Need help with LEASEQUERY..continued
Pat Winn
ptwinn at cimtel.net
Mon May 24 15:07:58 UTC 2010
Shane,
Unless I am mistaken (entirely possible)..I am already
set to use local7.info everywhere. Have even been trying
running w/ -d and doing 2>&1 1>>/var/log/dhcp.log to
redirect stderr to stdout then capture both in /var/log/dhcp.log
(where my other syslog messages are already going anyway).
In my dhcpd.conf, I have the following:
(excluding address pools and such)
allow unknown-clients;
allow bootp;
allow booting;
allow leasequery;
authoritative;
option domain-name "xxxx.net";
option domain-name-servers 192.168.xx.126;
option log-servers 192.168.xx.126;
default-lease-time 1200;
max-lease-time 1200;
log-facility local7;
stash-agent-options true;
ddns-update-style none;
set vendor-string = option vendor-class-identifier;
set vendor-enc-options = option vendor-encapsulated-options;
Then further down...
if((option dhcp-message-type = 3 or option dhcp-message-type = 5) and
exists agent.circuit-id) {
# first, we log the info
log(info, "-----------------------------------");
log(info, concat( "OPT82=1|MSGTYPE=",
binary-to-ascii (16, 8, "", option dhcp-message-type),
"|IP=",
binary-to-ascii (10, 8, ".",leased-address),"|MAC=",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 1, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 2, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 3, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 4, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 5, 1))),2),":",
suffix (concat("0", binary-to-ascii (16, 8, "",
substring( hardware, 6, 1))),2),
"|CID=", (option agent.circuit-id)));
log(info, "-----------------------------------");
}
if(option dhcp-message-type = 10) {
log(info, "-----------------------------------");
log(info, "Got a LEASE QUERY PACKET");
log(info, binary-to-ascii(10, 8, "", packet(0, 999)));
log(info, "-----------------------------------");
}
Then in my rsyslog.conf (using temporarily until mine is
finished), I have:
:msg,contains,"OPT82" /var/log/option82.log
& ~
and for the rest of anything dhcp related:
# Save DHCP server messages to it's own log
local7.* /var/log/dhcp.log
What else might I try?
With all the above enabled and in debug mode, I *still* never see
anything other than an strace output line (1 line) showing that it
read a packet off of the open file handle/descriptor for it's network
socket. Well, that and the wireshark trace shows 1 packet inbound to
the server which for all intensive purposes at least "looks" like it
fits the rfc specs for a LEASEQUERY packet..
I *really* need to get this working..soon.
Truly appreciate the help!!
--
Patrick T. Winn
Systems Engineer
Cimarron Telephone Co.
(918) 865-3311 x280 - office
(918) 606-6602 - cell
While counting 0's and 1's, Shane Kerr said:
> Patrick,
>
> The ISC DHCP server logs a bit of information when handling LEASEQUERY
> messages. Can you set your syslog level to INFO for DHCP and see what
> pops out?
>
> --
> Shane
>
> On Fri, 2010-05-21 at 11:25 -0500, Pat Winn wrote:
>> Matt,
>> Good thought. Unfortunately, I've already gone there.
>> As with your luck, I never got anything to respond to the
>> Perl code either. Even found a few snippets wherein people
>> claimed it worked for them and STILL...no response from
>> dhcpd when I tried it.
>>
>> The packets on the wire look pretty much the same to me.
>>
>> I keep wondering..am I just getting something wrong?
>> Am I missing a byte or bit somewhere that's throwing it off?
>> Is the ISC DHCPd simply not going to respond no matter what
>> I send it?
>>
>> I've tried sending from the same server, bouncing off the same
>> nic/IP, bouncing off the local loopback, heck, I even tried
>> sending to it via a unix socket like dhcpd will use to send to
>> a local syslog daemon. Then I tried sending from a different system,
>> even faking a valid relay's IP on our network. Nothing.
>>
>> According to one of the RFC's I was reading, I got the impression
>> that any "server" that is responding to a relay's leasequery packet
>> "should" throw out the packet if it looks like the giaddr (relay
>> IP) has been spoofed to be the same as the server. Given that, maybe
>> I can't send a packet to a dhcpd running on the same box that my
>> code is running on? That would really suck as I have written a
>> PHP based syslog daemon that replaces the real one, catches option-82
>> info being logged, then wants to send a leasquery packet to dhcpd to
>> query it for the remaining info about the lease. Thus, I really
>> need all the pieces to run on the same box. Failing that, I'd have to
>> have another daemon running elsewhere that the PHP syslog daemon would
>> have to send a message to and have it connect back to do the query.
>> At that point, that's one more piece than I want in the equation,
>> and one more piece that can break in a production environment.
>>
>> I'd really rather not have to hack on ISC's code to make it work
>> the way I want and have to keep up with patching future versions, etc.
>>
>> Really fishing for ideas as to what to try next...
>>
>> --
>> Patrick T. Winn
>> Systems Engineer
>> Cimarron Telephone Co.
>> (918) 865-3311 x280 - office
>> (918) 606-6602 - cell
>>
>>
>>
>>
>> While counting 0's and 1's, Matt Pascoe said:
>> > One thought for comparison.. try using the perl leasequery tool to see
>> if
>> > you see it generating the same packet on the wire.
>> >
>> > I have tried the perl tool before and was never able to get it working
>> > either. I'm wondering if there is a common issue here (probably me
>> not
>> > getting it to work right either way :)
>> >
>> > I went as far as trying to get a perl cli tool to work for what I
>> needed
>> > so
>> > that I could just "exec" it from within PHP. This was not ideal of
>> course
>> > but I never got either one working.
>> >
>> > Just a thought... I'd work on it too but I'm seriously swamped at work
>> > right
>> > now. Hopefully that will get better soon............
>> >
>> > Thanks.
>> >
>> > On Fri, May 21, 2010 at 9:12 AM, Pat Winn <ptwinn at cimtel.net> wrote:
>> >
>> >> All,
>> >> I have gotten as far as to send a packet which in my WireShark
>> >> packet trace..at least..LOOKS to me like it *should* be correct.
>> >> Yet, I still receive no response.
>> >>
>> >> The code snippet I'm attaching is but a simple single file
>> >> with the basic code needed to construct and send a DHCPLEASEQUERY
>> >> packet in PHP. It will send the packet but not listen for a
>> >> response. As yet, I'm only watching the server output, server logs
>> >> and WireShark packet sniff/traces to see what is going back and
>> >> forth over the wire.
>> >>
>> >> The packet goes out, looks good but as I mentioned above, the
>> >> server never responds to it. Either I'm still off on something
>> >> in the packet or something is not right in the server?
>> >> (running 4.1.1 freshly compiled).
>> >>
>> >> The code (real IP's replaced with dummys of course..):
>> >> (sorry if my web mail client borks up the formatting)..
>> >>
>> >> #!/usr/bin/php -e
>> >> <?
>> >>
>> >> $packet = Array();
>> >>
>> >> $packet['op'] = '01';
>> >> $packet['htype'] = '00';
>> >> $packet['hlen'] = '00';
>> >> $packet['hops'] = '00';
>> >> $packet['xid'] = '12345678';
>> >> $packet['secs'] = '0005';
>> >> $packet['flags'] = '0000';
>> >> $packet['ciaddr'] = ip2hex("1.2.3.4");
>> >> $packet['yiaddr'] = ip2hex("0.0.0.0");
>> >> $packet['siaddr'] = ip2hex("0.0.0.0");
>> >> $packet['giaddr'] = ip2hex("1.2.5.1");
>> >> $packet['chaddr'] = '00000000000000000000000000000000';
>> >> $packet['sname'] =
>> >>
>> >> '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
>> >> $packet['file'] =
>> >>
>> >> '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000';
>> >> $packet['magic'] = '63825363';
>> >> $packet['options'] = int2hex(53) . int2hex(1) . int2hex(10); //
>> >> DHCPLEASEQUERY packet type
>> >> $packet['options'] .= int2hex(55) . int2hex(2) . int2hex(58);
>> >> $packet['options'] .= int2hex(82) . int2hex(255);
>> >>
>> >> $myPacket = pack("H2H2H2H2H8H4H4H8H8H8H8H32H128H256H8H*",
>> >> $packet['op'], $packet['htype'], $packet['hlen'], $packet['hops'],
>> >> $packet['xid'],
>> >> $packet['secs'], $packet['flags'], $packet['ciaddr'],
>> >> $packet['yiaddr'], $packet['siaddr'],
>> >> $packet['giaddr'], $packet['chaddr'], $packet['sname'],
>> >> $packet['file'],
>> >> $packet['magic'], $packet['options']);
>> >>
>> >> $socket = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
>> >> socket_set_option($socket, SOL_SOCKET, SO_BROADCAST, 1);
>> >> socket_bind($socket, "1.2.5.1", 68);
>> >>
>> >> $error = socket_sendto($socket, $myPacket, strlen($myPacket), 0,
>> >> '1.2.5.1', 67);
>> >>
>> >> if ($error === FALSE) {
>> >> print("Send failed for address");
>> >> print_r("ERROR: ". $error ." while trying to send.");
>> >> } else {
>> >> echo "Sent ". $error ." bytes\n";
>> >> }
>> >>
>> >> // convert a string to hex values
>> >> function str2hex($s) {
>> >> $hex = '';
>> >> for ($i = 0 ; $i < strlen($s); $i++) {
>> >> $hex .= dechex(ord($s[$i]));
>> >> }
>> >>
>> >> return($hex);
>> >> }
>> >>
>> >> // convert an ip address to hex values
>> >> function ip2hex($ip) {
>> >> $t = explode(".", $ip);
>> >> return int2hex($t[0]) . int2hex($t[1]) . int2hex($t[2]) .
>> >> int2hex($t[3]);
>> >> }
>> >>
>> >> // convert an int value to 0 padded hex value
>> >> function int2hex($int) {
>> >> $hex = base_convert($int, 10, 16);
>> >>
>> >> switch(strlen($hex)) {
>> >> case 1:
>> >> case 3:
>> >> case 7: $hex = '0' . $hex; break;
>> >> case 5: $hex = '000' . $hex; break;
>> >> }
>> >>
>> >> return $hex;
>> >> }
>> >>
>> >> ?>
>> >>
>> >>
>> >> ..and then, the packet trace (what was actually sent):
>> >>
>> >> No. Time Source Destination
>> Protocol
>> >> Info
>> >> 104942 1994.263153 1.2.5.1 1.2.5.1 DHCP DHCP Lease
>> >> query - Transaction ID 0x12345678
>> >>
>> >> Frame 104942 (292 bytes on wire, 292 bytes captured)
>> >> Arrival Time: May 21, 2010 09:56:26.129252000
>> >> [Time delta from previous captured frame: 0.000276000 seconds]
>> >> [Time delta from previous displayed frame: 1.795716000 seconds]
>> >> [Time since reference or first frame: 1994.263153000 seconds]
>> >> Frame Number: 104942
>> >> Frame Length: 292 bytes
>> >> Capture Length: 292 bytes
>> >> [Frame is marked: False]
>> >> [Protocols in frame: sll:ip:udp:bootp]
>> >> [Coloring Rule Name: UDP]
>> >> [Coloring Rule String: udp]
>> >> Protocol: IP (0x0800)
>> >> Internet Protocol, Src: 1.2.5.1 (1.2.5.1), Dst: 1.2.5.1 (1.2.5.1)
>> >> Version: 4
>> >> Header length: 20 bytes
>> >> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN:
>> 0x00)
>> >> 0000 00.. = Differentiated Services Codepoint: Default (0x00)
>> >> .... ..0. = ECN-Capable Transport (ECT): 0
>> >> .... ...0 = ECN-CE: 0
>> >> Total Length: 276
>> >> Identification: 0x0000 (0)
>> >> Flags: 0x04 (Don't Fragment)
>> >> 0... = Reserved bit: Not set
>> >> .1.. = Don't fragment: Set
>> >> ..0. = More fragments: Not set
>> >> Fragment offset: 0
>> >> Time to live: 64
>> >> Protocol: UDP (0x11)
>> >> Header checksum: 0x7ffb [correct]
>> >> [Good: True]
>> >> [Bad : False]
>> >> Source: 1.2.5.1 (1.2.5.1)
>> >> Destination: 1.2.5.1 (1.2.5.1)
>> >> User Datagram Protocol, Src Port: bootpc (68), Dst Port: bootps (67)
>> >> Source port: bootpc (68)
>> >> Destination port: bootps (67)
>> >> Length: 256
>> >> Checksum: 0xd472 [correct]
>> >> [Good Checksum: True]
>> >> [Bad Checksum: False]
>> >> Bootstrap Protocol
>> >> Message type: Boot Request (1)
>> >> Hardware type: NET/ROM pseudo
>> >> Hardware address length: 0
>> >> Hops: 0
>> >> Transaction ID: 0x12345678
>> >> Seconds elapsed: 5
>> >> Bootp flags: 0x0000 (Unicast)
>> >> 0... .... .... .... = Broadcast flag: Unicast
>> >> .000 0000 0000 0000 = Reserved flags: 0x0000
>> >> Client IP address: 1.2.3.4 (1.2.3.4)
>> >> Your (client) IP address: 0.0.0.0 (0.0.0.0)
>> >> Next server IP address: 0.0.0.0 (0.0.0.0)
>> >> Relay agent IP address: 1.2.5.1 (1.2.5.1)
>> >> Client address not given
>> >> Server host name not given
>> >> Boot file name not given
>> >> Magic cookie: (OK)
>> >> Option: (t=53,l=1) DHCP Message Type = DHCP Lease query
>> >> Option: (53) DHCP Message Type
>> >> Length: 1
>> >> Value: 0A
>> >> Option: (t=55,l=2) Parameter Request List
>> >> Option: (55) Parameter Request List
>> >> Length: 2
>> >> Value: 3A52
>> >> 58 = Renewal Time Value
>> >> 82 = Agent Information Option
>> >> End Option
>> >>
>> >>
>> >> Umm....help?
>> >>
>> >> Thanks again for any help offered!!
>> >>
>> >>
>> >> --
>> >> Patrick T. Winn
>> >> Systems Engineer
>> >> Cimarron Telephone Co.
>> >> (918) 865-3311 x280 - office
>> >> (918) 606-6602 - cell
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> dhcp-hackers mailing list
>> >> dhcp-hackers at lists.isc.org
>> >> https://lists.isc.org/mailman/listinfo/dhcp-hackers
>> >>
>> >
>>
>>
>> _______________________________________________
>> dhcp-hackers mailing list
>> dhcp-hackers at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-hackers
>>
>
>
>
More information about the dhcp-hackers
mailing list