Echo back the Relay Agent Information option if present (RFC 3046).

Also add support for the "ipsec-tunnel" hardware type as described in
RFC 3456.

ok henning@ krw@ (but needs more testing from others)

7 files changed, 50 insertions, 21 deletions

diff --git a/usr.sbin/dhcpd/conflex.c b/usr.sbin/dhcpd/conflex.c
index 523b4c01c93..086bfcc56fc 100644
--- a/usr.sbin/dhcpd/conflex.c
+++ b/usr.sbin/dhcpd/conflex.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: conflex.c,v 1.9 2006/12/17 18:03:33 stevesk Exp $	*/
+/*	$OpenBSD: conflex.c,v 1.10 2009/09/01 08:42:31 reyk Exp $	*/
 
 /* Lexical scanner for dhcpd config file... */
 
@@ -337,6 +337,7 @@ static const struct keywords {
 	{ "hardware",				TOK_HARDWARE },
 	{ "host",				TOK_HOST },
 	{ "hostname",				TOK_HOSTNAME },
+	{ "ipsec-tunnel",			TOK_IPSEC_TUNNEL },
 	{ "lease",				TOK_LEASE },
 	{ "max-lease-time",			TOK_MAX_LEASE_TIME },
 	{ "netmask",				TOK_NETMASK },
diff --git a/usr.sbin/dhcpd/dhcp.c b/usr.sbin/dhcpd/dhcp.c
index 2790ea4f2d1..7d0eddf419a 100644
--- a/usr.sbin/dhcpd/dhcp.c
+++ b/usr.sbin/dhcpd/dhcp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhcp.c,v 1.27 2008/07/21 16:51:18 millert Exp $ */
+/*	$OpenBSD: dhcp.c,v 1.28 2009/09/01 08:42:31 reyk Exp $ */
 
 /*
  * Copyright (c) 1995, 1996, 1997, 1998, 1999
@@ -1145,6 +1145,19 @@ ack_lease(struct packet *packet, struct lease *lease, unsigned int offer,
 		state->options[i]->tree = NULL;
 	}
 
+	/* Echo back the relay agent information, if present */
+	i = DHO_RELAY_AGENT_INFORMATION;
+	if (state->giaddr.s_addr && !state->options[i] &&
+	    packet->options[i].data && packet->options[i].len) {
+		state->options[i] = new_tree_cache("relay-agent-information");
+		state->options[i]->flags = TC_TEMPORARY;
+		state->options[i]->value = packet->options[i].data;
+		state->options[i]->len = packet->options[i].len;
+		state->options[i]->buf_size = packet->options[i].len;
+		state->options[i]->timeout = -1;
+		state->options[i]->tree = NULL;
+	}
+
 	lease->state = state;
 
 	/* If this is a DHCPOFFER, ping the lease address before actually
diff --git a/usr.sbin/dhcpd/dhcp.h b/usr.sbin/dhcpd/dhcp.h
index f01b70f9578..6d4c29a4e45 100644
--- a/usr.sbin/dhcpd/dhcp.h
+++ b/usr.sbin/dhcpd/dhcp.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhcp.h,v 1.5 2007/03/02 18:26:29 stevesk Exp $	*/
+/*	$OpenBSD: dhcp.h,v 1.6 2009/09/01 08:42:31 reyk Exp $	*/
 
 /* Protocol structures... */
 
@@ -80,13 +80,15 @@ struct dhcp_packet {
 #define BOOTP_BROADCAST 32768L
 
 /* Possible values for hardware type (htype) field... */
-#define HTYPE_ETHER	1		/* Ethernet			*/
-#define HTYPE_IEEE802	6		/* IEEE 802.2 Token Ring...	*/
-#define HTYPE_FDDI	8		/* FDDI...			*/
+#define HTYPE_ETHER		1	/* Ethernet			*/
+#define HTYPE_IEEE802		6	/* IEEE 802.2 Token Ring...	*/
+#define HTYPE_FDDI		8	/* FDDI...			*/
+#define HTYPE_IPSEC_TUNNEL	31	/* IPsec Tunnel (RFC3456)	*/
 
 /* Magic cookie validating dhcp options field (and bootp vendor
    extensions field). */
 #define DHCP_OPTIONS_COOKIE	"\143\202\123\143"
+#define DHCP_OPTIONS_COOKIE_LEN	4
 
 /* DHCP Option codes: */
 
@@ -153,6 +155,7 @@ struct dhcp_packet {
 #define DHO_DHCP_CLASS_IDENTIFIER	60
 #define DHO_DHCP_CLIENT_IDENTIFIER	61
 #define DHO_DHCP_USER_CLASS_ID		77
+#define DHO_RELAY_AGENT_INFORMATION	82
 #define DHO_END				255
 
 /* DHCP message types. */
@@ -164,3 +167,8 @@ struct dhcp_packet {
 #define DHCPNAK		6
 #define DHCPRELEASE	7
 #define DHCPINFORM	8
+
+/* Relay Agent Information sub-options */
+#define RAI_CIRCUIT_ID	1
+#define RAI_REMOTE_ID	2
+#define RAI_AGENT_ID	3
diff --git a/usr.sbin/dhcpd/dhcpd.conf.5 b/usr.sbin/dhcpd/dhcpd.conf.5
index 67201a8077c..30eb84a0d9e 100644
--- a/usr.sbin/dhcpd/dhcpd.conf.5
+++ b/usr.sbin/dhcpd/dhcpd.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: dhcpd.conf.5,v 1.9 2009/08/01 03:00:14 fgsch Exp $
+.\"	$OpenBSD: dhcpd.conf.5,v 1.10 2009/09/01 08:42:31 reyk Exp $
 .\"
 .\" Copyright (c) 1995, 1996, 1997, 1998, 1998, 1999
 .\" The Internet Software Consortium.    All rights reserved.
@@ -36,7 +36,7 @@
 .\" see ``http://www.isc.org/isc''.  To learn more about Vixie
 .\" Enterprises, see ``http://www.vix.com''.
 .\"
-.Dd $Mdocdate: August 1 2009 $
+.Dd $Mdocdate: September 1 2009 $
 .Dt DHCPD.CONF 5
 .Os
 .Sh NAME
@@ -590,14 +590,16 @@ clause in the
 .Ic host
 statement.
 .Ar hardware-type
-must be the name of a physical hardware interface type.
-Currently, only the
-.Ar ethernet
-and
+must be the name of a hardware interface type.
+Currently, the
+.Ar ethernet ,
 .Ar token-ring
-types are recognized, although support for an
+and
 .Ar fddi
-hardware type (and others) would also be desirable.
+physical interface types are recognized,
+although support for DHCP-over-IPSec virtual interface type
+.Ar ipsec-tunnel
+is provided.
 The
 .Ar hardware-address
 should be a set of hexadecimal octets (numbers from 0 through ff)
@@ -929,7 +931,7 @@ manual page.
 .Xr dhcpd.leases 5 ,
 .Xr dhcpd 8
 .Pp
-RFC 2132, RFC 2131.
+RFC 2132, RFC 2131, RFC 3046, RFC 3456
 .Sh AUTHORS
 .An -nosplit
 .Xr dhcpd 8
diff --git a/usr.sbin/dhcpd/dhctoken.h b/usr.sbin/dhcpd/dhctoken.h
index 4b9f35ddf65..5cb5766e33a 100644
--- a/usr.sbin/dhcpd/dhctoken.h
+++ b/usr.sbin/dhcpd/dhctoken.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhctoken.h,v 1.5 2006/12/18 19:05:01 stevesk Exp $	*/
+/*	$OpenBSD: dhctoken.h,v 1.6 2009/09/01 08:42:31 reyk Exp $	*/
 
 /* Tokens for config file lexer and parser. */
 
@@ -92,6 +92,7 @@
 #define TOK_AUTHORITATIVE		333
 #define TOK_TOKEN_NOT			334
 #define TOK_ALWAYS_REPLY_RFC1048	335
+#define TOK_IPSEC_TUNNEL		336
 
 #define is_identifier(x)	((x) >= TOK_FIRST_TOKEN &&	\
 				 (x) != TOK_STRING &&	\
diff --git a/usr.sbin/dhcpd/parse.c b/usr.sbin/dhcpd/parse.c
index 13398243f10..9e0dc4e2f7e 100644
--- a/usr.sbin/dhcpd/parse.c
+++ b/usr.sbin/dhcpd/parse.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.c,v 1.11 2007/02/26 00:49:53 stevesk Exp $	*/
+/*	$OpenBSD: parse.c,v 1.12 2009/09/01 08:42:31 reyk Exp $	*/
 
 /* Common parser code for dhcpd and dhclient. */
 
@@ -212,6 +212,9 @@ parse_hardware_param(FILE *cfile, struct hardware *hardware)
 	case TOK_FDDI:
 		hardware->htype = HTYPE_FDDI;
 		break;
+	case TOK_IPSEC_TUNNEL:
+		hardware->htype = HTYPE_IPSEC_TUNNEL;
+		break;
 	default:
 		parse_warn("expecting a network hardware type");
 		skip_to_semi(cfile);
diff --git a/usr.sbin/dhcpd/tables.c b/usr.sbin/dhcpd/tables.c
index b6e2ffb3897..3e5315bf90b 100644
--- a/usr.sbin/dhcpd/tables.c
+++ b/usr.sbin/dhcpd/tables.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tables.c,v 1.8 2009/01/13 21:11:57 sthen Exp $	*/
+/*	$OpenBSD: tables.c,v 1.9 2009/09/01 08:42:31 reyk Exp $	*/
 
 /* Tables of information... */
 
@@ -144,7 +144,7 @@ struct option dhcp_options[256] = {
 	{ "option-79", "X",				&dhcp_universe, 79 },
 	{ "option-80", "X",				&dhcp_universe, 80 },
 	{ "option-81", "X",				&dhcp_universe, 81 },
-	{ "option-82", "X",				&dhcp_universe, 82 },
+	{ "relay-agent-information", "X",		&dhcp_universe, 82 },
 	{ "option-83", "X",				&dhcp_universe, 83 },
 	{ "option-84", "X",				&dhcp_universe, 84 },
 	{ "nds-servers", "IA",				&dhcp_universe, 85 },
@@ -389,12 +389,13 @@ unsigned char dhcp_option_default_priority_list[256] = {
 	DHO_X_DISPLAY_MANAGER,
 	DHO_DHCP_PARAMETER_REQUEST_LIST,
 	DHO_DHCP_USER_CLASS_ID,
+	DHO_RELAY_AGENT_INFORMATION,	/* Should be the last option. */
 	DHO_PAD,
 
 	/* Presently-undefined options... */
 	           62,  63,  64,  65,  66,  67,  68,  69,
 	 70,  71,  72,  73,  74,  75,  76,       78,  79,
-	 80,  81,  82,  83,  84,  85,  86,  87,  88,  89,
+	 80,  81,       83,  84,  85,  86,  87,  88,  89,
 	 90,  91,  92,  93,  94,  95,  96,  97,  98,  99,
 	100, 101, 102, 103, 104, 105, 106, 107, 108, 109,
 	110, 111, 112, 113, 114, 115, 116, 117, 118, 119,
@@ -446,7 +447,7 @@ char *hardware_types[] = {
 	"unknown-28",
 	"unknown-29",
 	"unknown-30",
-	"unknown-31",
+	"ipsec-tunnel",
 	"unknown-32",
 	"unknown-33",
 	"unknown-34",