[Dnsmasq-discuss] [PATCH] RFC8520 (MUD) support in DHCP

Jasper Wiegratz jwhy+lists at jwhy.de
Thu Jul 28 12:03:56 UTC 2022 

Hi Simon,

Thank you for the review!

I rephrased both commits and updated the authorship information to the 
original author of the respective commit.

Cheers,

Jasper

Am 21.07.22 um 00:06 schrieb Simon Kelley:
> Jasper,
>
> The patch looks fine, and I'm happy to commit it. Geert's point is a 
> good one; please could you supply a suitable commit message which 
> describes clearly what the patch does, and includes this attribution 
> information directly and not as links: the git commit will be around 
> forever, the github projects may not be.
>
> I've done a little tidying of the code, and I noticed that it further 
> breaks the LUA code in src/helper.c, which was previously broken by an 
> earlier commit which added a envvar but didn't cover the corresponding 
> LUA arguments. I've make a separate commit to fix both those problems.
>
>
> Cheers,
>
> Simon.
>
>
> Whilst
>
> On 12/07/2022 16:50, Jasper Wiegratz wrote:
>> Some important amendments to this contribution:
>>
>> * the IPv4 patch is heavily inspired by OSMUD's dnsmasq fork [1]
>>
>> * the IPv6 patch was created originally in my project (NAMIB) [2]
>>
>> Additional authorship information is available in the mentioned commits.
>>
>> Thanks.
>>
>> [1]: 
>> https://github.com/osmud/dnsmasq/commit/3323d59163bcb7338a9e467883f527facb8f87db 
>>
>>
>> [2]: 
>> https://github.com/namib-project/dnsmasq/commit/6b02ab27e1a2290a8fd9b104cf75dc268c1b15ee 
>>
>>
>>
>> Am 11.07.22 um 15:18 schrieb Jasper Wiegratz:
>>> Hi Simon,
>>>
>>> my university project for network security has been working with a 
>>> fork of dnsmasq for some time now.
>>>
>>> I'm submitting the attached 2 patches for dnsmasq master branch to 
>>> add MUD DHCP option and URL extraction. This was requested on the 
>>> mailing list [1] [2].
>>>
>>> I'm looking forward to hearing back from you. Thanks for your time 
>>> and efforts.
>>>
>>> Best Regards
>>>
>>> Jasper Wiegratz
>>>
>>>
>>> [1] 
>>> https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg12326.html 
>>>
>>>
>>> [2] 
>>> https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg12116.html 
>>>
>>>
>>
-------------- next part --------------
From 42dea8d7c1259aeabdecb25a62df2877a4902ba2 Mon Sep 17 00:00:00 2001
From: Kevin Yeich <kyeich at gmail.com>
Date: Sat, 9 Jul 2022 19:46:36 +0000
Subject: [PATCH 2/2] Pass MUD URLs (RFC 8520) supplied via DHCPv4 to DHCP
 scripts

Extract Manufacturer Usage Description (MUD) URL from DHCP Option 161
and make it available to DHCP scripts as DNSMASQ_MUD_URL.

See https://datatracker.ietf.org/doc/html/rfc8520#section-17.3
and https://datatracker.ietf.org/doc/html/rfc8520#section-10

Co-authored-by: Jasper Wiegratz <wiegratz at uni-bremen.de>
---
 src/dhcp-protocol.h | 1 +
 src/helper.c        | 1 +
 src/rfc2131.c       | 9 +++++++++
 3 files changed, 11 insertions(+)

diff --git a/src/dhcp-protocol.h b/src/dhcp-protocol.h
index 75c9cd3..e281143 100644
--- a/src/dhcp-protocol.h
+++ b/src/dhcp-protocol.h
@@ -64,6 +64,7 @@
 #define OPTION_SIP_SERVER        120
 #define OPTION_VENDOR_IDENT      124
 #define OPTION_VENDOR_IDENT_OPT  125
+#define OPTION_MUD_URL_V4        161
 #define OPTION_END               255
 
 #define SUBOPT_CIRCUIT_ID        1
diff --git a/src/helper.c b/src/helper.c
index 749e8cc..771a3e9 100644
--- a/src/helper.c
+++ b/src/helper.c
@@ -633,6 +633,7 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	      buf = grab_extradata(buf, end, "DNSMASQ_CIRCUIT_ID", &err);
 	      buf = grab_extradata(buf, end, "DNSMASQ_SUBSCRIBER_ID", &err);
 	      buf = grab_extradata(buf, end, "DNSMASQ_REMOTE_ID", &err);
+	      buf = grab_extradata(buf, end, "DNSMASQ_MUD_URL", &err);
 	      buf = grab_extradata(buf, end, "DNSMASQ_REQUESTED_OPTIONS", &err);
 	    }
 	  
diff --git a/src/rfc2131.c b/src/rfc2131.c
index ecda2d3..692293e 100644
--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -1417,6 +1417,15 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 		      add_extradata_opt(lease, NULL);
 		    }
 
+		  if ((opt = option_find(mess, sz, OPTION_MUD_URL_V4, 1)))
+		  {
+			add_extradata_opt(lease, opt);
+		  }
+		  else
+		  {
+			add_extradata_opt(lease, NULL);
+		  }
+
 		  /* DNSMASQ_REQUESTED_OPTIONS */
 		  if ((opt = option_find(mess, sz, OPTION_REQUESTED_OPTIONS, 1)))
 		    {
-- 
2.32.0

-------------- next part --------------
From fa2d713ae259f6b9a23edf4a23d894847b88c8d1 Mon Sep 17 00:00:00 2001
From: Hugo Hakim Damer <hdamer at uni-bremen.de>
Date: Sat, 9 Jul 2022 19:45:51 +0000
Subject: [PATCH 1/2] Pass MUD URLs (RFC 8520) supplied via DHCPv6 to DHCP
 scripts

Extract Manufacturer Usage Description (MUD) URL from DHCP Option 112
and make it available to DHCP scripts as DNSMASQ_MUD_URL.

This expands on the initial support for Manufacturer Usage Description
URLs that has been added in the previous commit for DHCPv4 by also
supporting MUD URLs supplied using DHCPv6.

See https://datatracker.ietf.org/doc/html/rfc8520#section-17.3
and https://datatracker.ietf.org/doc/html/rfc8520#section-10

Co-authored-by: Jasper Wiegratz <wiegratz at uni-bremen.de>
---
 src/dhcp6-protocol.h |  1 +
 src/helper.c         |  6 ++++--
 src/rfc3315.c        | 10 ++++++++++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/dhcp6-protocol.h b/src/dhcp6-protocol.h
index 332d536..ce16603 100644
--- a/src/dhcp6-protocol.h
+++ b/src/dhcp6-protocol.h
@@ -63,6 +63,7 @@
 #define OPTION6_FQDN            39
 #define OPTION6_NTP_SERVER      56
 #define OPTION6_CLIENT_MAC      79
+#define OPTION6_MUD_URL         112
 
 #define NTP_SUBOPTION_SRV_ADDR  1
 #define NTP_SUBOPTION_MC_ADDR   2
diff --git a/src/helper.c b/src/helper.c
index 14330f3..749e8cc 100644
--- a/src/helper.c
+++ b/src/helper.c
@@ -638,8 +638,10 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
 	  
 	  buf = grab_extradata(buf, end, "DNSMASQ_TAGS", &err);
 
-	  if (is6)
-	    buf = grab_extradata(buf, end, "DNSMASQ_RELAY_ADDRESS", &err);
+	  if (is6) {
+	       buf = grab_extradata(buf, end, "DNSMASQ_RELAY_ADDRESS", &err);
+	       buf = grab_extradata(buf, end, "DNSMASQ_MUD_URL", &err);
+	     }
 	  else
 	    {
 	      const char *giaddr = NULL;
diff --git a/src/rfc3315.c b/src/rfc3315.c
index 6533197..8d601c4 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -1934,6 +1934,16 @@ static void update_leases(struct state *state, struct dhcp_context *context, str
 	  
 	  lease_add_extradata(lease, (unsigned char *)daemon->addrbuff, state->link_address ? strlen(daemon->addrbuff) : 0, 0);
 	  
+	  void *mud_opt;
+	  if ((mud_opt = opt6_find(state->packet_options, state->end, OPTION6_MUD_URL, 1)))
+	    {
+	      lease_add_extradata(lease, opt6_ptr(mud_opt, 0), opt6_len(mud_opt), NULL);
+	    }
+	  else
+	    {
+	      lease_add_extradata(lease, NULL, 0, 0);
+	    }
+	  
 	  if ((class_opt = opt6_find(state->packet_options, state->end, OPTION6_USER_CLASS, 2)))
 	    {
 	      void *enc_opt, *enc_end = opt6_ptr(class_opt, opt6_len(class_opt));
-- 
2.32.0

More information about the Dnsmasq-discuss mailing list