[Dnsmasq-discuss] [PATCH] Nack requests for unknown leases.

Alin Năstac alin.nastac at gmail.com
Tue Apr 25 08:08:34 BST 2017


On Mon, Apr 24, 2017 at 3:43 PM,  <wkitty42 at gmail.com> wrote:
> On 04/24/2017 05:16 AM, Alin Năstac wrote:
>>
>> On Sun, Apr 23, 2017 at 5:46 PM, Simon Kelley <simon at thekelleys.org.uk>
>> wrote:
>>>
>>> When the client sends the discovery packet, dnsmasq will notice that the
>>> requested address is in use by another client, and offer a different
>>> address instead.
>>
>>
>> You did not understood the scenario. The host that already use the
>> requested
>> IP address is statically configured to use it (in other words dnsmasq does
>> not have a lease for the given IP address).
>>
>> While at it, you might consider fixing the scenario in which a client
>> fills a
>> DHCP discovery message with an option-50 containing an IP address that is
>> already used by another statically configured host.
>
>
> in the above two paragraphs, you use the phrase "statically configured"...
> do you mean "pseudo-statically configured"?
>
> "pseudo-static" where the DHCP gives the same IP to the same MAC all the
> time
>
> versus
>
> "static" where the machine is configured locally to use a specific IP
> address
>
> in the first case, the system will be configured for DHCP and will have to
> ask for its address... in the second case, the system will never talk to the
> DHCP server...

I'm talking about second case, the "static" one. The use case is this:
1) Client A using ISC DHCP client gets a lease from a different LAN called X
2) Client A gets disconnected from LAN X and connected to LAN Y where
dnsmasq DHCP server runs in a non-authoritative mode.
3) Client A is connected to LAN Y (where dnsmasq serve as DHCP server)
and sends a DHCP requests asking for the same IP address used in LAN X
4) dnsmasq does not have a lease for that IP address so it ignores the requests
5) After a couple of seconds client A sends a DHCP discovery carrying
the same option-50 as the DHCP requests at step 3
6) dnsmasq will happily lease the requested IP address without
checking if there is another host that use it; unfortunately there is
another statically configured host B that use the same address.

What I did to fix it was to send a NACK to the initial DHCP request,
which luckily convinced the ISC DHCP client to stop asking for the
same IP address in the following DHCP discovery. However, NACK will
not quarantee all DHCP clients will do the same, so the case where
DHCP discovery is carrying a conflicting option-50 should also be
fixed IMO.

> something we found in a firewall product was that one must configure their
> dynamically assigned pool to exclude their static and pseudo-static IP
> address ranges otherwise there is the very real possibility that the DHCP
> server will hand out addresses already in use by other systems...

Then why does dnsmasq use ICMP echo requests to verify that IP address
is about to lease is not already used in the network?



More information about the Dnsmasq-discuss mailing list