The idea of this option was already discussed years ago on the mailing
list:
https://dnsmasq-discuss.thekelleys.org.narkive.com/ZoFQNaGo/always-ignore-client-identifier#post4

In our production environnement, we discovered that some devices are
using 'client identifier' not unique at all, resulting on IP addresses
conflicts between several devices (we saw up to four devices using same
IP address).

The root cause is probably a buggy operating system/configuration of
decices, but this patch add a configuration workaround on server side
when fixing clients is impossible.

Signed-off-by: Charles Daymand <charles.daym...@wifirst.fr>
Signed-off-by: Florent Fourcot <florent.four...@wifirst.fr>
---
 CHANGELOG        | 4 ++++
 man/dnsmasq.8    | 6 ++++++
 man/fr/dnsmasq.8 | 7 +++++++
 src/dnsmasq.h    | 3 ++-
 src/option.c     | 3 +++
 src/rfc2131.c    | 2 +-
 6 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 8e83c82..a5e9366 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -39,6 +39,10 @@ version 2.81
        have an interface on the network in that subnet. Many thanks to
        kamp.de for sponsoring this feature.
 
+    Add --dhcp-ignore-clid. This disables reading of DHCP client
+    identifier option (option 61), so clients are only identified by
+    MAC addresses.
+
        
 version 2.80
        Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index bc5ae63..9d5d4d0 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -1405,6 +1405,12 @@ address, and setting this flag enables this mode. Note 
that in the
 sequential mode, clients which allow a lease to expire are much more
 likely to move IP address; for this reason it should not be generally used.
 .TP
+.B --dhcp-ignore-clid
+Dnsmasq is reading 'client identifier' (RFC 2131) option sent by clients
+(if available) to identify clients. This allow to serve same IP address
+for a host using several interfaces. Use this option to disable 'client 
identifier'
+reading, i.e. to always identify a host using the MAC address.
+.TP
 .B --pxe-service=[tag:<tag>,]<CSA>,<menu 
text>[,<basename>|<bootservicetype>][,<server address>|<server_name>]
 Most uses of PXE boot-ROMS simply allow the PXE
 system to obtain an IP address and then download the file specified by
diff --git a/man/fr/dnsmasq.8 b/man/fr/dnsmasq.8
index a04c776..dc2fdc0 100644
--- a/man/fr/dnsmasq.8
+++ b/man/fr/dnsmasq.8
@@ -1354,6 +1354,13 @@ Veuillez noter que dans ce mode séquentiel, les clients 
qui laissent expirer
 leur bail ont beaucoup plus de chance de voir leur adresse IP changer, aussi
 cette option ne devrait pas être utilisée dans un cas général.
 .TP
+.B --dhcp-ignore-clid
+Dnsmasq lit l'option 'client identifier' (RFC 2131) envoyée par les clients
+(si disponible) afin d'identifier les clients. Cela permet de distribuer la
+même adresse IP à un client utilisant plusieurs interfaces. Activer cette 
option
+désactive la lecture du 'client identifier', afin de toujours identifier un 
client
+en utilisant l'adresse MAC.
+.TP
 .B --pxe-service=[tag:<label>,]<CSA>,<entrée de menu>[,<nom de fichier>|<type 
de service de démarrage>][,<adresse de serveur>|<nom de serveur>]
 La plupart des ROMS de démarrage PXE ne permettent au système PXE que la simple
 obtention d'une adresse IP, le téléchargement du fichier spécifié dans
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index ff3204a..912d216 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -260,7 +260,8 @@ struct event_desc {
 #define OPT_TFTP_APREF_MAC 56
 #define OPT_RAPID_COMMIT   57
 #define OPT_UBUS           58
-#define OPT_LAST           59
+#define OPT_IGNORE_CLID    59
+#define OPT_LAST           60
 
 #define OPTION_BITS (sizeof(unsigned int)*8)
 #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
diff --git a/src/option.c b/src/option.c
index 5debcbc..04c9ac6 100644
--- a/src/option.c
+++ b/src/option.c
@@ -167,6 +167,7 @@ struct myoption {
 #define LOPT_NAME_MATCH    355
 #define LOPT_CAA           356
 #define LOPT_SHARED_NET    357
+#define LOPT_IGNORE_CLID   358
  
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
@@ -339,6 +340,7 @@ static const struct myoption opts[] =
     { "dhcp-rapid-commit", 0, 0, LOPT_RAPID_COMMIT },
     { "dumpfile", 1, 0, LOPT_DUMPFILE },
     { "dumpmask", 1, 0, LOPT_DUMPMASK },
+    { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
     { NULL, 0, 0, 0 }
   };
 
@@ -481,6 +483,7 @@ static struct {
   { LOPT_CPE_ID, ARG_ONE, "<text>", gettext_noop("Add client identification to 
forwarded DNS queries."), NULL },
   { LOPT_DNSSEC, OPT_DNSSEC_PROXY, NULL, gettext_noop("Proxy DNSSEC validation 
results from upstream nameservers."), NULL },
   { LOPT_INCR_ADDR, OPT_CONSEC_ADDR, NULL, gettext_noop("Attempt to allocate 
sequential IP addresses to DHCP clients."), NULL },
+  { LOPT_IGNORE_CLID, OPT_IGNORE_CLID, NULL, gettext_noop("Ignore client 
identifier option sent by DHCP clients."), NULL },
   { LOPT_CONNTRACK, OPT_CONNTRACK, NULL, gettext_noop("Copy connection-track 
mark from queries to upstream connections."), NULL },
   { LOPT_FQDN, OPT_FQDN_UPDATE, NULL, gettext_noop("Allow DHCP clients to do 
their own DDNS updates."), NULL },
   { LOPT_RA, OPT_RA, NULL, gettext_noop("Send router-advertisements for 
interfaces doing DHCPv6"), NULL },
diff --git a/src/rfc2131.c b/src/rfc2131.c
index 74d81fb..ec2650a 100644
--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -234,7 +234,7 @@ size_t dhcp_reply(struct dhcp_context *context, char 
*iface_name, int int_index,
        subnet_addr = option_addr(opt);
       
       /* If there is no client identifier option, use the hardware address */
-      if ((opt = option_find(mess, sz, OPTION_CLIENT_ID, 1)))
+      if (!option_bool(OPT_IGNORE_CLID) && (opt = option_find(mess, sz, 
OPTION_CLIENT_ID, 1)))
        {
          clid_len = option_len(opt);
          clid = option_ptr(opt, 0);
-- 
2.11.0


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to