logging sometimes fails
Ray Phillips
r.phillips at jkmrc.com
Thu Aug 31 09:31:55 UTC 2006
>On Wed, Aug 23, 2006 at 04:00:05PM -0400, Randy Grimshaw wrote:
>> As it is sometimes useful for debugging, I have been logging the dhcp
>> fingerprint of the systems on our network.
>> But have noticed that some systems such as Macintosh OSX are curiously
>> absent... the log() seems to be failing.
>>
>> on commit {
>> log(info,
>> concat("Fingerprint:\t",
>> binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)),
>> "\t",
>> binary-to-ascii(10, 8, "-", option dhcp-parameter-request-list),
>> "\t",
>> option vendor-class-identifier
>> )
>> );
>> }
>>
>> I woudn't post this to the list yet because such a failure could reveal
>> other exposures.... but I am curious.
>> have you seen anything like this elsewhere?
>
>concat() returns a null value if any of its arguments are null (not
>present, or of zero length).
>
>I suspect the vendor-class-identifier is not present on the clients
>that are not logging in your case.
>
>Consider:
>
> pick-first-value(option vendor-class-identifier, "<none>")
In case anyone's interested I'll post the dhcpd.conf code (scrounged
from the list) I'm using to log fingerprints and the fingerprints
I've copied from the list and collected so far.
I think the entries for Microsoft Visual Studio Team System are
correct but don't know why there are two different ones.
# dhcp fingerprinting, a la
# http://marc.theaimsgroup.com/?l=dhcp-server&m=110799778124539&w=2
# modified so the MAC addresses are printed with pairs of hex digits, even
# when the leading one is 0.
class "VendorIdent" {
match option dhcp-parameter-request-list;
}
subclass "VendorIdent" 1:3:6:f {
set os-ident = "Apple Airport Express Basestation";
}
subclass "VendorIdent" 1:2:3:6:c:f:11:17:1c:1d:1f:21:28:29:2a:2b {
set os-ident = "Amino Aminet Set Top Box";
}
subclass "VendorIdent" 1:3:6:f:42:45:2b:b0 {
set os-ident = "Avaya IP Telephone";
}
subclass "VendorIdent" 1:3:7:6:f:42:45:2b:b0 {
set os-ident = "Avaya IP Telephone";
}
subclass "VendorIdent" 1:1c:3:6:f:43:4:7 {
set os-ident = "Cisco Wireless Access Point";
}
subclass "VendorIdent" 1:42:6:3:43:c:96 {
set os-ident = "Cisco 2900 Catalyst XL";
}
subclass "VendorIdent" 1:3:7:2c:33:36:3a:3b:c:f:90:12 {
set os-ident = "Hewlett-Packard JetDirect";
}
subclass "VendorIdent" 1:3:2c:6:51:7:c:f:16:36:3a:3b:45:12:90 {
set os-ident = "Hewlett-Packard JetDirect";
}
subclass "VendorIdent" 6:3:1:f:42:43:d:2c {
set os-ident = "Hewlett-Packard LaserJet";
# From an HP LaserJet 3055.
}
subclass "VendorIdent" 1:3:2c:6:7:c:f:16:36:3a:3b:45:12:90 {
set os-ident = "Hewlett-Packard Color LaserJet";
}
subclass "VendorIdent" 1:3:6:c:f:2c:2e:2f {
set os-ident = "Linksys Router";
}
subclass "VendorIdent" 1:3:6:c:f:1c:2c {
set os-ident = "Linksys WRT54G";
}
subclass "VendorIdent" 1:1c:2:3:f:6:c:28:29:2a {
set os-ident = "Linux";
}
subclass "VendorIdent" 1:3:6:c:f:11:17:1c:1d:1f:21:28:29:2a:9:7:c8:2c {
set os-ident = "Linux 2.6.5-7.108 Suse 9.1/Novell Desktop";
}
subclass "VendorIdent" 1:1c:2:3:f:6:c:28:29 {
set os-ident = "Linux 2.6.16.13-4 Suse 10.1/Novell Desktop";
}
subclass "VendorIdent" 1:3:6:f:21:2a:2c:2d:2e:2f:45:46:47:4a:4e:4f {
set os-ident = "Mac OS 9";
}
subclass "VendorIdent" 1:3:6:f:70:71:4e:4f:5f:fc {
set os-ident = "Mac OS X";
}
subclass "VendorIdent" 1:3:6:f:70:71:4e:4f:5f:fc:2c:2f {
set os-ident = "Mac OS X";
}
subclass "VendorIdent" 1:3:f:6:2c:2e:2f {
set os-ident = "Microsoft Windows 95";
}
subclass "VendorIdent" 1:3:6:f:2c:2e:2f:39 {
set os-ident = "Microsoft Windows 98";
}
subclass "VendorIdent" 1:f:3:6:2c:2e:2f:2b:4d {
set os-ident = "Microsoft Windows 98 SE";
}
subclass "VendorIdent" 1:f:3:6:2c:2e:2f:1f:21:2b:4d {
set os-ident = "Microsoft Windows ME";
}
subclass "VendorIdent" 1:f:3:6:2c:2e:2f:1f:21:f9:2b {
set os-ident = "Microsoft Windows XP";
# The same as Win 2003 Server Standard's.
}
subclass "VendorIdent" 1:f:3:2c:2e:2f:6 {
set os-ident = "Microsoft Windows NT 4 Server";
}
subclass "VendorIdent" 1:f:3:6:2c:2e:2f:1f:21:2b {
set os-ident = "Microsoft Windows 2000 Professional";
}
subclass "VendorIdent" 1:3:6:f:33:2c {
set os-ident = "Microsoft Visual Studio Team System ID1";
}
subclass "VendorIdent" 1:3:c {
set os-ident = "Microsoft Visual Studio Team System ID2";
}
subclass "VendorIdent" 1:f:3:6:2c:2e:2f:1f:21:79:f9:2b {
set os-ident = "Microsoft Vista";
}
subclass "VendorIdent" 1:3:6:f:c:45:46:58:2a {
set os-ident = "NetBotz WallBotz 400C";
}
subclass "VendorIdent" 1:1c {
set os-ident = "NetGear Storage Central";
}
subclass "VendorIdent"
1:3:3:5:6:b:c:d:f:10:11:12:2b:36:3c:43:80:81:82:83:84:85:86:87 {
set os-ident = "3Com 3c905C-TX PXE Client";
}
subclass "VendorIdent" 1:3:2b:36:3c:43:80:81:82:83:84:85:86:87 {
set os-ident = "PXEClient:Arch:00000:UNDI:002001";
# From Toshiba Satellite Pro 4600 PXE Client.
}
subclass "VendorIdent"
1:2:3:5:6:b:c:d:f:10:11:12:2b:36:3c:43:80:81:82:83:84:85:86:87 {
set os-ident = "PXEClient:Arch:00000:UNDI:002001";
# From Toshiba Tecra A4 PXE Client.
}
subclass "VendorIdent"
1:2:3:4:5:6:b:c:d:f:10:11:12:16:17:1c:28:29:2a:2b:32:33:36:3a:3b:3c:42:43:80:81:82:83:84:85:86:87
{
set os-ident = "PXEClient:Arch:00000:UNDI:002001";
# From Toshiba Tecra A7 PXE Client.
}
subclass "VendorIdent" 1:3:6:f:2c:2f {
set os-ident = "Ricoh Aficio 3045";
}
subclass "VendorIdent" 1:3:6:f:1c:2c:2f {
set os-ident = "Ricoh Aficio MP C3000";
}
subclass "VendorIdent" 1:3:6:f:1c:c:7:9:2a:30:31 {
set os-ident = "Slackware Linux";
}
subclass "VendorIdent" 1:1c:2:3:f:6:c {
set os-ident = "TiVo Series 2";
# The same as NetBSD's ISC dhclient.
}
subclass "VendorIdent" 33:1:3:3a:3b:c:2c:36:6:f:90 {
set os-ident = "Xerox DocuPrint";
# From a DocuPrint N2125.
}
on commit {
# The following if() logs the parameter-request-list string for the device
# with the specified MAC address. The MAC address must consist of six groups
# of two hex digits separated by colons for a match to occur.
# if (
# concat (
# suffix (concat ("0", binary-to-ascii (16, 8, "",
# substring (hardware, 1, 1))),2), ":",
# suffix (concat ("0", binary-to-ascii (16, 8, "",
# substring (hardware, 2, 1))),2), ":",
# suffix (concat ("0", binary-to-ascii (16, 8, "",
# substring (hardware, 3, 1))),2), ":",
# suffix (concat ("0", binary-to-ascii (16, 8, "",
# substring (hardware, 4, 1))),2), ":",
# suffix (concat ("0", binary-to-ascii (16, 8, "",
# substring (hardware, 5, 1))),2), ":",
# suffix (concat ("0", binary-to-ascii (16, 8, "",
# substring (hardware, 6, 1))),2)
# )
## Enter MAC address here.
# = "00:a0:d1:34:d7:33"
# ) {
# log (info, concat ("A7's param-req-list: ",
# binary-to-ascii (16, 8, ":", option dhcp-parameter-request-list)));
# }
if (pick-first-value (os-ident,"X") != "X") {
log (info, concat (
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 1, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 2, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 3, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 4, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 5, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 6, 1))),2),
" believed to be ", os-ident, " - ",
pick-first-value (option vendor-class-identifier, "no vendor-id"))
);
}
else {
log (info, concat (
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 1, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 2, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 3, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 4, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 5, 1))),2), ":",
suffix (concat ("0", binary-to-ascii (16, 8, "",
substring (hardware, 6, 1))),2),
" not fingerprinted - ",
binary-to-ascii (16, 8, ":", option dhcp-parameter-request-list),
" - ",
pick-first-value (option vendor-class-identifier, "no vendor-id"))
);
}
}
More information about the dhcp-users
mailing list