Index: options.h =================================================================== --- options.h (revision 185) +++ options.h (working copy) @@ -114,6 +114,7 @@ /* booleans */ + uint8_t noc2c:1; uint8_t framedservice:1; uint8_t usetap:1; uint8_t eapolenable:1; /* Use eapol */ Index: chilli.c =================================================================== --- chilli.c (revision 185) +++ chilli.c (working copy) @@ -3512,7 +3512,7 @@ options.dhcpusemac, options.dhcpmac, options.dhcpusemac, &options.dhcplisten, options.lease, 1, &options.uamlisten, options.uamport, - options.eapolenable)) { + options.eapolenable, options.noc2c)) { log_err(0, "Failed to create dhcp"); exit(1); } Index: cmdline.c =================================================================== --- cmdline.c (revision 185) +++ cmdline.c (working copy) @@ -132,6 +132,7 @@ " --usetap Use a TAP instead of TUN (linux only) \n (default=off)", " --routeif=STRING Interface to use as default route; turns on \n 'manual' routing", " --framedservice Use Service-Type = Framed instead of Login \n (default=off)", + " --noc2c Send DHCP-OFFERs with /32 netmasks.\n (default=off)", 0 }; @@ -288,6 +289,7 @@ args_info->usetap_given = 0 ; args_info->routeif_given = 0 ; args_info->framedservice_given = 0 ; + args_info->noc2c_given = 0 ; } static @@ -473,6 +475,7 @@ args_info->routeif_arg = NULL; args_info->routeif_orig = NULL; args_info->framedservice_flag = 0; + args_info->noc2c_flag = 0; } @@ -591,6 +594,7 @@ args_info->usetap_help = gengetopt_args_info_help[101] ; args_info->routeif_help = gengetopt_args_info_help[102] ; args_info->framedservice_help = gengetopt_args_info_help[103] ; + args_info->noc2c_help = gengetopt_args_info_help[104] ; } @@ -1084,6 +1088,8 @@ write_into_file(outfile, "routeif", args_info->routeif_orig, 0); if (args_info->framedservice_given) write_into_file(outfile, "framedservice", 0, 0 ); + if (args_info->noc2c_given) + write_into_file(outfile, "noc2c", 0, 0 ); i = EXIT_SUCCESS; @@ -1748,6 +1754,7 @@ { "usetap", 0, NULL, 0 }, { "routeif", 1, NULL, 0 }, { "framedservice", 0, NULL, 0 }, + { "noc2c", 0, NULL, 0 }, { NULL, 0, NULL, 0 } }; @@ -3150,7 +3157,19 @@ goto failure; } + /* Send DHCP-OFFERs with /32 netmasks. */ + else if (strcmp (long_options[option_index].name, "noc2c") == 0) + { + + if (update_arg((void *)&(args_info->noc2c_flag), 0, &(args_info->noc2c_given), + &(local_args_info.noc2c_given), optarg, 0, 0, ARG_FLAG, + check_ambiguity, override, 1, 0, "noc2c", '-', + additional_error)) + goto failure; + + } + break; case '?': /* Invalid option. */ /* `getopt_long' already printed an error message. */ Index: dhcp.c =================================================================== --- dhcp.c (revision 185) +++ dhcp.c (working copy) @@ -409,6 +409,7 @@ (*conn)->inuse = 1; (*conn)->parent = this; (*conn)->mtu = this->mtu; + (*conn)->noc2c = this->noc2c; /* Application specific initialisations */ memcpy((*conn)->hismac, hwaddr, PKT_ETH_ALEN); @@ -521,7 +522,8 @@ dhcp_new(struct dhcp_t **pdhcp, int numconn, char *interface, int usemac, uint8_t *mac, int promisc, struct in_addr *listen, int lease, int allowdyn, - struct in_addr *uamlisten, uint16_t uamport, int useeapol) { + struct in_addr *uamlisten, uint16_t uamport, int useeapol, + int noc2c) { struct dhcp_t *dhcp; if (!(dhcp = *pdhcp = calloc(sizeof(struct dhcp_t), 1))) { @@ -622,6 +624,7 @@ dhcp->uamlisten.s_addr = uamlisten->s_addr; dhcp->uamport = uamport; dhcp->mtu = options.mtu; + dhcp->noc2c = noc2c; /* Initialise call back functions */ dhcp->cb_data_ind = 0; @@ -1441,9 +1444,21 @@ packet.dhcp.options[pos++] = DHCP_OPTION_SUBNET_MASK; packet.dhcp.options[pos++] = 4; - memcpy(&packet.dhcp.options[pos], &conn->hismask.s_addr, 4); + if (conn->noc2c) + memset(&packet.dhcp.options[pos], 0xff, 4); + else + memcpy(&packet.dhcp.options[pos], &conn->hismask.s_addr, 4); pos += 4; + if (conn->noc2c) { + packet.dhcp.options[pos++] = DHCP_OPTION_STATIC_ROUTES; + packet.dhcp.options[pos++] = 8; + memcpy(&packet.dhcp.options[pos], &conn->ourip.s_addr, 4); + pos += 4; + memcpy(&packet.dhcp.options[pos], &conn->hisip.s_addr, 4); + pos += 4; + } + packet.dhcp.options[pos++] = DHCP_OPTION_ROUTER_OPTION; packet.dhcp.options[pos++] = 4; memcpy(&packet.dhcp.options[pos], &conn->ourip.s_addr, 4); @@ -1529,9 +1544,21 @@ /* DHCP Payload */ packet.dhcp.options[pos++] = DHCP_OPTION_SUBNET_MASK; packet.dhcp.options[pos++] = 4; - memcpy(&packet.dhcp.options[pos], &conn->hismask.s_addr, 4); + if (conn->noc2c) + memset(&packet.dhcp.options[pos], 0xff, 4); + else + memcpy(&packet.dhcp.options[pos], &conn->hismask.s_addr, 4); pos += 4; + if (conn->noc2c) { + packet.dhcp.options[pos++] = DHCP_OPTION_STATIC_ROUTES; + packet.dhcp.options[pos++] = 8; + memcpy(&packet.dhcp.options[pos], &conn->ourip.s_addr, 4); + pos += 4; + memcpy(&packet.dhcp.options[pos], &conn->hisip.s_addr, 4); + pos += 4; + } + packet.dhcp.options[pos++] = DHCP_OPTION_ROUTER_OPTION; packet.dhcp.options[pos++] = 4; memcpy(&packet.dhcp.options[pos], &conn->ourip.s_addr, 4); Index: cmdline.h =================================================================== --- cmdline.h (revision 185) +++ cmdline.h (working copy) @@ -322,6 +322,8 @@ const char *routeif_help; /**< @brief Interface to use as default route; turns on 'manual' routing help description. */ int framedservice_flag; /**< @brief Use Service-Type = Framed instead of Login (default=off). */ const char *framedservice_help; /**< @brief Use Service-Type = Framed instead of Login help description. */ + int noc2c_flag; /**< @brief Send DHCP-OFFERs with /32 netmasks (default=off). */ + const char *noc2c_help; /**< @brief Send DHCP-OFFERs with /32 netmasks help description. */ unsigned int help_given ; /**< @brief Whether help was given. */ unsigned int version_given ; /**< @brief Whether version was given. */ @@ -427,6 +429,7 @@ unsigned int usetap_given ; /**< @brief Whether usetap was given. */ unsigned int routeif_given ; /**< @brief Whether routeif was given. */ unsigned int framedservice_given ; /**< @brief Whether framedservice was given. */ + unsigned int noc2c_given ; /**< @brief Whether noc2c was given. */ } ; Index: dhcp.h =================================================================== --- dhcp.h (revision 185) +++ dhcp.h (working copy) @@ -31,6 +31,7 @@ #define DHCP_OPTION_HOSTNAME 12 #define DHCP_OPTION_DOMAIN_NAME 15 #define DHCP_OPTION_INTERFACE_MTU 26 +#define DHCP_OPTION_STATIC_ROUTES 33 #define DHCP_OPTION_REQUESTED_IP 50 #define DHCP_OPTION_LEASE_TIME 51 #define DHCP_OPTION_MESSAGE_TYPE 53 @@ -115,6 +116,7 @@ uint16_t dnatport[DHCP_DNAT_MAX]; /* Destination NAT source port */ uint8_t dnatmac[DHCP_DNAT_MAX][PKT_ETH_ALEN]; /* Destination NAT source mac */ uint16_t mtu; /* Maximum transfer unit */ + uint8_t noc2c; /* Prevent client to client access using /32 subnets */ /*XXX: optional*/ struct { @@ -159,6 +161,7 @@ struct in_addr *authip; /* IP address of authentication server */ int authiplen; /* Number of authentication server IP addresses */ int anydns; /* Allow any dns server */ + int noc2c; /* Prevent client to client access using /32 subnets */ int relayfd; /* DHCP relay socket, 0 if not relaying */ @@ -194,7 +197,7 @@ int usemac, uint8_t *mac, int promisc, struct in_addr *listen, int lease, int allowdyn, struct in_addr *uamlisten, uint16_t uamport, - int useeapol); + int useeapol, int noc2c); int dhcp_set(struct dhcp_t *dhcp, int debug); Index: options.c =================================================================== --- options.c (revision 185) +++ options.c (working copy) @@ -276,6 +276,7 @@ options.acct_update = args_info.acctupdate_flag; options.dhcpradius = args_info.dhcpradius_flag; options.dhcpgwport = args_info.dhcpgatewayport_arg; + options.noc2c = args_info.noc2c_flag; if (args_info.dhcpgateway_arg && !inet_aton(args_info.dhcpgateway_arg, &options.dhcpgwip)) {