[Dnsmasq-discuss] dhcp-lease-max is only for DHCPv4?

Tue Jun 6 16:37:49 UTC 2023

On Tue, May 23, 2023 at 03:43:46PM +0800, Linyih Teng wrote:
> Geert Stappers  於 2023年5月23日 週二 下午1:59寫道：
> > On Tue, May 23, 2023 at 12:05:08AM +0100, Simon Kelley wrote:
> > > On 22/05/2023 12:18, Linyih Teng wrote:
> > > > In the manual page is written:
> > > > > -X, --dhcp-lease-max=<number>
> > > > >        Limits  dnsmasq  to  the  specified  maximum number of DHCP
> > > > >        leases. The default is 1000. This limit is to  prevent  DoS
> > > > >        attacks from hosts which create thousands of leases and use
> > > > >        lots of memory in the dnsmasq process.
> > > >
> > > > Hello,
> > > >
> > > > I'm using dnsmasq2.89 and testing the maximum lease count of the DHCPv6
> > > > server with the *dhcp-lease-max* option.
> > > >
> > > > For the testing, I'm using below configuration:
> > > >
> > > >     *dhcp-lease-max* = 512
> > > >     *dhcp-range*=tag:pool0,2022::1,2022::1f:ffff:ffff:fffe,64,120m
> > > >     tag-if=set:pool0,tag:intfv0
> > > >
> > > >
> > > > However, when the number of clients reaches the maximum number, the
> > > > server still provides IPs to clients. Is this the expected behavior of
> > > > DHCPv6?
> > > >
> > > There's a possible difference between the number of clients and the number
> > > of DHCP leases, since leases can expire to be deleted by the client.
> > >
> > > Are you saying that the number of simultaneous DHCP leases increases without
> > > bound, or that the 513th client gets a lease? Have you checked the number of
> > > leases in the dnsmasq.leases file?
> >
> > Original Poster has yet to say what the expected behaviour should be.
> 
> For the test.. i'm just curious, there is no other reason.

Acknowledge

> However, On the client side, I wrote simple scripts to run the dhclient,
> and this script will sequentially run 512 dhclient.(the number 512 is not a
> magic value, other values will happen same situation.)
> 
> steps of the script:
> 
> 1. create macvlan interface(It will make different MAC address for clients)
> 2. run dhclient with macvlan interface
> 3. get an IP from DHCPv6 server
> 4. kill the dhclient and remove the macvlan interface
> 5. back to step 1. and go on.
> 

Mailinglist archive has shell script doing that
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q2/017135.html

> Results:
> 
> After scripts, if the 513th client comes, the server will serve the IP to
> the 513th client.  but it is not just lease max + 1 th client getting
> this issue, all after the 512th client can get IP from the server.
> At this time,  the lease entries are remaining at 512, and all after
> clients will not appear in the lease file.
> 
> >
> > Thing I am saying: Why limit dhcp-range by dhcp-lease-max?

When DHCP-clients exhaust the DHCP pool ( the dhcp-range )
then is the DHCP pool exhausted (and it is too late for DOS prevention).

Groeten
Geert Stappers
-- 
Silence is hard to parse