Discussion:
[Dnsmasq-discuss] [PATCH] DHCPv6: Add support for more than one hardware address per IPv6 address
Pali Rohár
2015-12-23 21:10:44 UTC
Permalink
This patch allows to assign one IPv6 address for more config entries
specified by MAC address. This is similar function as for IPv4 addresses
in DHCPv4 server code part.
---
man/dnsmasq.8 | 9 ++++++---
src/rfc3315.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++---------
2 files changed, 60 insertions(+), 12 deletions(-)

diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index d51b10f..6a121fe 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -978,10 +978,13 @@ will only match a
Token-Ring hardware address, since the ARP-address type for token ring
is 6.

-As a special case, in DHCPv4, it is possible to include more than one
-hardware address. eg:
+It is possible to include more than one hardware address. eg for IPv4:
.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2
-This allows an IP address to be associated with
+or for IPv6:
+.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,[::2]
+or for both:
+.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2,[::2]
+This allows an IPv4 and/or IPv6 address to be associated with
multiple hardware addresses, and gives dnsmasq permission to abandon a
DHCP lease to one of the hardware addresses when another one asks for
a lease. Beware that this is a dangerous thing to do, it will only
diff --git a/src/rfc3315.c b/src/rfc3315.c
index 3ed8623..19738b4 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -54,7 +54,7 @@ static struct prefix_class *prefix_class_from_context(struct dhcp_context *conte
#endif
static void mark_context_used(struct state *state, struct in6_addr *addr);
static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr);
-static int check_address(struct state *state, struct in6_addr *addr);
+static int check_address(struct state *state, struct dhcp_config *config, struct in6_addr *addr);
static void add_address(struct state *state, struct dhcp_context *context, unsigned int lease_time, void *ia_option,
unsigned int *min_time, struct in6_addr *addr, time_t now);
static void update_leases(struct state *state, struct dhcp_context *context, struct in6_addr *addr, unsigned int lease_time, time_t now);
@@ -704,7 +704,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
/* If the client asks for an address on the same network as a configured address,
offer the configured address instead, to make moving to newly-configured
addresses automatic. */
- if (!(c->flags & CONTEXT_CONF_USED) && config_valid(config, c, &addr) && check_address(state, &addr))
+ if (!(c->flags & CONTEXT_CONF_USED) && config_valid(config, c, &addr) && check_address(state, config, &addr))
{
req_addr = &addr;
mark_config_used(c, &addr);
@@ -713,8 +713,14 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
}
else if (!(c = address6_available(state->context, req_addr, solicit_tags, plain_range)))
continue; /* not an address we're allowed */
- else if (!check_address(state, req_addr))
+ else if (!check_address(state, config, req_addr))
continue; /* address leased elsewhere */
+ else if (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
+ match_netid(c->filter, solicit_tags, plain_range) &&
+ config_valid(config, c, &addr) &&
+ !IN6_ARE_ADDR_EQUAL(req_addr, &addr))
+ continue; /* another static address is configured */

/* add address to output packet */
#ifdef OPTION6_PREFIX_CLASS
@@ -730,10 +736,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_

/* Suggest configured address(es) */
for (c = state->context; c; c = c->current)
- if (!(c->flags & CONTEXT_CONF_USED) &&
+ if ((!(c->flags & CONTEXT_CONF_USED) ||
+ (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type)
+ )) &&
match_netid(c->filter, solicit_tags, plain_range) &&
config_valid(config, c, &addr) &&
- check_address(state, &addr))
+ check_address(state, config, &addr))
{
mark_config_used(state->context, &addr);
if (have_config(config, CONFIG_TIME))
@@ -758,6 +767,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
req_addr = &ltmp->addr6;
if ((c = address6_available(state->context, req_addr, solicit_tags, plain_range)))
{
+ if (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
+ match_netid(c->filter, solicit_tags, plain_range) &&
+ config_valid(config, c, &addr) &&
+ !IN6_ARE_ADDR_EQUAL(req_addr, &addr))
+ continue; /* skip this lease because another static address is configured */
#ifdef OPTION6_PREFIX_CLASS
if (dump_all_prefix_classes && state->ia_type == OPTION6_IA_NA)
state->send_prefix_class = prefix_class_from_context(c);
@@ -898,7 +913,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
put_opt6_string(_("address unavailable"));
end_opt6(o1);
}
- else if (!check_address(state, req_addr))
+ else if (!check_address(state, config, req_addr))
{
/* Address leased to another DUID/IAID */
o1 = new_opt6(OPTION6_STATUS_CODE);
@@ -1017,6 +1032,17 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
struct in6_addr addr;
unsigned int lease_time;

+ /* check if another static address is preferred */
+ if (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
+ config_valid(config, this_context, &addr) &&
+ !IN6_ARE_ADDR_EQUAL(req_addr, &addr))
+ {
+ preferred_time = valid_time = 0;
+ message = _("deprecated");
+ }
+ else
+ {
get_context_tag(state, this_context);

if (config_valid(config, this_context, &addr) && IN6_ARE_ADDR_EQUAL(&addr, req_addr) && have_config(config, CONFIG_TIME))
@@ -1042,6 +1068,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_

if (preferred_time == 0)
message = _("deprecated");
+ }
}
else
{
@@ -1088,13 +1115,27 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24))
{
struct in6_addr *req_addr = opt6_ptr(ia_option, 0);
+ struct in6_addr addr;
+ struct dhcp_context *c;
+ int config_addr_ok = 1;
+
+ c = address6_valid(state->context, req_addr, tagif, 1);
+
+ if (c && state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
+ config_valid(config, c, &addr) &&
+ !IN6_ARE_ADDR_EQUAL(req_addr, &addr))
+ {
+ config_addr_ok = 0;
+ }

- if (!address6_valid(state->context, req_addr, tagif, 1))
+ if (!c || !config_addr_ok)
{
o1 = new_opt6(OPTION6_STATUS_CODE);
put_opt6_short(DHCP6NOTONLINK);
put_opt6_string(_("confirm failed"));
end_opt6(o1);
+ log6_quiet(state, "DHCPCONFIRM", req_addr, "(confirm failed)");
return 1;
}

@@ -1715,11 +1756,15 @@ static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr
context->flags |= CONTEXT_CONF_USED;
}

-/* make sure address not leased to another CLID/IAID */
-static int check_address(struct state *state, struct in6_addr *addr)
+/* check that ipv6 address belongs to config with same mac address as in state or ipv6 address is not leased to another CLID/IAID */
+static int check_address(struct state *state, struct dhcp_config *config, struct in6_addr *addr)
{
struct dhcp_lease *lease;

+ if (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type))
+ return 1;
+
if (!(lease = lease6_find_by_addr(addr, 128, 0)))
return 1;
--
1.7.9.5
Simon Kelley
2016-01-01 20:23:36 UTC
Permalink
Post by Pali Rohár
This patch allows to assign one IPv6 address for more config entries
specified by MAC address. This is similar function as for IPv4 addresses
in DHCPv4 server code part.
This needs some thinking about: DHCPv6 is different from DHCPv4 in that
clients are not, at all, identified by MAC address, rather by client-id
and IAID. In addition, DHCPv6 handles multiple addresses and leases per
client.

What's important? To be able to specify more than on MAC address, any
one of which can be matched, or to have a single IPv6 address which is
removed from one IAID to another if the MAC addresses are paired?


Cheers,

Simon.
Post by Pali Rohár
---
man/dnsmasq.8 | 9 ++++++---
src/rfc3315.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++---------
2 files changed, 60 insertions(+), 12 deletions(-)
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index d51b10f..6a121fe 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -978,10 +978,13 @@ will only match a
Token-Ring hardware address, since the ARP-address type for token ring
is 6.
-As a special case, in DHCPv4, it is possible to include more than one
.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2
-This allows an IP address to be associated with
+.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,[::2]
+.B --dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.2,[::2]
+This allows an IPv4 and/or IPv6 address to be associated with
multiple hardware addresses, and gives dnsmasq permission to abandon a
DHCP lease to one of the hardware addresses when another one asks for
a lease. Beware that this is a dangerous thing to do, it will only
diff --git a/src/rfc3315.c b/src/rfc3315.c
index 3ed8623..19738b4 100644
--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -54,7 +54,7 @@ static struct prefix_class *prefix_class_from_context(struct dhcp_context *conte
#endif
static void mark_context_used(struct state *state, struct in6_addr *addr);
static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr);
-static int check_address(struct state *state, struct in6_addr *addr);
+static int check_address(struct state *state, struct dhcp_config *config, struct in6_addr *addr);
static void add_address(struct state *state, struct dhcp_context *context, unsigned int lease_time, void *ia_option,
unsigned int *min_time, struct in6_addr *addr, time_t now);
static void update_leases(struct state *state, struct dhcp_context *context, struct in6_addr *addr, unsigned int lease_time, time_t now);
@@ -704,7 +704,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
/* If the client asks for an address on the same network as a configured address,
offer the configured address instead, to make moving to newly-configured
addresses automatic. */
- if (!(c->flags & CONTEXT_CONF_USED) && config_valid(config, c, &addr) && check_address(state, &addr))
+ if (!(c->flags & CONTEXT_CONF_USED) && config_valid(config, c, &addr) && check_address(state, config, &addr))
{
req_addr = &addr;
mark_config_used(c, &addr);
@@ -713,8 +713,14 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
}
else if (!(c = address6_available(state->context, req_addr, solicit_tags, plain_range)))
continue; /* not an address we're allowed */
- else if (!check_address(state, req_addr))
+ else if (!check_address(state, config, req_addr))
continue; /* address leased elsewhere */
+ else if (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
+ match_netid(c->filter, solicit_tags, plain_range) &&
+ config_valid(config, c, &addr) &&
+ !IN6_ARE_ADDR_EQUAL(req_addr, &addr))
+ continue; /* another static address is configured */
/* add address to output packet */
#ifdef OPTION6_PREFIX_CLASS
@@ -730,10 +736,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
/* Suggest configured address(es) */
for (c = state->context; c; c = c->current)
- if (!(c->flags & CONTEXT_CONF_USED) &&
+ if ((!(c->flags & CONTEXT_CONF_USED) ||
+ (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type)
+ )) &&
match_netid(c->filter, solicit_tags, plain_range) &&
config_valid(config, c, &addr) &&
- check_address(state, &addr))
+ check_address(state, config, &addr))
{
mark_config_used(state->context, &addr);
if (have_config(config, CONFIG_TIME))
@@ -758,6 +767,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
req_addr = &ltmp->addr6;
if ((c = address6_available(state->context, req_addr, solicit_tags, plain_range)))
{
+ if (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
+ match_netid(c->filter, solicit_tags, plain_range) &&
+ config_valid(config, c, &addr) &&
+ !IN6_ARE_ADDR_EQUAL(req_addr, &addr))
+ continue; /* skip this lease because another static address is configured */
#ifdef OPTION6_PREFIX_CLASS
if (dump_all_prefix_classes && state->ia_type == OPTION6_IA_NA)
state->send_prefix_class = prefix_class_from_context(c);
@@ -898,7 +913,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
put_opt6_string(_("address unavailable"));
end_opt6(o1);
}
- else if (!check_address(state, req_addr))
+ else if (!check_address(state, config, req_addr))
{
/* Address leased to another DUID/IAID */
o1 = new_opt6(OPTION6_STATUS_CODE);
@@ -1017,6 +1032,17 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
struct in6_addr addr;
unsigned int lease_time;
+ /* check if another static address is preferred */
+ if (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
+ config_valid(config, this_context, &addr) &&
+ !IN6_ARE_ADDR_EQUAL(req_addr, &addr))
+ {
+ preferred_time = valid_time = 0;
+ message = _("deprecated");
+ }
+ else
+ {
get_context_tag(state, this_context);
if (config_valid(config, this_context, &addr) && IN6_ARE_ADDR_EQUAL(&addr, req_addr) && have_config(config, CONFIG_TIME))
@@ -1042,6 +1068,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
if (preferred_time == 0)
message = _("deprecated");
+ }
}
else
{
@@ -1088,13 +1115,27 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
ia_option = opt6_find(opt6_next(ia_option, ia_end), ia_end, OPTION6_IAADDR, 24))
{
struct in6_addr *req_addr = opt6_ptr(ia_option, 0);
+ struct in6_addr addr;
+ struct dhcp_context *c;
+ int config_addr_ok = 1;
+
+ c = address6_valid(state->context, req_addr, tagif, 1);
+
+ if (c && state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type) &&
+ config_valid(config, c, &addr) &&
+ !IN6_ARE_ADDR_EQUAL(req_addr, &addr))
+ {
+ config_addr_ok = 0;
+ }
- if (!address6_valid(state->context, req_addr, tagif, 1))
+ if (!c || !config_addr_ok)
{
o1 = new_opt6(OPTION6_STATUS_CODE);
put_opt6_short(DHCP6NOTONLINK);
put_opt6_string(_("confirm failed"));
end_opt6(o1);
+ log6_quiet(state, "DHCPCONFIRM", req_addr, "(confirm failed)");
return 1;
}
@@ -1715,11 +1756,15 @@ static void mark_config_used(struct dhcp_context *context, struct in6_addr *addr
context->flags |= CONTEXT_CONF_USED;
}
-/* make sure address not leased to another CLID/IAID */
-static int check_address(struct state *state, struct in6_addr *addr)
+/* check that ipv6 address belongs to config with same mac address as in state or ipv6 address is not leased to another CLID/IAID */
+static int check_address(struct state *state, struct dhcp_config *config, struct in6_addr *addr)
{
struct dhcp_lease *lease;
+ if (state->mac_len && config &&
+ config_has_mac(config, state->mac, state->mac_len, state->mac_type))
+ return 1;
+
if (!(lease = lease6_find_by_addr(addr, 128, 0)))
return 1;
Pali Rohár
2016-01-01 21:29:46 UTC
Permalink
Post by Simon Kelley
Post by Pali Rohár
This patch allows to assign one IPv6 address for more config
entries specified by MAC address. This is similar function as for
IPv4 addresses in DHCPv4 server code part.
This needs some thinking about: DHCPv6 is different from DHCPv4 in
that clients are not, at all, identified by MAC address, rather by
client-id and IAID.
I know and this is absolutely uncomfortable for me. One client has
different DUID across different operating systems. Also different across
OS reinstalling... Also if I want to connect new device I need to
instruct people how to set stable DUID across all OS... Just not usable
for normal usage of "any" device.

For identifying computer/device I need some stable identifier and DHCPv6
DUID is *not* stable in current implementation of major usage OS.

MAC address of network card is stable. And so this identifier is what I
prefer to use. dnsmasq has for it support and I'm happy for it! And when
I configure both DHCPv4 and DHCPv6 one configuration line MAC,ipv4,ipv6
is really nice for having "clean" configuration.
Post by Simon Kelley
In addition, DHCPv6 handles multiple addresses
and leases per client.
When using just DUID I have problem here. My laptop has both Wifi and
wired ethernet and with DUID information I'm not able to configure
dnsmasq for stable ipv6 addresses.
Post by Simon Kelley
What's important? To be able to specify more than on MAC address, any
one of which can be matched, or to have a single IPv6 address which
is removed from one IAID to another if the MAC addresses are paired?
For specified laptops, I have special configuration. All network
interfaces (one wifi, one wired ethernet) on those laptops is assigned
same IP address. Operating system is configured in special way that when
both interfaces are active it send packets *only* via ethernet.

So it allows me to have active TCP connections and allows me to switch
between wifi/ethernet without dropping it.

DHCPv4 in dnsmasq has already support for assigning one ip address to
more MAC addresses (more clients) and this my patch add support for it
too.
--
Pali Rohár
***@gmail.com
Simon Kelley
2016-01-15 21:48:31 UTC
Permalink
Post by Pali Rohár
Post by Simon Kelley
Post by Pali Rohár
This patch allows to assign one IPv6 address for more config
entries specified by MAC address. This is similar function as
for IPv4 addresses in DHCPv4 server code part.
This needs some thinking about: DHCPv6 is different from DHCPv4
in that clients are not, at all, identified by MAC address,
rather by client-id and IAID.
I know and this is absolutely uncomfortable for me. One client has
different DUID across different operating systems. Also different
across OS reinstalling... Also if I want to connect new device I
need to instruct people how to set stable DUID across all OS...
Just not usable for normal usage of "any" device.
For identifying computer/device I need some stable identifier and
DHCPv6 DUID is *not* stable in current implementation of major
usage OS.
MAC address of network card is stable. And so this identifier is
what I prefer to use. dnsmasq has for it support and I'm happy for
it! And when I configure both DHCPv4 and DHCPv6 one configuration
line MAC,ipv4,ipv6 is really nice for having "clean"
configuration.
Post by Simon Kelley
In addition, DHCPv6 handles multiple addresses and leases per
client.
When using just DUID I have problem here. My laptop has both Wifi
and wired ethernet and with DUID information I'm not able to
configure dnsmasq for stable ipv6 addresses.
Post by Simon Kelley
What's important? To be able to specify more than on MAC address,
any one of which can be matched, or to have a single IPv6 address
which is removed from one IAID to another if the MAC addresses
are paired?
For specified laptops, I have special configuration. All network
interfaces (one wifi, one wired ethernet) on those laptops is
assigned same IP address. Operating system is configured in special
way that when both interfaces are active it send packets *only* via
ethernet.
So it allows me to have active TCP connections and allows me to
switch between wifi/ethernet without dropping it.
DHCPv4 in dnsmasq has already support for assigning one ip address
to more MAC addresses (more clients) and this my patch add support
for it too.
That makes sense. I think if you can organise for both interfaces to
send the same CLID and IAID, then both will get the same address.
Actually, one way to make this work may be to have ONE DHCP client,
and make it configure both interfaces, or copy the address from one
interface to the other.

I think you can configure a stable address not matter which interface
actually does the DHCP transaction with

dhcp-host=<mac1><IP-address>
dhcp-host=<mac2><IP-address>

without needing any patches to the code.


The way you're using the IPv4 multiple mac address feature is
interesting, It was intended to work when only one interface is active
at any time. Extending this to DHCPv6 doesn't really work, because
DHCPv6 doesn't use the MAC address to identify interfaces, as I said
in my previous reply.


Cheers,


Simon.
Pali Rohár
2016-01-16 15:00:17 UTC
Permalink
Post by Simon Kelley
Post by Pali Rohár
Post by Simon Kelley
Post by Pali Rohár
This patch allows to assign one IPv6 address for more config
entries specified by MAC address. This is similar function as
for IPv4 addresses in DHCPv4 server code part.
This needs some thinking about: DHCPv6 is different from DHCPv4
in that clients are not, at all, identified by MAC address,
rather by client-id and IAID.
I know and this is absolutely uncomfortable for me. One client has
different DUID across different operating systems. Also different
across OS reinstalling... Also if I want to connect new device I
need to instruct people how to set stable DUID across all OS...
Just not usable for normal usage of "any" device.
For identifying computer/device I need some stable identifier and
DHCPv6 DUID is *not* stable in current implementation of major
usage OS.
MAC address of network card is stable. And so this identifier is
what I prefer to use. dnsmasq has for it support and I'm happy for
it! And when I configure both DHCPv4 and DHCPv6 one configuration
line MAC,ipv4,ipv6 is really nice for having "clean"
configuration.
Post by Simon Kelley
In addition, DHCPv6 handles multiple addresses and leases per
client.
When using just DUID I have problem here. My laptop has both Wifi
and wired ethernet and with DUID information I'm not able to
configure dnsmasq for stable ipv6 addresses.
Post by Simon Kelley
What's important? To be able to specify more than on MAC address,
any one of which can be matched, or to have a single IPv6 address
which is removed from one IAID to another if the MAC addresses
are paired?
For specified laptops, I have special configuration. All network
interfaces (one wifi, one wired ethernet) on those laptops is
assigned same IP address. Operating system is configured in special
way that when both interfaces are active it send packets *only* via
ethernet.
So it allows me to have active TCP connections and allows me to
switch between wifi/ethernet without dropping it.
DHCPv4 in dnsmasq has already support for assigning one ip address
to more MAC addresses (more clients) and this my patch add support
for it too.
That makes sense. I think if you can organise for both interfaces to
send the same CLID and IAID, then both will get the same address.
I cannot do that. It is limitation of ISC dhclient which I'm using.
Already tried to do that, not possible.
Post by Simon Kelley
Actually, one way to make this work may be to have ONE DHCP client,
and make it configure both interfaces, or copy the address from one
interface to the other.
For classic "desktop" linux solution it is again not possible. Whole
network configuration is done by NetworkManager which just do not
support something like this...
Post by Simon Kelley
I think you can configure a stable address not matter which interface
actually does the DHCP transaction with
dhcp-host=<mac1><IP-address>
dhcp-host=<mac2><IP-address>
without needing any patches to the code.
If IP-address from first line is same as from second line, then dnsmasq
refuse to assign same address to both mac1 and mac2 addresses. Already
tried that.
Post by Simon Kelley
The way you're using the IPv4 multiple mac address feature is
interesting, It was intended to work when only one interface is
active at any time.
I know but, if you start thinking how "stealing" that lease work when
both interfaces are active, then is no reason why it should not work (in
case you have correct working DHCPv4 client).

Anyway I know lot of people who use this "multiple mac address feature".
So it is really useful feature.
Post by Simon Kelley
Extending this to DHCPv6 doesn't really work,
because DHCPv6 doesn't use the MAC address to identify interfaces,
as I said in my previous reply.
But dnsmasq has already support for identifying IPv6 clients via its mac
address (in case there is no DHCPv6 relay) since commit 89500e3. And
this my patch is working fine on my network.
--
Pali Rohár
***@gmail.com
Simon Kelley
2016-01-20 20:15:23 UTC
Permalink
Post by Pali Rohár
Post by Simon Kelley
Post by Pali Rohár
Post by Simon Kelley
Post by Pali Rohár
This patch allows to assign one IPv6 address for more
config entries specified by MAC address. This is similar
function as for IPv4 addresses in DHCPv4 server code part.
This needs some thinking about: DHCPv6 is different from
DHCPv4 in that clients are not, at all, identified by MAC
address, rather by client-id and IAID.
I know and this is absolutely uncomfortable for me. One client has
different DUID across different operating systems. Also
different
across OS reinstalling... Also if I want to connect new device
I need to instruct people how to set stable DUID across all
OS... Just not usable for normal usage of "any" device.
For identifying computer/device I need some stable identifier
and DHCPv6 DUID is *not* stable in current implementation of
major usage OS.
MAC address of network card is stable. And so this identifier
is what I prefer to use. dnsmasq has for it support and I'm
happy for it! And when I configure both DHCPv4 and DHCPv6 one
configuration line MAC,ipv4,ipv6 is really nice for having
"clean" configuration.
Post by Simon Kelley
In addition, DHCPv6 handles multiple addresses and leases
per client.
When using just DUID I have problem here. My laptop has both
Wifi and wired ethernet and with DUID information I'm not able
to configure dnsmasq for stable ipv6 addresses.
Post by Simon Kelley
What's important? To be able to specify more than on MAC
address, any one of which can be matched, or to have a single
IPv6 address which is removed from one IAID to another if the
MAC addresses are paired?
For specified laptops, I have special configuration. All
network interfaces (one wifi, one wired ethernet) on those
laptops is assigned same IP address. Operating system is
configured in special way that when both interfaces are active
it send packets *only* via ethernet.
So it allows me to have active TCP connections and allows me
to switch between wifi/ethernet without dropping it.
DHCPv4 in dnsmasq has already support for assigning one ip
address to more MAC addresses (more clients) and this my patch
add support for it too.
That makes sense. I think if you can organise for both interfaces
to send the same CLID and IAID, then both will get the same
address.
I cannot do that. It is limitation of ISC dhclient which I'm using.
Already tried to do that, not possible.
Post by Simon Kelley
Actually, one way to make this work may be to have ONE DHCP
client, and make it configure both interfaces, or copy the
address from one interface to the other.
For classic "desktop" linux solution it is again not possible.
Whole network configuration is done by NetworkManager which just do
not support something like this...
Post by Simon Kelley
I think you can configure a stable address not matter which
interface actually does the DHCP transaction with
dhcp-host=<mac1><IP-address> dhcp-host=<mac2><IP-address>
without needing any patches to the code.
If IP-address from first line is same as from second line, then
dnsmasq refuse to assign same address to both mac1 and mac2
addresses. Already tried that.
Even if the DHCP client provides the same CLID and IAID?
Later: OK, I saw that you can't do that.
Post by Pali Rohár
Post by Simon Kelley
The way you're using the IPv4 multiple mac address feature is
interesting, It was intended to work when only one interface is
active at any time.
I know but, if you start thinking how "stealing" that lease work
when both interfaces are active, then is no reason why it should
not work (in case you have correct working DHCPv4 client).
Anyway I know lot of people who use this "multiple mac address
feature". So it is really useful feature.
Post by Simon Kelley
Extending this to DHCPv6 doesn't really work, because DHCPv6
doesn't use the MAC address to identify interfaces, as I said in
my previous reply.
But dnsmasq has already support for identifying IPv6 clients via
its mac address (in case there is no DHCPv6 relay) since commit
89500e3. And this my patch is working fine on my network.
Dnsmasq identifies IPv6 clients via their MAC address for the purpose
of selecting dhcp-host configuration to use, but it doesn't use the
MAC address as a unique client identifier for the purpose of assigning
DHCP leases in the same way the DHCPv4 does. That's the crucial
difference.
The equivalent of the DHCPv4 share MAC address facility, should really
be something which shares IAIDs, maybe?


The crucial thing I'm trying to achieve here is turning your patch
from something that works on your network, with your very odd
configuration, into something that other people might want and use.
Without that, it's fine as your patch, but it can't go into the
dnsmasq mainline. Maybe the way to think about that is to think about
how to document it. If we can describe what problem it solves, and how
it should be used, then we'll be getting there. We need to bear in
mind that the behaviour we're talking about violates the RFCs
specifying DHCPv6, so it has to be especially carefull justified.


Cheers,

Simon.
Pali Rohár
2016-01-27 12:37:27 UTC
Permalink
Post by Simon Kelley
Dnsmasq identifies IPv6 clients via their MAC address for the purpose
of selecting dhcp-host configuration to use, but it doesn't use the
MAC address as a unique client identifier for the purpose of assigning
DHCP leases in the same way the DHCPv4 does. That's the crucial
difference.
Yes, I know.
Post by Simon Kelley
The equivalent of the DHCPv4 share MAC address facility, should really
be something which shares IAIDs, maybe?
Right, in lease file is stored pair (MAC address, IP address) for IPv4
and pair (IAID, IPv6 address) for IPv6.
Post by Simon Kelley
The crucial thing I'm trying to achieve here is turning your patch
from something that works on your network, with your very odd
configuration, into something that other people might want and use.
Without that, it's fine as your patch, but it can't go into the
dnsmasq mainline.
Understood.
Post by Simon Kelley
Maybe the way to think about that is to think about
how to document it. If we can describe what problem it solves, and how
it should be used, then we'll be getting there.
I was thinking about it for more days. It is really not easy to solve
this problem... Here are my results:

* There are people who misuse original concept of "more mac addresses"
for one ipv4 address. Dnsmasq supports this configuration only if one
mac address from that --dhcp-host line is used at same time.

* DHCPv6 clients are identified by DUID string, which we can say is
totally random and are not persistent across multi-OS computers or
reinstalling...

* Internally DHCPv6 leases are identified by IAID.

So to make configuration clean for both IPv4 and IPv6 we need support for:

* Assigning IPv4 lease to more MAC addresses at the same time
(This will help people to use "more mac addresses" functionality correctly)

* Assigning IPv6 address to more DUIDs at the same time
(This is "correct" IPv6 equivalent for previous request)

* Assigning IPv6 address to more MAC addresses at the same time
(This is what would fix DUID problem)

And it means that pair (IAID, IPv6 address) for IPv6 leases it not
enough to do it.

So, what about extending lease line for IPv6 addresses to include DUID
and MAC address?
Post by Simon Kelley
We need to bear in
mind that the behaviour we're talking about violates the RFCs
specifying DHCPv6, so it has to be especially carefull justified.
Thats probably truth, but if something is useful users will try to use
it. Either itself by patching dnsmasq or if possible by optional config
options...
--
Pali Rohár
***@gmail.com
Pali Rohár
2016-03-24 14:47:34 UTC
Permalink
(after two months) PING!
Post by Pali Rohár
Post by Simon Kelley
Dnsmasq identifies IPv6 clients via their MAC address for the purpose
of selecting dhcp-host configuration to use, but it doesn't use the
MAC address as a unique client identifier for the purpose of assigning
DHCP leases in the same way the DHCPv4 does. That's the crucial
difference.
Yes, I know.
Post by Simon Kelley
The equivalent of the DHCPv4 share MAC address facility, should really
be something which shares IAIDs, maybe?
Right, in lease file is stored pair (MAC address, IP address) for IPv4
and pair (IAID, IPv6 address) for IPv6.
Post by Simon Kelley
The crucial thing I'm trying to achieve here is turning your patch
from something that works on your network, with your very odd
configuration, into something that other people might want and use.
Without that, it's fine as your patch, but it can't go into the
dnsmasq mainline.
Understood.
Post by Simon Kelley
Maybe the way to think about that is to think about
how to document it. If we can describe what problem it solves, and how
it should be used, then we'll be getting there.
I was thinking about it for more days. It is really not easy to solve
* There are people who misuse original concept of "more mac addresses"
for one ipv4 address. Dnsmasq supports this configuration only if one
mac address from that --dhcp-host line is used at same time.
* DHCPv6 clients are identified by DUID string, which we can say is
totally random and are not persistent across multi-OS computers or
reinstalling...
* Internally DHCPv6 leases are identified by IAID.
* Assigning IPv4 lease to more MAC addresses at the same time
(This will help people to use "more mac addresses" functionality correctly)
* Assigning IPv6 address to more DUIDs at the same time
(This is "correct" IPv6 equivalent for previous request)
* Assigning IPv6 address to more MAC addresses at the same time
(This is what would fix DUID problem)
And it means that pair (IAID, IPv6 address) for IPv6 leases it not
enough to do it.
So, what about extending lease line for IPv6 addresses to include DUID
and MAC address?
Post by Simon Kelley
We need to bear in
mind that the behaviour we're talking about violates the RFCs
specifying DHCPv6, so it has to be especially carefull justified.
Thats probably truth, but if something is useful users will try to use
it. Either itself by patching dnsmasq or if possible by optional config
options...
--
Pali Rohár
***@gmail.com
Pali Rohár
2016-10-02 09:43:43 UTC
Permalink
Post by Pali Rohár
Post by Simon Kelley
Dnsmasq identifies IPv6 clients via their MAC address for the
purpose of selecting dhcp-host configuration to use, but it
doesn't use the MAC address as a unique client identifier for the
purpose of assigning DHCP leases in the same way the DHCPv4 does.
That's the crucial difference.
Yes, I know.
Post by Simon Kelley
The equivalent of the DHCPv4 share MAC address facility, should
really be something which shares IAIDs, maybe?
Right, in lease file is stored pair (MAC address, IP address) for
IPv4 and pair (IAID, IPv6 address) for IPv6.
Post by Simon Kelley
The crucial thing I'm trying to achieve here is turning your patch
from something that works on your network, with your very odd
configuration, into something that other people might want and use.
Without that, it's fine as your patch, but it can't go into the
dnsmasq mainline.
Understood.
Post by Simon Kelley
Maybe the way to think about that is to think about
how to document it. If we can describe what problem it solves, and
how it should be used, then we'll be getting there.
I was thinking about it for more days. It is really not easy to solve
* There are people who misuse original concept of "more mac
addresses" for one ipv4 address. Dnsmasq supports this configuration
only if one mac address from that --dhcp-host line is used at same
time.
* DHCPv6 clients are identified by DUID string, which we can say is
totally random and are not persistent across multi-OS computers or
reinstalling...
* Internally DHCPv6 leases are identified by IAID.
* Assigning IPv4 lease to more MAC addresses at the same time
(This will help people to use "more mac addresses" functionality correctly)
* Assigning IPv6 address to more DUIDs at the same time
(This is "correct" IPv6 equivalent for previous request)
* Assigning IPv6 address to more MAC addresses at the same time
(This is what would fix DUID problem)
And it means that pair (IAID, IPv6 address) for IPv6 leases it not
enough to do it.
So, what about extending lease line for IPv6 addresses to include
DUID and MAC address?
Post by Simon Kelley
We need to bear in
mind that the behaviour we're talking about violates the RFCs
specifying DHCPv6, so it has to be especially carefull justified.
Thats probably truth, but if something is useful users will try to
use it. Either itself by patching dnsmasq or if possible by optional
config options...
Hi Simon! Replaying to my old email from January. Have you found some
time to look at my suggestions? If yes, what do you think about it?
--
Pali Rohár
***@gmail.com
Pali Rohár
2017-05-09 09:21:58 UTC
Permalink
Post by Pali Rohár
Post by Pali Rohár
Post by Simon Kelley
Dnsmasq identifies IPv6 clients via their MAC address for the
purpose of selecting dhcp-host configuration to use, but it
doesn't use the MAC address as a unique client identifier for the
purpose of assigning DHCP leases in the same way the DHCPv4 does.
That's the crucial difference.
Yes, I know.
Post by Simon Kelley
The equivalent of the DHCPv4 share MAC address facility, should
really be something which shares IAIDs, maybe?
Right, in lease file is stored pair (MAC address, IP address) for
IPv4 and pair (IAID, IPv6 address) for IPv6.
Post by Simon Kelley
The crucial thing I'm trying to achieve here is turning your patch
from something that works on your network, with your very odd
configuration, into something that other people might want and use.
Without that, it's fine as your patch, but it can't go into the
dnsmasq mainline.
Understood.
Post by Simon Kelley
Maybe the way to think about that is to think about
how to document it. If we can describe what problem it solves, and
how it should be used, then we'll be getting there.
I was thinking about it for more days. It is really not easy to solve
* There are people who misuse original concept of "more mac
addresses" for one ipv4 address. Dnsmasq supports this configuration
only if one mac address from that --dhcp-host line is used at same
time.
* DHCPv6 clients are identified by DUID string, which we can say is
totally random and are not persistent across multi-OS computers or
reinstalling...
* Internally DHCPv6 leases are identified by IAID.
* Assigning IPv4 lease to more MAC addresses at the same time
(This will help people to use "more mac addresses" functionality correctly)
* Assigning IPv6 address to more DUIDs at the same time
(This is "correct" IPv6 equivalent for previous request)
* Assigning IPv6 address to more MAC addresses at the same time
(This is what would fix DUID problem)
And it means that pair (IAID, IPv6 address) for IPv6 leases it not
enough to do it.
So, what about extending lease line for IPv6 addresses to include
DUID and MAC address?
Post by Simon Kelley
We need to bear in
mind that the behaviour we're talking about violates the RFCs
specifying DHCPv6, so it has to be especially carefull justified.
Thats probably truth, but if something is useful users will try to
use it. Either itself by patching dnsmasq or if possible by optional
config options...
Hi Simon! Replaying to my old email from January. Have you found some
time to look at my suggestions? If yes, what do you think about it?
PING again.
--
Pali Rohár
***@gmail.com
Simon Kelley
2017-05-12 15:15:20 UTC
Permalink
Post by Pali Rohár
Post by Pali Rohár
Post by Pali Rohár
Post by Simon Kelley
Dnsmasq identifies IPv6 clients via their MAC address for the
purpose of selecting dhcp-host configuration to use, but it
doesn't use the MAC address as a unique client identifier for the
purpose of assigning DHCP leases in the same way the DHCPv4 does.
That's the crucial difference.
Yes, I know.
Post by Simon Kelley
The equivalent of the DHCPv4 share MAC address facility, should
really be something which shares IAIDs, maybe?
Right, in lease file is stored pair (MAC address, IP address) for
IPv4 and pair (IAID, IPv6 address) for IPv6.
Post by Simon Kelley
The crucial thing I'm trying to achieve here is turning your patch
from something that works on your network, with your very odd
configuration, into something that other people might want and use.
Without that, it's fine as your patch, but it can't go into the
dnsmasq mainline.
Understood.
Post by Simon Kelley
Maybe the way to think about that is to think about
how to document it. If we can describe what problem it solves, and
how it should be used, then we'll be getting there.
I was thinking about it for more days. It is really not easy to solve
* There are people who misuse original concept of "more mac
addresses" for one ipv4 address. Dnsmasq supports this configuration
only if one mac address from that --dhcp-host line is used at same
time.
* DHCPv6 clients are identified by DUID string, which we can say is
totally random and are not persistent across multi-OS computers or
reinstalling...
* Internally DHCPv6 leases are identified by IAID.
* Assigning IPv4 lease to more MAC addresses at the same time
(This will help people to use "more mac addresses" functionality correctly)
* Assigning IPv6 address to more DUIDs at the same time
(This is "correct" IPv6 equivalent for previous request)
* Assigning IPv6 address to more MAC addresses at the same time
(This is what would fix DUID problem)
And it means that pair (IAID, IPv6 address) for IPv6 leases it not
enough to do it.
So, what about extending lease line for IPv6 addresses to include
DUID and MAC address?
Post by Simon Kelley
We need to bear in
mind that the behaviour we're talking about violates the RFCs
specifying DHCPv6, so it has to be especially carefull justified.
Thats probably truth, but if something is useful users will try to
use it. Either itself by patching dnsmasq or if possible by optional
config options...
Hi Simon! Replaying to my old email from January. Have you found some
time to look at my suggestions? If yes, what do you think about it?
PING again.
There are so many layers of quotes here that I've completely lost track
of what we were trying to achieve, and how to achieve it. My memory is
that we'd failed to come up with any consensus on either of those.

Using MAC addresses with DHCPv6 AT ALL is quite difficult - it's not a
concept that the RFCs deal with. Doing the sleight-of-hand trick that
works with DHCPv4 doesn't seem feasible to me for DHCPv6.


Cheers,

Simon.
Pali Rohár
2017-05-12 15:32:47 UTC
Permalink
Post by Simon Kelley
There are so many layers of quotes here that I've completely lost
track of what we were trying to achieve, and how to achieve it. My
memory is that we'd failed to come up with any consensus on either
of those.
Goal 1:

Ability to assign one IPv4 address to two different MAC addresses.
Currently it is possible by misusing concept of "more mac addresses"
(where IPv4 address can be "steal" by later DHCP client).

Goal 2:

Achieve Goal 1 also for DHCPv6.
Post by Simon Kelley
Using MAC addresses with DHCPv6 AT ALL is quite difficult - it's not
a concept that the RFCs deal with.
I read DHCPv6 RFC and it does not refuse assigning IPv6 address based on
link layer MAC address. Anyway, this is already supported by dnsmasq.

But what I want to achieve has ability to assign one IPv6 address to
more MAC addresses at same time. This DHCPv6 RFC does not allow, but in
some situations it is useful and I think such options could be provided
by DHCPv6 server with explicit warning in documentation.
Post by Simon Kelley
Doing the sleight-of-hand trick
that works with DHCPv4 doesn't seem feasible to me for DHCPv6.
Do you completely disagree with fact that dnsmasq could support this
scenario for assigning one IP address to more network cards (identified
by MAC address)? Or you just do not like my current implementation?

In previous email I wrote that Goal 2 can be achieved by storing tuple
DUID, IAID, MAC address and IPv6 address into DHCPv6 leases file.
--
Pali Rohár
***@gmail.com
Simon Kelley
2017-05-22 22:11:02 UTC
Permalink
Post by Pali Rohár
Post by Simon Kelley
There are so many layers of quotes here that I've completely lost
track of what we were trying to achieve, and how to achieve it. My
memory is that we'd failed to come up with any consensus on either
of those.
Ability to assign one IPv4 address to two different MAC addresses.
Currently it is possible by misusing concept of "more mac addresses"
(where IPv4 address can be "steal" by later DHCP client).
Achieve Goal 1 also for DHCPv6.
Post by Simon Kelley
Using MAC addresses with DHCPv6 AT ALL is quite difficult - it's not
a concept that the RFCs deal with.
I read DHCPv6 RFC and it does not refuse assigning IPv6 address based on
link layer MAC address. Anyway, this is already supported by dnsmasq.
But what I want to achieve has ability to assign one IPv6 address to
more MAC addresses at same time. This DHCPv6 RFC does not allow, but in
some situations it is useful and I think such options could be provided
by DHCPv6 server with explicit warning in documentation.
Post by Simon Kelley
Doing the sleight-of-hand trick
that works with DHCPv4 doesn't seem feasible to me for DHCPv6.
Do you completely disagree with fact that dnsmasq could support this
scenario for assigning one IP address to more network cards (identified
by MAC address)? Or you just do not like my current implementation?
The whole point of DHCP is to avoid an IP address being used by more
than one network card. The current two-MAC addresses for one IP facility
in DHCPv4 doesn't contradict this. It's specified to be used only when
there's a guarantee that both MAC address are never simultaneously in use.


Cheers,

Simon.
Post by Pali Rohár
In previous email I wrote that Goal 2 can be achieved by storing tuple
DUID, IAID, MAC address and IPv6 address into DHCPv6 leases file.
Pali Rohár
2017-05-23 07:39:11 UTC
Permalink
Post by Simon Kelley
Post by Pali Rohár
Post by Simon Kelley
There are so many layers of quotes here that I've completely lost
track of what we were trying to achieve, and how to achieve it. My
memory is that we'd failed to come up with any consensus on either
of those.
Ability to assign one IPv4 address to two different MAC addresses.
Currently it is possible by misusing concept of "more mac addresses"
(where IPv4 address can be "steal" by later DHCP client).
Achieve Goal 1 also for DHCPv6.
Post by Simon Kelley
Using MAC addresses with DHCPv6 AT ALL is quite difficult - it's not
a concept that the RFCs deal with.
I read DHCPv6 RFC and it does not refuse assigning IPv6 address based on
link layer MAC address. Anyway, this is already supported by dnsmasq.
But what I want to achieve has ability to assign one IPv6 address to
more MAC addresses at same time. This DHCPv6 RFC does not allow, but in
some situations it is useful and I think such options could be provided
by DHCPv6 server with explicit warning in documentation.
Post by Simon Kelley
Doing the sleight-of-hand trick
that works with DHCPv4 doesn't seem feasible to me for DHCPv6.
Do you completely disagree with fact that dnsmasq could support this
scenario for assigning one IP address to more network cards (identified
by MAC address)? Or you just do not like my current implementation?
The whole point of DHCP is to avoid an IP address being used by more
than one network card. The current two-MAC addresses for one IP facility
in DHCPv4 doesn't contradict this. It's specified to be used only when
there's a guarantee that both MAC address are never simultaneously in use.
I know. But as I wrote, lot of people misuse this feature to assign one
IPv4 address to more network cards. As there is use case for such state
and dnsmasq can do it.

So instead of misusing that feature I'm asking how to implement it
properly.
Post by Simon Kelley
Cheers,
Simon.
Post by Pali Rohár
In previous email I wrote that Goal 2 can be achieved by storing tuple
DUID, IAID, MAC address and IPv6 address into DHCPv6 leases file.
--
Pali Rohár
***@gmail.com
Pali Rohár
2018-06-02 14:25:51 UTC
Permalink
Post by Pali Rohár
Post by Pali Rohár
Post by Simon Kelley
Post by Pali Rohár
Post by Simon Kelley
There are so many layers of quotes here that I've completely lost
track of what we were trying to achieve, and how to achieve it. My
memory is that we'd failed to come up with any consensus on either
of those.
Ability to assign one IPv4 address to two different MAC addresses.
Currently it is possible by misusing concept of "more mac addresses"
(where IPv4 address can be "steal" by later DHCP client).
Achieve Goal 1 also for DHCPv6.
Post by Simon Kelley
Using MAC addresses with DHCPv6 AT ALL is quite difficult - it's not
a concept that the RFCs deal with.
I read DHCPv6 RFC and it does not refuse assigning IPv6 address based on
link layer MAC address. Anyway, this is already supported by dnsmasq.
But what I want to achieve has ability to assign one IPv6 address to
more MAC addresses at same time. This DHCPv6 RFC does not allow, but in
some situations it is useful and I think such options could be provided
by DHCPv6 server with explicit warning in documentation.
Post by Simon Kelley
Doing the sleight-of-hand trick
that works with DHCPv4 doesn't seem feasible to me for DHCPv6.
Do you completely disagree with fact that dnsmasq could support this
scenario for assigning one IP address to more network cards (identified
by MAC address)? Or you just do not like my current implementation?
The whole point of DHCP is to avoid an IP address being used by more
than one network card. The current two-MAC addresses for one IP facility
in DHCPv4 doesn't contradict this. It's specified to be used only when
there's a guarantee that both MAC address are never simultaneously in use.
I know. But as I wrote, lot of people misuse this feature to assign one
IPv4 address to more network cards. As there is use case for such state
and dnsmasq can do it.
So instead of misusing that feature I'm asking how to implement it
properly.
Hi Simon!
Do you have any opinion about this? Or do you fully disagree and such
feature should not be in dnsmasq?
Post by Pali Rohár
Post by Simon Kelley
Cheers,
Simon.
Post by Pali Rohár
In previous email I wrote that Goal 2 can be achieved by storing tuple
DUID, IAID, MAC address and IPv6 address into DHCPv6 leases file.
In IPv6 it is a more complicated, e.g. when network administrator wants
to assign one IPv6 address for specific computer.
Imagine that you have one computer with more OS (dua-boot) and each OS
has its own DUID and IAID (MAC address is stable).
Problem: dnsmasq assign IPv6 address to that computer when OS1 is
running. Computer is then rebooted to OS2 which has different DUID and
IAID. Therefore dnsmasq assigns a new (different) IPv6, because old one
is still "used" in server lease file.
To "solve" this problem it is either needed to extend dnsmasq to allow
assigning one IPv6 address to more DUIDs/IAIDs.
Or to assign IPv6 addresses based on MAC address and then dnsmasq leases
file needs to be extended to included also MAC address for IPv6
addresses.
Currently in lease file for DHCPv6 records there is line:

expire_time iaid ipv6_addr hostname duid

and for DHCPv4 is:

expire_time mac ipv4_addr hostname clid

To have similar format DHCPv6 records as DHCPv4 could be changed and
extended for mac address to:

expire_time mac ipv6_addr hostname duid iaid

Or to have iaid on same position, to:

expire_time iaid ipv6_addr hostname duid mac

And then allow assigning IPv6 address for IAID and correctly from lease
file for IPv6 address takes value relevant for configuration. E.g. when
IPv6 address is assigned based on MAC address, took mac. When is
assigned for DUID, then duid. And when iaid, then IAID.

So when configured this would allow "stealing" IPv6 address when there
is one computer which uses two different DHPv6 clients with different
DUIDs or IAIDs. (E.g. dual-boot Linux-Windows setup).


Also this extended information in lease file could allow to implement
that assigning one IPv6 address to more MAC addresses properly as in
lease file would be all relevant information about dhcp client.
--
Pali Rohár
***@gmail.com
Pali Rohár
2018-10-18 19:12:23 UTC
Permalink
Post by Pali Rohár
Post by Pali Rohár
Post by Pali Rohár
Post by Simon Kelley
Post by Pali Rohár
Post by Simon Kelley
There are so many layers of quotes here that I've completely lost
track of what we were trying to achieve, and how to achieve it. My
memory is that we'd failed to come up with any consensus on either
of those.
Ability to assign one IPv4 address to two different MAC addresses.
Currently it is possible by misusing concept of "more mac addresses"
(where IPv4 address can be "steal" by later DHCP client).
Achieve Goal 1 also for DHCPv6.
Post by Simon Kelley
Using MAC addresses with DHCPv6 AT ALL is quite difficult - it's not
a concept that the RFCs deal with.
I read DHCPv6 RFC and it does not refuse assigning IPv6 address based on
link layer MAC address. Anyway, this is already supported by dnsmasq.
But what I want to achieve has ability to assign one IPv6 address to
more MAC addresses at same time. This DHCPv6 RFC does not allow, but in
some situations it is useful and I think such options could be provided
by DHCPv6 server with explicit warning in documentation.
Post by Simon Kelley
Doing the sleight-of-hand trick
that works with DHCPv4 doesn't seem feasible to me for DHCPv6.
Do you completely disagree with fact that dnsmasq could support this
scenario for assigning one IP address to more network cards (identified
by MAC address)? Or you just do not like my current implementation?
The whole point of DHCP is to avoid an IP address being used by more
than one network card. The current two-MAC addresses for one IP facility
in DHCPv4 doesn't contradict this. It's specified to be used only when
there's a guarantee that both MAC address are never simultaneously in use.
I know. But as I wrote, lot of people misuse this feature to assign one
IPv4 address to more network cards. As there is use case for such state
and dnsmasq can do it.
So instead of misusing that feature I'm asking how to implement it
properly.
Hi Simon!
Do you have any opinion about this? Or do you fully disagree and such
feature should not be in dnsmasq?
Post by Pali Rohár
Post by Simon Kelley
Cheers,
Simon.
Post by Pali Rohár
In previous email I wrote that Goal 2 can be achieved by storing tuple
DUID, IAID, MAC address and IPv6 address into DHCPv6 leases file.
In IPv6 it is a more complicated, e.g. when network administrator wants
to assign one IPv6 address for specific computer.
Imagine that you have one computer with more OS (dua-boot) and each OS
has its own DUID and IAID (MAC address is stable).
Problem: dnsmasq assign IPv6 address to that computer when OS1 is
running. Computer is then rebooted to OS2 which has different DUID and
IAID. Therefore dnsmasq assigns a new (different) IPv6, because old one
is still "used" in server lease file.
To "solve" this problem it is either needed to extend dnsmasq to allow
assigning one IPv6 address to more DUIDs/IAIDs.
Or to assign IPv6 addresses based on MAC address and then dnsmasq leases
file needs to be extended to included also MAC address for IPv6
addresses.
expire_time iaid ipv6_addr hostname duid
expire_time mac ipv4_addr hostname clid
To have similar format DHCPv6 records as DHCPv4 could be changed and
expire_time mac ipv6_addr hostname duid iaid
expire_time iaid ipv6_addr hostname duid mac
And then allow assigning IPv6 address for IAID and correctly from lease
file for IPv6 address takes value relevant for configuration. E.g. when
IPv6 address is assigned based on MAC address, took mac. When is
assigned for DUID, then duid. And when iaid, then IAID.
So when configured this would allow "stealing" IPv6 address when there
is one computer which uses two different DHPv6 clients with different
DUIDs or IAIDs. (E.g. dual-boot Linux-Windows setup).
Also this extended information in lease file could allow to implement
that assigning one IPv6 address to more MAC addresses properly as in
lease file would be all relevant information about dhcp client.
Hi Simon! Have you looked at above proposal for extending lease file for
IPv6 addresses?
--
Pali Rohár
***@gmail.com
Loading...