Here are some programming notes that I have collected working with ISC-DHCP at my job that may come in handy.

If you put this code in the dhcpd.conf file (Located at /etc/dhcpd.conf in RedHat/CentOS or /etc/dhcp3/dhcpd.conf in Ubuntu)

if known {
log (info, concat ("HOSTNAME: ", host-decl-name, " on ",binary-to-ascii (10, 8, ".", leased-address)," at ", binary-to-ascii (16, 8, ":", substring (hardware, 1, 6))));
}

Will result in a message simular to the following in your DHCP Log file:

HOSTNAME: TestPC001 on 208.x.x.75 at d0:50:56:ac:74:71
DHCPDISCOVER from d0:50:56:ac:74:71 via eth0
DHCPOFFER on 208.x.x.75 to d0:50:56:ac:74:71 via eth0
DHCPREQUEST for 208.x.x.75 (172.18.1.2) from d0:50:56:ac:74:71 via eth0
DHCPACK on 208.x.x.75 to d0:50:56:ac:74:71 via eth0

The following code will check to see if the incoming packet has the DHCP Broadcast Flag set.  If it does, it will log to the log file that someone has broadcast flag set.

if binary-to-ascii (16,8,"",packet(10,3)) = "8000" {
log (info, concat ("The user ", binary-to-ascii(16,8, ":", substring(hardware,1,6)), " has the DHCP Broadcast Flag set."));
}

Example Log file entry:

DHCPDISCOVER from d0:50:56:ac:74:71 via eth0
The user d0:50:56:ac:74:71 has the DHCP Broadcast Flag set.DHCPOFFER on 208.x.x.75 to d0:50:56:ac:74:71 via eth0

The following code in the configuration file will add anyone who has the DHCP Broadcast flag set to a member of “Broadcasters” then you may allow or deny them in a subnet declaration:

class "broadcasters" {
match if binary-to-ascii (16,8,"",packet(10,3)) = "8000";
}

In the subnet declaration you then can do allow members of broadcasters; to allow only those specific users.

Term Explaination:

host-decl-name – Is the host declaration name in the dhcpd.conf file (host TestPC { … })
binary-to-ascii(a,b,c,d) – binary-to-ascii(Base 2 to 16, width in bits of each number, seperates each bit with the character, the numeric expression to be tested)
leased-address – The IP address leased to the client (in binary)
substring(a,b,c) – substring(hardware, 1, 6) – This gets the MAC address of the client.  substring(data expression, offset bytes, length in bytes)
hardware – Returns type of network indicated in packet (Ethernet), then the MAC address.
packet(a,b) – packet(offset byte, additional bytes) — This starts at the Bootstrap Protocol.

Packet Information:

0,1 – Message Type (01 – Boot Request, 02 – Boot Reply)
1,1 – Hardware Type (01 – Ethernet)
2,1 – Hardware Address Length (usually 06)
3,1 – Hops (usually 00)
4,7 – Transaction ID of the handshake.
8,3 – Seconds Elapsed
10,3 – Bootflag (0000 = off, 8000 = on)
12,7 – Client IP Address
16,7 – Your (client) IP Address
20,7 – Next Server IP Address
24,7 – Relay Agent IP Address
28,11 – Client MAC Address
34,19 – Client Hardware Address Padding
44,63 – Server host name
76,127 – Boot File
140,7 – Magic Cookie (DHCP)
144,1 – DHCP Message – Option
146,1 – DHCP Message – Length
148,1 – DHCP Message – Value
150,1 – Client ID – Length
152,13 – Client ID – Value (All of the client ID values past 152)
152,1 – Client ID – Hardware Type
154,11 – Client ID – Client MAC Address
160,1 – Requested IP – Option
162,1 – Requested IP – Length
164,7 – Requested IP – Value
168,21 – Host Name
180,19 – Vendor Class ID
190,1 – Param List – Option
192,1 – Param List – Length
194,23 – Param List – Value (All the param list values past 194)
194,1 – Param List – Subnet Mask
196,1 – Param List – Domain Name
198,1 – Param List – Router
200,1 – Param List – DNS
202,1 – Param List – NetBIOS Name Server
204,1 – Param List – NetBIOS Node Type
206,1 – Param List – NetBIOS Scope
208,1 – Param List – Perform Router Discover
210,1 – Param List – Static Route
212,1 – Param List – Classless Static Route
214,1 – Param List – Private Static Route (Microsoft)
216,1 – Param List – Vendor Specific