Addressing APIPA/IPv4LL issues with uamanyip
wlan at mac.com
wlan at mac.com
Mon May 5 08:57:14 UTC 2008
Hi Gunther,
This is a great fix -- cheers!
I agree that chilli shouldn't be considering these addresses as
'configured'...
David
On May 3, 2008, at 9:24 PM, Gunther Mayer wrote:
> Hi guys,
>
> In my quest to test and improve uamanyip even more I discovered
> another quirk: Clients who are using APIPA/IPv4LL addresses (in
> 169.254.0.0/16) such as all MAC's, Windows PC's, ubuntu etc. who
> were forced to use one through some sort of temporary LAN/WLAN
> failure or nas reboot, will not be able to connect at all through
> chilli.
>
> Reason: such clients typically have no default gateway set (if
> their IPv4LL implementation is rfc 3927 compliant, Windows XP at
> least is) which would render uamanyip useless. Even worse, when
> they do request a dynamic ip via dhcp which they do periodically in
> the background, chilli would just reassign them the same defunct
> IPv4LL address that they had before until chilli restarts or the
> nas reboots.
>
> I've addressed this with a very simple patch below that refuses all
> "dhcp" requests in the 196.254.0.0/16 subnet. I have tested it and
> it does work (no connections allocated for such a client,
> subsequent dhcp request works properly), however I thought I'd run
> it by this list first.
>
> Gunther
>
> P.S.: There's also an unrelated bit in there addressing the logging
> of macallowlocal clients which I think improves record keeping
>
> Index: chilli.c
> ===================================================================
> --- chilli.c (revision 168)
> +++ chilli.c (working copy)
> @@ -49,6 +49,10 @@
> /*static int do_timeouts = 1;*/
> static int do_sighup = 0;
>
> +/* some IPv4LL/APIPA(rfc 3927) specific stuff for uamanyip */
> +struct in_addr ipv4ll_ip;
> +struct in_addr ipv4ll_mask;
> +
> /* Forward declarations */
> static int acct_req(struct app_conn_t *conn, uint8_t status_type);
>
> @@ -2573,6 +2577,16 @@
> return -1;
> }
>
> + /* if uamanyip is on we have to filter out which ip's are
> allowed */
> + if (options.uamanyip && addr && addr->s_addr) {
> + if ((addr->s_addr & ipv4ll_mask.s_addr) == ipv4ll_ip.s_addr) {
> + /* clients with an IPv4LL ip normally have no default gw
> assigned, rendering uamanyip useless
> + They must rather get a proper dynamic ip via dhcp */
> + log_dbg("IPv4LL/APIPA address requested, ignoring");
> + return -1;
> + }
> + }
> +
> appconn->reqip.s_addr = addr->s_addr; /* Save for MAC auth later */
>
> /* If IP address is allready allocated: Fill it in */
> @@ -2598,6 +2612,11 @@
> if (options.macallowlocal) {
> upprot_getip(appconn, &appconn->reqip, 0);/**/
> dnprot_accept(appconn);
> + log_info("Granted MAC=%.2X-%.2X-%.2X-%.2X-%.2X-%.2X with IP=%
> s access without radius auth" ,
> + conn->hismac[0], conn->hismac[1],
> + conn->hismac[2], conn->hismac[3],
> + conn->hismac[4], conn->hismac[5],
> + inet_ntoa(appconn->hisip));
> } else {
> macauth_radius(appconn, dhcp_pkt, dhcp_len);
> }
> @@ -3521,6 +3540,10 @@
> }
> */
>
> + /* setup IPv4LL/APIPA network ip and mask for uamanyip exception */
> + inet_aton("169.254.0.0", &ipv4ll_ip);
> + inet_aton("255.255.0.0", &ipv4ll_mask);
> +
> if (options.debug)
> log_dbg("Waiting for client request...");
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at coova.org
> For additional commands, e-mail: chilli-help at coova.org
> Wiki: http://coova.org/wiki/index.php/CoovaChilli
> Forum: http://coova.org/phpBB3/viewforum.php?f=4
>
More information about the Chilli
mailing list