[Dnsmasq-discuss] [PATCH] RFC8520 (MUD) support in DHCP

Jasper Wiegratz jwhy+lists at jwhy.de
Mon Jul 11 13:18:28 UTC 2022 

Hi Simon,

my university project for network security has been working with a fork 
of dnsmasq for some time now.

I'm submitting the attached 2 patches for dnsmasq master branch to add 
MUD DHCP option and URL extraction. This was requested on the mailing 
list [1] [2].

I'm looking forward to hearing back from you. Thanks for your time and 
efforts.

Best Regards

Jasper Wiegratz


[1] 
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg12326.html 


[2] 
https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg12116.html 


-------------- next part --------------
From bfcf0b0d5cf9511c4bfc0edb2a387bb52a792d79 Mon Sep 17 00:00:00 2001
From: wiegratz <wiegratz at uni-bremen.de>
Date: Sat, 9 Jul 2022 19:46:36 +0000
Subject: [PATCH 2/2] Add MUD (RFC8520) URL extraction for DHCPv4

---
 src/dhcp-protocol.h | 1 +
 src/helper.c        | 1 +
 src/rfc2131.c       | 9 +++++++++
 3 files changed, 11 insertions(+)

diff --git a/src/dhcp-protocol.h b/src/dhcp-protocol.h
index 75c9cd3..e281143 100644
--- a/src/dhcp-protocol.h
+++ b/src/dhcp-protocol.h
@@ -64,6 +64,7 @@
 #define OPTION_SIP_SERVER        120
 #define OPTION_VENDOR_IDENT      124
 #define OPTION_VENDOR_IDENT_OPT  125
+#define OPTION_MUD_URL_V4        161
 #define OPTION_END               255
 
 #define SUBOPT_CIRCUIT_ID        1
diff --git a/src/helper.c b/src/helper.c
index 749e8cc..771a3e9 100644
--- a/src/helper.c
+++ b/src/helper.c
@@ -633,6 +633,7 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	      buf = grab_extradata(buf, end, "DNSMASQ_CIRCUIT_ID", &err);
 	      buf = grab_extradata(buf, end, "DNSMASQ_SUBSCRIBER_ID", &err);
 	      buf = grab_extradata(buf, end, "DNSMASQ_REMOTE_ID", &err);
+	      buf = grab_extradata(buf, end, "DNSMASQ_MUD_URL", &err);
 	      buf = grab_extradata(buf, end, "DNSMASQ_REQUESTED_OPTIONS", &err);
 	    }
 	  
diff --git a/src/rfc2131.c b/src/rfc2131.c
index ecda2d3..692293e 100644
--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -1417,6 +1417,15 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 		      add_extradata_opt(lease, NULL);
 		    }
 
+		  if ((opt = option_find(mess, sz, OPTION_MUD_URL_V4, 1)))
+		  {
+			add_extradata_opt(lease, opt);
+		  }
+		  else
+		  {
+			add_extradata_opt(lease, NULL);
+		  }
+
 		  /* DNSMASQ_REQUESTED_OPTIONS */
 		  if ((opt = option_find(mess, sz, OPTION_REQUESTED_OPTIONS, 1)))
 		    {
-- 
2.32.0

-------------- next part --------------
From 2e474e25f1e7e54003c59d28b0a1325180caeeeb Mon Sep 17 00:00:00 2001
From: wiegratz <wiegratz at uni-bremen.de>
Date: Sat, 9 Jul 2022 19:45:51 +0000
Subject: [PATCH 1/2] Add MUD (RFC8520) URL extraction for DHCPv6

---
 src/dhcp6-protocol.h |  1 +
 src/helper.c         |  6 ++++--
 src/rfc3315.c        | 10 ++++++++++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/dhcp6-protocol.h b/src/dhcp6-protocol.h
index 332d536..ce16603 100644
--- a/src/dhcp6-protocol.h
+++ b/src/dhcp6-protocol.h
@@ -63,6 +63,7 @@
 #define OPTION6_FQDN            39
 #define OPTION6_NTP_SERVER      56
 #define OPTION6_CLIENT_MAC      79
+#define OPTION6_MUD_URL         112
 
 #define NTP_SUBOPTION_SRV_ADDR  1
 #define NTP_SUBOPTION_MC_ADDR   2
diff --git a/src/helper.c b/src/helper.c
index 14330f3..749e8cc 100644
--- a/src/helper.c
+++ b/src/helper.c
@@ -638,8 +638,10 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	  
 	  buf = grab_extradata(buf, end, "DNSMASQ_TAGS", &err);
 
-	  if (is6)
-	    buf = grab_extradata(buf, end, "DNSMASQ_RELAY_ADDRESS", &err);
+	  if (is6) {
+	       buf = grab_extradata(buf, end, "DNSMASQ_RELAY_ADDRESS", &err);
+	       buf = grab_extradata(buf, end, "DNSMASQ_MUD_URL", &err);
+	     }
 	  else
 	    {
 	      const char *giaddr = NULL;
diff --git a/src/rfc3315.c b/src/rfc3315.c
index e218d26..6a5a354 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -1934,6 +1934,16 @@ static void update_leases(struct state *state, struct dhcp_context *context, str
 	  
 	  lease_add_extradata(lease, (unsigned char *)daemon->addrbuff, state->link_address ? strlen(daemon->addrbuff) : 0, 0);
 	  
+	  void *mud_opt;
+	  if ((mud_opt = opt6_find(state->packet_options, state->end, OPTION6_MUD_URL, 1)))
+	    {
+	      lease_add_extradata(lease, opt6_ptr(mud_opt, 0), opt6_len(mud_opt), NULL);
+	    }
+	  else
+	    {
+	      lease_add_extradata(lease, NULL, 0, 0);
+	    }
+	  
 	  if ((class_opt = opt6_find(state->packet_options, state->end, OPTION6_USER_CLASS, 2)))
 	    {
 	      void *enc_opt, *enc_end = opt6_ptr(class_opt, opt6_len(class_opt));
-- 
2.32.0

More information about the Dnsmasq-discuss mailing list