Need help with LEASEQUERY..continued
Pat Winn
ptwinn at cimtel.net
Fri May 21 15:12:47 UTC 2010
All,
I have gotten as far as to send a packet which in my WireShark
packet trace..at least..LOOKS to me like it *should* be correct.
Yet, I still receive no response.
The code snippet I'm attaching is but a simple single file
with the basic code needed to construct and send a DHCPLEASEQUERY
packet in PHP. It will send the packet but not listen for a
response. As yet, I'm only watching the server output, server logs
and WireShark packet sniff/traces to see what is going back and
forth over the wire.
The packet goes out, looks good but as I mentioned above, the
server never responds to it. Either I'm still off on something
in the packet or something is not right in the server?
(running 4.1.1 freshly compiled).
The code (real IP's replaced with dummys of course..):
(sorry if my web mail client borks up the formatting)..
#!/usr/bin/php -e
<?
$packet = Array();
$packet['op'] = '01';
$packet['htype'] = '00';
$packet['hlen'] = '00';
$packet['hops'] = '00';
$packet['xid'] = '12345678';
$packet['secs'] = '0005';
$packet['flags'] = '0000';
$packet['ciaddr'] = ip2hex("1.2.3.4");
$packet['yiaddr'] = ip2hex("0.0.0.0");
$packet['siaddr'] = ip2hex("0.0.0.0");
$packet['giaddr'] = ip2hex("1.2.5.1");
$packet['chaddr'] = '00000000000000000000000000000000';
$packet['sname'] =
'00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
$packet['file'] =
'0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
$packet['magic'] = '63825363';
$packet['options'] = int2hex(53) . int2hex(1) . int2hex(10); //
DHCPLEASEQUERY packet type
$packet['options'] .= int2hex(55) . int2hex(2) . int2hex(58);
$packet['options'] .= int2hex(82) . int2hex(255);
$myPacket = pack("H2H2H2H2H8H4H4H8H8H8H8H32H128H256H8H*",
$packet['op'], $packet['htype'], $packet['hlen'], $packet['hops'],
$packet['xid'],
$packet['secs'], $packet['flags'], $packet['ciaddr'],
$packet['yiaddr'], $packet['siaddr'],
$packet['giaddr'], $packet['chaddr'], $packet['sname'], $packet['file'],
$packet['magic'], $packet['options']);
$socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
socket_set_option($socket, SOL_SOCKET, SO_BROADCAST, 1);
socket_bind($socket, "1.2.5.1", 68);
$error = socket_sendto($socket, $myPacket, strlen($myPacket), 0,
'1.2.5.1', 67);
if ($error === FALSE) {
print("Send failed for address");
print_r("ERROR: ". $error ." while trying to send.");
} else {
echo "Sent ". $error ." bytes\n";
}
// convert a string to hex values
function str2hex($s) {
$hex = '';
for ($i = 0 ; $i < strlen($s); $i++) {
$hex .= dechex(ord($s[$i]));
}
return($hex);
}
// convert an ip address to hex values
function ip2hex($ip) {
$t = explode(".", $ip);
return int2hex($t[0]) . int2hex($t[1]) . int2hex($t[2]) . int2hex($t[3]);
}
// convert an int value to 0 padded hex value
function int2hex($int) {
$hex = base_convert($int, 10, 16);
switch(strlen($hex)) {
case 1:
case 3:
case 7: $hex = '0' . $hex; break;
case 5: $hex = '000' . $hex; break;
}
return $hex;
}
?>
..and then, the packet trace (what was actually sent):
No. Time Source Destination Protocol Info
104942 1994.263153 1.2.5.1 1.2.5.1 DHCP DHCP Lease
query - Transaction ID 0x12345678
Frame 104942 (292 bytes on wire, 292 bytes captured)
Arrival Time: May 21, 2010 09:56:26.129252000
[Time delta from previous captured frame: 0.000276000 seconds]
[Time delta from previous displayed frame: 1.795716000 seconds]
[Time since reference or first frame: 1994.263153000 seconds]
Frame Number: 104942
Frame Length: 292 bytes
Capture Length: 292 bytes
[Frame is marked: False]
[Protocols in frame: sll:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Protocol: IP (0x0800)
Internet Protocol, Src: 1.2.5.1 (1.2.5.1), Dst: 1.2.5.1 (1.2.5.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 276
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x7ffb [correct]
[Good: True]
[Bad : False]
Source: 1.2.5.1 (1.2.5.1)
Destination: 1.2.5.1 (1.2.5.1)
User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
Source port: bootpc (68)
Destination port: bootps (67)
Length: 256
Checksum: 0xd472 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: NET/ROM pseudo
Hardware address length: 0
Hops: 0
Transaction ID: 0x12345678
Seconds elapsed: 5
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 1.2.3.4 (1.2.3.4)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 1.2.5.1 (1.2.5.1)
Client address not given
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Lease query
Option: (53) DHCP Message Type
Length: 1
Value: 0A
Option: (t=55,l=2) Parameter Request List
Option: (55) Parameter Request List
Length: 2
Value: 3A52
58 = Renewal Time Value
82 = Agent Information Option
End Option
Umm....help?
Thanks again for any help offered!!
--
Patrick T. Winn
Systems Engineer
Cimarron Telephone Co.
(918) 865-3311 x280 - office
(918) 606-6602 - cell
More information about the dhcp-hackers
mailing list