[Dnsmasq-discuss] [PATCH] Add dhcp-ignore-clid configuration option

Simon Kelley simon at thekelleys.org.uk
Mon Sep 16 23:09:30 BST 2019


On 16/09/2019 08:03, Florent Fourcot wrote:
> Hello Simon,
> 
> Could you have a look on this patch? Please let me know if something is
> missing, I'm ready to work on a v2.

Apologies for ignoring you. The principle is a good one, but it's worth
making this conditional, so that only clients which cause a particular
tag to be set see the new behaviour.

See, for example, --dhcp-broadcast for how it works.

I'm happy to add that to the work you've already done. Will take me a
few days, probably.


Cheers,

Simon.



> 
> Best regards,
> 
> Florent.
> 
> On 20/06/2019 10:26, Florent Fourcot wrote:
>> The idea of this option was already discussed years ago on the mailing
>> list:
>> https://dnsmasq-discuss.thekelleys.org.narkive.com/ZoFQNaGo/always-ignore-client-identifier#post4
>>
>>
>> In our production environnement, we discovered that some devices are
>> using 'client identifier' not unique at all, resulting on IP addresses
>> conflicts between several devices (we saw up to four devices using same
>> IP address).
>>
>> The root cause is probably a buggy operating system/configuration of
>> decices, but this patch add a configuration workaround on server side
>> when fixing clients is impossible.
>>
>> Signed-off-by: Charles Daymand <charles.daymand at wifirst.fr>
>> Signed-off-by: Florent Fourcot <florent.fourcot at wifirst.fr>
>> ---
>>   CHANGELOG        | 4 ++++
>>   man/dnsmasq.8    | 6 ++++++
>>   man/fr/dnsmasq.8 | 7 +++++++
>>   src/dnsmasq.h    | 3 ++-
>>   src/option.c     | 3 +++
>>   src/rfc2131.c    | 2 +-
>>   6 files changed, 23 insertions(+), 2 deletions(-)
>>
>> diff --git a/CHANGELOG b/CHANGELOG
>> index 8e83c82..a5e9366 100644
>> --- a/CHANGELOG
>> +++ b/CHANGELOG
>> @@ -39,6 +39,10 @@ version 2.81
>>       have an interface on the network in that subnet. Many thanks to
>>       kamp.de for sponsoring this feature.
>>   +    Add --dhcp-ignore-clid. This disables reading of DHCP client
>> +    identifier option (option 61), so clients are only identified by
>> +    MAC addresses.
>> +
>>      
>>   version 2.80
>>       Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method
>> diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
>> index bc5ae63..9d5d4d0 100644
>> --- a/man/dnsmasq.8
>> +++ b/man/dnsmasq.8
>> @@ -1405,6 +1405,12 @@ address, and setting this flag enables this
>> mode. Note that in the
>>   sequential mode, clients which allow a lease to expire are much more
>>   likely to move IP address; for this reason it should not be
>> generally used.
>>   .TP
>> +.B --dhcp-ignore-clid
>> +Dnsmasq is reading 'client identifier' (RFC 2131) option sent by clients
>> +(if available) to identify clients. This allow to serve same IP address
>> +for a host using several interfaces. Use this option to disable
>> 'client identifier'
>> +reading, i.e. to always identify a host using the MAC address.
>> +.TP
>>   .B --pxe-service=[tag:<tag>,]<CSA>,<menu
>> text>[,<basename>|<bootservicetype>][,<server address>|<server_name>]
>>   Most uses of PXE boot-ROMS simply allow the PXE
>>   system to obtain an IP address and then download the file specified by
>> diff --git a/man/fr/dnsmasq.8 b/man/fr/dnsmasq.8
>> index a04c776..dc2fdc0 100644
>> --- a/man/fr/dnsmasq.8
>> +++ b/man/fr/dnsmasq.8
>> @@ -1354,6 +1354,13 @@ Veuillez noter que dans ce mode séquentiel, les
>> clients qui laissent expirer
>>   leur bail ont beaucoup plus de chance de voir leur adresse IP
>> changer, aussi
>>   cette option ne devrait pas être utilisée dans un cas général.
>>   .TP
>> +.B --dhcp-ignore-clid
>> +Dnsmasq lit l'option 'client identifier' (RFC 2131) envoyée par les
>> clients
>> +(si disponible) afin d'identifier les clients. Cela permet de
>> distribuer la
>> +même adresse IP à un client utilisant plusieurs interfaces. Activer
>> cette option
>> +désactive la lecture du 'client identifier', afin de toujours
>> identifier un client
>> +en utilisant l'adresse MAC.
>> +.TP
>>   .B --pxe-service=[tag:<label>,]<CSA>,<entrée de menu>[,<nom de
>> fichier>|<type de service de démarrage>][,<adresse de serveur>|<nom de
>> serveur>]
>>   La plupart des ROMS de démarrage PXE ne permettent au système PXE
>> que la simple
>>   obtention d'une adresse IP, le téléchargement du fichier spécifié dans
>> diff --git a/src/dnsmasq.h b/src/dnsmasq.h
>> index ff3204a..912d216 100644
>> --- a/src/dnsmasq.h
>> +++ b/src/dnsmasq.h
>> @@ -260,7 +260,8 @@ struct event_desc {
>>   #define OPT_TFTP_APREF_MAC 56
>>   #define OPT_RAPID_COMMIT   57
>>   #define OPT_UBUS           58
>> -#define OPT_LAST           59
>> +#define OPT_IGNORE_CLID    59
>> +#define OPT_LAST           60
>>     #define OPTION_BITS (sizeof(unsigned int)*8)
>>   #define OPTION_SIZE (
>> (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
>> diff --git a/src/option.c b/src/option.c
>> index 5debcbc..04c9ac6 100644
>> --- a/src/option.c
>> +++ b/src/option.c
>> @@ -167,6 +167,7 @@ struct myoption {
>>   #define LOPT_NAME_MATCH    355
>>   #define LOPT_CAA           356
>>   #define LOPT_SHARED_NET    357
>> +#define LOPT_IGNORE_CLID   358
>>      #ifdef HAVE_GETOPT_LONG
>>   static const struct option opts[] =
>> @@ -339,6 +340,7 @@ static const struct myoption opts[] =
>>       { "dhcp-rapid-commit", 0, 0, LOPT_RAPID_COMMIT },
>>       { "dumpfile", 1, 0, LOPT_DUMPFILE },
>>       { "dumpmask", 1, 0, LOPT_DUMPMASK },
>> +    { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
>>       { NULL, 0, 0, 0 }
>>     };
>>   @@ -481,6 +483,7 @@ static struct {
>>     { LOPT_CPE_ID, ARG_ONE, "<text>", gettext_noop("Add client
>> identification to forwarded DNS queries."), NULL },
>>     { LOPT_DNSSEC, OPT_DNSSEC_PROXY, NULL, gettext_noop("Proxy DNSSEC
>> validation results from upstream nameservers."), NULL },
>>     { LOPT_INCR_ADDR, OPT_CONSEC_ADDR, NULL, gettext_noop("Attempt to
>> allocate sequential IP addresses to DHCP clients."), NULL },
>> +  { LOPT_IGNORE_CLID, OPT_IGNORE_CLID, NULL, gettext_noop("Ignore
>> client identifier option sent by DHCP clients."), NULL },
>>     { LOPT_CONNTRACK, OPT_CONNTRACK, NULL, gettext_noop("Copy
>> connection-track mark from queries to upstream connections."), NULL },
>>     { LOPT_FQDN, OPT_FQDN_UPDATE, NULL, gettext_noop("Allow DHCP
>> clients to do their own DDNS updates."), NULL },
>>     { LOPT_RA, OPT_RA, NULL, gettext_noop("Send router-advertisements
>> for interfaces doing DHCPv6"), NULL },
>> diff --git a/src/rfc2131.c b/src/rfc2131.c
>> index 74d81fb..ec2650a 100644
>> --- a/src/rfc2131.c
>> +++ b/src/rfc2131.c
>> @@ -234,7 +234,7 @@ size_t dhcp_reply(struct dhcp_context *context,
>> char *iface_name, int int_index,
>>       subnet_addr = option_addr(opt);
>>                 /* If there is no client identifier option, use the
>> hardware address */
>> -      if ((opt = option_find(mess, sz, OPTION_CLIENT_ID, 1)))
>> +      if (!option_bool(OPT_IGNORE_CLID) && (opt = option_find(mess,
>> sz, OPTION_CLIENT_ID, 1)))
>>       {
>>         clid_len = option_len(opt);
>>         clid = option_ptr(opt, 0);
>>
> 




More information about the Dnsmasq-discuss mailing list