[master] function fr_dhcpv4_encode is badly broken

classic Classic list List threaded Threaded
7 messages Options
| Threaded
Open this post in threaded view
|

[master] function fr_dhcpv4_encode is badly broken

Devel mailing list
Likely since this commit:
https://github.com/FreeRADIUS/freeradius-server/commit/3f3afcee211407fb293186416241a149136a7464


For example, using dhcpclient:
echo "DHCP-Client-Hardware-Address=44:48:42:66:00:5a, DHCP-Transaction-Id=42, DHCP-Gateway-IP-Address=10.11.19.3, Packet-Src-Port=67, Packet-Src-IP-Address=10.11.19.3" | dhcpclient 10.11.19.28 discover


Result before (it's working, although the trace looks a bit odd: some things are displayed twice...):

Sending DHCP-Discover Id 0000002a from 10.11.19.3:67 to 10.11.19.28:67 length 300
        DHCP-Client-Hardware-Address = 44:48:42:66:00:5a
        DHCP-Transaction-Id = 42
        DHCP-Gateway-IP-Address = 10.11.19.3
        Packet-Src-Port = 67
        Packet-Src-IP-Address = 10.11.19.3
        DHCP-Opcode = Client-Message
        DHCP-Hardware-Type = Ethernet
        DHCP-Hardware-Address-Length = 6
        DHCP-Hop-Count = 0
        DHCP-Transaction-Id = 42
        DHCP-Number-of-Seconds = 0
        DHCP-Flags = 0
        DHCP-Client-IP-Address = 0.0.0.0
        DHCP-Your-IP-Address = 0.0.0.0
        DHCP-Server-IP-Address = 0.0.0.0
        DHCP-Gateway-IP-Address = 10.11.19.3
        DHCP-Client-Hardware-Address = 44:48:42:66:00:5a
        DHCP-Message-Type = DHCP-Discover
        DHCP-Network-Subnet = 10.11.19.3/32
Received DHCP-Offer Id 0000002a from 10.11.19.28:67 to 10.11.19.3:67 via eth1 length 306
(...)


Now (KO):
Some fields are wrong, for example: the first "DHCP-Gateway-IP-Address" is the value provided, but the second is reversed.
There is a "DHCP-Server-Host-Name", "DHCP-Message-Type" is missing, etc.

Sending DHCP-Discover Id 0000002a from 10.11.19.3:67 to 10.11.19.28:67 length 300
        DHCP-Client-Hardware-Address = 44:48:42:66:00:5a
        DHCP-Transaction-Id = 42
        DHCP-Gateway-IP-Address = 10.11.19.3
        Packet-Src-Port = 67
        Packet-Src-IP-Address = 10.11.19.3
        DHCP-Opcode = Client-Message
        DHCP-Hardware-Type = 0
        DHCP-Hardware-Address-Length = 0
        DHCP-Hop-Count = 0
        DHCP-Transaction-Id = 42
        DHCP-Number-of-Seconds = 0
        DHCP-Flags = 0
        DHCP-Client-IP-Address = 0.0.0.0
        DHCP-Your-IP-Address = 0.0.0.0
        DHCP-Server-IP-Address = 0.0.0.0
        DHCP-Gateway-IP-Address = 3.19.11.10
        DHCP-Server-Host-Name = "\001\006DHBf"
        DHCP-Network-Subnet = 3.19.11.10/32



Regards,
Nicolas.

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: [master] function fr_dhcpv4_encode is badly broken

Alan DeKok-2


> On Nov 6, 2020, at 10:23 AM, Chaigneau, Nicolas via Freeradius-Devel <[hidden email]> wrote:
>
> Likely since this commit:
> https://github.com/FreeRADIUS/freeradius-server/commit/3f3afcee211407fb293186416241a149136a7464

  Whoops.  We'll take a look.

  The unit tests should really catch things like this.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: [master] function fr_dhcpv4_encode is badly broken

Alan DeKok-2
In reply to this post by Devel mailing list
On Nov 6, 2020, at 10:23 AM, Chaigneau, Nicolas via Freeradius-Devel <[hidden email]> wrote:
> For example, using dhcpclient:
> echo "DHCP-Client-Hardware-Address=44:48:42:66:00:5a, DHCP-Transaction-Id=42, DHCP-Gateway-IP-Address=10.11.19.3, Packet-Src-Port=67, Packet-Src-IP-Address=10.11.19.3" | dhcpclient 10.11.19.28 discover
>
>
> Result before (it's working, although the trace looks a bit odd: some things are displayed twice...):

  It used to print the header field names and values, and then *also* any attributes in the packet.  If the packet included attributes for the header, those attributes would be printed twice.

> Some fields are wrong, for example: the first "DHCP-Gateway-IP-Address" is the value provided, but the second is reversed.

  OK, the first time it prints it out normally, the second time it perhaps has an incorrect htonl()?

> There is a "DHCP-Server-Host-Name", "DHCP-Message-Type" is missing, etc.

  DHCP-Server-host-Name is there, but it's garbage.

  What does the actual packet look like?

  i.e. is this just a *debug output* issue, or is the packet wrong?

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: [master] function fr_dhcpv4_encode is badly broken

Alan DeKok-2
In reply to this post by Devel mailing list
On Nov 6, 2020, at 10:23 AM, Chaigneau, Nicolas via Freeradius-Devel <[hidden email]> wrote:
>
> Likely since this commit:
> https://github.com/FreeRADIUS/freeradius-server/commit/3f3afcee211407fb293186416241a149136a7464

  I've pushed a fix for some things.  Turns out the encoder was wrong :(.   Our regression tests should have caught that.

  It still prints out some attributes twice.  That isn't a huge problem, but it is confusing.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

RE: [master] function fr_dhcpv4_encode is badly broken

Devel mailing list

It's still not working.
It seems hardware type and len are not set.

Here is the packet data:

0000   01 00 00 00 00 00 00 2a 00 00 00 00 00 00 00 00
0010   00 00 00 00 00 00 00 00 0a 0b 13 03 01 06 44 48
0020   42 66 00 5a 00 00 00 00 00 00 00 00 00 00 00 00
0030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00a0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00b0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00c0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00d0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00e0   00 00 00 00 63 82 53 63 35 01 01 03 ff 00 00 00
00f0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0120   00 00 00 00 00 00 00 00 00 00 00 00


I have a .pcap file, if that can help ?
I'm looking at it with Wireshark, which shows the following:

Internet Protocol Version 4, Src: 10.11.19.3, Dst: 10.11.19.28
User Datagram Protocol, Src Port: 67, Dst Port: 67
Dynamic Host Configuration Protocol
    Message type: Boot Request (1)
    Hardware type: NET/ROM pseudo (0x00)
    Hardware address length: 0
    Hops: 0
    Transaction ID: 0x0000002a
    Seconds elapsed: 0
    Bootp flags: 0x0000 (Unicast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 10.11.19.3
    Client address not given
    Server host name not given
    Boot file name not given
    Bootp vendor specific options: ff0000000000000000000000000000000000000000000000...



> >
> > Likely since this commit:
> > https://github.com/FreeRADIUS/freeradius-server/commit/3f3afcee211407fb293186416241a149136a7464
>
>   I've pushed a fix for some things.  Turns out the encoder was wrong :(.   Our regression tests should have caught that.
>
>   It still prints out some attributes twice.  That isn't a huge problem, but it is confusing.
>
>   Alan DeKok.

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

Re: [master] function fr_dhcpv4_encode is badly broken

Alan DeKok-2
On Nov 6, 2020, at 1:32 PM, Chaigneau, Nicolas via Freeradius-Devel <[hidden email]> wrote:
> It's still not working.
> It seems hardware type and len are not set.

  Yeah, I've fixed the encoder and added test cases so that this won't happen again.

Sending DHCP-Discover Id 0000002a from 10.11.19.3:67 to 10.11.19.28:67 length 300
        DHCP-Client-Hardware-Address = 44:48:42:66:00:5a
        DHCP-Transaction-Id = 42
        DHCP-Gateway-IP-Address = 10.11.19.3
        Packet-Src-Port = 67
        Packet-Src-IP-Address = 10.11.19.3
        DHCP-Message-Type := DHCP-Discover
        DHCP-Opcode = Client-Message
        DHCP-Hardware-Type = Ethernet
        DHCP-Hardware-Address-Length = 6
        DHCP-Hop-Count = 0
        DHCP-Transaction-Id = 42
        DHCP-Number-of-Seconds = 0
        DHCP-Flags = 0
        DHCP-Client-IP-Address = 0.0.0.0
        DHCP-Your-IP-Address = 0.0.0.0
        DHCP-Server-IP-Address = 0.0.0.0
        DHCP-Gateway-IP-Address = 10.11.19.3
        DHCP-Client-Hardware-Address = 44:48:42:66:00:5a
        DHCP-Message-Type = DHCP-Discover
        DHCP-Network-Subnet = 10.11.19.3/32

  and "dhcpclient -x ..." now prints this too:

        opcode: 01
        hwtype: 01
        hwaddrlen: 06
        hop_count: 00
        xid: 00 00 00 2a
        seconds: 00 00
        flags: 00 00
        ciaddr: 00 00 00 00
        yiaddr: 00 00 00 00
        siaddr: 00 00 00 00
        giaddr: 0a 0b 13 03
        chaddr: 44 48 42 66 00 5a 00 00 00 00 00 00 00 00 00 00
        server_hostname: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        boot_filename: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        magic: 63 82 53 63
        options
                35  01  01
                ff  00

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
| Threaded
Open this post in threaded view
|

RE: [master] function fr_dhcpv4_encode is badly broken

Devel mailing list

> > It seems hardware type and len are not set.
>
>   Yeah, I've fixed the encoder and added test cases so that this won't happen again.


It now works again as expected.


>   and "dhcpclient -x ..." now prints this too:

That's useful. :)

Thanks!



This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html