[Dnsmasq-discuss] dnsmasq always answer dhcp NAK

Simon Kelley simon at thekelleys.org.uk
Mon Jan 23 12:13:08 GMT 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

If I've understood the problem correctly, dnsmasq is never even seeing
these packets. If the destination address in the IP-level header is
for a random IP address then the kernel network stack will discard the
packet, even if the link-layer MAC address is correct so that the
packet arrives at the network hardware.

Since dnsmasq is listening at the IP level, and doesn't do raw packet
capture, it won't ever see the packets. Note that other DHCP servers
are available (such as ISC dhcpd) which do work at raw packet level.
I'm not sure if dhcpd would behave as you wish in this case, but it
would certainly be simpler to modify it to do so. Unless dnsmasq is
completely re-written to do raw packet capture (which it won't be)
there is not way to modify it to do what you want.


Cheers,

Simon.



On 21/01/17 07:37, Nikita N. wrote:
> Hi, I confirm --dhcp-authoritative works *PERFECTLY* with all other
> clients. Meaning it works when client matches the IP layer address,
> and when Dst: Broadcast (ff:ff:ff:ff:ff:ff) and Src: 0.0.0.0
> (0.0.0.0) and Dst: 255.255.255.255 (255.255.255.255). Unfortunately
> my bugged client has IP Src bugged, and IP Dst gateway bugged. No
> matter that, I see those DHCP request frames in the server network 
> where I run dnsmasq (because my net conf is so), so also dnsmasq
> sees them. I believe the option I'm looking for is smtng like: if a
> UDP frame with Dst Port: 67 comes from Src: macX, and is *NOT*
> protocol/standard valid, then dnsmasq sends a DHCP NAK with Dst:
> macX (e.g. similar to the different cases when dnsmasq sends NAK
> with option Message wrong network, whatever) Is that possible? 
> Thanks
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJYhfNUAAoJEBXN2mrhkTWik3kP/jeqWsbPY0TCXvgpSORy3aPG
WjU99BQsDth+EJDFrDwNlhqlq8iLrMRGHnyK8BCLcu9d7kqHuqPJrECIdzs8pyVx
J7qoux6lJI/hqWrQihFLaZbxPl4XkAxPBw+zZDecjBA5m4JzSfX4Zutq9jgjiVAJ
EMgPFgc/RZbm7eiid2Mrd5FhOei7aH//S99p7EQjSk+X6eNiHdpnvXfaNQjeQRQ/
2JSMcI3hkjc3GJgcD7a/NIfLYpMFeW48RZ7eUyFYm3FAx1PbBKf1OaqeO0eCjZ4u
C2CwjWRX+qefdQtQ/GzyYtHWCUX5sIrNCwKO6+zwhn74Yjm48TKV7IKtK/ypGCGH
2eqsYo32W1fa5e4QaG7IzcmV0uew20MgcKWjjKYBxr3K8edp4t55c4bS1gwLS1ou
9b5KK6s6uUvM0IcMxP6y71JPlvkndDwRjRqaeFdxD+Lr6HL5Faxw20eBOv/C9PNe
nzfJVZQ2+ReEHMThKakmXrEICbv3yNY2axnTg7an4fuheLDVNY5+9SENUb+PAOwt
o/ACsW2ue/2ufgGJjmoW5mU+3/e/TlKi1v8MqUcxeCoC7JeeD/qk5oySDgNXaZZp
X5FZWj/Nb+7qBSJtoWre8v9J3g70oKNTFyQ5x6m/9B5h5lBCK5skkpS3LXWr6IJ8
/89setpR61Nh7zD+bA0v
=qGI/
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list