identifier += 00:19:c7:f9:fb:df
> >         DHCP-Vendor-Class-Identifier += "dslforum.org"
> >         DHCP-DHCP-Maximum-Msg-Size += 576
> >         DHCP-Parameter-Request-List += DHCP-Subnet-Mask
> >         DHCP-Parameter-Request-List += DHCP-Router-Address
> >         DHCP-Parameter-Request-List += DHCP-Domain-Name-Server
> >         DHCP-Parameter-Request-List += DHCP-Hostname
> >         DHCP-Parameter-Request-List += DHCP-Domain-Name
> >         DHCP-Parameter-Request-List += DHCP-Broadcast-Address
> >         DHCP-Parameter-Request-List += DHCP-NTP-Servers
> >         DHCP-Parameter-Request-List += DHCP-Vendor
> >         DHCP-Parameter-Request-List += DHCP-TFTP-Server-Name
> >         DHCP-Relay-Circuit-Id = "WN-POLT01 eth 1/1/01/05/5/14/1:10"
> >         DHCP-Relay-Remote-Id = "CHORUS1634567895"
> >         expand: %{dhcp_options:ERX-Dhcp-Options} -> 15
> > ++[request] returns ok
> >
> > Which is brilliant :)
>
> Yeah it's a fun hack.
>
> > Ideally I would like to reverse what the decode is doing, and be able to
> set TLV VSAs and have the regex preform the opposite.  But my c fu isn't
> that strong so I am going to hunt down someone who may be able to help.
> >
> > IE going from:
> >
> >         DHCP-Vendor-ACS = "http://sip.config.co.nz:8080/openacs/acs"
> >         DHCP-Vendor-User = "USR1"
> >         DHCP-Vendor-Password = "USR1"
> >
> > With this in the dictionary.dhcp:
> >
> > # N Vendor Specific Information
> > ATTRIBUTE       DHCP-Vendor                             43      tlv
> > BEGIN-TLV       DHCP-Vendor
> > ATTRIBUTE       DHCP-Vendor-ACS                         1       string
> > ATTRIBUTE       DHCP-Vendor-User                        2       string
> > ATTRIBUTE       DHCP-Vendor-Password                    254     string
> > END-TLV         DHCP-Vendor
> >
> >
> > Using something like:
> >
> >         update reply {
> >                 ERX-Dhcp-Options :=
> "%{encode_dhcp_options:DHCP-Vendor-ACS,DHCP-Vendor-User,DHCP-Vendor-Password}"
> >         }
> >
> > Or just specify the top level VSA so the encode knows to take all the
> TLVs underneath so:
> >
> >         update reply {
> >                 ERX-Dhcp-Options := "%{encode_dhcp_options:DHCP-Vendor}"
> >         }
> >
> > Would suffice and end up with something like:
> >
> > ERX-Dhcp-Options :=
> 0x2b360128687474703a2f2f7369702e636f6e6669672e636f2e6e7a3a383038302f6f70656e6163732f616373020455535231fe0455535231
> >
> > That would be handy :)
>
> The best way to do it would probably be "0x%{dhcp_option:<attribute
> ref>}%{dhcp_option:<attribute ref>}".
>
> There are examples of xlats processing attribute references in xlat.c, you
> could probably just snprintf fields from the VP to the buffer as hex.
>
> vp->attribute ~> code (DHCP and RADIUS both use 8bit attribute/option
> identifiers)
> vp->length ~> length
> vp->vp_octets ~> data
>
> You may need specific encoding for some options, but I think the ones
> you're interested in should be ok.
>

I'm still working on how best I can hack this... I suspect perl may be an
easier & more supportable option.

Thanks for all your help :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20130419/0aba4446/attachment-0001.html>


More information about the Freeradius-Devel mailing list