[Dnsmasq-discuss] [PATCH] Nack requests for unknown leases.
Simon Kelley
simon at thekelleys.org.uk
Fri Apr 28 22:20:53 BST 2017
On 25/04/17 08:41, Alin Năstac wrote:
>> At the DHCPDISCOVER stage, both the server and the client are supposed
>> to check if an address in in use. The server sends an ICMP echo request
>> and checks there's no answer. The client sends an ARP who-has request.
>> These checks should be enough to avoid address-stealing, but it's also
>> best not to overlap address ranges configured for DHCP allocation with
>> addresses of non-DHCP configured hosts.
>
> Unfortunately dnsmasq does not send ICMP echo requests when DHCP
> discovery packet carries an OPTION_REQUESTED_IP, see DHCPDISCOVER case
> in file rfc2131.c starting from line 990:
> ...
> else if (opt && address_available(context, addr,
> tagif_netid) && !lease_find_by_addr(addr) &&
> !config_find_by_address(daemon->dhcp_conf, addr))
> mess->yiaddr = addr;
>
That's the bug here, I think. I was worried that a client sending a
DHCPDISCOVER when it thinks it knows that address, might respond to ICMP
pings, but at least for ISC dhclient on Linux, that's not the case.
Patch is here, and was much more trouble than it should have been: the
code really didn't consider this case.
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=5ce3e76fbf89e942e8c54ef3e3389facf0d9067a
It's still the case that addresses used by statically configured host on
a network should not be in the dhcp-range configured into that network's
DHCP server.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list