RFE: support for the DHCP "option overload" option

[evverx]

Brief description

The DHCP "option overload" option isn't supported so it's necessary to parse DHCP options stuffed into the "file" and "sname" fields manually.

Scapy version

2b58b51

Python version

3.12.2

Operating system

Linux 6.7.10-200.fc39.x86_64

Additional environment information

No response

How to reproduce

p = BOOTP(file=b'\xa2\x04\x00\x01\x01\x00\xff')/DHCP(options=[("dhcp-option-overload", 1), 'end'])
tdecode(Ether()/IP()/UDP()/p)
...
    Boot file name option overloaded by DHCP
        [Expert Info (Note/Protocol): Boot file name option overloaded by DHCP]
            [Boot file name option overloaded by DHCP]
            [Severity level: Note]
            [Group: Protocol]
    Magic cookie: DHCP
    Option: (52) Option Overload
        Length: 1
        Option Overload: Boot file name holds options (1)
        Boot file name option overload
            Option: (162) Unassigned
                Length: 4
                Value: 00010100
            Option: (255) End
                Option End: 255
    Option: (255) End
        Option End: 255

Actual result

>>> BOOTP(raw(p))[DHCP].options
[('dhcp-option-overload', 1), 'end']
>>> BOOTP(raw(p)).file
b'\xa2\x04\x00\x01\x01\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

Expected result

I'm not sure what it should look like. One option would be to look for the "option overload" option and if it's present along with the underlying BOOTP layer parse the "file" and "sname" fields and add them to the DHCP options:

>>> BOOTP(raw(p))[DHCP].options
[(162, b'\x00\x01\x01\x00'), ('dhcp-option-overload', 1), 'end']

or it could do something else entirely.

(It's possible to parse the "file" and "sname" fields manually though using something like DHCP(BOOTP(raw(p)).file))

Related resources

According to https://datatracker.ietf.org/doc/html/rfc2132#section-9.3

9.3. Option Overload

   This option is used to indicate that the DHCP 'sname' or 'file'
   fields are being overloaded by using them to carry DHCP options. A
   DHCP server inserts this option if the returned parameters will
   exceed the usual space allotted for options.

   If this option is present, the client interprets the specified
   additional fields after it concludes interpretation of the standard
   option fields.

   The code for this option is 52, and its length is 1.  Legal values
   for this option are:

           Value   Meaning
           -----   --------
             1     the 'file' field is used to hold options
             2     the 'sname' field is used to hold options
             3     both fields are used to hold options

Admittedly it's an obscure feature but it comes up from time to time when it's necessary to extract all the options generated by, say, fuzzers to try to figure out what exactly they've generated or whether certain options are present. As far as I can remember an option that crashed the dhcp client in systemd/systemd#30952 (comment) was buried in the "file" field initially and it took me a while to turn it into something I can digest :-)