[Dnsmasq-discuss] dhcp-lease-max is only for DHCPv4?

Linyih Teng tenglinyih at gmail.com
Sat Jun 3 04:43:06 UTC 2023 

Hello!

Thank you for all your help, and sorry for the delay in my response.
I have conducted tests based on the opinions of @pemensik and @imnozi, but
unfortunately, the same issue continues to occur.

>From @imnozi  suggestions :
  - An easy-ish thing to check in the source:
    is the counter wide enough(16-, 32- or 64-bits)?
         A: I think the issue might not be related to bits specifically.
However, I have noticed that there are differences in how the lease_max
value is checked between DHCPv6 and DHCPv4 in the code.
  - What happens when the max is set to 4, 16, etc.?
         A: I've changed the value to 4, and the result seems the same.
    o Is there a maximum before the limit fails to limit?
         A: No, it seems not.
    o Does it always assign max+1 leases?
        A: it does not fail at max+1, DHCPv6 server provides more than that.

>From @pemensik suggestions:
  I modified the script to use "-D LLT" for the client in order to obtain a
time-sensitive value in the DUID (Client Identifier), and also remove the
lease info file (/var/lib/dhcp/*) for each time.


I am attaching the pcap file and scripts here for reference, the pcap file
is based on the value of DHCP max lease is "4".
Please kindly let me know if I'm doing wrong for doing this.

Thanks,
Lin


Petr Menšík <pemensik at redhat.com> 於 2023年5月26日 週五 上午7:45寫道:

> Yes, dhclient generates DUID into its lease file. Either add -lf
> /var/lib/dhclient/dhclient-$I.leases or just remove lease file after
> each dhclient run. Parameter -D LLT might help too.
>
> It should be visible what IPv6 address it is offering to the client in
> logs. Does it change?
>
> Petr
>
> On 5/23/23 10:11, Simon Kelley wrote:
> > In DHCPv6, the unique identifier for a client is NOT the MAC address,
> > it's a client ID which sometimes contains the MAC address.
> >
> > I suspect that dhclient is using the exact same client-id for each
> > trial, and just renewing the existing lease. You will need to delete
> > all the dhclient state after killing the process.
> >
> > Simon.
> >
> >
> > On 23/05/2023 08:43, Linyih Teng wrote:
> >> For the test.. i'm just curious, there is no other reason.
> >>
> >> However, On the client side, I wrote simple scripts to run the
> >> dhclient, and this script will sequentially run 512 dhclient.(the
> >> number 512 is not a magic value, other values will happen same
> >> situation.)
> >>
> >> steps of the script:
> >>
> >>     1. create macvlan interface(It will make different MAC address for
> >>     clients)
> >>
> >>     2. run dhclient with macvlan interface
> >>
> >>     3. get an IP from DHCPv6 server
> >>
> >>     4. kill the dhclient and remove the macvlan interface
> >>
> >>     5. back to step 1. and go on.
> >>
> >>
> >> Results:
> >>
> >>     After scripts, if the 513th client comes, the server will serve the
> >>     IP to the 513th client.  but it is not just lease max + 1 th client
> >>     getting this issue, all after the 512th client can get IP from the
> >>     server.
> >>     At this time,  the lease entries are remaining at 512, and all after
> >>     clients will not appear in the lease file.
> >>
> >>
> >>
> >> Thanks,
> >> Lin
> >>
> >>
> >>
> >> Geert Stappers <stappers at stappers.nl <mailto:stappers at stappers.nl>> 於
> >> 2023年5月23日 週二 下午1:59寫道:
> >>
> >>     On Tue, May 23, 2023 at 12:05:08AM +0100, Simon Kelley wrote:
> >>      > On 22/05/2023 12:18, Linyih Teng wrote:
> >>      > > In the manual page is written:
> >>      > > > -X, --dhcp-lease-max=<number>
> >>      > > >        Limits  dnsmasq  to  the  specified maximum number of
> >>     DHCP
> >>      > > >        leases. The default is 1000. This limit is to
> >> prevent  DoS
> >>      > > >        attacks from hosts which create thousands of leases
> >>     and use
> >>      > > >        lots of memory in the dnsmasq process.
> >>      > >
> >>      > > Hello,
> >>      > >
> >>      > > I'm using dnsmasq2.89 and testing the maximum lease count of
> >>     the DHCPv6
> >>      > > server with the *dhcp-lease-max* option.
> >>      > >
> >>      > > For the testing, I'm using below configuration:
> >>      > >
> >>      > >     *dhcp-lease-max* = 512
> >>      > >  *dhcp-range*=tag:pool0,2022::1,2022::1f:ffff:ffff:fffe,64,120m
> >>      > >     tag-if=set:pool0,tag:intfv0
> >>      > >
> >>      > >
> >>      > > However, when the number of clients reaches the maximum
> >> number, the
> >>      > > server still provides IPs to clients. Is this the expected
> >>     behavior of
> >>      > > DHCPv6?
> >>      > >
> >>      > There's a possible difference between the number of clients and
> >>     the number
> >>      > of DHCP leases, since leases can expire to be deleted by the
> >> client.
> >>      >
> >>      > Are you saying that the number of simultaneous DHCP leases
> >>     increases without
> >>      > bound, or that the 513th client gets a lease? Have you checked
> >>     the number of
> >>      > leases in the dnsmasq.leases file?
> >>
> >>     Original Poster has yet to say what the expected behaviour should
> >> be.
> >>
> >>     Thing I am saying: Why limit dhcp-range by dhcp-lease-max?
> >>
> >>
> >>     Regards
> >>     Geert Stappers
> >>     --     Silence is hard to parse
> >>
> >>     _______________________________________________
> >>     Dnsmasq-discuss mailing list
> >>     Dnsmasq-discuss at lists.thekelleys.org.uk
> >>     <mailto:Dnsmasq-discuss at lists.thekelleys.org.uk>
> >>
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> >> <
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss>
> >>
> >>
> >>
> >> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >>
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
> --
> Petr Menšík
> Software Engineer, RHEL
> Red Hat, https://www.redhat.com/
> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230603/472c94c4/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhcpv6_with_maxlease_4.pcap
Type: application/octet-stream
Size: 4038 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230603/472c94c4/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: macvlan_loop_v6.sh
Type: text/x-sh
Size: 1193 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230603/472c94c4/attachment-0002.sh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: loopv6.sh
Type: text/x-sh
Size: 149 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230603/472c94c4/attachment-0003.sh>

More information about the Dnsmasq-discuss mailing list