[Dnsmasq-discuss] Restrict DHCP providing default gateway to *one* host on one network

Simon Kelley simon at thekelleys.org.uk
Wed Apr 24 21:10:55 BST 2013


On 24/04/13 19:21, Will Dennis (Live.com) wrote:
> So again, my requirement is to send a router value (default gateway) in
> response to ALL DCHP client DHCPDISCOVER requests coming in off interface
> vl20-ovsbr0 EXCEPT the one tagged "wanem-20" which should get NO (i.e. null)
> router option sent to it.
>
> Empirically, the line I have (dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3) is
> working for me and does exactly the above. I suppose it is because that line
> means any machine (MACaddr) sending the DHCPDISCOVER message which is tagged
> both "vl20-ovsbr0" and "wanem-20" (which will be met by the WANem MAC addr
> alone) therefore meets the criteria of a null option 3 being sent. All other
> machines on that network (off the vl20-ovsbr0 interface) do not meet the
> criteria of this line (they are tagged "vl20-ovsbr0" alone) and therefore
> they get the default, which is to send the interface IP address that dnsmasq
> is listening on as DHCP option 3 (the default gateway.) Do I have this logic
> correct? Just trying to understand.
>
> The stanza
>
> dhcp-option=tag:vl20-ovsbr0,tag:!wanem-20,3
>
> which says send an empty option 3 for hosts when "vl20-ovsbr0" is set AND
> "wanem-20" is NOT set, would do just the opposite, correct? (i.e. only the
> one machine with both tags set would recv a option 3 value, and the rest
> would NOT.) That would be the opposite of what I want to happen...
>
> Thanks again for your kind assistance and your replies...
>


Thanks for restating the problem, it's easy to lose track of what's 
actually required in the twists and turns of the thread.

 > So again, my requirement is to send a router value (default gateway) 
 > in response to ALL DCHP client DHCPDISCOVER requests coming in off
 > interface vl20-ovsbr0 EXCEPT the one tagged "wanem-20" which should
 > get NO (i.e. null) router option sent to it.
 >

The best way to do this is

dhcp-option=tag:vl20-ovsbr0,tag:wanem-20,3
dhcp-option=tag:vl20-ovsbr0,tag:!wanem,3,192.168.20.254

Which ensures that only one of the options is ever valid, since dnsmasq 
doesn't define which of multiple valid options will be used.* Without 
the "tag:!wanem" then for a request which sets both vl20-ovsbr0 and 
wanem then both these dhcp-options are valid.

* Note that the above is a simplification, in the case that there are 
two dhcp-options for the same option number, and one has NO tags, whilst 
the other has at least one tag then: if the tagged option is valid, it 
will always be used, if the tagged option is not valid, then the 
untagged one will be used.

* Also note that from release 2.66, it IS defined that when there is 
more than one valid tagged option: the last one in the configuration is 
used.

 > As you can see, all machines have the tag "vl20-ovsbr0" (since I
 > believe that tag is added as a result of the request coming in from
 > that interface) but only the WANem host has tag "wanem-20" as well
 > (as a result of the stanza "dhcp-mac=set:wanem-20,52:54:00:45:8c:6a"
 > in my dnsmasq.conf file) -- my guess is that I'd have to match on ALL
 >tags on the request, but maybe only one would do... ??

You don't have to match all the tags in the REQUEST, but you do have to 
match all the tags in the dhcp-option. Dnsmasq callects a pool of tags 
during the handling of a request, and then uses them to try and match 
the tags in the dhcp-otion and other configurations. If all the 
specified tags are there (or not there, when !<tag> is used) then the 
configuration item is validated and can be used.


Cheers,

Simon.




More information about the Dnsmasq-discuss mailing list