[Dnsmasq-discuss] [PATCH v2] DHCPv6: Honor assigning IPv6 address based on MAC address

Petr Menšík pemensik at redhat.com
Wed Jul 22 14:35:33 BST 2020 

Btw, found windows allows releasing of leases to be configured from DHCP
server. I doubt similar option is accepted on ISC DHCP client.
NetworkManager probably does not implement such thing.

This should help you avoiding conflicts between multiple instances in a
different way. Never used it, not sure whether it does work.

Some customization might be necessary on Linux distribution.

1.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dhcpe/4cde5ceb-4fc1-4f9a-82e9-13f6b38d930c

On 7/22/20 9:40 AM, Pali Rohár wrote:
> Hello Petr!
> 
> On Tuesday 21 July 2020 14:23:51 Petr Menšík wrote:
>> I think more correct would be using the same DUID on both systems.
> 
> Problem is that DUID generation is under control of operating system and
> during installation of operating system, every one generates its own. It
> is not under user control (at this stage of setup) or under "hw" control
> (like for MAC address in IPv4 where operating system read MAC address
> from HW).
> 
> Also this is unsuitable in environment where MAC address should be
> assigned to network card "by law". Or in environment where must be 1:1
> mapping between assigned IPv4 and IPv6 address.
> 
> If I have to configure every one machine on network and every one
> operating system on that machine, then I do not have to use DHCPv6 and I
> would assign all addresses statically.
> 
> The point of usage DHCPv6 here is ability to configure network
> automatically without need to re-configure network stack on operating
> system.
> 
>> There is already another option to make this working. It is possible
>> assigning IPv6 prefix or multiple addresses. dhcp-host can provide
>> multiple addresses to single mac
> 
> Assigning IPv6 address based on mac address is broken as I pointed in
> this patch. So such setup would not work.
> 
> Anyway, my point is not to assign multiple addresses to single MAC
> address, but rather to ensure that for one MAC address would be assigned
> always only one specific MAC address. And not more.
> 
>> which works with different DUID quite
>> well. It still has different addresses, but with the same base.
>>
>> taken from manual page:
>> --dhcp-host=laptop,[1234:50/126]
>>
>> Why isn't this sufficient?
>>
>> On 5/26/20 10:52 AM, Pali Rohár wrote:
>>> On Thursday 21 May 2020 16:22:03 Geert Stappers wrote:
>>>> On Sun, May 03, 2020 at 01:23:15PM +0200, Pali Rohár wrote:
>>>>> Currently IPv6 addresses are assigned to tuple (IAID, DUID). When system
>>>>> changes IAID/DUID then old assigned IPv6 address cannot be reused, even
>>>>> when in config file was DHCPv6 assignment based on MAC address (and not on
>>>>> DUID).
>>>>>
>>>>> IAID/DUID is changed when rebooting from one operating system to another;
>>>>> or after reinstalling system. In reality it is normal that DUID of some
>>>>> machine is changed, so people rather assign also IPv6 addresses based on
>>>>> MAC address.
>>>>>
>>>>> So assigning IPv6 based on MAC address in dnsmasq is currently semi-broken
>>>>
>>>> How to reproduce that  semi-brokenness?
>>>
>>> Take computer with Windows/Linux dual boot systems.
>>>
>>> Configure MAC-based static IPv6 entry for that computer in dnsmasq and
>>> set big enough lease time (e.g. day or more).
>>>
>>> Boot computer into Windows and wait until dnsmasq assign it IPv6
>>> address. It should match MAC-based entry in dnsmasq. Then reboot
>>> computer into Linux system and again wait until it got assigned IPv6
>>> address.
>>>
>>> Normally it should get again same IPv6 address as it was assigned on
>>> Windows, due to MAC-based static IPv6 entry in dnsmasq.
>>>
>>> But in reality that static entry is ignored by dnsmasq and rather some
>>> "random" address is assigned.
>>>
>>> So assigning IPv6 addresses based on static MAC address in dnsmasq is
>>> broken.
>>>
>>> You can reproduce it not only with Windows/Linux, but with any two
>>> DHCPv6 clients which use different IAID/DUID. E.g. PXE DHCPv6 client
>>> (for network booting) and Linux DHCPv6 client.
>>>
>>> dnsmasq without this patch refuse to assign MAC-based IPv6 static
>>> address to computer with that MAC address, if that IPv6 address is still
>>> leased to DHCPv6 client with different IAID.
>>>
>>> In my above example/reproducer, IPv6 address was leased to Windows
>>> DHCPv6 client and therefore dnsmasq refused to assign it to Linux DHCPv6
>>> client, which in most cases have different IAID. Even both clients
>>> (Windows and Linux) are on the same computer with same MAC address,
>>> which matches MAC address in dnsmasq configuration file.
>>>
>>> That is why I called IPv6 address assignment according to MAC address as
>>> "semi-brokenness".
>>>
>>>>  
>>>>> This patch tries to fix it and honors IPv6 config rules with MAC address,
>>>>> to always assign particular IPv6 address to specific MAC address (when
>>>>> configured). And ignores the fact if IAID/DUID was changed.
>>>>>
>>>>> Normally IPv6 address should be assigned by IAID/DUID (which also state
>>>>> DHCPv6 RFCs), but dnsmasq has already some support for assigning IPv6
>>>>> address based on MAC address, when users configured in config file.
>>>>>
>>>>> So this patch just tries to fix above problem for user configuration with
>>>>> MAC addresses. It does not change assignment based on DUID.
>>>>> ---
>>>>>
>>>>> This is my original patch rebased on top of current git master branch.
>>>>
>>>> Acknowledge
>>>>
>>>>
>>>>> Previous email with this patch probably dropped into spambox
>>>>> and was not processed.
>>>>
>>>>  (unspoken words +
>>>>   http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q2/014018.html )
>>>>
>>>>
>>>>> So please let me know if now this email was correctly received.
>>>>  
>>>> Recieved the patch and was able to  `git am` it.
>>>> It did compile and passed the unittests.
>>>>
>>>> No further check was done.  Mostly because not facing the problem that
>>>> patch submitter has.  Probably some day I will, hence the above 'How to
>>>> reproduce that  semi-brokenness?'
>>>>
>>>>
>>>>>  src/rfc3315.c | 55 +++++++++++++++++++++++++++++++++++++++++++--------
>>>>>  1 file changed, 47 insertions(+), 8 deletions(-)
>>>>>
>>>>> diff --git a/src/rfc3315.c b/src/rfc3315.c
>>>>> index b3f0a0a..e588b13 100644
>>>>> --- a/src/rfc3315.c
>>>>> +++ b/src/rfc3315.c
>>>>      ... 142 lines of actual patch ...
>>>>
>>>>
>>>> Groeten
>>>> Geert Stappers
>>>> -- 
>>>> Silence is hard to parse
>>>>
>>>> _______________________________________________
>>>> Dnsmasq-discuss mailing list
>>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>
>>
>> -- 
>> Petr Menšík
>> Software Engineer
>> Red Hat, http://www.redhat.com/
>> email: pemensik at redhat.com
>> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

More information about the Dnsmasq-discuss mailing list