[dragonfly.git] / sbin / dhclient / options.c

/*	$OpenBSD: src/sbin/dhclient/options.c,v 1.39 2011/05/11 14:38:36 krw Exp $	*/

/* DHCP options parsing and reassembly. */

/*
 * Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of The Internet Software Consortium nor the names
 *    of its contributors may be used to endorse or promote products derived
 *    from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
 * CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * This software has been written for the Internet Software Consortium
 * by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
 * Enterprises.  To learn more about the Internet Software Consortium,
 * see ``http://www.vix.com/isc''.  To learn more about Vixie
 * Enterprises, see ``http://www.vix.com''.
 */

#include <ctype.h>

#include "dhcpd.h"

int parse_option_buffer(struct option_data *, unsigned char *, int);

/*
 * Parse options out of the specified buffer, storing addresses of
 * option values in options and setting client->options_valid if
 * no errors are encountered.
 */
int
parse_option_buffer(struct option_data *options, unsigned char *buffer,
    int length)
{
	unsigned char *s, *t, *end = buffer + length;
	int len, code;

	for (s = buffer; *s != DHO_END && s < end; ) {
		code = s[0];

		/* Pad options don't have a length - just skip them. */
		if (code == DHO_PAD) {
			s++;
			continue;
		}

		/*
		 * All options other than DHO_PAD and DHO_END have a
		 * one-byte length field.
		 */
		if (s + 2 > end)
			len = 0;
		else
			len = s[1];

		/*
		 * If the option claims to extend beyond the end of the buffer
		 * then mark the options buffer bad.
		 */
		if (s + len + 2 > end) {
			warning("option %s (%d) larger than buffer.",
			    dhcp_options[code].name, len);
			warning("rejecting bogus offer.");
			return (0);
		}
		/*
		 * If we haven't seen this option before, just make
		 * space for it and copy it there.
		 */
		if (!options[code].data) {
			if (!(t = calloc(1, len + 1)))
				error("Can't allocate storage for option %s.",
				    dhcp_options[code].name);
			/*
			 * Copy and NUL-terminate the option (in case
			 * it's an ASCII string).
			 */
			memcpy(t, &s[2], len);
			t[len] = 0;
			options[code].len = len;
			options[code].data = t;
		} else {
			/*
			 * If it's a repeat, concatenate it to whatever
			 * we last saw.   This is really only required
			 * for clients, but what the heck...
			 */
			t = calloc(1, len + options[code].len + 1);
			if (!t)
				error("Can't expand storage for option %s.",
				    dhcp_options[code].name);
			memcpy(t, options[code].data, options[code].len);
			memcpy(t + options[code].len, &s[2], len);
			options[code].len += len;
			t[options[code].len] = 0;
			free(options[code].data);
			options[code].data = t;
		}
		s += len + 2;
	}

	return (1);
}

/*
 * Copy as many options as fit in buflen bytes of buf. Return the
 * offset of the start of the last option copied. A caller can check
 * to see if it's DHO_END to decide if all the options were copied.
 */
int
cons_options(struct option_data *options)
{
	unsigned char *buf = client->packet.options;
	int buflen = 576 - DHCP_FIXED_LEN;
	int ix, incr, length, bufix, code, lastopt = -1;

	bzero(buf, buflen);

	memcpy(buf, DHCP_OPTIONS_COOKIE, 4);
	if (options[DHO_DHCP_MESSAGE_TYPE].data) {
		memcpy(&buf[4], DHCP_OPTIONS_MESSAGE_TYPE, 3);
		buf[6] = options[DHO_DHCP_MESSAGE_TYPE].data[0];
		bufix = 7;
	} else
		bufix = 4;

	for (code = DHO_SUBNET_MASK; code < DHO_END; code++) {
		if (!options[code].data || code == DHO_DHCP_MESSAGE_TYPE)
			continue;

		length = options[code].len;
		if (bufix + length + 2*((length+254)/255) >= buflen)
			return (lastopt);

		lastopt = bufix;
		ix = 0;

		while (length) {
			incr = length > 255 ? 255 : length;

			buf[bufix++] = code;
			buf[bufix++] = incr;
			memcpy(buf + bufix, options[code].data + ix, incr);

			length -= incr;
			ix += incr;
			bufix += incr;
		}
	}

	if (bufix < buflen) {
		buf[bufix] = DHO_END;
		lastopt = bufix;
	}

	return (lastopt);
}

/*
 * Format the specified option so that a human can easily read it.
 */
char *
pretty_print_option(unsigned int code, unsigned char *data, int len,
    int emit_commas, int emit_quotes)
{
	static char optbuf[32768]; /* XXX */
	int hunksize = 0, numhunk = -1, numelem = 0;
	char fmtbuf[32], *op = optbuf;
	int i, j, k, opleft = sizeof(optbuf);
	unsigned char *dp = data;
	struct in_addr foo;
	char comma;

	/* Code should be between 0 and 255. */
	if (code > 255)
		error("pretty_print_option: bad code %d", code);

	if (emit_commas)
		comma = ',';
	else
		comma = ' ';

	/* Figure out the size of the data. */
	for (i = 0; dhcp_options[code].format[i]; i++) {
		if (!numhunk) {
			warning("%s: Excess information in format string: %s",
			    dhcp_options[code].name,
			    &(dhcp_options[code].format[i]));
			break;
		}
		numelem++;
		fmtbuf[i] = dhcp_options[code].format[i];
		switch (dhcp_options[code].format[i]) {
		case 'A':
			--numelem;
			fmtbuf[i] = 0;
			numhunk = 0;
			if (hunksize == 0) {
				warning("%s: no size indicator before A"
				    " in format string: %s",
				    dhcp_options[code].name,
				    dhcp_options[code].format);
				return ("<fmt error>");
			}
			break;
		case 'X':
			for (k = 0; k < len; k++)
				if (!isascii(data[k]) ||
				    !isprint(data[k]))
					break;
			if (k == len) {
				fmtbuf[i] = 't';
				numhunk = -2;
			} else {
				fmtbuf[i] = 'x';
				hunksize++;
				comma = ':';
				numhunk = 0;
			}
			fmtbuf[i + 1] = 0;
			break;
		case 't':
			fmtbuf[i] = 't';
			fmtbuf[i + 1] = 0;
			numhunk = -2;
			break;
		case 'I':
		case 'l':
		case 'L':
			hunksize += 4;
			break;
		case 's':
		case 'S':
			hunksize += 2;
			break;
		case 'b':
		case 'B':
		case 'f':
			hunksize++;
			break;
		case 'e':
			break;
		default:
			warning("%s: garbage in format string: %s",
			    dhcp_options[code].name,
			    &(dhcp_options[code].format[i]));
			break;
		}
	}

	/* Check for too few bytes... */
	if (hunksize > len) {
		warning("%s: expecting at least %d bytes; got %d",
		    dhcp_options[code].name, hunksize, len);
		return ("<error>");
	}
	/* Check for too many bytes... */
	if (numhunk == -1 && hunksize < len)
		warning("%s: %d extra bytes",
		    dhcp_options[code].name, len - hunksize);

	/* If this is an array, compute its size. */
	if (!numhunk)
		numhunk = len / hunksize;
	/* See if we got an exact number of hunks. */
	if (numhunk > 0 && numhunk * hunksize < len)
		warning("%s: %d extra bytes at end of array",
		    dhcp_options[code].name, len - numhunk * hunksize);

	/* A one-hunk array prints the same as a single hunk. */
	if (numhunk < 0)
		numhunk = 1;

	/* Cycle through the array (or hunk) printing the data. */
	for (i = 0; i < numhunk; i++) {
		for (j = 0; j < numelem; j++) {
			int opcount;
			size_t oplen;
			switch (fmtbuf[j]) {
			case 't':
				if (emit_quotes) {
					*op++ = '"';
					opleft--;
				}
				for (; dp < data + len; dp++) {
					if (!isascii(*dp) ||
					    !isprint(*dp)) {
						if (dp + 1 != data + len ||
						    *dp != 0) {
							size_t oplen;
							snprintf(op, opleft,
							    "\\%03o", *dp);
							oplen = strlen(op);
							op += oplen;
							opleft -= oplen;
						}
					} else if (*dp == '"' ||
					    *dp == '\'' ||
					    *dp == '$' ||
					    *dp == '`' ||
					    *dp == '\\') {
						*op++ = '\\';
						*op++ = *dp;
						opleft -= 2;
					} else {
						*op++ = *dp;
						opleft--;
					}
				}
				if (emit_quotes) {
					*op++ = '"';
					opleft--;
				}

				*op = 0;
				break;
			case 'I':
				foo.s_addr = htonl(getULong(dp));
				opcount = strlcpy(op, inet_ntoa(foo), opleft);
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				dp += 4;
				break;
			case 'l':
				opcount = snprintf(op, opleft, "%ld",
				    (long)getLong(dp));
				if (opcount >= opleft || opcount == -1)
					goto toobig;
				opleft -= opcount;
				dp += 4;
				break;
			case 'L':
				opcount = snprintf(op, opleft, "%ld",
				    (unsigned long)getULong(dp));
				if (opcount >= opleft || opcount == -1)
					goto toobig;
				opleft -= opcount;
				dp += 4;
				break;
			case 's':
				opcount = snprintf(op, opleft, "%d",
				    getShort(dp));
				if (opcount >= opleft || opcount == -1)
					goto toobig;
				opleft -= opcount;
				dp += 2;
				break;
			case 'S':
				opcount = snprintf(op, opleft, "%d",
				    getUShort(dp));
				if (opcount >= opleft || opcount == -1)
					goto toobig;
				opleft -= opcount;
				dp += 2;
				break;
			case 'b':
				opcount = snprintf(op, opleft, "%d",
				    *(char *)dp++);
				if (opcount >= opleft || opcount == -1)
					goto toobig;
				opleft -= opcount;
				break;
			case 'B':
				opcount = snprintf(op, opleft, "%d", *dp++);
				if (opcount >= opleft || opcount == -1)
					goto toobig;
				opleft -= opcount;
				break;
			case 'x':
				opcount = snprintf(op, opleft, "%x", *dp++);
				if (opcount >= opleft || opcount == -1)
					goto toobig;
				opleft -= opcount;
				break;
			case 'f':
				opcount = strlcpy(op,
				    *dp++ ? "true" : "false", opleft);
				if (opcount >= opleft)
					goto toobig;
				opleft -= opcount;
				break;
			default:
				warning("Unexpected format code %c", fmtbuf[j]);
			}
			oplen = strlen(op);
			op += oplen;
			opleft -= oplen;
			if (opleft < 1)
				goto toobig;
			if (j + 1 < numelem && comma != ':') {
				*op++ = ' ';
				opleft--;
			}
		}
		if (i + 1 < numhunk) {
			*op++ = comma;
			opleft--;
		}
		if (opleft < 1)
			goto toobig;

	}
	return (optbuf);
 toobig:
	warning("dhcp option too large");
	return ("<error>");
}

void
do_packet(int len, unsigned int from_port, struct iaddr from,
    struct hardware *hfrom)
{
	struct dhcp_packet *packet = &client->packet;
	struct option_data options[256];
	struct iaddrlist *ap;
	void (*handler)(struct iaddr, struct option_data *);
	char *type;
	int i, options_valid = 1;

	if (packet->hlen > sizeof(packet->chaddr)) {
		note("Discarding packet with invalid hlen.");
		return;
	}

	/*
	 * Silently drop the packet if the client hardware address in the
	 * packet is not the hardware address of the interface being managed.
	 */
	if ((ifi->hw_address.hlen != packet->hlen) ||
	    (memcmp(ifi->hw_address.haddr, packet->chaddr, packet->hlen)))
		return;

	memset(options, 0, sizeof(options));

	if (memcmp(&packet->options, DHCP_OPTIONS_COOKIE, 4) == 0) {
		/* Parse the BOOTP/DHCP options field. */
		options_valid = parse_option_buffer(options,
		    &packet->options[4], sizeof(packet->options) - 4);

		/* Only DHCP packets have overload areas for options. */
		if (options_valid &&
		    options[DHO_DHCP_MESSAGE_TYPE].data &&
		    options[DHO_DHCP_OPTION_OVERLOAD].data) {
			if (options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
				options_valid = parse_option_buffer(options,
				    (unsigned char *)packet->file,
				    sizeof(packet->file));
			if (options_valid &&
			    options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
				options_valid = parse_option_buffer(options,
				    (unsigned char *)packet->sname,
				    sizeof(packet->sname));
		}
	}

	type = "";
	handler = NULL;

	if (options[DHO_DHCP_MESSAGE_TYPE].data) {
		/* Always try a DHCP packet, even if a bad option was seen. */
		switch (options[DHO_DHCP_MESSAGE_TYPE].data[0]) {
		case DHCPOFFER:
			handler = dhcpoffer;
			type = "DHCPOFFER";
			break;
		case DHCPNAK:
			handler = dhcpnak;
			type = "DHCPNACK";
			break;
		case DHCPACK:
			handler = dhcpack;
			type = "DHCPACK";
			break;
		default:
			break;
		}
	} else if (options_valid && packet->op == BOOTREPLY) {
		handler = dhcpoffer;
		type = "BOOTREPLY";
	}

	if (handler && client->xid == client->packet.xid) {
		if (hfrom->hlen == 6)
			note("%s from %s (%s)", type, piaddr(from),
			    ether_ntoa((struct ether_addr *)hfrom->haddr));
		else
			note("%s from %s", type, piaddr(from));
	} else
		handler = NULL;

	for (ap = config->reject_list; ap && handler; ap = ap->next)
		if (addr_eq(from, ap->addr)) {
			note("%s from %s rejected.", type, piaddr(from));
			handler = NULL;
		}

	if (handler)
		(*handler)(from, options);

	for (i = 0; i < 256; i++)
		if (options[i].len && options[i].data)
			free(options[i].data);
}
Commit	Line	Data
3c8fe83f	1	/* $OpenBSD: src/sbin/dhclient/options.c,v 1.39 2011/05/11 14:38:36 krw Exp $ */
846204b6 HT	2
	3	/* DHCP options parsing and reassembly. */
	4
	5	/*
	6	* Copyright (c) 1995, 1996, 1997, 1998 The Internet Software Consortium.
	7	* All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	*
	13	* 1. Redistributions of source code must retain the above copyright
	14	* notice, this list of conditions and the following disclaimer.
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in the
	17	* documentation and/or other materials provided with the distribution.
	18	* 3. Neither the name of The Internet Software Consortium nor the names
	19	* of its contributors may be used to endorse or promote products derived
	20	* from this software without specific prior written permission.
	21	*
	22	* THIS SOFTWARE IS PROVIDED BY THE INTERNET SOFTWARE CONSORTIUM AND
	23	* CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	24	* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
	25	* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	26	* DISCLAIMED. IN NO EVENT SHALL THE INTERNET SOFTWARE CONSORTIUM OR
	27	* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	28	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	29	* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
	30	* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
	31	* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
	32	* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
	33	* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	34	* SUCH DAMAGE.
	35	*
	36	* This software has been written for the Internet Software Consortium
	37	* by Ted Lemon <mellon@fugue.com> in cooperation with Vixie
	38	* Enterprises. To learn more about the Internet Software Consortium,
	39	* see ``http://www.vix.com/isc''. To learn more about Vixie
	40	* Enterprises, see ``http://www.vix.com''.
	41	*/
	42
	43	#include <ctype.h>
	44
	45	#include "dhcpd.h"
	46
	47	int parse_option_buffer(struct option_data , unsigned char , int);
	48
	49	/*
	50	* Parse options out of the specified buffer, storing addresses of
	51	* option values in options and setting client->options_valid if
	52	* no errors are encountered.
	53	*/
	54	int
	55	parse_option_buffer(struct option_data options, unsigned char buffer,
	56	int length)
	57	{
	58	unsigned char s, t, *end = buffer + length;
	59	int len, code;
	60
	61	for (s = buffer; *s != DHO_END && s < end; ) {
	62	code = s[0];
	63
	64	/* Pad options don't have a length - just skip them. */
	65	if (code == DHO_PAD) {
66	s++;
67	continue;
68	}
69
70	/*
71	* All options other than DHO_PAD and DHO_END have a
72	* one-byte length field.
73	*/
74	if (s + 2 > end)
75	len = 0;
76	else
77	len = s[1];
78
79	/*
80	* If the option claims to extend beyond the end of the buffer
81	* then mark the options buffer bad.
82	*/
83	if (s + len + 2 > end) {
84	warning("option %s (%d) larger than buffer.",
85	dhcp_options[code].name, len);
86	warning("rejecting bogus offer.");
87	return (0);
88	}
89	/*
90	* If we haven't seen this option before, just make
91	* space for it and copy it there.
92	*/
93	if (!options[code].data) {
94	if (!(t = calloc(1, len + 1)))
95	error("Can't allocate storage for option %s.",
96	dhcp_options[code].name);
97	/*
98	* Copy and NUL-terminate the option (in case
99	* it's an ASCII string).
100	*/
101	memcpy(t, &s[2], len);
102	t[len] = 0;
103	options[code].len = len;
104	options[code].data = t;
105	} else {
106	/*
107	* If it's a repeat, concatenate it to whatever
108	* we last saw. This is really only required
109	* for clients, but what the heck...
110	*/
111	t = calloc(1, len + options[code].len + 1);
112	if (!t)
113	error("Can't expand storage for option %s.",
114	dhcp_options[code].name);
115	memcpy(t, options[code].data, options[code].len);
116	memcpy(t + options[code].len, &s[2], len);
117	options[code].len += len;
118	t[options[code].len] = 0;
119	free(options[code].data);
120	options[code].data = t;
121	}
122	s += len + 2;
123	}
124
125	return (1);
126	}
127
128	/*
129	* Copy as many options as fit in buflen bytes of buf. Return the
130	* offset of the start of the last option copied. A caller can check
131	* to see if it's DHO_END to decide if all the options were copied.
132	*/
133	int
3c8fe83f	134	cons_options(struct option_data *options)
846204b6	135	{
3c8fe83f AHJ	136	unsigned char *buf = client->packet.options;
3c8fe83f AHJ	137	int buflen = 576 - DHCP_FIXED_LEN;
846204b6 HT	138	int ix, incr, length, bufix, code, lastopt = -1;
	139
	140	bzero(buf, buflen);
	141
3c8fe83f AHJ	142	memcpy(buf, DHCP_OPTIONS_COOKIE, 4);
	143	if (options[DHO_DHCP_MESSAGE_TYPE].data) {
	144	memcpy(&buf[4], DHCP_OPTIONS_MESSAGE_TYPE, 3);
	145	buf[6] = options[DHO_DHCP_MESSAGE_TYPE].data[0];
	146	bufix = 7;
	147	} else
	148	bufix = 4;
846204b6 HT	149
846204b6 HT	150	for (code = DHO_SUBNET_MASK; code < DHO_END; code++) {
3c8fe83f	151	if (!options[code].data \|\| code == DHO_DHCP_MESSAGE_TYPE)
846204b6 HT	152	continue;
	153
	154	length = options[code].len;
	155	if (bufix + length + 2*((length+254)/255) >= buflen)
	156	return (lastopt);
	157
	158	lastopt = bufix;
	159	ix = 0;
	160
	161	while (length) {
	162	incr = length > 255 ? 255 : length;
	163
	164	buf[bufix++] = code;
	165	buf[bufix++] = incr;
	166	memcpy(buf + bufix, options[code].data + ix, incr);
	167
	168	length -= incr;
	169	ix += incr;
	170	bufix += incr;
	171	}
	172	}
	173
	174	if (bufix < buflen) {
	175	buf[bufix] = DHO_END;
	176	lastopt = bufix;
	177	}
	178
	179	return (lastopt);
	180	}
	181
	182	/*
	183	* Format the specified option so that a human can easily read it.
	184	*/
	185	char *
	186	pretty_print_option(unsigned int code, unsigned char *data, int len,
	187	int emit_commas, int emit_quotes)
	188	{
	189	static char optbuf[32768]; /* XXX */
	190	int hunksize = 0, numhunk = -1, numelem = 0;
	191	char fmtbuf[32], *op = optbuf;
	192	int i, j, k, opleft = sizeof(optbuf);
	193	unsigned char *dp = data;
	194	struct in_addr foo;
	195	char comma;
	196
	197	/* Code should be between 0 and 255. */
	198	if (code > 255)
	199	error("pretty_print_option: bad code %d", code);
	200
	201	if (emit_commas)
	202	comma = ',';
	203	else
	204	comma = ' ';
	205
	206	/* Figure out the size of the data. */
	207	for (i = 0; dhcp_options[code].format[i]; i++) {
	208	if (!numhunk) {
	209	warning("%s: Excess information in format string: %s",
	210	dhcp_options[code].name,
	211	&(dhcp_options[code].format[i]));
	212	break;
	213	}
	214	numelem++;
	215	fmtbuf[i] = dhcp_options[code].format[i];
216	switch (dhcp_options[code].format[i]) {
217	case 'A':
218	--numelem;
219	fmtbuf[i] = 0;
220	numhunk = 0;
efbe5ab2 AHJ	221	if (hunksize == 0) {
	222	warning("%s: no size indicator before A"
	223	" in format string: %s",
	224	dhcp_options[code].name,
	225	dhcp_options[code].format);
	226	return ("<fmt error>");
	227	}
846204b6 HT	228	break;
	229	case 'X':
	230	for (k = 0; k < len; k++)
	231	if (!isascii(data[k]) \|\|
	232	!isprint(data[k]))
	233	break;
	234	if (k == len) {
	235	fmtbuf[i] = 't';
	236	numhunk = -2;
	237	} else {
	238	fmtbuf[i] = 'x';
	239	hunksize++;
	240	comma = ':';
	241	numhunk = 0;
	242	}
	243	fmtbuf[i + 1] = 0;
	244	break;
	245	case 't':
	246	fmtbuf[i] = 't';
	247	fmtbuf[i + 1] = 0;
	248	numhunk = -2;
	249	break;
	250	case 'I':
	251	case 'l':
	252	case 'L':
	253	hunksize += 4;
	254	break;
	255	case 's':
	256	case 'S':
	257	hunksize += 2;
	258	break;
	259	case 'b':
	260	case 'B':
	261	case 'f':
	262	hunksize++;
	263	break;
	264	case 'e':
	265	break;
	266	default:
	267	warning("%s: garbage in format string: %s",
	268	dhcp_options[code].name,
	269	&(dhcp_options[code].format[i]));
	270	break;
	271	}
	272	}
	273
	274	/* Check for too few bytes... */
	275	if (hunksize > len) {
	276	warning("%s: expecting at least %d bytes; got %d",
	277	dhcp_options[code].name, hunksize, len);
	278	return ("<error>");
	279	}
	280	/* Check for too many bytes... */
	281	if (numhunk == -1 && hunksize < len)
	282	warning("%s: %d extra bytes",
	283	dhcp_options[code].name, len - hunksize);
	284
	285	/* If this is an array, compute its size. */
	286	if (!numhunk)
	287	numhunk = len / hunksize;
	288	/* See if we got an exact number of hunks. */
	289	if (numhunk > 0 && numhunk * hunksize < len)
	290	warning("%s: %d extra bytes at end of array",
	291	dhcp_options[code].name, len - numhunk * hunksize);
292
293	/* A one-hunk array prints the same as a single hunk. */
294	if (numhunk < 0)
295	numhunk = 1;
296
297	/* Cycle through the array (or hunk) printing the data. */
298	for (i = 0; i < numhunk; i++) {
299	for (j = 0; j < numelem; j++) {
300	int opcount;
301	size_t oplen;
302	switch (fmtbuf[j]) {
303	case 't':
304	if (emit_quotes) {
305	*op++ = '"';
306	opleft--;
307	}
308	for (; dp < data + len; dp++) {
309	if (!isascii(*dp) \|\|
310	!isprint(*dp)) {
311	if (dp + 1 != data + len \|\|
312	*dp != 0) {
313	size_t oplen;
314	snprintf(op, opleft,
315	"\\%03o", *dp);
316	oplen = strlen(op);
317	op += oplen;
318	opleft -= oplen;
319	}
320	} else if (*dp == '"' \|\|
321	*dp == '\'' \|\|
322	*dp == '$' \|\|
323	*dp == '`' \|\|
324	*dp == '\\') {
325	*op++ = '\\';
326	op++ = dp;
327	opleft -= 2;
328	} else {
329	op++ = dp;
330	opleft--;
331	}
332	}
333	if (emit_quotes) {
334	*op++ = '"';
335	opleft--;
336	}
337
338	*op = 0;
339	break;
340	case 'I':
341	foo.s_addr = htonl(getULong(dp));
342	opcount = strlcpy(op, inet_ntoa(foo), opleft);
343	if (opcount >= opleft)
344	goto toobig;
345	opleft -= opcount;
346	dp += 4;
347	break;
348	case 'l':
349	opcount = snprintf(op, opleft, "%ld",
350	(long)getLong(dp));
351	if (opcount >= opleft \|\| opcount == -1)
352	goto toobig;
353	opleft -= opcount;
354	dp += 4;
355	break;
356	case 'L':
357	opcount = snprintf(op, opleft, "%ld",
358	(unsigned long)getULong(dp));
359	if (opcount >= opleft \|\| opcount == -1)
360	goto toobig;
361	opleft -= opcount;
362	dp += 4;
363	break;
364	case 's':
365	opcount = snprintf(op, opleft, "%d",
366	getShort(dp));
367	if (opcount >= opleft \|\| opcount == -1)
368	goto toobig;
369	opleft -= opcount;
370	dp += 2;
371	break;
372	case 'S':
373	opcount = snprintf(op, opleft, "%d",
374	getUShort(dp));
375	if (opcount >= opleft \|\| opcount == -1)
376	goto toobig;
377	opleft -= opcount;
378	dp += 2;
379	break;
380	case 'b':
381	opcount = snprintf(op, opleft, "%d",
382	(char )dp++);
383	if (opcount >= opleft \|\| opcount == -1)
384	goto toobig;
385	opleft -= opcount;
386	break;
387	case 'B':
388	opcount = snprintf(op, opleft, "%d", *dp++);
389	if (opcount >= opleft \|\| opcount == -1)
390	goto toobig;
391	opleft -= opcount;
392	break;
393	case 'x':
394	opcount = snprintf(op, opleft, "%x", *dp++);
395	if (opcount >= opleft \|\| opcount == -1)
396	goto toobig;
397	opleft -= opcount;
398	break;
399	case 'f':
400	opcount = strlcpy(op,
401	*dp++ ? "true" : "false", opleft);
402	if (opcount >= opleft)
403	goto toobig;
404	opleft -= opcount;
405	break;
406	default:
407	warning("Unexpected format code %c", fmtbuf[j]);
408	}
409	oplen = strlen(op);
410	op += oplen;
411	opleft -= oplen;
412	if (opleft < 1)
413	goto toobig;
414	if (j + 1 < numelem && comma != ':') {
415	*op++ = ' ';
416	opleft--;
417	}
418	}
419	if (i + 1 < numhunk) {
420	*op++ = comma;
421	opleft--;
422	}
423	if (opleft < 1)
424	goto toobig;
425
426	}
427	return (optbuf);
428	toobig:
429	warning("dhcp option too large");
430	return ("<error>");
431	}
432
433	void
434	do_packet(int len, unsigned int from_port, struct iaddr from,
435	struct hardware *hfrom)
436	{
437	struct dhcp_packet *packet = &client->packet;
438	struct option_data options[256];
439	struct iaddrlist *ap;
440	void (handler)(struct iaddr, struct option_data );
441	char *type;
442	int i, options_valid = 1;
443
444	if (packet->hlen > sizeof(packet->chaddr)) {
445	note("Discarding packet with invalid hlen.");
446	return;
447	}
448
449	/*
450	* Silently drop the packet if the client hardware address in the
451	* packet is not the hardware address of the interface being managed.
452	*/
453	if ((ifi->hw_address.hlen != packet->hlen) \|\|
454	(memcmp(ifi->hw_address.haddr, packet->chaddr, packet->hlen)))
455	return;
456
457	memset(options, 0, sizeof(options));
458
459	if (memcmp(&packet->options, DHCP_OPTIONS_COOKIE, 4) == 0) {
460	/* Parse the BOOTP/DHCP options field. */
461	options_valid = parse_option_buffer(options,
462	&packet->options[4], sizeof(packet->options) - 4);
463
464	/* Only DHCP packets have overload areas for options. */
465	if (options_valid &&
466	options[DHO_DHCP_MESSAGE_TYPE].data &&
467	options[DHO_DHCP_OPTION_OVERLOAD].data) {
468	if (options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 1)
469	options_valid = parse_option_buffer(options,
470	(unsigned char *)packet->file,
471	sizeof(packet->file));
472	if (options_valid &&
473	options[DHO_DHCP_OPTION_OVERLOAD].data[0] & 2)
474	options_valid = parse_option_buffer(options,
475	(unsigned char *)packet->sname,
476	sizeof(packet->sname));
477	}
478	}
479
480	type = "";
481	handler = NULL;
482
483	if (options[DHO_DHCP_MESSAGE_TYPE].data) {
484	/* Always try a DHCP packet, even if a bad option was seen. */
485	switch (options[DHO_DHCP_MESSAGE_TYPE].data[0]) {
486	case DHCPOFFER:
487	handler = dhcpoffer;
488	type = "DHCPOFFER";
489	break;
490	case DHCPNAK:
491	handler = dhcpnak;
492	type = "DHCPNACK";
493	break;
494	case DHCPACK:
495	handler = dhcpack;
496	type = "DHCPACK";
497	break;
498	default:
499	break;
500	}
501	} else if (options_valid && packet->op == BOOTREPLY) {
502	handler = dhcpoffer;
503	type = "BOOTREPLY";
504	}
505
b1dd9915 AHJ	506	if (handler && client->xid == client->packet.xid) {
	507	if (hfrom->hlen == 6)
	508	note("%s from %s (%s)", type, piaddr(from),
	509	ether_ntoa((struct ether_addr *)hfrom->haddr));
	510	else
	511	note("%s from %s", type, piaddr(from));
	512	} else
	513	handler = NULL;
	514
846204b6 HT	515	for (ap = config->reject_list; ap && handler; ap = ap->next)
	516	if (addr_eq(from, ap->addr)) {
	517	note("%s from %s rejected.", type, piaddr(from));
	518	handler = NULL;
	519	}
	520
	521	if (handler)
	522	(*handler)(from, options);
	523
	524	for (i = 0; i < 256; i++)
	525	if (options[i].len && options[i].data)
	526	free(options[i].data);
	527	}