Need help with LEASEQUERY..continued

[Shane Kerr]

Patrick,

The ISC DHCP server logs a bit of information when handling LEASEQUERY
messages. Can you set your syslog level to INFO for DHCP and see what
pops out?

--
Shane

On Fri, 2010-05-21 at 11:25 -0500, Pat Winn wrote:
> Matt,
> Good thought. Unfortunately, I've already gone there.
> As with your luck, I never got anything to respond to the
> Perl code either. Even found a few snippets wherein people
> claimed it worked for them and STILL...no response from
> dhcpd when I tried it.
> 
> The packets on the wire look pretty much the same to me.
> 
> I keep wondering..am I just getting something wrong?
> Am I missing a byte or bit somewhere that's throwing it off?
> Is the ISC DHCPd simply not going to respond no matter what
> I send it?
> 
> I've tried sending from the same server, bouncing off the same
> nic/IP, bouncing off the local loopback, heck, I even tried
> sending to it via a unix socket like dhcpd will use to send to
> a local syslog daemon. Then I tried sending from a different system,
> even faking a valid relay's IP on our network. Nothing.
> 
> According to one of the RFC's I was reading, I got the impression
> that any "server" that is responding to a relay's leasequery packet
> "should" throw out the packet if it looks like the giaddr (relay
> IP) has been spoofed to be the same as the server. Given that, maybe
> I can't send a packet to a dhcpd running on the same box that my
> code is running on? That would really suck as I have written a
> PHP based syslog daemon that replaces the real one, catches option-82
> info being logged, then wants to send a leasquery packet to dhcpd to
> query it for the remaining info about  the lease. Thus, I really
> need all the pieces to run on the same box. Failing that, I'd have to
> have another daemon running elsewhere that the PHP syslog daemon would
> have to send a message to and have it connect back to do the query.
> At that point, that's one more piece than I want in the equation,
> and one more piece that can break in a production environment.
> 
> I'd really rather not have to hack on ISC's code to make it work
> the way I want and have to keep up with patching future versions, etc.
> 
> Really fishing for ideas as to what to try next...
> 
> -- 
> Patrick T. Winn
> Systems Engineer
> Cimarron Telephone Co.
> (918) 865-3311 x280 - office
> (918) 606-6602 - cell
> 
> 
> 
> 
> While counting 0's and 1's, Matt Pascoe said:
> > One thought for comparison.. try using the perl leasequery tool to see if
> > you see it generating the same packet on the wire.
> >
> > I have tried the perl tool before and was never able to get it working
> > either.  I'm wondering if there is a common issue here (probably me not
> > getting it to work right either way :)
> >
> > I went as far as trying to get a perl cli tool to work for what I needed
> > so
> > that I could just "exec" it from within PHP.  This was not ideal of course
> > but I never got either one working.
> >
> > Just a thought... I'd work on it too but I'm seriously swamped at work
> > right
> > now.  Hopefully that will get better soon............
> >
> > Thanks.
> >
> > On Fri, May 21, 2010 at 9:12 AM, Pat Winn <ptwinn at cimtel.net> wrote:
> >
> >> All,
> >> I have gotten as far as to send a packet which in my WireShark
> >> packet trace..at least..LOOKS to me like it *should* be correct.
> >> Yet, I still receive no response.
> >>
> >> The code snippet I'm attaching is but a simple single file
> >> with the basic code needed to construct and send a DHCPLEASEQUERY
> >> packet in PHP. It will send the packet but not listen for a
> >> response. As yet, I'm only watching the server output, server logs
> >> and WireShark packet sniff/traces to see what is going back and
> >> forth over the wire.
> >>
> >> The packet goes out, looks good but as I mentioned above, the
> >> server never responds to it. Either I'm still off on something
> >> in the packet or something is not right in the server?
> >> (running 4.1.1 freshly compiled).
> >>
> >> The code (real IP's replaced with dummys of course..):
> >> (sorry if my web mail client borks up the formatting)..
> >>
> >> #!/usr/bin/php -e
> >> <?
> >>
> >> $packet = Array();
> >>
> >> $packet['op']     = '01';
> >> $packet['htype']  = '00';
> >> $packet['hlen']   = '00';
> >> $packet['hops']   = '00';
> >> $packet['xid']    = '12345678';
> >> $packet['secs']   = '0005';
> >> $packet['flags']  = '0000';
> >> $packet['ciaddr'] = ip2hex("1.2.3.4");
> >> $packet['yiaddr'] = ip2hex("0.0.0.0");
> >> $packet['siaddr'] = ip2hex("0.0.0.0");
> >> $packet['giaddr'] = ip2hex("1.2.5.1");
> >> $packet['chaddr'] = '00000000000000000000000000000000';
> >> $packet['sname']  =
> >>
> >> '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
> >> $packet['file'] =
> >>
> >> '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
> >> $packet['magic'] = '63825363';
> >> $packet['options']  = int2hex(53) . int2hex(1) . int2hex(10);   //
> >> DHCPLEASEQUERY packet type
> >> $packet['options'] .= int2hex(55) . int2hex(2) . int2hex(58);
> >> $packet['options'] .= int2hex(82) . int2hex(255);
> >>
> >> $myPacket = pack("H2H2H2H2H8H4H4H8H8H8H8H32H128H256H8H*",
> >>    $packet['op'], $packet['htype'], $packet['hlen'], $packet['hops'],
> >> $packet['xid'],
> >>    $packet['secs'], $packet['flags'], $packet['ciaddr'],
> >> $packet['yiaddr'], $packet['siaddr'],
> >>    $packet['giaddr'], $packet['chaddr'], $packet['sname'],
> >> $packet['file'],
> >>    $packet['magic'], $packet['options']);
> >>
> >> $socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
> >> socket_set_option($socket, SOL_SOCKET, SO_BROADCAST, 1);
> >> socket_bind($socket, "1.2.5.1", 68);
> >>
> >> $error = socket_sendto($socket, $myPacket, strlen($myPacket), 0,
> >> '1.2.5.1', 67);
> >>
> >> if ($error === FALSE) {
> >>    print("Send failed for address");
> >>    print_r("ERROR: ". $error ." while trying to send.");
> >> } else {
> >>    echo "Sent ". $error ." bytes\n";
> >> }
> >>
> >> // convert a string to hex values
> >> function str2hex($s) {
> >>    $hex = '';
> >>    for ($i = 0 ; $i < strlen($s); $i++) {
> >>        $hex .= dechex(ord($s[$i]));
> >>    }
> >>
> >>    return($hex);
> >> }
> >>
> >> // convert an ip address to hex values
> >> function ip2hex($ip) {
> >>    $t = explode(".", $ip);
> >>    return int2hex($t[0]) . int2hex($t[1]) . int2hex($t[2]) .
> >> int2hex($t[3]);
> >> }
> >>
> >> // convert an int value to 0 padded hex value
> >> function int2hex($int) {
> >>    $hex = base_convert($int, 10, 16);
> >>
> >>    switch(strlen($hex)) {
> >>        case 1:
> >>        case 3:
> >>        case 7: $hex = '0' . $hex; break;
> >>        case 5: $hex = '000' . $hex; break;
> >>    }
> >>
> >>    return $hex;
> >> }
> >>
> >> ?>
> >>
> >>
> >> ..and then, the packet trace (what was actually sent):
> >>
> >> No.     Time        Source                Destination           Protocol
> >> Info
> >>  104942 1994.263153 1.2.5.1        1.2.5.1        DHCP     DHCP Lease
> >> query - Transaction ID 0x12345678
> >>
> >> Frame 104942 (292 bytes on wire, 292 bytes captured)
> >>    Arrival Time: May 21, 2010 09:56:26.129252000
> >>    [Time delta from previous captured frame: 0.000276000 seconds]
> >>    [Time delta from previous displayed frame: 1.795716000 seconds]
> >>    [Time since reference or first frame: 1994.263153000 seconds]
> >>    Frame Number: 104942
> >>    Frame Length: 292 bytes
> >>    Capture Length: 292 bytes
> >>    [Frame is marked: False]
> >>    [Protocols in frame: sll:ip:udp:bootp]
> >>    [Coloring Rule Name: UDP]
> >>    [Coloring Rule String: udp]
> >>    Protocol: IP (0x0800)
> >> Internet Protocol, Src: 1.2.5.1 (1.2.5.1), Dst: 1.2.5.1 (1.2.5.1)
> >>    Version: 4
> >>    Header length: 20 bytes
> >>    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
> >>        0000 00.. = Differentiated Services Codepoint: Default (0x00)
> >>        .... ..0. = ECN-Capable Transport (ECT): 0
> >>        .... ...0 = ECN-CE: 0
> >>    Total Length: 276
> >>    Identification: 0x0000 (0)
> >>    Flags: 0x04 (Don't Fragment)
> >>        0... = Reserved bit: Not set
> >>        .1.. = Don't fragment: Set
> >>        ..0. = More fragments: Not set
> >>    Fragment offset: 0
> >>    Time to live: 64
> >>    Protocol: UDP (0x11)
> >>    Header checksum: 0x7ffb [correct]
> >>        [Good: True]
> >>        [Bad : False]
> >>    Source: 1.2.5.1 (1.2.5.1)
> >>    Destination: 1.2.5.1 (1.2.5.1)
> >> User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
> >>    Source port: bootpc (68)
> >>    Destination port: bootps (67)
> >>    Length: 256
> >>    Checksum: 0xd472 [correct]
> >>        [Good Checksum: True]
> >>        [Bad Checksum: False]
> >> Bootstrap Protocol
> >>    Message type: Boot Request (1)
> >>    Hardware type: NET/ROM pseudo
> >>    Hardware address length: 0
> >>    Hops: 0
> >>    Transaction ID: 0x12345678
> >>    Seconds elapsed: 5
> >>    Bootp flags: 0x0000 (Unicast)
> >>        0... .... .... .... = Broadcast flag: Unicast
> >>        .000 0000 0000 0000 = Reserved flags: 0x0000
> >>    Client IP address: 1.2.3.4 (1.2.3.4)
> >>    Your (client) IP address: 0.0.0.0 (0.0.0.0)
> >>    Next server IP address: 0.0.0.0 (0.0.0.0)
> >>    Relay agent IP address: 1.2.5.1 (1.2.5.1)
> >>    Client address not given
> >>    Server host name not given
> >>    Boot file name not given
> >>    Magic cookie: (OK)
> >>    Option: (t=53,l=1) DHCP Message Type = DHCP Lease query
> >>        Option: (53) DHCP Message Type
> >>        Length: 1
> >>        Value: 0A
> >>    Option: (t=55,l=2) Parameter Request List
> >>        Option: (55) Parameter Request List
> >>        Length: 2
> >>        Value: 3A52
> >>        58 = Renewal Time Value
> >>        82 = Agent Information Option
> >>    End Option
> >>
> >>
> >> Umm....help?
> >>
> >> Thanks again for any help offered!!
> >>
> >>
> >> --
> >> Patrick T. Winn
> >> Systems Engineer
> >> Cimarron Telephone Co.
> >> (918) 865-3311 x280 - office
> >> (918) 606-6602 - cell
> >>
> >>
> >>
> >> _______________________________________________
> >> dhcp-hackers mailing list
> >> dhcp-hackers at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/dhcp-hackers
> >>
> >
> 
> 
> _______________________________________________
> dhcp-hackers mailing list
> dhcp-hackers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-hackers
>