diff options
Diffstat (limited to 'web/attachments/259195-check_dhcp-roguedhcpservercheck.txt')
-rw-r--r-- | web/attachments/259195-check_dhcp-roguedhcpservercheck.txt | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/web/attachments/259195-check_dhcp-roguedhcpservercheck.txt b/web/attachments/259195-check_dhcp-roguedhcpservercheck.txt new file mode 100644 index 0000000..4489fec --- /dev/null +++ b/web/attachments/259195-check_dhcp-roguedhcpservercheck.txt | |||
@@ -0,0 +1,123 @@ | |||
1 | --- check_dhcp.c.orig 2007-12-14 21:04:26.000000000 +0100 | ||
2 | +++ check_dhcp.c 2007-12-15 16:04:12.000000000 +0100 | ||
3 | @@ -165,6 +165,7 @@ | ||
4 | u_int32_t lease_time; /* lease time in seconds */ | ||
5 | u_int32_t renewal_time; /* renewal time in seconds */ | ||
6 | u_int32_t rebinding_time; /* rebinding time in seconds */ | ||
7 | + u_int8_t desired; /* is this offer desired (necessary in exclusive mode) */ | ||
8 | struct dhcp_offer_struct *next; | ||
9 | }dhcp_offer; | ||
10 | |||
11 | @@ -209,6 +210,7 @@ | ||
12 | #define ETHERNET_HARDWARE_ADDRESS_LENGTH 6 /* length of Ethernet hardware addresses */ | ||
13 | |||
14 | u_int8_t unicast = 0; /* unicast mode: mimic a DHCP relay */ | ||
15 | +u_int8_t exclusive = 0; /* exclusive mode aka "rogue DHCP server detection" */ | ||
16 | struct in_addr my_ip; /* our address (required for relay) */ | ||
17 | struct in_addr dhcp_ip; /* server to query (if in unicast mode) */ | ||
18 | unsigned char client_hardware_address[MAX_DHCP_CHADDR_LENGTH]=""; | ||
19 | @@ -919,6 +921,7 @@ | ||
20 | new_offer->lease_time=dhcp_lease_time; | ||
21 | new_offer->renewal_time=dhcp_renewal_time; | ||
22 | new_offer->rebinding_time=dhcp_rebinding_time; | ||
23 | + new_offer->desired=FALSE; /* exclusive mode: we'll check that in get_results */ | ||
24 | |||
25 | |||
26 | if(verbose){ | ||
27 | @@ -964,7 +967,7 @@ | ||
28 | |||
29 | /* gets state and plugin output to return */ | ||
30 | int get_results(void){ | ||
31 | - dhcp_offer *temp_offer; | ||
32 | + dhcp_offer *temp_offer, *undesired_offer=NULL; | ||
33 | requested_server *temp_server; | ||
34 | int result; | ||
35 | u_int32_t max_lease_time=0; | ||
36 | @@ -999,11 +1002,18 @@ | ||
37 | if(temp_server->answered == FALSE){ | ||
38 | requested_responses++; | ||
39 | temp_server->answered=TRUE; | ||
40 | + temp_offer->desired=TRUE; | ||
41 | } | ||
42 | } | ||
43 | } | ||
44 | } | ||
45 | |||
46 | + /* exclusive mode: check for undesired offers */ | ||
47 | + for(temp_offer=dhcp_offer_list;temp_offer!=NULL;temp_offer=temp_offer->next) | ||
48 | + if (temp_offer->desired == FALSE) { | ||
49 | + undesired_offer=temp_offer; /* Checks only for the first undesired offer */ | ||
50 | + break; /* no further checks needed */ | ||
51 | + } | ||
52 | } | ||
53 | |||
54 | /* else check and see if we got our requested address from any server */ | ||
55 | @@ -1030,6 +1040,9 @@ | ||
56 | result=STATE_WARNING; | ||
57 | else if(request_specific_address==TRUE && received_requested_address==FALSE) | ||
58 | result=STATE_WARNING; | ||
59 | + | ||
60 | + if(exclusive && undesired_offer) | ||
61 | + result=STATE_CRITICAL; | ||
62 | |||
63 | if(result==0) /* garrett honeycutt 2005 */ | ||
64 | printf("OK: "); | ||
65 | @@ -1046,6 +1059,12 @@ | ||
66 | return result; | ||
67 | } | ||
68 | |||
69 | + if(exclusive && undesired_offer){ | ||
70 | + printf(_("Rogue DHCP Server detected! Server %s"),inet_ntoa(undesired_offer->server_address)); | ||
71 | + printf(_(" offered %s \n"),inet_ntoa(undesired_offer->offered_address)); | ||
72 | + return result; | ||
73 | + } | ||
74 | + | ||
75 | printf(_("Received %d DHCPOFFER(s)"),valid_responses); | ||
76 | |||
77 | if(requested_servers>0) | ||
78 | @@ -1100,6 +1119,7 @@ | ||
79 | {"interface", required_argument,0,'i'}, | ||
80 | {"mac", required_argument,0,'m'}, | ||
81 | {"unicast", no_argument, 0,'u'}, | ||
82 | + {"exclusive", no_argument, 0,'x'}, | ||
83 | {"verbose", no_argument, 0,'v'}, | ||
84 | {"version", no_argument, 0,'V'}, | ||
85 | {"help", no_argument, 0,'h'}, | ||
86 | @@ -1107,7 +1127,7 @@ | ||
87 | }; | ||
88 | |||
89 | while(1){ | ||
90 | - c=getopt_long(argc,argv,"+hVvt:s:r:t:i:m:u",long_options,&option_index); | ||
91 | + c=getopt_long(argc,argv,"+hVvxt:s:r:t:i:m:u",long_options,&option_index); | ||
92 | |||
93 | i++; | ||
94 | |||
95 | @@ -1170,6 +1190,10 @@ | ||
96 | unicast=1; | ||
97 | break; | ||
98 | |||
99 | + case 'x': /* exclusive testing aka "rogue DHCP server detection" */ | ||
100 | + exclusive=1; | ||
101 | + break; | ||
102 | + | ||
103 | case 'V': /* version */ | ||
104 | print_revision(progname,revision); | ||
105 | exit(STATE_OK); | ||
106 | @@ -1415,6 +1439,8 @@ | ||
107 | printf (" %s\n", _("MAC address to use in the DHCP request")); | ||
108 | printf (" %s\n", "-u, --unicast"); | ||
109 | printf (" %s\n", _("Unicast testing: mimic a DHCP relay, requires -s")); | ||
110 | + printf (" %s\n", "-x, --exclusive"); | ||
111 | + printf (" %s\n", _("Only requested DHCP server may response (rogue DHCP server detection), requires -s")); | ||
112 | |||
113 | return; | ||
114 | } | ||
115 | @@ -1424,7 +1450,7 @@ | ||
116 | print_usage(void){ | ||
117 | |||
118 | printf (_("Usage:")); | ||
119 | - printf (" %s [-v] [-u] [-s serverip] [-r requestedip] [-t timeout]\n",progname); | ||
120 | + printf (" %s [-v] [-u] [-x] [-s serverip] [-r requestedip] [-t timeout]\n",progname); | ||
121 | printf (" [-i interface] [-m mac]\n"); | ||
122 | |||
123 | return; | ||