[Kea-users] DHCP fingerprinting hook

Munroe Sollog mus3 at lehigh.edu
Mon Dec 20 19:36:11 UTC 2021 

Thanks for the feedback.  This project started for us 5-7 years ago with a
(then open source) project called fingerbank and snippet of code for dhcpd:

    log(info,

      concat("Client :",

        binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)),

        ": requests ",

        binary-to-ascii(16, 8, ":", option dhcp-parameter-request-list),

        " - ",

        pick-first-value(option vendor-class-identifier, "no_vendor_id"))

      );

This cemented our local database of fingerprints as colon separated hex
options.  I agree it's a silly format, but it's what we have and I don't
think we're ready to change that.  I can absolutely use a comma separator
for the decimal-value output as I agree that makes a lot more sense.

At the moment though we are struggling with how to use the packaged version
of kea and this custom hook.  When we upgraded to 2.0.1 via apt last week
the custom hook failed to load and thus kea failed to start.  I'm not sure
if there is a better way to construct the Makefile so these hooks are more
resilient or if we just need to hold kea and only upgrade.

On Sat, Dec 18, 2021 at 9:40 PM Klaus Steden <klausfiend at gmail.com> wrote:

>
> This looks pretty cool, but if I can offer a suggestion, I would report
> the options in a slightly different format (comma-separated perhaps?) to
> make it easier to distinguish from a MAC address ... I did a bit of a
> double-take when I looked at the sample log message in your GitHub README.
>
> cheers,
> Klaus
>
> On Thu, Dec 9, 2021 at 10:20 PM Munroe Sollog <mus3 at lehigh.edu> wrote:
>
>> I finally found the time to dig into kea's code and dust off my very old
>> C++ knowledge.  The result is this hook:
>>
>> https://github.com/mroe1234/DHCPfingerprintHook
>>
>> It adds a log line with the mac address and the specific option order a
>> client requested.
>>
>> --
>> Munroe Sollog (He/Him/His)
>> Network Architect
>> munroe at lehigh.edu
>> _______________________________________________
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>>
>> Kea-users mailing list
>> Kea-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-users
>>
>

-- 
Munroe Sollog (He/Him/His)
Network Architect
munroe at lehigh.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20211220/618d9677/attachment.htm>

More information about the Kea-users mailing list