SoH and DHCP

Phil Mayers p.mayers at imperial.ac.uk
Wed Jul 20 20:36:56 CEST 2011


On 07/20/2011 06:07 PM, Francois Gaudreault wrote:
> Hi,
>
> I am trying to make the SoH statements to work using the FreeRADIUS
> DHCP. However, I have issues to get the SoH values from the NAP client.
> Maybe someone will be able to help.
>
> On the client side, the DHCP NAP policy is set to enabled.

Unfortunately the SoH DHCP code is unlikely to work very well - I didn't 
quite finish it.

The problem is twofold; first, the SoH payloads are >255 bytes (the max 
size of a DHCP option) so support for DHCP option "continuation" is 
needed; this is doubly tedious because Microsoft use a non-standard 
format for option continuation (main option followed by one or more 
option 240 IIRC)

The second problem is that the constituent DHCP option(s) are themselves 
each >253 bytes, which means they are too big to fit inside a VALUE_PAIR 
structure (which is sized for radius attributes, not DHCP attributes). 
This means there are two unpalatable choices:

  1. Change the VALUE_PAIR union to include a "char dhcpopt[255]" member
  2. Decode DHCP options differently based on length; if <= 253, decode 
into the "octets" member of VALUE_PAIR; if >253, decode into the "tlv" 
pointer-indirection method. This seems... dirty, since you're basically 
using the tlv pointer for options of length 254 or 255 only (although 
you might want to decode option continuation into the same buffer I guess?)

Basically, some code needs adding to the DHCP portion of FreeRADIUS to 
handle DHCP option continuation, and options >253 bytes, before the SoH 
code will work with DHCP.

I don't have much time at the moment, but I might see if I can get this 
working tomorrow.

Cheers,
Phil



More information about the Freeradius-Users mailing list