[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dhcpd misbehaviour with relay agents



On Sun, Dec 19, 2004 at 03:50:44PM +0100, Vincent Bernat wrote:
> Hello !
> 
> When a BOOTP relay agent send this packet to an OpenBSD dhcpd server:
> 
> 15:07:50.961302 0:f:66:c9:28:3f 0:c:f1:fa:f1:4b ip 342:
> thorr.bootps > nectaris.bootps:  [udp
> sum ok] (request) xid:0xc67c41f G:thorr ether
> 0:30:65:d:31:85 vend-rfc1048 DHCP:REQUEST RQ:guybrush
> PR:SM+BR+TZ+DG+DN+NS+HN (DF) (ttl 64, id 0)
> 
> Here is the answer I get:
> 
> 15:07:50.961634 0:c:f1:fa:f1:4b 0:30:65:d:31:85 ip 348:
> nectaris.crans.org.bootps > thorr.bootps:  [udp sum ok]
> (reply) xid:0xc67c41f Y:guybrush
> S:nectaris G:thorr vend-rfc1048 DHCP:ACK
> SID:nectaris.crans.org LT:2152792320 SM:255.255.252.0
> BR:138.231.151.255 DG:nectaris DN:"wifi"
> NS:nectaris HN:"guybrush" [tos 0x10] (ttl 16, id 0)
> 
> The answer is almost correct, except that it is addressed to
> 0:30:65:d:31:85 which is the client, instead of 0:f:66:c9:28:3f which
> is the BOOTP relay agent.
> 
> The RFC 2131 states that :
>    If the 'giaddr' field in a DHCP  message from a client is non-zero,
>    the server  sends any return messages  to the 'DHCP server' port on
>    the BOOTP relay agent whose address appears in 'giaddr'.
> 
> Looking at the sources, I notice that on all cases, the destination
> ethernet address is set with this line :
> 
>          memcpy(hto.haddr, packet->raw->chaddr, hto.hlen);
> 
> The IP destination address is set afterwards with distinct cases for
> gatewayed packet and direct packet. I think, a similar case should be
> made for the destination hardware address. However, the modification
> is not trivial since I don't see how to get the hardware address of
> the gateway.

What version of OpenBSD are you running? I think this is fixed in
-current.

-- 
:wq Claudio



Visit your host, monkey.org