On Mon, Apr 24, 2017 at 10:51 PM, Simon Kelley <si...@thekelleys.org.uk> wrote: > On 24/04/17 10:16, Alin Năstac wrote: >> On Sun, Apr 23, 2017 at 5:46 PM, Simon Kelley <si...@thekelleys.org.uk> >> wrote: >>> On 20/04/17 10:34, Alin Nastac wrote: >>>> Hosts that migrate from one network to another could request their >>>> old IP address which might be already in use by another statically >>>> configured host. Currently non-authoritative dnsmasq servers will >>>> ignore such requests, but ISC DHCP client will send discovery packets >>>> next carrying the same requested IP address and dnsmasq will end up >>>> allocating a new lease for it without checking first if is already >>>> used by another host. >>> >>> >>> When the client sends the discovery packet, dnsmasq will notice that the >>> requested address is in use by another client, and offer a different >>> address instead. >> >> You did not understood the scenario. The host that already use the >> requested IP address is statically configured to use it (in other >> words dnsmasq does not have a lease for the given IP address). >> >> While at it, you might consider fixing the scenario in which a client >> fills a DHCP discovery message with an option-50 containing an IP >> address that is already used by another statically configured host. >> > > At the DHCPDISCOVER stage, both the server and the client are supposed > to check if an address in in use. The server sends an ICMP echo request > and checks there's no answer. The client sends an ARP who-has request. > These checks should be enough to avoid address-stealing, but it's also > best not to overlap address ranges configured for DHCP allocation with > addresses of non-DHCP configured hosts.
Unfortunately dnsmasq does not send ICMP echo requests when DHCP discovery packet carries an OPTION_REQUESTED_IP, see DHCPDISCOVER case in file rfc2131.c starting from line 990: ... else if (opt && address_available(context, addr, tagif_netid) && !lease_find_by_addr(addr) && !config_find_by_address(daemon->dhcp_conf, addr)) mess->yiaddr = addr; _______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss