Questions on dhcp-release.
Ben Greear
greearb at candelatech.com
Wed Feb 22 05:45:57 UTC 2012
First, I notice that dhcp_release packets are not bound
to the interface in question, and so do not properly handle
routing rules based on binding to interfaces.
I think the patch below fixes this problem, but maybe
there is a reason it was using the fallback_interface
by default?
Second: Is there anything that would make it difficult
to craft a packet that released a lease obtained by
another machine? From a brief look at a captured packet,
it seems that if we know the dhcp-server, the client's IP,
and the client's MAC, we could craft a dhcp-release packet
and force it out our NIC (with faked source-mac)???
I have a client that wants such a feature to clean up
leases obtained by some testing tool that they use...
+++ b/dhcp-4.2.0/client/dhclient.c
@@ -2578,20 +2578,24 @@ void send_release (cpp)
inet_ntoa (destination.sin_addr),
ntohs (destination.sin_port));
- if (fallback_interface)
- result = send_packet (fallback_interface,
- (struct packet *)0,
+ if (client -> interface) {
+ log_error("using client interface: %s\n", client->interface->name);
+ /* Send out a packet. */
+ result = send_packet (client -> interface, (struct packet *)0,
&client -> packet,
client -> packet_length,
from, &destination,
(struct hardware *)0);
- else
- /* Send out a packet. */
- result = send_packet (client -> interface, (struct packet *)0,
+ }
+ else {
+ log_error("using fallback_interface: %s\n", fallback_interface->name);
+ result = send_packet (fallback_interface,
+ (struct packet *)0,
&client -> packet,
client -> packet_length,
from, &destination,
(struct hardware *)0);
+ }
}
void
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the dhcp-hackers
mailing list