On Mon, Apr 24, 2017 at 10:51 PM, Simon Kelley <si...@thekelleys.org.uk> wrote:
> On 24/04/17 10:16, Alin Năstac wrote:
>> On Sun, Apr 23, 2017 at 5:46 PM, Simon Kelley <si...@thekelleys.org.uk> 
>> wrote:
>>> On 20/04/17 10:34, Alin Nastac wrote:
>>>> Hosts that migrate from one network to another could request their
>>>> old IP address which might be already in use by another statically
>>>> configured host. Currently non-authoritative dnsmasq servers will
>>>> ignore such requests, but ISC DHCP client will send discovery packets
>>>> next carrying the same requested IP address and dnsmasq will end up
>>>> allocating a new lease for it without checking first if is already
>>>> used by another host.
>>> When the client sends the discovery packet, dnsmasq will notice that the
>>> requested address is in use by another client, and offer a different
>>> address instead.
>> You did not understood the scenario. The host that already use the
>> requested IP address is statically configured to use it (in other
>> words dnsmasq does not have a lease for the given IP address).
>> While at it, you might consider fixing the scenario in which a client
>> fills a DHCP discovery message with an option-50 containing an IP
>> address that is already used by another statically configured host.
> At the DHCPDISCOVER stage, both the server and the client are supposed
> to check if an address in in use. The server sends an ICMP echo request
> and checks there's no answer. The client sends an ARP who-has request.
> These checks should be enough to avoid address-stealing, but it's also
> best not to overlap address ranges configured for DHCP allocation with
> addresses of non-DHCP configured hosts.

Unfortunately dnsmasq does not send ICMP echo requests when DHCP
discovery packet carries an OPTION_REQUESTED_IP, see DHCPDISCOVER case
in file rfc2131.c starting from line 990:
          else if (opt && address_available(context, addr,
tagif_netid) && !lease_find_by_addr(addr) &&
                   !config_find_by_address(daemon->dhcp_conf, addr))
            mess->yiaddr = addr;

Dnsmasq-discuss mailing list

Reply via email to