SoH and DHCP
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jul 20 20:36:56 CEST 2011
On 07/20/2011 06:07 PM, Francois Gaudreault wrote:
> Hi,
>
> I am trying to make the SoH statements to work using the FreeRADIUS
> DHCP. However, I have issues to get the SoH values from the NAP client.
> Maybe someone will be able to help.
>
> On the client side, the DHCP NAP policy is set to enabled.
Unfortunately the SoH DHCP code is unlikely to work very well - I didn't
quite finish it.
The problem is twofold; first, the SoH payloads are >255 bytes (the max
size of a DHCP option) so support for DHCP option "continuation" is
needed; this is doubly tedious because Microsoft use a non-standard
format for option continuation (main option followed by one or more
option 240 IIRC)
The second problem is that the constituent DHCP option(s) are themselves
each >253 bytes, which means they are too big to fit inside a VALUE_PAIR
structure (which is sized for radius attributes, not DHCP attributes).
This means there are two unpalatable choices:
1. Change the VALUE_PAIR union to include a "char dhcpopt[255]" member
2. Decode DHCP options differently based on length; if <= 253, decode
into the "octets" member of VALUE_PAIR; if >253, decode into the "tlv"
pointer-indirection method. This seems... dirty, since you're basically
using the tlv pointer for options of length 254 or 255 only (although
you might want to decode option continuation into the same buffer I guess?)
Basically, some code needs adding to the DHCP portion of FreeRADIUS to
handle DHCP option continuation, and options >253 bytes, before the SoH
code will work with DHCP.
I don't have much time at the moment, but I might see if I can get this
working tomorrow.
Cheers,
Phil
More information about the Freeradius-Users
mailing list