[Dnsmasq-discuss] Tag requests for a DHCP address from devices using a Locally Administered MAC address

Geert Stappers stappers at stappers.nl
Sun Jul 26 10:19:05 BST 2020 

On Sat, Jul 25, 2020 at 09:01:51AM -0700, dev at lutean.com wrote:
> iOS 14 

CISCO provides an IOS, https://en.wikipedia.org/wiki/Cisco_IOS
My second guess on IOS is an Apple Computer Inc product.


> will by default use randomized, private MAC addresses.

Yeah right, let's sell a depleted MAC address pool
as a privacy improvement ...


> In my testing these devices use a MAC address with the LAA bit set
> (2nd least significant bit of the first byte of the MAC). It restricts
> this to host addresses (least significant bit is set to 0).

Speaks about two bits


> This patch detects MAC addresses with this bit set and tags the request with
> the tag "laa-address". This would allow other rules to decide what to do
> with these requests (such as ignoring them).

Speaks about one bit



Speaking about bits, see https://en.wikipedia.org/wiki/MAC_address#/media/File:MAC-48_Address.svg
for the "exploded view"

 
> --- a/src/rfc2131.c
> +++ b/src/rfc2131.c
> @@ -93,7 +93,7 @@ size_t dhcp_reply(struct dhcp_context *context, char
> *iface_name, int int_index,
>    unsigned char *agent_id = NULL, *uuid = NULL;
>    unsigned char *emac = NULL;
>    int vendor_class_len = 0, emac_len = 0;
> -  struct dhcp_netid known_id, iface_id, cpewan_id;
> +  struct dhcp_netid known_id, iface_id, cpewan_id, laa_id;
>    struct dhcp_opt *o;
>    unsigned char pxe_uuid[17];
>    unsigned char *oui = NULL, *serial = NULL;
> @@ -114,6 +114,18 @@ size_t dhcp_reply(struct dhcp_context *context, char
> *iface_name, int int_index,
>    if (mess->htype == 0 && mess->hlen != 0)
>      return 0;
>  
> +  /* Check if sender has a locally-administered ethernet address and set a tag if so. */
> +  if (mess->htype == ARPHRD_ETHER)
> +  {
> +    /* LAA host addresses have the the LSbs of the first address byte set to b'10' */
> +    if ((mess->chaddr[0] & 3) == 2)
> +    {
> +      laa_id.net = "laa-address";
> +      laa_id.next = netid;
> +      netid = &laa_id;
> +    }
> +  }
> +
>    /* check for DHCP rather than BOOTP */
>    if ((opt = option_find(mess, sz, OPTION_MESSAGE_TYPE, 1)))
>      {
> 

Main problem I have with the patch is that it checks on two bits
and uses the name of one bit.


Patch reviewed and rejected by me.


Groeten
Geert Stappers
-- 
Silence is hard to parse

More information about the Dnsmasq-discuss mailing list