1# dhcp_probe.cf: config file for dhcp_probe
2#
3# General syntax:
4#  Comment lines start with '#' (trailing comments not permitted).
5#  Blank lines are OK.
6#  Tokens within a line should be separated with spaces and/or tabs.
7#  Entries in the file may be in any order.
8#  Any 'ethernet-address' must be written in a form that ether_aton(3) recognizes; e.g.
9#      1:2:3:4:5:6   00:A5:b2:0:BB:c
10#  Any 'ip-address' must be written in a form that inet_aton(3) recognizes; e.g.
11#      192.168.1.2
12#
13# ----------------------------------------------------------------------------------
14#
15# CLIENT HARDWARE ADDRESS
16#
17# By default, for the 'chaddr' field in the BootP header, we use the Ethernet
18# address corresponding to the interface you specified.
19# We also use this value to compute the DHCP Client Identifier option (by prepending x'01').
20# You may optionally override this value.
21# (Note that this does not override the Ethernet Src address in the Ethernet frame we send.)
22#
23# You might want to do this if our interface is also a DHCP client, so
24# sending requests with the interface's own chaddr/DHCP Client Identifier would interfere with
25# that functionality.
26#
27# If you specify a value, be sure to specify an Ethernet address that does not belong to
28# any valid client on your network.  Be sure to specify a unicast Ethernet address.
29#
30# Syntax:
31#    chaddr enet-addr
32
33# chaddr 0:0:0:1:2:3
34
35
36# ----------------------------------------------------------------------------------
37#
38# ETHERNET SOURCE ADDRESS
39#
40# By default, for the 'ether_shost' field in the Ethernet header, we use the Ethernet
41# address corresponding to the interface you specified.
42# You may optionally override this value.
43# (Note that this does not override the 'chaddr' in the BootP header, nor the DHCP Client Identifier.)
44#
45# If you are specify the 'chaddr' statement, you might want to also do this, so you don't miss buggy
46# DHCP servers that respond (incorrectly) to ether_src instead of to chaddr.
47#
48# If you specify a value, be sure to specify an Ethernet address that does not belong to
49# any valid client on your network.  Be sure to specify a unicast Ethernet address.
50#
51# Syntax:
52#    ether_src enet-addr
53
54# ether_src 0:0:0:1:2:3
55
56
57# ----------------------------------------------------------------------------------
58#
59# DHCP SERVER IDENTIFIER
60#
61# When we generate a DHCPREQUEST packet corresponding to a client that is in the SELECTING
62# state, the options field must contain a 'DHCP Server Identifier' option, indicating the
63# IP address of the DHCP server the client is selecting.   It's best that the value we use
64# not match the IP address of any valid DHCP server, to avoid confusing them.  The program
65# provides a default value of 10.254.254.254, which you may override here.
66#
67# Syntax:
68#    server_id ip-addr
69
70# server_id 10.254.254.254
71
72# ----------------------------------------------------------------------------------
73#
74# CLIENT IP ADDRESS
75#
76# When we generate a DHCPREQUEST packet corresponding to a client that is in the INIT-REBOOT
77# or SELECTING state, the options field must containg a 'Requested IP Address' option, indicating
78# the IP address the client is requesting.    When we generate a DHCPREQUEST packet corresponding
79# to a client that is in the REBINDING state, the 'ciaddr' field in the BootP header must contain
80# the IP address that the DHCP client presently has leased and wishes to renew.
81#
82# In all these cases, it's best that the value we use not match the IP address of any valid DHCP client,
83# to avoid confusing the valid DHCP servers.
84#
85# Furthermore, it is extremely useful if the value we use *not* be valid (topologically speaking) for the
86# physical network on which we send the packets.  Sending a topologically inappropriate value
87# may stimulate some DHCP servers to respond with a DHCPNAK, which helps us flush out DHCP servers.
88# (This will probably happen only in response to the packets we sending when pretending to be in REBINDING state.)
89#
90# The program provides a default value of 172.31.254.254, which you may override here.
91#
92# Syntax:
93#   client_ip_address ip-addr
94
95# client_ip_address 172.31.254.254
96
97# ----------------------------------------------------------------------------------
98#
99# RESPONSE WAIT TIME
100#
101# After sending one packet, we wait for responses.  The length of time we wait
102# is the 'response_wait_time'.  The program provides a default value of 5000, which you
103# may override here.  The value is measured in milliseconds, and must fit into
104# an 'int' on your host.  (Values larger than an 'int' may be silently misinterpreted.)
105# Typical values are on the order of a few thousand milliseconds; i.e. several seconds.
106#
107# Syntax:
108#    response_wait_time num_milliseconds
109
110# response_wait_time 5000
111
112# ----------------------------------------------------------------------------------
113#
114# CYCLE TIME
115#
116# For each flavor packet, we send the packet and listen for responses to that packet.
117# After doing this for all flavor packets, we go to sleep for the "cycle_time",
118# then repeat the process.  The program provides a default value of 300, which you
119# may override here.  The value is measured in seconds, and must fit into an
120# 'unsigned int' on your host.  (Values larger than an 'unsigned int' may be silently
121# misinterpreted.)  Typical valus range from several hundred to several thousand
122# seconds (i.e. several minutes to several hours).
123#
124# Syntax:
125#    cycle_time num_seconds
126
127# cycle_time 300
128
129# ----------------------------------------------------------------------------------
130#
131# LEGAL SERVERS' IP SOURCE ADDRESSES
132#
133# After sending one packet, we wait for responses.  Responses from legal BootP or DHCP
134# servers are ignored; presumably you aren't interesting in discovering them.
135# Specify a legal server's IP source address with the 'legal_server' statement.
136# The value you specify is compared to the IPsrc field in each response's IP header.
137#
138# If you have multiple legal servers, specify each in a separate statement.
139# If your BootP Relay Agents overwrite the server's IP address in the IPsrc field
140# with their own IP addresses, you will need to list the IP addresses of the
141# BootP Relay Agents.
142#
143# Alternatively, do not specify any legal_server statements at all, so *no* responses
144# will be considered legal.
145# (This is different from the way legal_server_ethersrc statements are handled.)
146#
147# If both legal_server and legal_server_ethersrc statements appear, then a response
148# must have both a valid IP source and a valid ethernet source to be considered legal.
149#
150# Syntax:
151#   legal_server ip-addr
152
153
154# legal_server 192.168.1.2
155# legal_server 192.168.3.4
156
157# ----------------------------------------------------------------------------------
158#
159# LEGAL SERVERS' ETHERNET SOURCE ADDRESSES
160#
161# Specify a legal server's Ethernet source address with the 'legal_server_ethersrc' statement.
162# The value you specify is compared to the ethernet_src field in each response's IP header.
163#
164# If you have multiple legal ethernet sources, specify each in a separate statement.
165# Each router on the path from the DHCP server to the DHCP client will overwrite
166# the ethernet_src field.  So also list the ethernet_src value(s) for the last hop router(s).
167# The BootP Relay Agent on the path from the DHCP server to the DHCP client will overwrite
168# the ethernet_src field.  So also list the ethernet_src value(s) for the BootP Relay Agent.
169# (This is often co-resident in the last-hop IP router, so you may have already taken care
170# of this when you listed the last-hop router(s).
171#
172# Alternatively, do not specify any legal_server_ethersrc statements at all.
173# If none are specified, then all ethernet_src values are considered legal.
174# (This is different from the way legal_server statements are handled.)
175#
176# If both legal_server and legal_server_ethersrc statements appear, then a response
177# must have both a valid IP source and a valid ethernet source to be considered legal.
178#
179# Syntax:
180#   legal_server_ethersrc enet-addr
181
182# legal_server_ethersrc 0:2:4:ab:cd:ef
183# legal_server_ethersrc 0:17:30:1:0A:3
184
185# ----------------------------------------------------------------------------------
186#
187# ALERT PROGRAM NAME
188#
189# In addition to logging a response received from an unexpected server, we will optionally
190# call a user-specified 'alert program' if one is specified here.  To use this feature,
191# specify the absolute pathname of a program we should execute for each unexpected response.
192# Either specify it using the older 'alert_program_name' statement, or (preferrably) using
193# the newer 'alert_program_name2' statement.  (The newer statement is preferrable because
194# it calls the alert program with a more extensible syntax.)  You may not specify
195# both alert_program_name and alert_program_name2.
196#
197# Old style alert program:
198#
199# Syntax:
200#   alert_program_name /absolute/path/name
201#
202# The program specified via 'alert_program_name' will be called as follows:
203#   /absolute/path/name  name_of_calling_program  name_of_interface_on_which_the_response_was_received  IP_source_of_the_response  ether_src_of_the_response
204#
205#
206#
207# Newer style alert program:
208#
209# Syntax:
210#   alert_program_name2 /absolute/path/name
211#
212# The program specified via 'alert_program_name2' will be called as follows:
213#   /absolute/path/name  -p name_of_calling_program  -I name_of_interface_on_which_the_response_was_received  -i IP_source_of_the_response  -m ether_src_of_the_response [-y yiaddr_when_in_lease_networks_of_concern]
214# The options may appear in any order.
215# The program must silently ignore any options or arguments it does not recognize,
216# so as to be forward-compatible with future enhancements to dhcp_probe.
217
218
219# alert_program_name2 /usr/local/etc/dhcp_probe_notify2
220
221# ----------------------------------------------------------------------------------
222#
223# MISCELLANEOUS
224#
225# If the 'do_not_lookup_enet_and_ip_addresses' statement is specified,
226# the program will not try to look up the ethernet address of the
227# network interface specified on the commandline.  (That in turn, may also require
228# the program to look up the IP address of that network interface.)
229# Specifying this can allow the program to run on some platforms and interfaces
230# where one of those lookups would fail.
231#
232# If specified, both ether_src and chaddr must also be specified.
233#
234# do_not_lookup_enet_and_ip_addresses
235
236