[Dnsmasq-discuss] [PATCH] DHCPv6: Add support for more than one hardware address per IPv6 address

Pali Rohár pali.rohar at gmail.com
Thu Oct 18 20:12:23 BST 2018


On Saturday 02 June 2018 16:25:51 Pali Rohár wrote:
> On Saturday 02 June 2018 15:48:58 Pali Rohár wrote:
> > On Tuesday 23 May 2017 09:39:11 Pali Rohár wrote:
> > > On Monday 22 May 2017 23:11:02 Simon Kelley wrote:
> > > > On 12/05/17 16:32, Pali Rohár wrote:
> > > > > On Friday 12 May 2017 17:15:20 Simon Kelley wrote:
> > > > >> There are so many layers of quotes here that I've completely lost
> > > > >> track of what we were trying to achieve, and how to achieve it. My
> > > > >> memory is that we'd failed to come up with any consensus on either
> > > > >> of those.
> > > > > 
> > > > > Goal 1:
> > > > > 
> > > > > Ability to assign one IPv4 address to two different MAC addresses. 
> > > > > Currently it is possible by misusing concept of "more mac addresses" 
> > > > > (where IPv4 address can be "steal" by later DHCP client).
> > > > > 
> > > > > Goal 2:
> > > > > 
> > > > > Achieve Goal 1 also for DHCPv6.
> > > > > 
> > > > >> Using MAC addresses with DHCPv6 AT ALL is quite difficult - it's not
> > > > >> a concept that the RFCs deal with.
> > > > > 
> > > > > I read DHCPv6 RFC and it does not refuse assigning IPv6 address based on 
> > > > > link layer MAC address. Anyway, this is already supported by dnsmasq.
> > > > > 
> > > > > But what I want to achieve has ability to assign one IPv6 address to 
> > > > > more MAC addresses at same time. This DHCPv6 RFC does not allow, but in 
> > > > > some situations it is useful and I think such options could be provided 
> > > > > by DHCPv6 server with explicit warning in documentation.
> > > > > 
> > > > >> Doing the sleight-of-hand trick
> > > > >> that works with DHCPv4 doesn't seem feasible to me for DHCPv6.
> > > > > 
> > > > > Do you completely disagree with fact that dnsmasq could support this 
> > > > > scenario for assigning one IP address to more network cards (identified 
> > > > > by MAC address)? Or you just do not like my current implementation?
> > > > 
> > > > The whole point of DHCP is to avoid an IP address being used by more
> > > > than one network card. The current two-MAC addresses for one IP facility
> > > > in DHCPv4 doesn't contradict this. It's specified to be used only when
> > > > there's a guarantee that both MAC address are never simultaneously in use.
> > > 
> > > I know. But as I wrote, lot of people misuse this feature to assign one
> > > IPv4 address to more network cards. As there is use case for such state
> > > and dnsmasq can do it.
> > > 
> > > So instead of misusing that feature I'm asking how to implement it
> > > properly.
> > 
> > Hi Simon!
> > 
> > Do you have any opinion about this? Or do you fully disagree and such
> > feature should not be in dnsmasq?
> > 
> > > > Cheers,
> > > > 
> > > > Simon.
> > > > 
> > > > 
> > > > > 
> > > > > In previous email I wrote that Goal 2 can be achieved by storing tuple 
> > > > > DUID, IAID, MAC address and IPv6 address into DHCPv6 leases file.
> > > > > 
> > > 
> > 
> > In IPv6 it is a more complicated, e.g. when network administrator wants
> > to assign one IPv6 address for specific computer.
> > 
> > Imagine that you have one computer with more OS (dua-boot) and each OS
> > has its own DUID and IAID (MAC address is stable).
> > 
> > Problem: dnsmasq assign IPv6 address to that computer when OS1 is
> > running. Computer is then rebooted to OS2 which has different DUID and
> > IAID. Therefore dnsmasq assigns a new (different) IPv6, because old one
> > is still "used" in server lease file.
> > 
> > To "solve" this problem it is either needed to extend dnsmasq to allow
> > assigning one IPv6 address to more DUIDs/IAIDs.
> > 
> > Or to assign IPv6 addresses based on MAC address and then dnsmasq leases
> > file needs to be extended to included also MAC address for IPv6
> > addresses.
> 
> Currently in lease file for DHCPv6 records there is line:
> 
>   expire_time iaid ipv6_addr hostname duid
> 
> and for DHCPv4 is:
> 
>   expire_time mac ipv4_addr hostname clid
> 
> To have similar format DHCPv6 records as DHCPv4 could be changed and
> extended for mac address to:
> 
>   expire_time mac ipv6_addr hostname duid iaid
> 
> Or to have iaid on same position, to:
> 
>   expire_time iaid ipv6_addr hostname duid mac
> 
> And then allow assigning IPv6 address for IAID and correctly from lease
> file for IPv6 address takes value relevant for configuration. E.g. when
> IPv6 address is assigned based on MAC address, took mac. When is
> assigned for DUID, then duid. And when iaid, then IAID.
> 
> So when configured this would allow "stealing" IPv6 address when there
> is one computer which uses two different DHPv6 clients with different
> DUIDs or IAIDs. (E.g. dual-boot Linux-Windows setup).
> 
> 
> Also this extended information in lease file could allow to implement
> that assigning one IPv6 address to more MAC addresses properly as in
> lease file would be all relevant information about dhcp client.

Hi Simon! Have you looked at above proposal for extending lease file for
IPv6 addresses?

-- 
Pali Rohár
pali.rohar at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20181018/9aacb41d/attachment.sig>


More information about the Dnsmasq-discuss mailing list