static int mod_instantiate(void *instance, CONF_SECTION *listen_cs)
{
int rcode;
CONF_SECTION *server_cs;
proto_detail_process_t *inst = talloc_get_type_abort(instance, proto_detail_process_t);
vp_tmpl_rules_t parse_rules;
memset(&parse_rules, 0, sizeof(parse_rules));
parse_rules.dict_def = dict_freeradius;
rad_assert(listen_cs);
server_cs = cf_item_to_section(cf_parent(listen_cs));
rad_assert(strcmp(cf_section_name1(server_cs), "server") == 0);
rcode = unlang_compile_subsection(server_cs, "recv", NULL, inst->recv_type, &parse_rules);
if (rcode < 0) return rcode;
if (rcode == 0) {
cf_log_err(server_cs, "Failed finding 'recv { ... }' section of virtual server %s",
cf_section_name2(server_cs));
return -1;
}
rcode = unlang_compile_subsection(server_cs, "send", "ok", inst->send_type, &parse_rules);
if (rcode < 0) return rcode;
rcode = unlang_compile_subsection(server_cs, "send", "fail", inst->send_type, &parse_rules);
if (rcode < 0) return rcode;
return 0;
}
/*
* Ensure that the unlang sections are compiled.
*/
static int mod_instantiate(UNUSED void *instance, CONF_SECTION *listen_cs)
{
int rcode;
CONF_SECTION *server_cs;
vp_tmpl_rules_t parse_rules;
memset(&parse_rules, 0, sizeof(parse_rules));
parse_rules.dict_def = dict_freeradius;
rad_assert(listen_cs);
server_cs = cf_item_to_section(cf_parent(listen_cs));
rad_assert(strcmp(cf_section_name1(server_cs), "server") == 0);
rcode = unlang_compile_subsection(server_cs, "new", "client", MOD_AUTHORIZE, &parse_rules);
if (rcode < 0) return rcode;
if (rcode == 0) {
cf_log_err(server_cs, "Failed finding 'new client { ... }' section of virtual server %s",
cf_section_name2(server_cs));
return -1;
}
rcode = unlang_compile_subsection(server_cs, "add", "client", MOD_POST_AUTH, &parse_rules);
if (rcode < 0) return rcode;
rcode = unlang_compile_subsection(server_cs, "deny", "client", MOD_POST_AUTH, &parse_rules);
if (rcode < 0) return rcode;
return 0;
}
/** Allow for Status-Server ping checks
*
* @param[in] ctx to allocate data in (instance of proto_radius).
* @param[out] out Where to write our parsed data.
* @param[in] parent Base structure address.
* @param[in] ci #CONF_PAIR specifying the name of the type module.
* @param[in] rule unused.
* @return
* - 0 on success.
* - -1 on failure.
*/
static int status_check_type_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent,
CONF_ITEM *ci, UNUSED CONF_PARSER const *rule)
{
char const *type_str = cf_pair_value(cf_item_to_pair(ci));
CONF_SECTION *cs = cf_item_to_section(cf_parent(ci));
fr_dict_enum_t const *type_enum;
uint32_t code;
/*
* Allow the process module to be specified by
* packet type.
*/
type_enum = fr_dict_enum_by_alias(attr_packet_type, type_str, -1);
if (!type_enum) {
invalid_code:
cf_log_err(ci, "Unknown or invalid RADIUS packet type '%s'", type_str);
return -1;
}
code = type_enum->value->vb_uint32;
/*
* Cheat, and re-use the "type" array for allowed packet
* types.
*/
if (!code ||
(code >= FR_MAX_PACKET_CODE) ||
(!type_interval_config[code].name)) goto invalid_code;
/*
* Add irt / mrt / mrd / mrc parsing, in the parent
* configuration section.
*/
cf_section_rule_push(cf_item_to_section(cf_parent(cs)), &type_interval_config[code]);
memcpy(out, &code, sizeof(code));
/*
* Nothing more to do here, so we stop.
*/
if (code == FR_CODE_STATUS_SERVER) return 0;
cf_section_rule_push(cs, status_check_update_config);
return 0;
}
/** Set which types of packets we can parse
*
* @param[in] ctx to allocate data in (instance of rlm_radius).
* @param[out] out Where to write the parsed data.
* @param[in] parent Base structure address.
* @param[in] ci #CONF_PAIR specifying the name of the type module.
* @param[in] rule unused.
* @return
* - 0 on success.
* - -1 on failure.
*/
static int type_parse(UNUSED TALLOC_CTX *ctx, void *out, UNUSED void *parent,
CONF_ITEM *ci, UNUSED CONF_PARSER const *rule)
{
char const *type_str = cf_pair_value(cf_item_to_pair(ci));
CONF_SECTION *cs = cf_item_to_section(cf_parent(ci));
fr_dict_enum_t const *type_enum;
uint32_t code;
/*
* Must be the RADIUS module
*/
rad_assert(cs && (strcmp(cf_section_name1(cs), "radius") == 0));
/*
* Allow the process module to be specified by
* packet type.
*/
type_enum = fr_dict_enum_by_alias(attr_packet_type, type_str, -1);
if (!type_enum) {
invalid_code:
cf_log_err(ci, "Unknown or invalid RADIUS packet type '%s'", type_str);
return -1;
}
code = type_enum->value->vb_uint32;
/*
* Status-Server packets cannot be proxied.
*/
if (code == FR_CODE_STATUS_SERVER) {
cf_log_err(ci, "Invalid setting of 'type = Status-Server'. Status-Server packets cannot be proxied.");
return -1;
}
if (!code ||
(code >= FR_MAX_PACKET_CODE) ||
(!type_interval_config[code].name)) goto invalid_code;
/*
* If we're doing async proxying, push the timers for the
* various packet types.
*/
cf_section_rule_push(cs, &type_interval_config[code]);
memcpy(out, &code, sizeof(code));
return 0;
}
/** Wrapper around dl_instance
*
* @param[in] ctx to allocate data in (instance of proto_radius).
* @param[out] out Where to write a dl_instance_t containing the module handle and instance.
* @param[in] parent Base structure address.
* @param[in] ci #CONF_PAIR specifying the name of the type module.
* @param[in] rule unused.
* @return
* - 0 on success.
* - -1 on failure.
*/
static int transport_parse(TALLOC_CTX *ctx, void *out, UNUSED void *parent,
CONF_ITEM *ci, UNUSED CONF_PARSER const *rule)
{
char const *name = cf_pair_value(cf_item_to_pair(ci));
dl_instance_t *parent_inst;
CONF_SECTION *cs = cf_item_to_section(cf_parent(ci));
CONF_SECTION *transport_cs;
transport_cs = cf_section_find(cs, name, NULL);
/*
* Allocate an empty section if one doesn't exist
* this is so defaults get parsed.
*/
if (!transport_cs) transport_cs = cf_section_alloc(cs, cs, name, NULL);
parent_inst = cf_data_value(cf_data_find(cs, dl_instance_t, "rlm_radius"));
rad_assert(parent_inst);
return dl_instance(ctx, out, transport_cs, parent_inst, name, DL_TYPE_SUBMODULE);
}
/** Resolve polymorphic item's from a module's #CONF_SECTION to a subsection in another module
*
* This allows certain module sections to reference module sections in other instances
* of the same module and share #CONF_DATA associated with them.
*
* @verbatim
example {
data {
...
}
}
example inst {
data = example
}
* @endverbatim
*
* @param[out] out where to write the pointer to a module's config section. May be NULL on success,
* indicating the config item was not found within the module #CONF_SECTION
* or the chain of module references was followed and the module at the end of the chain
* did not a subsection.
* @param[in] module #CONF_SECTION.
* @param[in] name of the polymorphic sub-section.
* @return
* - 0 on success with referenced section.
* - 1 on success with local section.
* - -1 on failure.
*/
int module_sibling_section_find(CONF_SECTION **out, CONF_SECTION *module, char const *name)
{
CONF_PAIR *cp;
CONF_SECTION *cs;
CONF_DATA const *cd;
module_instance_t *mi;
char const *inst_name;
#define FIND_SIBLING_CF_KEY "find_sibling"
*out = NULL;
/*
* Is a real section (not referencing sibling module).
*/
cs = cf_section_find(module, name, NULL);
if (cs) {
*out = cs;
return 0;
}
/*
* Item omitted completely from module config.
*/
cp = cf_pair_find(module, name);
if (!cp) return 0;
if (cf_data_find(module, CONF_SECTION, FIND_SIBLING_CF_KEY)) {
cf_log_err(cp, "Module reference loop found");
return -1;
}
cd = cf_data_add(module, module, FIND_SIBLING_CF_KEY, false);
/*
* Item found, resolve it to a module instance.
* This triggers module loading, so we don't have
* instantiation order issues.
*/
inst_name = cf_pair_value(cp);
mi = module_by_name(NULL, inst_name);
if (!mi) {
cf_log_err(cp, "Unknown module instance \"%s\"", inst_name);
return -1;
}
if (!mi->instantiated) {
CONF_SECTION *parent = module;
/*
* Find the root of the config...
*/
do {
CONF_SECTION *tmp;
tmp = cf_item_to_section(cf_parent(parent));
if (!tmp) break;
parent = tmp;
} while (true);
_module_instantiate(module_by_name(NULL, inst_name), NULL);
}
/*
* Remove the config data we added for loop
* detection.
*/
cf_data_remove(module, cd);
/*
* Check the module instances are of the same type.
*/
if (strcmp(cf_section_name1(mi->dl_inst->conf), cf_section_name1(module)) != 0) {
cf_log_err(cp, "Referenced module is a rlm_%s instance, must be a rlm_%s instance",
cf_section_name1(mi->dl_inst->conf), cf_section_name1(module));
return -1;
}
*out = cf_section_find(mi->dl_inst->conf, name, NULL);
return 1;
}
/** Open a UDP listener for DHCPV4
*
*/
static int mod_open(fr_listen_t *li)
{
proto_dhcpv4_udp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_dhcpv4_udp_t);
proto_dhcpv4_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_dhcpv4_udp_thread_t);
int sockfd, rcode;
uint16_t port = inst->port;
CONF_SECTION *server_cs;
CONF_ITEM *ci;
li->fd = sockfd = fr_socket_server_udp(&inst->ipaddr, &port, inst->port_name, true);
if (sockfd < 0) {
PERROR("Failed opening UDP socket");
error:
return -1;
}
/*
* Set SO_REUSEPORT before bind, so that all packets can
* listen on the same destination IP address.
*/
if (1) {
int on = 1;
if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on)) < 0) {
ERROR("Failed to set socket 'reuseport': %s", fr_syserror(errno));
close(sockfd);
return -1;
}
}
if (inst->broadcast) {
int on = 1;
if (setsockopt(sockfd, SOL_SOCKET, SO_BROADCAST, &on, sizeof(on)) < 0) {
ERROR("Failed to set broadcast option: %s", fr_syserror(errno));
close(sockfd);
return -1;
}
}
/*
* SUID up is really only needed if interface is set, OR port <1024.
*/
rad_suid_up();
rcode = fr_socket_bind(sockfd, &inst->ipaddr, &port, inst->interface);
rad_suid_down();
if (rcode < 0) {
close(sockfd);
PERROR("Failed binding socket");
goto error;
}
thread->sockfd = sockfd;
ci = cf_parent(inst->cs); /* listen { ... } */
rad_assert(ci != NULL);
ci = cf_parent(ci);
rad_assert(ci != NULL);
server_cs = cf_item_to_section(ci);
thread->name = fr_app_io_socket_name(thread, &proto_dhcpv4_udp,
NULL, 0,
&inst->ipaddr, inst->port,
inst->interface);
DEBUG("Listening on dhcpv4 address %s bound to virtual server %s",
thread->name, cf_section_name2(server_cs));
return 0;
}
static rlm_rcode_t dhcp_process(REQUEST *request)
{
rlm_rcode_t rcode;
unsigned int i;
VALUE_PAIR *vp;
dhcp_socket_t *sock;
/*
* If there's a giaddr, save it as the Relay-IP-Address
* in the response. That way the later code knows where
* to send the reply.
*/
vp = fr_pair_find_by_num(request->packet->vps, DHCP_MAGIC_VENDOR, 266, TAG_ANY); /* DHCP-Gateway-IP-Address */
if (vp && (vp->vp_ipv4addr != htonl(INADDR_ANY))) {
VALUE_PAIR *relay;
/* DHCP-Relay-IP-Address */
MEM(relay = fr_pair_afrom_num(request->reply, DHCP_MAGIC_VENDOR, 222));
relay->vp_ipv4addr = vp->vp_ipv4addr;
fr_pair_add(&request->reply->vps, relay);
}
vp = fr_pair_find_by_num(request->packet->vps, DHCP_MAGIC_VENDOR, 53, TAG_ANY); /* DHCP-Message-Type */
if (vp) {
fr_dict_enum_t *dv = fr_dict_enum_by_value(vp->da, &vp->data);
if (dv) {
CONF_SECTION *server, *unlang;
RDEBUG("Trying sub-section dhcp %s {...}", dv->alias);
server = cf_item_to_section(cf_parent(request->listener->cs));
unlang = cf_section_find(server, "dhcp", dv->alias);
rcode = unlang_interpret(request, unlang, RLM_MODULE_NOOP);
} else {
REDEBUG("Unknown DHCP-Message-Type %d", vp->vp_uint8);
rcode = RLM_MODULE_FAIL;
}
} else {
REDEBUG("Failed to find DHCP-Message-Type in packet!");
rcode = RLM_MODULE_FAIL;
}
vp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 53, TAG_ANY); /* DHCP-Message-Type */
if (vp) {
request->reply->code = vp->vp_uint8;
}
else switch (rcode) {
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
if (request->packet->code == FR_DHCP_DISCOVER) {
request->reply->code = FR_DHCP_OFFER;
break;
} else if (request->packet->code == FR_DHCP_REQUEST) {
request->reply->code = FR_DHCP_ACK;
break;
}
request->reply->code = FR_DHCP_NAK;
break;
default:
case RLM_MODULE_REJECT:
case RLM_MODULE_FAIL:
case RLM_MODULE_INVALID:
case RLM_MODULE_NOOP:
case RLM_MODULE_NOTFOUND:
if (request->packet->code == FR_DHCP_DISCOVER) {
request->reply->code = 0; /* ignore the packet */
} else {
request->reply->code = FR_DHCP_NAK;
}
break;
case RLM_MODULE_HANDLED:
request->reply->code = 0; /* ignore the packet */
break;
}
/*
* TODO: Handle 'output' of RLM_MODULE when acting as a
* DHCP relay We may want to not forward packets in
* certain circumstances.
*/
/*
* Handle requests when acting as a DHCP relay
*/
vp = fr_pair_find_by_num(request->packet->vps, DHCP_MAGIC_VENDOR, 256, TAG_ANY); /* DHCP-Opcode */
if (!vp) {
RPEDEBUG("Someone deleted the DHCP-Opcode!");
return RLM_MODULE_FAIL;
}
/* BOOTREPLY received on port 67 (i.e. from a server) */
if (vp->vp_uint8 == 2) {
return dhcprelay_process_server_reply(request);
}
/* Packet from client, and we have DHCP-Relay-To-IP-Address */
if (fr_pair_find_by_num(request->control, DHCP_MAGIC_VENDOR, 270, TAG_ANY)) {
return dhcprelay_process_client_request(request);
}
/* else it's a packet from a client, without relaying */
rad_assert(vp->vp_uint8 == 1); /* BOOTREQUEST */
sock = request->listener->data;
/*
* Handle requests when acting as a DHCP server
*/
/*
* Releases don't get replies.
*/
if (request->packet->code == FR_DHCP_RELEASE) {
request->reply->code = 0;
}
if (request->reply->code == 0) {
return RLM_MODULE_OK;
}
request->reply->sockfd = request->packet->sockfd;
/*
* Copy specific fields from packet to reply, if they
* don't already exist
*/
for (i = 0; i < sizeof(attrnums) / sizeof(attrnums[0]); i++) {
uint32_t attr = attrnums[i];
if (fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, attr, TAG_ANY)) continue;
vp = fr_pair_find_by_num(request->packet->vps, DHCP_MAGIC_VENDOR, attr, TAG_ANY);
if (vp) {
fr_pair_add(&request->reply->vps, fr_pair_copy(request->reply, vp));
}
}
vp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 256, TAG_ANY); /* DHCP-Opcode */
rad_assert(vp != NULL);
vp->vp_uint8 = 2; /* BOOTREPLY */
/*
* Allow NAKs to be delayed for a short period of time.
*/
if (request->reply->code == FR_DHCP_NAK) {
vp = fr_pair_find_by_num(request->reply->vps, 0, FR_FREERADIUS_RESPONSE_DELAY, TAG_ANY);
if (vp) {
if (vp->vp_uint32 <= 10) {
request->response_delay.tv_sec = vp->vp_uint32;
request->response_delay.tv_usec = 0;
} else {
request->response_delay.tv_sec = 10;
request->response_delay.tv_usec = 0;
}
} else {
#ifndef USEC
#define USEC 1000000
#endif
vp = fr_pair_find_by_num(request->reply->vps, 0, FR_FREERADIUS_RESPONSE_DELAY_USEC, TAG_ANY);
if (vp) {
if (vp->vp_uint32 <= 10 * USEC) {
request->response_delay.tv_sec = vp->vp_uint32 / USEC;
request->response_delay.tv_usec = vp->vp_uint32 % USEC;
} else {
request->response_delay.tv_sec = 10;
request->response_delay.tv_usec = 0;
}
}
}
}
/*
* Prepare the reply packet for sending through dhcp_socket_send()
*/
request->reply->dst_ipaddr.af = AF_INET;
request->reply->src_ipaddr.af = AF_INET;
request->reply->src_ipaddr.prefix = 32;
/*
* Packet-Src-IP-Address has highest precedence
*/
vp = fr_pair_find_by_num(request->reply->vps, 0, FR_PACKET_SRC_IP_ADDRESS, TAG_ANY);
if (vp) {
request->reply->if_index = 0; /* Must be 0, we don't know the outbound if_index */
request->reply->src_ipaddr.addr.v4.s_addr = vp->vp_ipv4addr;
/*
* The request was unicast (via a relay)
*/
} else if (request->packet->dst_ipaddr.addr.v4.s_addr != htonl(INADDR_BROADCAST) &&
request->packet->dst_ipaddr.addr.v4.s_addr != htonl(INADDR_ANY)) {
request->reply->src_ipaddr.addr.v4.s_addr = request->packet->dst_ipaddr.addr.v4.s_addr;
request->reply->if_index = request->packet->if_index;
/*
* The listener was bound to an IP address, or we determined
* the address automatically, as it was the only address bound
* to the interface, and we bound to the interface.
*/
} else if (sock->src_ipaddr.addr.v4.s_addr != htonl(INADDR_ANY)) {
request->reply->src_ipaddr.addr.v4.s_addr = sock->src_ipaddr.addr.v4.s_addr;
#ifdef WITH_IFINDEX_IPADDR_RESOLUTION
/*
* We built with udpfromto and have the if_index of the receiving
* interface, which we can now resolve to an IP address.
*/
} else if (request->packet->if_index > 0) {
fr_ipaddr_t primary;
if (fr_ipaddr_from_ifindex(&primary, request->packet->sockfd, request->packet->dst_ipaddr.af,
request->packet->if_index) < 0) {
RPEDEBUG("Failed determining src_ipaddr from if_index");
return RLM_MODULE_FAIL;
}
request->reply->src_ipaddr.addr.v4.s_addr = primary.addr.v4.s_addr;
#endif
/*
* There's a Server-Identification attribute
*/
} else if ((vp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 54, TAG_ANY))) {
request->reply->src_ipaddr.addr.v4.s_addr = vp->vp_ipv4addr;
} else {
REDEBUG("Unable to determine correct src_ipaddr for response");
return RLM_MODULE_FAIL;
}
request->reply->dst_port = request->packet->src_port;
request->reply->src_port = request->packet->dst_port;
/*
* Answer to client's nearest DHCP relay.
*
* Which may be different than the giaddr given in the
* packet to the client. i.e. the relay may have a
* public IP, but the gateway a private one.
*/
vp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 272, TAG_ANY); /* DHCP-Relay-IP-Address */
if (vp && (vp->vp_ipv4addr != ntohl(INADDR_ANY))) {
RDEBUG2("Reply will be unicast to giaddr from original packet");
request->reply->dst_ipaddr.addr.v4.s_addr = vp->vp_ipv4addr;
request->reply->dst_port = request->packet->dst_port;
vp = fr_pair_find_by_num(request->reply->vps, 0, FR_PACKET_DST_PORT, TAG_ANY);
if (vp) request->reply->dst_port = vp->vp_uint16;
return RLM_MODULE_OK;
}
/*
* Answer to client's nearest DHCP gateway. In this
* case, the client can reach the gateway, as can the
* server.
*
* We also use *our* source port as the destination port.
* Gateways are servers, and listen on the server port,
* not the client port.
*/
vp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 266, TAG_ANY); /* DHCP-Gateway-IP-Address */
if (vp && (vp->vp_ipv4addr != htonl(INADDR_ANY))) {
RDEBUG2("Reply will be unicast to giaddr");
request->reply->dst_ipaddr.addr.v4.s_addr = vp->vp_ipv4addr;
request->reply->dst_port = request->packet->dst_port;
return RLM_MODULE_OK;
}
/*
* If it's a NAK, or the broadcast flag was set, ond
* there's no client-ip-address, send a broadcast.
*/
if ((request->reply->code == FR_DHCP_NAK) ||
((vp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 262, TAG_ANY)) && /* DHCP-Flags */
(vp->vp_uint32 & 0x8000) &&
((vp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 263, TAG_ANY)) && /* DHCP-Client-IP-Address */
(vp->vp_ipv4addr == htonl(INADDR_ANY))))) {
/*
* RFC 2131, page 23
*
* Broadcast on
* - DHCPNAK
* or
* - Broadcast flag is set up and ciaddr == NULL
*/
RDEBUG2("Reply will be broadcast");
request->reply->dst_ipaddr.addr.v4.s_addr = htonl(INADDR_BROADCAST);
return RLM_MODULE_OK;
}
/*
* RFC 2131, page 23
*
* Unicast to ciaddr if present, otherwise to yiaddr.
*/
if ((vp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 263, TAG_ANY)) && /* DHCP-Client-IP-Address */
(vp->vp_ipv4addr != htonl(INADDR_ANY))) {
RDEBUG2("Reply will be sent unicast to &DHCP-Client-IP-Address");
request->reply->dst_ipaddr.addr.v4.s_addr = vp->vp_ipv4addr;
return RLM_MODULE_OK;
}
vp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 264, TAG_ANY); /* DHCP-Your-IP-Address */
if (!vp) {
REDEBUG("Can't assign address to client: Neither &reply:DHCP-Client-IP-Address nor "
"&reply:DHCP-Your-IP-Address set");
/*
* There is nowhere to send the response to, so don't bother.
*/
request->reply->code = 0;
return RLM_MODULE_FAIL;
}
#ifdef SIOCSARP
/*
* The system is configured to listen for broadcast
* packets, which means we'll need to send unicast
* replies, to IPs which haven't yet been assigned.
* Therefore, we need to update the ARP table.
*
* However, they haven't specified a interface. So we
* can't update the ARP table. And we must send a
* broadcast response.
*/
if (sock->lsock.broadcast && !sock->src_interface) {
WARN("You MUST set \"interface\" if you have \"broadcast = yes\"");
RDEBUG2("Reply will be broadcast as no interface was defined");
request->reply->dst_ipaddr.addr.v4.s_addr = htonl(INADDR_BROADCAST);
return RLM_MODULE_OK;
}
RDEBUG2("Reply will be unicast to &DHCP-Your-IP-Address");
request->reply->dst_ipaddr.addr.v4.s_addr = vp->vp_ipv4addr;
/*
* When sending a DHCP_OFFER, make sure our ARP table
* contains an entry for the client IP address.
* Otherwise the packet may not be sent to the client, as
* the OS has no ARP entry for it.
*
* This is a cute hack to avoid us having to create a raw
* socket to send DHCP packets.
*/
if (request->reply->code == FR_DHCP_OFFER) {
VALUE_PAIR *hwvp = fr_pair_find_by_num(request->reply->vps, DHCP_MAGIC_VENDOR, 267, TAG_ANY); /* DHCP-Client-Hardware-Address */
if (!hwvp) return RLM_MODULE_FAIL;
if (fr_dhcpv4_udp_add_arp_entry(request->reply->sockfd, sock->src_interface,
&vp->vp_ip, hwvp->vp_ether) < 0) {
RPEDEBUG("Failed adding arp entry");
return RLM_MODULE_FAIL;
}
}
#else
if (request->packet->src_ipaddr.addr.v4.s_addr != ntohl(INADDR_NONE)) {
RDEBUG2("Reply will be unicast to the unicast source IP address");
request->reply->dst_ipaddr.addr.v4.s_addr = request->packet->src_ipaddr.addr.v4.s_addr;
} else {
RDEBUG2("Reply will be broadcast as this system does not support ARP updates");
request->reply->dst_ipaddr.addr.v4.s_addr = htonl(INADDR_BROADCAST);
}
#endif
return RLM_MODULE_OK;
}
/** Open a UDP listener for RADIUS
*
*/
static int mod_open(fr_listen_t *li)
{
proto_radius_udp_t const *inst = talloc_get_type_abort_const(li->app_io_instance, proto_radius_udp_t);
proto_radius_udp_thread_t *thread = talloc_get_type_abort(li->thread_instance, proto_radius_udp_thread_t);
int sockfd;
uint16_t port = inst->port;
CONF_SECTION *server_cs;
CONF_ITEM *ci;
li->fd = sockfd = fr_socket_server_udp(&inst->ipaddr, &port, inst->port_name, true);
if (sockfd < 0) {
PERROR("Failed opening UDP socket");
error:
return -1;
}
/*
* Set SO_REUSEPORT before bind, so that all packets can
* listen on the same destination IP address.
*/
if (1) {
int on = 1;
if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on)) < 0) {
ERROR("Failed to set socket 'reuseport': %s", fr_syserror(errno));
return -1;
}
}
#ifdef SO_RCVBUF
if (inst->recv_buff_is_set) {
int opt;
opt = inst->recv_buff;
if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(int)) < 0) {
WARN("Failed setting 'recv_buf': %s", fr_syserror(errno));
}
}
#endif
#ifdef SO_SNDBUF
if (inst->send_buff_is_set) {
int opt;
opt = inst->send_buff;
if (setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(int)) < 0) {
WARN("Failed setting 'send_buf': %s", fr_syserror(errno));
}
}
#endif
if (fr_socket_bind(sockfd, &inst->ipaddr, &port, inst->interface) < 0) {
close(sockfd);
PERROR("Failed binding socket");
goto error;
}
thread->sockfd = sockfd;
ci = cf_parent(inst->cs); /* listen { ... } */
rad_assert(ci != NULL);
ci = cf_parent(ci);
rad_assert(ci != NULL);
server_cs = cf_item_to_section(ci);
thread->name = fr_app_io_socket_name(thread, &proto_radius_udp,
NULL, 0,
&inst->ipaddr, inst->port,
inst->interface);
// @todo - also print out auth / acct / coa, etc.
DEBUG("Listening on radius address %s bound to virtual server %s",
thread->name, cf_section_name2(server_cs));
return 0;
}
