Honeyd DHCP Fails

[PherricOxide]

Honeyd failed to work with DHCP on some (all?) networks (Datasoft 10 network). It was seen functioning before, but we're unsure how it worked given what we found in the code. Creating this ticket for future reference: if we end up having new DHCP issues come up it might be caused by the changes here.

Within dhcpclient.c / dhcp_recv_cb, /* Check if we manage a virtual machine with this ethernet address */ addr_pack(&eth_dha, ADDR_TYPE_ETH, ETH_ADDR_BITS, &eth->eth_dst, ETH_ADDR_LEN);

if ((arp = arp_find(&eth_dha)) == NULL || !(arp->flags & ARP_INTERNAL))

This code seems to check if the Ethernet MAC address of the DHCP request is one of the ethernet addresses of the honeypots that we manage. However, rather than checking the ethernet address of the DHCP client, it was checking the address of the DHCP header (the router), which would always cause this if to fail and DHCP connections to never take place.

We added in a copy of the address from the DHCP payload to the ethernet struct that this function used.

• if ((arp = arp_find(&eth_dha)) == NULL || !(arp->flags & ARP_INTERNAL)) +
• udp = (struct udp_hdr )((u_char )ip + (ip->ip_hl << 2));
• msg = (struct dhcp_msg )((u_char )udp + UDP_HDR_LEN);
• msglen = ntohs(udp->uh_ulen) - UDP_HDR_LEN; +
• memcpy(&eth_dha.__addr_u.__data8[0], (&msg->dh_chaddr[0]), 16); +
• arp = arp_find(&eth_dha);
• if ( (arp == NULL) || !(arp->flags & ARP_INTERNAL))

This resolved the problem of DHCP not working, but should be observed for other side effects.

See commit 0ab46a04f46d4e70fbbcc9bde61058b290ebd37d