> On 23 Jul 2020, at 09:35, Pali Rohár <pali.ro...@gmail.com> wrote: > > So finally something relevant to this patch... > > On Wednesday 22 July 2020 23:48:19 Petr Menšík wrote: >> On 7/22/20 3:44 PM, Pali Rohár wrote: >>> I do not see any benefit why to complicate things just because "IPv6 >>> addresses are many". I do not see nothing wrong on simple setup where >>> device has one IPv6 address assigned by DHCPv6 server. >> I think you are requesting breaking of DHCP definition RFCs. I see >> nothing wrong with IPv6 assigned to MAC address. I think it is wrong, if >> there are existing leases for the same address with different IAID. > > The whole point of this patch is to make MAC --> IPv6 address assigning > working. It means that IPv6 address must be leased to MAC address if > assigning is based on MAC address and not on DUID/IAID. > > If user set in configure file that for MAC address AB:CD:EF:AB:CD:EF > must be assigned IPv6 address FD::1 then user would expect that host > with address AB:CD:EF:AB:CD:EF would get IPv6 address FD::1. <snippage>
If I may proffer this real life use case/scenario as found in my very own home: I have a couple of Qnap NAS boxes. They speak legacy IP and IPv6. These boxes sometimes offer services such as bittorrent to the Internet. They live behind an Openwrt router/firewall, the very device that runs dnsmasq offering DHCPv4/v6 leases. For purposes of my own sanity I lock the IPv4 address to the qnap devices MAC addresses, thus I can enter unchanging and consistent entries in the firewall for relevant hosts/ports. I have an identical requirement for IPv6. I need to be sure that these Qnap devices will land at a known, consistent, effectively static IPv4/v6 address. The IPv4 case is easily solved and supported. The IPv6 case (until recently..qnap changed something..and I don’t reboot as much) was more challenging in that dnsmasq ignores the MAC address. The DUID/IAID would change at different stages of the boot, leading to dnsmasq thinking the address requested was being requested for a new client as opposed to the same client simply rebooting. There is a use case for locking/mapping IPv6 to MAC address whether it violates RFCs or not. For reasons of firewall pinholes I need certain machines to land at certain addresses. For ‘fun’ we can discuss if this is a problem with/for upnp/natpnp Cheers, Kevin D-B gpg: 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
