Starting DHCP packets.

This commit is contained in:
Kyle Isom 2023-05-02 23:33:14 +00:00
parent 3ec9af1fde
commit ac41c7a480
17 changed files with 11743 additions and 32 deletions

View File

@ -5,7 +5,6 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"net" "net"
"strconv"
"git.wntrmute.dev/kyle/kdhcp/log" "git.wntrmute.dev/kyle/kdhcp/log"
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
@ -42,6 +41,7 @@ func (r *IPRange) ensureV4() (err error) {
} }
type Network struct { type Network struct {
IP net.IP `yaml:"address"`
Gateway net.IP `yaml:"gateway"` Gateway net.IP `yaml:"gateway"`
Mask net.IP `yaml:"mask"` Mask net.IP `yaml:"mask"`
Broadcast net.IP `yaml:"broadcast"` Broadcast net.IP `yaml:"broadcast"`
@ -50,6 +50,11 @@ type Network struct {
} }
func (n *Network) ensureV4() (err error) { func (n *Network) ensureV4() (err error) {
n.IP, err = ensureV4(n.IP)
if err != nil {
return fmt.Errorf("config: IP %w", err)
}
n.Gateway, err = ensureV4(n.Gateway) n.Gateway, err = ensureV4(n.Gateway)
if err != nil { if err != nil {
return fmt.Errorf("config: gateway %w", err) return fmt.Errorf("config: gateway %w", err)
@ -83,8 +88,7 @@ type Config struct {
Version int `yaml:"version"` Version int `yaml:"version"`
Interface string `yaml:"interface"` Interface string `yaml:"interface"`
Address string `yaml:"address"` Address string `yaml:"address"`
IP net.IP Port int `yaml:"port"`
Port int
LeaseFile string `yaml:"lease_file"` LeaseFile string `yaml:"lease_file"`
Network *Network `yaml:"network"` Network *Network `yaml:"network"`
Pools map[string]*IPRange `yaml:"pools"` Pools map[string]*IPRange `yaml:"pools"`
@ -104,26 +108,6 @@ func (cfg *Config) process() (err error) {
return fmt.Errorf("config: while looking up interface %s: %w", cfg.Interface, err) return fmt.Errorf("config: while looking up interface %s: %w", cfg.Interface, err)
} }
ip, port, err := net.SplitHostPort(cfg.Address)
if err != nil {
return err
}
cfg.IP = net.ParseIP(ip)
if cfg.IP == nil {
return fmt.Errorf("config: parsing IP from address %s: %w", cfg.Address, err)
}
cfg.IP, err = ensureV4(cfg.IP)
if err != nil {
return fmt.Errorf("config: address %w", err)
}
cfg.Port, err = strconv.Atoi(port)
if err != nil {
return fmt.Errorf("config: invalid port %s: %w", port, err)
}
err = cfg.Network.ensureV4() err = cfg.Network.ensureV4()
if err != nil { if err != nil {
return err return err

View File

@ -13,6 +13,7 @@ func FindConfigPath() string {
user, err := user.Current() user, err := user.Current()
if err == nil { if err == nil {
if homedir := user.HomeDir; homedir != "" { if homedir := user.HomeDir; homedir != "" {
paths = append(paths, filepath.Join(homedir, "code", "kdhcp", "kdhcpd.yaml"))
paths = append(paths, filepath.Join(homedir, ".config", "kdhcp", "kdhcpd.yaml")) paths = append(paths, filepath.Join(homedir, ".config", "kdhcp", "kdhcpd.yaml"))
} }
} }
@ -20,6 +21,7 @@ func FindConfigPath() string {
paths = append(paths, "/etc/kdhcp/kdhcpd.yaml") paths = append(paths, "/etc/kdhcp/kdhcpd.yaml")
for _, path := range paths { for _, path := range paths {
log.Debugf("config: looking for config file at %s", path)
_, err = os.Stat(path) _, err = os.Stat(path)
if os.IsNotExist(err) { if os.IsNotExist(err) {
continue continue

15
dhcp/BUILD.bazel Normal file
View File

@ -0,0 +1,15 @@
load("@io_bazel_rules_go//go:def.bzl", "go_library")
go_library(
name = "dhcp",
srcs = [
"options.go",
"packet.go",
],
importpath = "git.wntrmute.dev/kyle/kdhcp/dhcp",
visibility = ["//visibility:public"],
deps = [
"//log",
"@com_github_davecgh_go_spew//spew",
],
)

46
dhcp/options.go Normal file
View File

@ -0,0 +1,46 @@
package dhcp
import (
"errors"
"io"
)
type OptionTag uint8
type Option func(req *BootRequest, r io.Reader) error
const (
OptionTagPadding OptionTag = 0
OptionTagHostName = 12
OptionTagMessageType = 53
OptionTagParameterRequestList = 55
OptionTagEnd = 255
)
var optionRegistry = map[OptionTag]Option{
OptionTagPadding: OptionTag,
OptionTagHostName: OptionHostName,
OptionTagMessageType: OptionMessageType,
OptionTagParameterRequestList: OptionParameterRequestList,
OptionTagEnd: OptionEnd,
}
func OptionPad(req *BootRequest, r io.Reader) error {
return nil
}
func OptionHostName(req *BootRequest, r io.Reader) error {
return errors.New("dhcp: option not implemented yet")
}
func OptionMessageType(req *BootRequest, r io.Reader) error {
return errors.New("dhcp: option not implemented yet")
}
func OptionParameterRequestList(req *BootRequest, r io.Reader) error {
return errors.New("dhcp: option not implemented yet")
}
func OptionEnd(req *BootRequest, r io.Reader) error {
return errors.New("dhcp: option not implemented yet")
}

143
dhcp/packet.go Normal file
View File

@ -0,0 +1,143 @@
package dhcp
import (
"bytes"
"encoding/binary"
"fmt"
"net"
"strings"
"git.wntrmute.dev/kyle/kdhcp/log"
"github.com/davecgh/go-spew/spew"
)
const (
maxHardwareAddrLen = 16
maxServerName = 64
maxFileName = 128
)
var anyAddr = net.IP([]byte{0, 0, 0, 0})
func formatMAC(mac []byte) string {
s := []string{}
for i := 0; i < len(mac); i++ {
s = append(s, fmt.Sprintf("%0x", mac[i:i+1]))
}
return strings.Join(s, ":")
}
type BootRequest struct {
MessageType uint8
HardwareType uint8
HardwareAddress []byte
Hops uint8
TransactionID uint32
SecondsElapsed uint16
Flags uint16
ServerName string
FileName string
ClientIP net.IP
YourIP net.IP
NextIP net.IP
RelayIP net.IP
DHCPType uint8 // option 53
HostName string // option 12
ParameterRequests []string
}
func (req *BootRequest) Read(packet []byte) error {
buf := bytes.NewBuffer(packet)
read := func(v any) error {
return binary.Read(buf, binary.BigEndian, v)
}
if err := read(&req.MessageType); err != nil {
return err
}
if err := read(&req.HardwareType); err != nil {
return err
}
var hwaLength uint8
if err := read(&hwaLength); err != nil {
return err
}
if err := read(&req.Hops); err != nil {
return err
}
if err := read(&req.TransactionID); err != nil {
return err
}
if err := read(&req.SecondsElapsed); err != nil {
return err
}
if err := read(&req.Flags); err != nil {
return err
}
req.ClientIP = anyAddr[:]
if _, err := buf.Read(req.ClientIP); err != nil {
return err
}
req.YourIP = anyAddr[:]
if _, err := buf.Read(req.YourIP); err != nil {
return err
}
req.NextIP = anyAddr[:]
if _, err := buf.Read(req.NextIP); err != nil {
return err
}
req.RelayIP = anyAddr[:]
if _, err := buf.Read(req.RelayIP); err != nil {
return err
}
req.HardwareAddress = make([]byte, int(hwaLength))
if _, err := buf.Read(req.HardwareAddress); err != nil {
return err
}
hwaPad := make([]byte, maxHardwareAddrLen-hwaLength)
if _, err := buf.Read(hwaPad); err != nil {
return err
}
log.Debugf("padding: %x", hwaPad)
tempBuf := make([]byte, maxServerName)
if _, err := buf.Read(tempBuf); err != nil {
return err
}
req.ServerName = string(bytes.Trim(tempBuf, "\x00"))
tempBuf = make([]byte, maxFileName)
if _, err := buf.Read(tempBuf); err != nil {
return err
}
req.FileName = string(bytes.Trim(tempBuf, "\x00"))
spew.Dump(*req)
return nil
}
func ReadRequest(pkt []byte) (*BootRequest, error) {
req := &BootRequest{}
err := req.Read(pkt)
if err != nil {
return nil, err
}
log.Debugf("dhcp: BOOTP request with txid %d for %s", req.TransactionID, formatMAC(req.HardwareAddress))
return req, nil
}

2523
docs/rfc2131.txt Normal file

File diff suppressed because it is too large Load Diff

1907
docs/rfc2132.txt Normal file

File diff suppressed because it is too large Load Diff

339
docs/rfc3203.txt Normal file
View File

@ -0,0 +1,339 @@
Network Working Group Y. T'Joens
Request for Comments: 3203 C. Hublet
Category: Standards Track Alcatel
P. De Schrijver
Mind
December 2001
DHCP reconfigure extension
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This document defines extensions to DHCP (Dynamic Host Configuration
Protocol) to allow dynamic reconfiguration of a single host triggered
by the DHCP server (e.g., a new IP address and/or local configuration
parameters). This is achieved by introducing a unicast FORCERENEW
message which forces the client to the RENEW state. The behaviour
for hosts using the DHCP INFORM message to obtain configuration
information is also described.
1. Introduction
The procedures as described within this document allow the dynamic
reconfiguration of individual hosts.
1.1 Conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. DHCP force renew
This section describes the FORCERENEW message extension.
T'Joens, et al. Standards Track [Page 1]
RFC 3203 DHCP reconfigure extension December 2001
2.1 Terminology
DHCP client : host to be reconfigured using DHCP.
DHCP server : server which configured the DHCP client.
2.2 Force renew procedures
The DHCP server sends a unicast FORCERENEW message to the client.
Upon receipt of the unicast FORCERENEW message, the client will
change its state to the RENEW state, and will then try to renew its
lease according to normal DHCP procedures. If the server wants to
assign a new IP address to the client, it will reply to the DHCP
REQUEST with a DHCP NAK. The client will then go back to the init
state and broadcast a DHCP DISCOVER message. The server can now
assign a new IP address to the client by replying with a DHCP OFFER.
If the FORCERENEW message is lost, the DHCP server will not receive a
DHCP REQUEST from the client and it should retransmit the FORCERENEW
message using an exponential backoff algorithm. Depending on the
bandwidth of the network between server and client, the server should
choose a delay. This delay grows exponentially as retransmissions
fail. The amount of retransmissions should be limited.
The procedures described above assume the server to send a unicast
FORCERENEW message to the client. Receipt of a multicast FORCERENEW
message by the client should be silently discarded.
It can be that a client has obtained a network address through some
other means (e.g., manual configuration) and has used a DHCP INFORM
request to obtain other local configuration parameters. Such clients
should respond to the receipt of a unicast FORCERENEW message with a
new DHCP INFORM request so as to obtain a potential new set of local
configuration parameters. Note that the usage of these procedures
are limited to the set of options that are eligible for configuration
by DHCP and should not override manually configured parameters.
Note further that usage of the FORCERENEW message to reconfigure a
client address or local configuration parameters can lead to the
interruption of active sessions, and that as such these procedures
should be used in controlled circumstances.
T'Joens, et al. Standards Track [Page 2]
RFC 3203 DHCP reconfigure extension December 2001
2.3 Example usage
2.3.1 Embedded DHCP clients
The autoconfiguration of home gateways (more generically Network
Termination equipment) for public networking purposes can be achieved
through means of DHCP, as described in [DSL_autoconf]. In order to
allow service changes or service interruption, the FORCERENEW message
can trigger the home gateway to contact the DHCP server, prior to the
expiry of the lease.
2.3.2 Hospitality service scenario
In self provisioned networks, e.g., hotel rooms, the hotel owned DHCP
server can hand out limited use IP addresses, that allows the
customer to consume local services or select external services from a
web browser interface. In order to allow external services through
other service providers, e.g., global internet services or enterprise
VPN services, the DHCP server can trigger the client to ask for a new
DHCP initialization session so as to obtain e.g., a globally routed
IP address.
2.3.3 Network renumbering
Under tightly controlled conditions, the FORCERENEW procedures can be
used to brute force the renumbering of entire subnets, client per
client, under control of a DHCP server.
2.4 Rationale
The approach as described in this document has a number of
advantages. It does not require new states to be added to the DHCP
client implementation. This minimizes the amount of code to be
changed. It also allows lease RENEWAL to be driven by the server,
which can be used to optimize network usage or DHCP server load.
T'Joens, et al. Standards Track [Page 3]
RFC 3203 DHCP reconfigure extension December 2001
3. Extended DHCP state diagram
+--------+ +------+
| Init / | +-->+ Init +<---------------+-------------------+
| Reboot | | +--+---+ | |
+---+----+ DHCPNAK/ -/Send DHCPDISCOVER | |
| Restart | (broadcast) | |
| | v v-------------+ | |
-/Send DHCPREQUEST| +----+------+ DHCPOFFER/DHCPDECLINE |
| (broadcast)| | Selecting |----------+ | |
v | +----+------+ | |
+---+----+ | DHCPOFFER/DHCPREQUEST | |
| Reboot +---------+ (broadcast) | |
+---+----+ v | |
| +----+-------+ DHCPNAK /halt network
| + Requesting | | lease expired
DHCPACK/ +----+-------+ | |
Record lease | | |
set timers DHCPACK/Record lease | |
| v Set T1 & T2 | |
| +--+----+DHCPFORCE +---+---+ +----+---+
+----------------->+ Bound +---------->+ Renew +--------->+ Rebind |
+--+-+--+T1 expires +-+-+---+T2 expires+----+---+
^ /DHCPREQUEST | | /broadcast |
DHCPACK to leasing | | DHCPREQUEST |
| server | | |
+----------------------------------------+
4. Message layout
The FORCERENEW message makes use of the normal DHCP message layout
with the introduction of a new DHCP message type. DHCP option 53
(DHCP message type) is extended with a new value: DHCPFORCERENEW (9)
5. IANA Considerations
The new value for DHCP option 53 (DHCP message type) to indicate a
DHCPFORCERENEW message is 9.
6. Security Considerations
As in some network environments FORCERENEW can be used to snoop and
spoof traffic, the FORCERENEW message MUST be authenticated using the
procedures as described in [DHCP-AUTH]. FORCERENEW messages failing
the authentication should be silently discarded by the client.
T'Joens, et al. Standards Track [Page 4]
RFC 3203 DHCP reconfigure extension December 2001
6.1 Protocol vulnerabilities
The mechanism described in this document is vulnerable to a denial of
service attack through flooding a client with bogus FORCERENEW
messages. The calculations involved in authenticating the bogus
FORECERENEW messages may overwhelm the device on which the client is
running.
7. References
[DHCP] Droms, R., "Dynamic Host Configuration Protocol", RFC
2131, March 1997.
[DHCP-AUTH] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001.
[DSL_autoconf] Technical Report TR-044, "Auto-Configuration for Basic
Internet (IP-based) Services", DSL Forum, November
2001
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
8. Acknowledgements
The authors would like to thank David Allan, Nortel, for the
constructive comments to these procedures.
9. Authors' Addresses
Yves T'joens
Alcatel Network Strategy Group
Francis Wellesplein 1, 2018 Antwerp, Belgium
Phone: +32 3 240 7890
EMail: yves.tjoens@alcatel.be
Peter De Schrijver
Mind NV
Vaartkom 11
3000 Leuven
EMail: p2@mind.be
Alcatel Broadband Networking Division
Veldkant 33b, 2550 Kontich, Belgium
Phone: +32 3 450 3322
EMail: Christian.Hublet@alcatel.be
T'Joens, et al. Standards Track [Page 5]
RFC 3203 DHCP reconfigure extension December 2001
10. Full Copyright Statement
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
T'Joens, et al. Standards Track [Page 6]

451
docs/rfc3397.txt Normal file
View File

@ -0,0 +1,451 @@
Network Working Group B. Aboba
Request for Comments: 3397 Microsoft
Category: Standards Track S. Cheshire
Apple Computer, Inc.
November 2002
Dynamic Host Configuration Protocol (DHCP) Domain Search Option
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This document defines a new Dynamic Host Configuration Protocol
(DHCP) option which is passed from the DHCP Server to the DHCP Client
to specify the domain search list used when resolving hostnames using
DNS.
Table of Contents
1. Introduction ................................................ 2
1.1 Terminology ............................................ 2
1.2 Requirements Language .................................. 2
2. Domain Search Option Format ................................. 2
3. Example ..................................................... 3
4. Security Considerations ..................................... 4
5. Normative References ........................................ 5
6. Informative References ...................................... 5
7. IANA Considerations ......................................... 6
8. Acknowledgments ............................................. 6
9. Intellectual Property Statement ............................. 6
10. Authors' Addresses .......................................... 7
11. Full Copyright Statement .................................... 8
Aboba & Cheshire Standards Track [Page 1]
RFC 3397 DHCP Domain Search Option November 2002
1. Introduction
The Dynamic Host Configuration Protocol (DHCP) [RFC2131] provides a
mechanism for host configuration. [RFC2132] and [RFC2937] allow DHCP
servers to pass name service configuration information to DHCP
clients. In some circumstances, it is useful for the DHCP client to
be configured with the domain search list. This document defines a
new DHCP option which is passed from the DHCP Server to the DHCP
Client to specify the domain search list used when resolving
hostnames with DNS. This option applies only to DNS and does not
apply to other name resolution mechanisms.
1.1. Terminology
This document uses the following terms:
DHCP client
A DHCP client or "client" is an Internet host using DHCP to
obtain configuration parameters such as a network address.
DHCP server
A DHCP server or "server" is an Internet host that returns
configuration parameters to DHCP clients.
1.2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in "Key words for use in
RFCs to Indicate Requirement Levels" [RFC2119].
2. Domain Search Option Format
The code for this option is 119.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| 119 | Len | Searchstring...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Searchstring...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
In the above diagram, Searchstring is a string specifying the
searchlist. If the length of the searchlist exceeds the maximum
permissible within a single option (255 octets), then multiple
options MAY be used, as described in "Encoding Long Options in the
Dynamic Host Configuration Protocol (DHCPv4)" [RFC3396].
Aboba & Cheshire Standards Track [Page 2]
RFC 3397 DHCP Domain Search Option November 2002
To enable the searchlist to be encoded compactly, searchstrings in
the searchlist MUST be concatenated and encoded using the technique
described in section 4.1.4 of "Domain Names - Implementation And
Specification" [RFC1035]. In this scheme, an entire domain name or a
list of labels at the end of a domain name is replaced with a pointer
to a prior occurrence of the same name. Despite its complexity, this
technique is valuable since the space available for encoding DHCP
options is limited, and it is likely that a domain searchstring will
contain repeated instances of the same domain name. Thus the DNS
name compression is both useful and likely to be effective.
For use in this specification, the pointer refers to the offset
within the data portion of the DHCP option (not including the
preceding DHCP option code byte or DHCP option length byte).
If multiple Domain Search Options are present, then the data portions
of all the Domain Search Options are concatenated together as
specified in "Encoding Long DHCP Options in the Dynamic Host
Configuration Protocol (DHCPv4)" [RFC3396] and the pointer indicates
an offset within the complete aggregate block of data.
3. Example
Below is an example encoding of a search list consisting of
"eng.apple.com." and "marketing.apple.com.":
+---+---+---+---+---+---+---+---+---+---+---+
|119| 9 | 3 |'e'|'n'|'g'| 5 |'a'|'p'|'p'|'l'|
+---+---+---+---+---+---+---+---+---+---+---+
+---+---+---+---+---+---+---+---+---+---+---+
|119| 9 |'e'| 3 |'c'|'o'|'m'| 0 | 9 |'m'|'a'|
+---+---+---+---+---+---+---+---+---+---+---+
+---+---+---+---+---+---+---+---+---+---+---+
|119| 9 |'r'|'k'|'e'|'t'|'i'|'n'|'g'|xC0|x04|
+---+---+---+---+---+---+---+---+---+---+---+
Note:
i. The encoding has been split (for this example) into three
Domain Search Options. All Domain Search Options are logically
concatenated into one block of data before being interpreted by
the client.
ii. The encoding of "eng.apple.com." ends with a zero, the null
root label, to mark the end of the name, as required by RFC
1035.
Aboba & Cheshire Standards Track [Page 3]
RFC 3397 DHCP Domain Search Option November 2002
iii. The encoding of "marketing" (for "marketing.apple.com.") ends
with the two-octet compression pointer C004 (hex), which points
to offset 4 in the complete aggregated block of Domain Search
Option data, where another validly encoded domain name can be
found to complete the name ("apple.com.").
Every search domain name must end either with a zero or with a two-
octet compression pointer. If the receiver is part-way through
decoding a search domain name when it reaches the end of the complete
aggregated block of the searchlist option data, without finding a
zero or a valid two-octet compression pointer, then the partially
read name MUST be discarded as invalid.
4. Security Considerations
Potential attacks on DHCP are discussed in section 7 of the DHCP
protocol specification [RFC2131], as well as in the DHCP
authentication specification [RFC3118]. In particular, using the
domain search option, a rogue DHCP server might be able to redirect
traffic to another site.
For example, a user requesting a connection to "myhost", expecting to
reach "myhost.bigco.com" might instead be directed to
"myhost.roguedomain.com". Note that support for DNSSEC [RFC2535]
will not avert this attack, since the resource records for
"myhost.roguedomain.com" might be legitimately signed. This makes
the domain search option a more fruitful avenue of attack for a rogue
DHCP server than providing an illegitimate DNS server option
(described in [RFC2132]).
The degree to which a host is vulnerable to attack via an invalid
domain search option is determined in part by DNS resolver behavior.
[RFC1535] discusses security weaknesses related to implicit as well
as explicit domain searchlists, and provides recommendations relating
to resolver searchlist processing. [RFC1536] section 6 also
addresses this vulnerability, and recommends that resolvers:
[1] Use searchlists only when explicitly specified; no implicit
searchlists should be used.
[2] Resolve a name that contains any dots by first trying it as an
FQDN and if that fails, with the local domain name (or
searchlist if specified) appended.
[3] Resolve a name containing no dots by appending with the
searchlist right away, but once again, no implicit searchlists
should be used.
Aboba & Cheshire Standards Track [Page 4]
RFC 3397 DHCP Domain Search Option November 2002
In order to minimize potential vulnerabilities it is recommended
that:
[a] Hosts implementing the domain search option SHOULD also
implement the searchlist recommendations of [RFC1536], section
6.
[b] Where DNS parameters such as the domain searchlist or DNS
servers have been manually configured, these parameters SHOULD
NOT be overridden by DHCP.
[c] Domain search option implementations MAY require DHCP
authentication [RFC3118] prior to accepting a domain search
option.
5. Normative References
[RFC1035] Mockapetris, P., "Domain Names - Implementation and
Specification", STD 13, RFC 1035, November 1987.
[RFC1536] Kumar, A., Postel, J., Neuman, C., Danzig, P. and S.
Miller, "Common DNS Implementation Errors and Suggested
Fixes", RFC 1536, October 1993.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC
2131, March 1997.
[RFC3118] Droms, R. and W. Arbaugh, "Authentication for DHCP
Messages", RFC 3118, June 2001.
[RFC3396] Lemon, T. and S. Cheshire, "Encoding Long Options in the
Dynamic Host Configuration Protocol (DHCPv4)", RFC 3396,
November 2002.
6. Informative References
[RFC1535] Gavron, E., "A Security Problem and Proposed Correction
With Widely Deployed DNS Software", RFC 1535, October
1993.
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP
Vendor Extensions", RFC 2132, March 1997.
Aboba & Cheshire Standards Track [Page 5]
RFC 3397 DHCP Domain Search Option November 2002
[RFC2535] Eastlake, D., "Domain Name System Security Extensions",
RFC 2535, March 1999.
[RFC2937] Smith, C., "The Name Service Search Option for DHCP", RFC
2937, September 2000.
7. IANA Considerations
The IANA has assigned DHCP option code 119 to the Domain Search
Option.
8. Acknowledgments
The authors would like to thank Michael Patton, Erik Guttman, Olafur
Gudmundsson, Thomas Narten, Mark Andrews, Erik Nordmark, Myron
Hattig, Keith Moore, and Bill Manning for comments on this memo.
9. Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
Aboba & Cheshire Standards Track [Page 6]
RFC 3397 DHCP Domain Search Option November 2002
10. Authors' Addresses
Bernard Aboba
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
Phone: +1 425 706 6605
EMail: bernarda@microsoft.com
Stuart Cheshire
Apple Computer, Inc.
1 Infinite Loop
Cupertino
California 95014
USA
Phone: +1 408 974 3207
EMail: rfc@stuartcheshire.org
Aboba & Cheshire Standards Track [Page 7]
RFC 3397 DHCP Domain Search Option November 2002
11. Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Aboba & Cheshire Standards Track [Page 8]

507
docs/rfc3442.txt Normal file
View File

@ -0,0 +1,507 @@
Network Working Group T. Lemon
Request for Comments: 3442 Nominum, Inc.
Updates: 2132 S. Cheshire
Category: Standards Track Apple Computer, Inc.
B. Volz
Ericsson
December 2002
The Classless Static Route Option for
Dynamic Host Configuration Protocol (DHCP) version 4
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This document defines a new Dynamic Host Configuration Protocol
(DHCP) option which is passed from the DHCP Server to the DHCP Client
to configure a list of static routes in the client. The network
destinations in these routes are classless - each routing table entry
includes a subnet mask.
Introduction
This option obsoletes the Static Route option (option 33) defined in
RFC 2132 [4].
The IP protocol [1] uses routers to transmit packets from hosts
connected to one IP subnet to hosts connected to a different IP
subnet. When an IP host (the source host) wishes to transmit a
packet to another IP host (the destination), it consults its routing
table to determine the IP address of the router that should be used
to forward the packet to the destination host.
The routing table on an IP host can be maintained in a variety of
ways - using a routing information protocol such as RIP [8], ICMP
router discovery [6,9] or using the DHCP Router option, defined in
RFC 2132 [4].
Lemon, et. al. Standards Track [Page 1]
RFC 3442 Classless Static Route Option for DHCPv4 December 2002
In a network that already provides DHCP service, using DHCP to update
the routing table on a DHCP client has several virtues. It is
efficient, since it makes use of messages that would have been sent
anyway. It is convenient - the DHCP server configuration is already
being maintained, so maintaining routing information, at least on a
relatively stable network, requires little extra work. If DHCP
service is already in use, no additional infrastructure need be
deployed.
The DHCP protocol as defined in RFC 2131 [3] and the options defined
in RFC 2132 [4] only provide a mechanism for installing a default
route or installing a table of classful routes. Classful routes are
routes whose subnet mask is implicit in the subnet number - see
section 3.2 of STD 5, RFC 791 [1] for details on classful routing.
Classful routing is no longer in common use, so the DHCP Static Route
option is no longer useful. Currently, classless routing [7, 10] is
the most commonly-deployed form of routing on the Internet. In
classless routing, IP addresses consist of a network number (the
combination of the network number and subnet number described in RFC
950 [7]) and a host number.
In classful IP, the network number and host number are derived from
the IP address using a bitmask whose value is determined by the first
few bits of the IP address. In classless IP, the network number and
host number are derived from the IP address using a separate
quantity, the subnet mask. In order to determine the network to
which a given route applies, an IP host must know both the network
number AND the subnet mask for that network.
The Static Routes option (option 33) does not provide a subnet mask
for each route - it is assumed that the subnet mask is implicit in
whatever network number is specified in each route entry. The
Classless Static Routes option does provide a subnet mask for each
entry, so that the subnet mask can be other than what would be
determined using the algorithm specified in STD 5, RFC 791 [1] and
STD 5, RFC 950 [7].
Definitions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119 [2].
Lemon, et. al. Standards Track [Page 2]
RFC 3442 Classless Static Route Option for DHCPv4 December 2002
This document also uses the following terms:
"DHCP client"
DHCP client or "client" is an Internet host using DHCP to
obtain configuration parameters such as a network address.
"DHCP server"
A DHCP server or "server" is an Internet host that returns
configuration parameters to DHCP clients.
"link"
Any set of network attachment points that will all receive a
link-layer broadcast sent on any one of the attachment points.
This term is used in DHCP because in some cases more than one
IP subnet may be configured on a link. DHCP uses a local-
network (all-ones) broadcast, which is not subnet-specific, and
will therefore reach all nodes connected to the link,
regardless of the IP subnet or subnets on which they are
configured.
A "link" is sometimes referred to as a broadcast domain or
physical network segment.
Classless Route Option Format
The code for this option is 121, and its minimum length is 5 bytes.
This option can contain one or more static routes, each of which
consists of a destination descriptor and the IP address of the router
that should be used to reach that destination.
Code Len Destination 1 Router 1
+-----+---+----+-----+----+----+----+----+----+
| 121 | n | d1 | ... | dN | r1 | r2 | r3 | r4 |
+-----+---+----+-----+----+----+----+----+----+
Destination 2 Router 2
+----+-----+----+----+----+----+----+
| d1 | ... | dN | r1 | r2 | r3 | r4 |
+----+-----+----+----+----+----+----+
In the above example, two static routes are specified.
Lemon, et. al. Standards Track [Page 3]
RFC 3442 Classless Static Route Option for DHCPv4 December 2002
Destination descriptors describe the IP subnet number and subnet mask
of a particular destination using a compact encoding. This encoding
consists of one octet describing the width of the subnet mask,
followed by all the significant octets of the subnet number.
The width of the subnet mask describes the number of one bits in the
mask, so for example a subnet with a subnet number of 10.0.127.0 and
a netmask of 255.255.255.0 would have a subnet mask width of 24.
The significant portion of the subnet number is simply all of the
octets of the subnet number where the corresponding octet in the
subnet mask is non-zero. The number of significant octets is the
width of the subnet mask divided by eight, rounding up, as shown in
the following table:
Width of subnet mask Number of significant octets
0 0
1- 8 1
9-16 2
17-24 3
25-32 4
The following table contains some examples of how various subnet
number/mask combinations can be encoded:
Subnet number Subnet mask Destination descriptor
0 0 0
10.0.0.0 255.0.0.0 8.10
10.0.0.0 255.255.255.0 24.10.0.0
10.17.0.0 255.255.0.0 16.10.17
10.27.129.0 255.255.255.0 24.10.27.129
10.229.0.128 255.255.255.128 25.10.229.0.128
10.198.122.47 255.255.255.255 32.10.198.122.47
Local Subnet Routes
In some cases more than one IP subnet may be configured on a link.
In such cases, a host whose IP address is in one IP subnet in the
link could communicate directly with a host whose IP address is in a
different IP subnet on the same link. In cases where a client is
being assigned an IP address on an IP subnet on such a link, for each
IP subnet in the link other than the IP subnet on which the client
has been assigned the DHCP server MAY be configured to specify a
router IP address of 0.0.0.0.
Lemon, et. al. Standards Track [Page 4]
RFC 3442 Classless Static Route Option for DHCPv4 December 2002
For example, consider the case where there are three IP subnets
configured on a link: 10.0.0/24, 192.168.0/24, 10.0.21/24. If the
client is assigned an IP address of 10.0.21.17, then the server could
include a route with a destination of 10.0.0/24 and a router address
of 0.0.0.0, and also a route with a destination of 192.168.0/24 and a
router address of 0.0.0.0.
A DHCP client whose underlying TCP/IP stack does not provide this
capability MUST ignore routes in the Classless Static Routes option
whose router IP address is 0.0.0.0. Please note that the behavior
described here only applies to the Classless Static Routes option,
not to the Static Routes option nor the Router option.
DHCP Client Behavior
DHCP clients that do not support this option MUST ignore it if it is
received from a DHCP server. DHCP clients that support this option
MUST install the routes specified in the option, except as specified
in the Local Subnet Routes section. DHCP clients that support this
option MUST NOT install the routes specified in the Static Routes
option (option code 33) if both a Static Routes option and the
Classless Static Routes option are provided.
DHCP clients that support this option and that send a DHCP Parameter
Request List option MUST request both this option and the Router
option [4] in the DHCP Parameter Request List.
DHCP clients that support this option and send a parameter request
list MAY also request the Static Routes option, for compatibility
with older servers that don't support Classless Static Routes. The
Classless Static Routes option code MUST appear in the parameter
request list prior to both the Router option code and the Static
Routes option code, if present.
If the DHCP server returns both a Classless Static Routes option and
a Router option, the DHCP client MUST ignore the Router option.
Similarly, if the DHCP server returns both a Classless Static Routes
option and a Static Routes option, the DHCP client MUST ignore the
Static Routes option.
After deriving a subnet number and subnet mask from each destination
descriptor, the DHCP client MUST zero any bits in the subnet number
where the corresponding bit in the mask is zero. In other words, the
subnet number installed in the routing table is the logical AND of
the subnet number and subnet mask given in the Classless Static
Routes option. For example, if the server sends a route with a
destination of 129.210.177.132 (hexadecimal 81D4B184) and a subnet
Lemon, et. al. Standards Track [Page 5]
RFC 3442 Classless Static Route Option for DHCPv4 December 2002
mask of 255.255.255.128 (hexadecimal FFFFFF80), the client will
install a route with a destination of 129.210.177.128 (hexadecimal
81D4B180).
Requirements to Avoid Sizing Constraints
Because a full routing table can be quite large, the standard 576
octet maximum size for a DHCP message may be too short to contain
some legitimate Classless Static Route options. Because of this,
clients implementing the Classless Static Route option SHOULD send a
Maximum DHCP Message Size [4] option if the DHCP client's TCP/IP
stack is capable of receiving larger IP datagrams. In this case, the
client SHOULD set the value of this option to at least the MTU of the
interface that the client is configuring. The client MAY set the
value of this option higher, up to the size of the largest UDP packet
it is prepared to accept. (Note that the value specified in the
Maximum DHCP Message Size option is the total maximum packet size,
including IP and UDP headers.)
DHCP clients requesting this option, and DHCP servers sending this
option, MUST implement DHCP option concatenation [5]. In the
terminology of RFC 3396 [5], the Classless Static Route Option is a
concatenation-requiring option.
DHCP Server Administrator Responsibilities
Many clients may not implement the Classless Static Routes option.
DHCP server administrators should therefore configure their DHCP
servers to send both a Router option and a Classless Static Routes
option, and should specify the default router(s) both in the Router
option and in the Classless Static Routes option.
When a DHCP client requests the Classless Static Routes option and
also requests either or both of the Router option and the Static
Routes option, and the DHCP server is sending Classless Static Routes
options to that client, the server SHOULD NOT include the Router or
Static Routes options.
Security Considerations
Potential exposures to attack in the DHCP protocol are discussed in
section 7 of the DHCP protocol specification [3] and in
Authentication for DHCP Messages [11].
The Classless Static Routes option can be used to misdirect network
traffic by providing incorrect IP addresses for routers. This can be
either a Denial of Service attack, where the router IP address given
is simply invalid, or can be used to set up a man-in-the-middle
Lemon, et. al. Standards Track [Page 6]
RFC 3442 Classless Static Route Option for DHCPv4 December 2002
attack by providing the IP address of a potential snooper. This is
not a new problem - the existing Router and Static Routes options
defined in RFC 2132 [4] exhibit the same vulnerability.
IANA Considerations
This DHCP option has been allocated the option code 121 in the list
of DHCP option codes that the IANA maintains.
Normative References
[1] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981.
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[3] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997.
[4] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.
[5] Lemon, T. and S. Cheshire, "Encoding Long Options in the Dynamic
Host Configuration Protocol (DHCPv4)", RFC 3396, November 2002.
Informative References
[6] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792,
September 1981.
[7] Mogul, J. and J. Postel, "Internet Standard Subnetting
Procedure", STD 5, RFC 950, August 1985.
[8] Hedrick, C., "Routing Information Protocol", RFC 1058, June
1988.
[9] Deering, S., "ICMP Router Discovery Messages", RFC 1256,
September 1991.
[10] Pummill, T. and B. Manning, "Variable Length Subnet Table For
IPv4", RFC 1878, December 1995.
[11] Droms, R. and W. Arbaugh, "Authentication for DHCP Messages",
RFC 3118, June 2001.
Lemon, et. al. Standards Track [Page 7]
RFC 3442 Classless Static Route Option for DHCPv4 December 2002
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
Authors' Addresses
Ted Lemon
Nominum, Inc.
2385 Bay Road
Redwood City, CA 94063
EMail: Ted.Lemon@nominum.com
Stuart Cheshire
Apple Computer, Inc.
1 Infinite Loop
Cupertino
California 95014
USA
Phone: +1 408 974 3207
EMail: rfc@stuartcheshire.org
Bernie Volz
Ericsson
959 Concord Street
Framingham, MA, 01701
Phone: +1 508 875 3162
EMail: bernie.volz@ericsson.com
Lemon, et. al. Standards Track [Page 8]
RFC 3442 Classless Static Route Option for DHCPv4 December 2002
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Lemon, et. al. Standards Track [Page 9]

395
docs/rfc3942.txt Normal file
View File

@ -0,0 +1,395 @@
Network Working Group B. Volz
Request for Comments: 3942 Cisco Systems, Inc.
Updates: 2132 November 2004
Category: Standards Track
Reclassifying Dynamic Host Configuration Protocol
version 4 (DHCPv4) Options
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
Abstract
This document updates RFC 2132 to reclassify Dynamic Host
Configuration Protocol version 4 (DHCPv4) option codes 128 to 223
(decimal) as publicly defined options to be managed by IANA in
accordance with RFC 2939. This document directs IANA to make these
option codes available for assignment as publicly defined DHCP
options for future options.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 2
3. Background . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3.1. Publicly Defined Options Range . . . . . . . . . . . . . 2
3.2. Site-Specific Options Range . . . . . . . . . . . . . . 3
4. Reclassifying Options . . . . . . . . . . . . . . . . . . . . 3
5. Security Considerations . . . . . . . . . . . . . . . . . . . 4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5
8.1. Normative References . . . . . . . . . . . . . . . . . . 5
8.2. Informative References . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 7
Volz Standards Track [Page 1]
RFC 3942 Reclassifying DHCPv4 Options November 2004
1. Introduction
The DHCPv4 [RFC2131] publicly defined options range, options 1 - 127,
is nearly used up. Efforts such as [RFC3679] help extend the life of
this space, but ultimately the space will be exhausted.
This document reclassifies much of the site-specific option range,
which has not been widely used for its original intended purpose, to
extend the publicly defined options space.
2. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Background
The DHCP option space (0 - 255) is divided into two ranges [RFC2132]:
1. 1 - 127 are publicly defined options, now allocated in accordance
with [RFC2939].
2. 128 - 254 are site-specific options.
Options 0 (pad) and 255 (end) are special and defined in [RFC2131].
3.1. Publicly Defined Options Range
The publicly defined options space (1 - 127) is nearly exhausted.
Recent work [RFC3679] will buy more time, as several allocated but
unused option codes have been reclaimed. A review could be made from
time to time to determine whether there are other option codes that
can be reclaimed.
A longer-term solution to the eventual exhaustion of the publicly
defined options space is desired. The DHC WG evaluated several
solutions:
1. Using options 126 and 127 to carry 16-bit options as originally
proposed by Ralph Droms in late 1996. However, this significantly
penalizes the first option assigned to this new space, as it
requires implementing the 16-bit option support. Because of this,
options 126 and 127 have been reclaimed [RFC3679].
2. Using a new magic cookie and 16-bit option code format. However,
this proposal
Volz Standards Track [Page 2]
RFC 3942 Reclassifying DHCPv4 Options November 2004
* penalizes the first option assigned to this new space, as it
requires significant changes to clients, servers, and relay
agents,
* could adversely impact existing clients, servers, and relay
agents that fail to properly check the magic cookie value,
* requires support of both message formats for the foreseeable
future, and
* requires clients to send multiple DHCPDISCOVER messages -- one
for each magic cookie.
3. Reclassifying a portion of the site-specific option codes as
publicly defined. The impact is minimal, as only those sites
presently using options in the reclassified range need to renumber
their options.
3.2. Site-Specific Options Range
The site-specific option range is rather large (127 options in all)
and little used. The original intent of the site-specific option
range was to support local (to a site) configuration options, and it
is difficult to believe a site would need 127 options for this
purpose. Further, many DHCP client implementations do not provide a
well documented means to request site-specific options from a server
or to allow applications to extract the returned option values.
Some vendors have made use of site-specific option codes that violate
the intent of the site-specific options, as the options are used to
configure features of their products and thus are specific to many
sites. This usage could potentially cause problems if a site that
has been using the same site-specific option codes for other purposes
deploys products from one of the vendors, or if two vendors pick the
same site-specific options.
4. Reclassifying Options
The site-specific option codes 128 to 223 are hereby reclassified as
publicly defined options. This leaves 31 site-specific options, 224
to 254.
To allow vendors that have made use of site-specific options within
the reclassified range to publish their option usage and to request
an official assignment of the option number to that usage, the
following procedure will be used to reclassify these options:
Volz Standards Track [Page 3]
RFC 3942 Reclassifying DHCPv4 Options November 2004
1. The reclassified options (128 to 223) will be placed in the
"Unavailable" state by IANA. These options are not yet available
for assignment to publicly defined options.
2. Vendors that currently use one or more of the reclassified options
have 6 months following this RFC's publication date to notify the
DHC WG and IANA that they are using particular options numbers and
agree to document that usage in an RFC. IANA will move these
options from the "Unavailable" to "Tentatively Assigned" state.
Vendors have 18 months from this RFC's publication date to start
the documentation process by submitting an Internet-Draft.
NOTE: If multiple vendors of an option number come forward and can
demonstrate that their usage is in reasonably wide use, none of
the vendors will be allowed to keep the current option number, and
they MUST go through the normal process of getting a publicly
assigned option [RFC2939].
3. Any options still classified as "Unavailable" 6 months after the
RFC publication date will be moved to the "Unassigned" state by
IANA. These options may then be assigned to any new publicly
defined options in accordance with [RFC2939].
4. For those options in the "Tentatively Assigned" state, vendors
have 18 months following this RFC's publication date to submit an
Internet-Draft documenting the option. The documented usage MUST
be consistent with the existing usage. When the option usage is
published as an RFC, IANA will move the option to the "Assigned"
state.
If no Internet-Draft is published within the 18 months or should
one of these Internet-Drafts expire after the 18 months, IANA will
move the option to the "Unassigned" state, and the option may then
be assigned to any new publicly defined options in accordance with
[RFC2939].
Sites presently using site-specific option codes within the
reclassified range SHOULD take steps to renumber these options to
values within the remaining range. If a site needs more than 31
site-specific options, the site must switch to using suboptions, as
has been done for other options, such as the Relay Agent Information
Option [RFC3046].
5. Security Considerations
This document in and by itself provides no security, nor does it
impact existing DCHP security as described in [RFC2131].
Volz Standards Track [Page 4]
RFC 3942 Reclassifying DHCPv4 Options November 2004
6. IANA Considerations
IANA is requested to
1. expand the publicly defined DHCPv4 options space from 1 - 127 to 1
- 223. The new options (128 - 223) are to be listed as
"Unavailable" and MUST NOT be assigned to any publicly defined
options.
2. receive notices from vendors that have been using one or more of
the options in the 128-223 range that they are using the option
and are willing to document that usage. IANA will list these
options as "Tentatively Assigned".
3. change the listing of any options listed as "Unavailable" to
"Available" 6 months from this RFC's publication date. These
options may now be assigned in accordance with [RFC2939].
4. change the listing of any options listed as "Tentatively-Assigned"
to "Unavailable" 18 months from this RFC's publication date and
periodically thereafter as long as there is an option listed as
"Tentatively-Assigned", if no un-expired Internet-Draft exists
documenting the usage.
7. Acknowledgements
Many thanks to Ralph Droms and Ted Lemon for their valuable input and
earlier work on the various alternatives.
8. References
8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC
2131, March 1997.
[RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
Extensions", RFC 2132, March 1997.
[RFC2939] Droms, R., "Procedures and IANA Guidelines for Definition
of New DHCP Options and Message Types", BCP 43, RFC 2939,
September 2000.
Volz Standards Track [Page 5]
RFC 3942 Reclassifying DHCPv4 Options November 2004
8.2. Informative References
[RFC3046] Patrick, M., "DHCP Relay Agent Information Option", RFC
3046, January 2001.
[RFC3679] Droms, R., "Unused Dynamic Host Configuration Protocol
(DHCP) Option Codes", RFC 3679, January 2004.
Author's Address
Bernard Volz
Cisco Systems, Inc.
1414 Massachusetts Ave.
Boxborough, MA 01719
USA
Phone: +1 978 936 0382
EMail: volz@cisco.com
Volz Standards Track [Page 6]
RFC 3942 Reclassifying DHCPv4 Options November 2004
Full Copyright Statement
Copyright (C) The Internet Society (2004).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the IETF's procedures with respect to rights in IETF Documents can
be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Volz Standards Track [Page 7]

1515
docs/rfc4388.txt Normal file

File diff suppressed because it is too large Load Diff

2299
docs/rfc6926.txt Normal file

File diff suppressed because it is too large Load Diff

1571
docs/rfc7724.txt Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,10 +1,10 @@
kdhcp: kdhcp:
version: 1 version: 1
lease_file: /tmp/kdhcp_lease.yaml lease_file: /tmp/kdhcp_lease.yaml
# interface: enp89s0 interface: enp89s0
interface: eth0 port: 67
address: 192.168.4.250:67
network: network:
address: 192.168.4.250
gateway: 192.168.4.254 gateway: 192.168.4.254
mask: 255.255.255.0 mask: 255.255.255.0
broadcast: 192.168.4.255 broadcast: 192.168.4.255

View File

@ -10,6 +10,7 @@ go_library(
visibility = ["//visibility:public"], visibility = ["//visibility:public"],
deps = [ deps = [
"//config", "//config",
"//dhcp",
"//log", "//log",
], ],
) )

View File

@ -5,6 +5,7 @@ import (
"net" "net"
"git.wntrmute.dev/kyle/kdhcp/config" "git.wntrmute.dev/kyle/kdhcp/config"
"git.wntrmute.dev/kyle/kdhcp/dhcp"
"git.wntrmute.dev/kyle/kdhcp/log" "git.wntrmute.dev/kyle/kdhcp/log"
) )
@ -22,7 +23,9 @@ func (s *Server) Close() error {
} }
func (s *Server) Bind() (err error) { func (s *Server) Bind() (err error) {
s.Conn, err = BindInterface(s.Config.IP, s.Config.Port, s.Config.Interface) // In order to read DHCP packets, we'll need to listen on all addresses.
ip := net.IP([]byte{0, 0, 0, 0})
s.Conn, err = BindInterface(ip, s.Config.Port, s.Config.Interface)
return err return err
} }
@ -37,17 +40,27 @@ func (s *Server) ReadFrom() ([]byte, net.Addr, error) {
return b, addr, nil return b, addr, nil
} }
func (s *Server) ReadDHCPRequest() (*dhcp.BootRequest, error) {
pkt, addr, err := s.ReadFrom()
if err != nil {
return nil, err
}
log.Debugf("server: read %db packet from %s", len(pkt), addr)
return dhcp.ReadRequest(pkt)
}
func (s *Server) WriteTo(b []byte, addr net.Addr) error { func (s *Server) WriteTo(b []byte, addr net.Addr) error {
return errors.New("server: not implemented") return errors.New("server: not implemented")
} }
func (s *Server) AcceptPacket() error { func (s *Server) AcceptPacket() error {
packet, addr, err := s.ReadFrom() request, err := s.ReadDHCPRequest()
if err != nil { if err != nil {
return err return err
} }
log.Debugf("accepted %d byte packet from %s", len(packet), addr) log.Debugf("BOOTP request received from %x", request.HardwareAddress)
return nil return nil
} }