dhcpcd
dhcpcd copied to clipboard
NetworkConfiguration
DHCPv6 server (reply) authtoken must be in hex form to be accepted by dhcpcd; dhcpcd should also accept text notation
Hi,
I'm trying to continue where this email thread left off.
Just as Mattieu then, I'm trying to have dhcpcd request and IPv6 from Orange France. I have a known-good, working value for the auth that can be generated with this script:
#!/bin/sh
# /etc/dhclient.conf does *MOST* of what we need. (IPv4)
# only option-90 is problematic
# Heavily inspired by https://lafibre.info/remplacer-livebox/tuto-remplacer-la-livebox-par-un-routeur-dd-wrt-internet-tv/
: "${FTI_USER?"Missing mandatory variable"}"
: "${FTI_PASS?"Missing mandatory variable"}"
if ! command -v md5 >/dev/null 2>&1; then
md5() {
md5sum | cut -c 1-32
}
fi
# translates individual characters to their hex counterpart and prefixes each
# with `:`
# __tohex foo
# > :66:6f:6f
__tohex() {
printf '%s' "$1" | hexdump -ve '1/1 ":%.2x"'
}
case "$FTI_USER" in
fti/*) : ;;
*) FTI_USER="fti/$FTI_USER" ;;
esac
# random strings
# let's hope this never changes, because if Orange starts using "predictable"
# strings, we're in deep (think: TOTP)
: "${_r:="$(openssl rand -base64 12)"}"
: "${_c:="$(openssl rand -base64 1 | cut -c 1)"}"
# "header"
_o90="00:00:00:00:00:00:00:00:00:00:00:1a:09:00:00:05:58:01:03:41"
_o90="$_o90:01:0d$(__tohex "$FTI_USER")"
_o90="$_o90:3c:12$(__tohex "$_r")"
_o90="$_o90:03:13$(__tohex "$_c")"
_o90="$_o90$(printf '%s' "$_c$FTI_PASS$_r" | md5 | sed 's/\(..\)/:\1/g')"
cat << EOO
# Generated on $(date) with
# r = $_r
# c = $_c
send option-90 $_o90 ;
EOO
The issue of course is that the output of this script does not map to ASCII only characters. To use dhcpcd, I need to pass a hex stream starting with 1a:09:00:00:05:58:01:03:41:... as an authtoken. Following stuff I tried and which does not work:
- hex edit the config file so that it holds the exact hex data I need. dhcpcd fails with
authtoken requies an expiry datedhcp6_makemessage: vlan832: dhcp_auth_encode: Invalid argument authtoken 0x123 "" 0 0x1a09...this sends0x1a09...as textauthtoken 0x123 "" 0 1a:09:...fails withtoken_len: No buffer space availabledhcp6_makemessage: vlan832: dhcp_auth_encode: Invalid argument
Nota: I got a DHCP client to work by passing it that hex stream, but said client is getting discontinued (isc-dhclient) and my OS (OpenBSD) does not ship with a DHCPv6 client.
FWIW my dhcpcd.conf:
noipv6rs
ipv6only
nohook resolv.conf hostname ntp.conf
allowinterfaces vlan832
debug
# https://blog.brimbelle.org/index.php/2018/04/30/fibre-orange-ipv6-et-dhcpcd/
interface vlan832
#For CLIENT_ID (option 1), confirmed working:
# 0003001<MAC_ADDRESS> in /var/db/dhcpcd/duid
# no other option necessary here
iaid 022e5cd4
ia_pd 022e5cd4
# ^ ia_pd should send 2 timestamps at ffff, but using `leasetime -1` does not work
# ^ ia_pd however sends the correct iaid
# This below only works with dhcpcd (it prepends 00:2b)
userclass FSVDSL_livebox.Internet.softathome.Livebox4
vendclass 1038 sagem
# TODO : review auth
# XXX
option auth
Nota: this bug happens on OpenBSD's dhcpcd v9.4.1v0, but it looks like it doesn't happen on master (see #101 ). This is very promising.
The following dhcpcd works with the master version (4627c5d80fd677531878a819d30ad9f6d385b50b), but there is a consistency issue with it:
noipv6rs
ipv6only
nohook resolv.conf hostname ntp.conf
allowinterfaces vlan832
debug
# https://blog.brimbelle.org/index.php/2018/04/30/fibre-orange-ipv6-et-dhcpcd/
interface vlan832
#For CLIENT_ID (option 1), confirmed working:
# 0003001<MAC_ADDRESS> in /var/db/dhcpcd/duid
# no other option necessary here
#ia_na 1
iaid 022e5cd4
ia_pd 022e5cd4
# ^ ia_pd should send 2 timestamps at ffff, but using `leasetime -1` does not work
# ^ia_pd however sends the correct iaid
#ia_pd 1//64 vlan49/0/64
# This below only works with dhcpcd (it prepends 00:2b)
userclass FSVDSL_livebox.Internet.softathome.Livebox4
vendclass 1038 sagem
authprotocol token 0x123/0x456
authtoken 0x123 "" forever 1a:09:00:00:05:58:01:xx:xx:...:xx
#authtoken 0x456 "" forever dhcpliveboxfr250
# ^ this should work but it doesn't!
# v this works but it really shouldn't be different from the line above
authtoken 0x456 "" forever 64:68:63:70:6c:69:76:65:62:6f:78:66:72:32:35:30
option auth
dhcpcd should accept both authtoken 0x456 "" forever 64:68:63:70:6c:69:76:65:62:6f:78:66:72:32:35:30 and authtoken 0x456 "" forever dhcpliveboxfr250 as the same. Using the text version throws:
# dhcpcd -dB vlan832
dhcpcd-9.99.0 starting
spawned privileged proxy on PID 58528
spawned network proxy on PID 1708
spawned controller proxy on PID 44893
DUID xx:xx:...:xx
authtoken needs a key
vlan832: spawned DHCP6 proxy fe80::xx:xx...xx on PID 69736
vlan832: executing: /libexec/dhcpcd-run-hooks PREINIT
vlan832: executing: /libexec/dhcpcd-run-hooks CARRIER
vlan832: IAID xx:xx:xx:xx
vlan832: reading lease: /var/db/dhcpcd/vlan832.lease6
vlan832: soliciting a DHCPv6 lease
vlan832: delaying SOLICIT6 (xid 0x260400), next in 1.0 seconds
vlan832: multicasting SOLICIT6 (xid 0x260400), next in 1.0 seconds
vlan832: authentication failed from fe80::ba0:bab: No such process <<<<<<<<<<<<<<<<<<<<
vlan832: multicasting SOLICIT6 (xid 0x260400), next in 1.9 seconds
vlan832: authentication failed from fe80::ba0:bab: No such process <<<<<<<<<<<<<<<<<<<<
