Re: dhcpd not starting

2013-01-02 Thread MERIGHI Marcus 
Chris, 

I guess you've got two problems:
A) filtering your clients to get them the right options
B) delivering vendor specific options.

more inline...

obsd_m...@chrissmith.org (Chris Smith), 2013.01.01 (Tue) 18:20 (CET):
 On Tue, Jan 1, 2013 at 7:59 AM, MERIGHI Marcus mcmer-open...@tor.at wrote:
  I could not figure out which dhcp option(s) you are referring to. Please
  specify option number and RFC number.
 
  For options with names see:
  dhcp-options(5) (beeing reworked currently)
  /usr/src/usr.sbin/dhcpd/tables.c
 
  For options without names use e.g. ``option-252''
 
  thereby keeping the created *_ip_tables more
 
  Do you mean pf.conf(5) tables here? Or dhcp leases table
  (/var/db/dhcpd.leases)?
 
  up-to-date. Option space is also good for preventing some of the WPAD
  nonsense and assisting in NetBIOS configurations.
 
  Could you be more specific, please?
 
 Hopefully this commented section of dhcpd.conf I normally use will help:
 =
 #windoze
 option space windoze;
 option windoze.nbt  code 1 = unsigned integer 32;
 option windoze.release  code 2 = unsigned integer 32;
 option windoze.metric   code 3 = unsigned integer 32;

My guess is your are talking about RFC 2132 Section 8.4 ``Vendor
Specific Information'' (OpenBSD: vendor-encapsulated-options). 
http://msdn.microsoft.com/en-us/library/cc227275.aspx
an example of how to deliver vendor specific:
http://www.bytefusion.com/products/ntm/ptnt/configuring_via_dhcp.htm

Thus I think it can be done, never done it myself. 

 # 1 = enable NetBIOS over TCP
 # 2 = disable NetBIOS over TCP
 option windoze.nbt 1;

I do find some NetBIOS options in RFC 2132, but these have the following
option number codes:

44 NetBIOS over TCP/IP Name Server Option 
   (OpenBSD: netbios-name-servers)
45 NetBIOS over TCP/IP Datagram Distribution Server Option
   (OpenBSD: netbios-dd-server)
46 NetBIOS over TCP/IP Node Type Option
   (OpenBSD: netbios-node-type)
47 NetBIOS over TCP/IP Scope Option
   (OpenBSD: netbios-scope)

Again I think you are talking about vendor specific...

 # 1 = send DHCPRELEASE on shutdown
 option windoze.release 1;

RFC 2131, Section 3.1, paragraph 6.:
6. The client may choose to relinquish its lease on a network address by
sending a DHCPRELEASE message to the server.  The client identifies the
lease to be released with its 'client identifier', or 'chaddr' and
network address in the DHCPRELEASE message. If the client used a 'client
identifier' when it obtained the lease, it MUST use the same 'client
identifier' in the DHCPRELEASE message.

So, you are asking your windoze machines to do what they are supposed to
do anyways?

Again I think you are talking about vendor specific...

 # default route cost metric
 option windoze.metric 1;

Again I think you are talking about vendor specific...

 #/windoze
 option wpad-url code 252 = text;
 option wpad-url \n\000;
 #option wpad-url http://192.168.99.123/proxy.pac\n;;

use ``option autoproxy-script'' for that (and see
/usr/src/usr.sbin/dhcpd/tables.c). 
This one works, at least for me.

 if substring (option vendor-class-identifier, 0, 8) = MSFT 5.0 {
 vendor-option-space windoze;
 option netbios-node-type 8;
 }

No such filtering in base dhcpd(8).

 =
 Is any of this available in base dhcpd? Maybe I'm just missing it.

I do not think so, dhcpd.conf(5):

``For clients whose addresses will be dynamically assigned, there is
currently no way to group parameter assignments other than by network
topology.''

As far as I know there's only two ways of filtering clients:
- dhcp-client-identifier (dhcp-options(5))
- hardware ethernet (dhcpd.conf(5))

By these you could assign your windoze hosts to a common group
declaration and assign your windoze options. 

Bye, Marcus

Re: dhcpd not starting

2013-01-02 Thread Lars Hansson 
In-tree dhcp most certainly support options because I am using them:
option autoproxy-script http://1.2.3.4/wpad.dat;;

Cheers,
Lars


On Mon, Dec 31, 2012 at 11:19 PM, Chris Smith obsd_m...@chrissmith.orgwrote:

 Maybe it's a problem due to Unbound being a package and not part of
 the core system, but a normal configuration such as:

 host hostname.example.com  {
   hardware ethernet 00:1a:80:f4:75:ad;
   fixed-address hostname.example.com;
   }

 has to be rewritten as:

 host hostname.example.com  {
   hardware ethernet 00:1a:30:64:75:bc;
   fixed-address 172.38.202.17;
   }

 thereby duplicating efforts or dhcpd will not start on reboot since
 pkg scripts start after everything else and Unbound has not yet been
 started.

 Also as nice as it is to have the core dhcpd create pf tables it has
 otherwise very limited functionality, such as lack of support for
 option space, which can be used to request a system release it's
 lease on shutdown thereby keeping the created *_ip_tables more
 up-to-date. Option space is also good for preventing some of the WPAD
 nonsense and assisting in NetBIOS configurations.

 Using the packaged dhcpd would most likely eliminate the startup issue
 and provide the missing dhcpd functionality but one would also lose
 the tight pf integration.

Re: dhcpd not starting

2013-01-02 Thread Lars Hansson 
Oh, you mean the space thing. Well, it probably doesn't but I Have never
needed that.
---
Lars


On Wed, Jan 2, 2013 at 6:50 PM, Lars Hansson romaby...@gmail.com wrote:

 In-tree dhcp most certainly support options because I am using them:
 option autoproxy-script http://1.2.3.4/wpad.dat;;

 Cheers,
 Lars


 On Mon, Dec 31, 2012 at 11:19 PM, Chris Smith obsd_m...@chrissmith.orgwrote:

 Maybe it's a problem due to Unbound being a package and not part of
 the core system, but a normal configuration such as:

 host hostname.example.com  {
   hardware ethernet 00:1a:80:f4:75:ad;
   fixed-address hostname.example.com;
   }

 has to be rewritten as:

 host hostname.example.com  {
   hardware ethernet 00:1a:30:64:75:bc;
   fixed-address 172.38.202.17;
   }

 thereby duplicating efforts or dhcpd will not start on reboot since
 pkg scripts start after everything else and Unbound has not yet been
 started.

 Also as nice as it is to have the core dhcpd create pf tables it has
 otherwise very limited functionality, such as lack of support for
 option space, which can be used to request a system release it's
 lease on shutdown thereby keeping the created *_ip_tables more
 up-to-date. Option space is also good for preventing some of the WPAD
 nonsense and assisting in NetBIOS configurations.

 Using the packaged dhcpd would most likely eliminate the startup issue
 and provide the missing dhcpd functionality but one would also lose
 the tight pf integration.

Re: dhcpd not starting

2013-01-01 Thread MERIGHI Marcus 
obsd_m...@chrissmith.org (Chris Smith), 2013.12.31 (Mon) 16:19 (CET):
 Maybe it's a problem due to Unbound being a package and not part of
 the core system, but a normal configuration such as:
 
 host hostname.example.com  {
   hardware ethernet 00:1a:80:f4:75:ad;
   fixed-address hostname.example.com;
   }
 
 has to be rewritten as:
 
 host hostname.example.com  {
   hardware ethernet 00:1a:30:64:75:bc;
   fixed-address 172.38.202.17;
   }
 
 thereby duplicating efforts or dhcpd will not start on reboot since
 pkg scripts start after everything else and Unbound has not yet been
 started.

Keep hosts(5) and unbound(8) in sync and ``lookup file bind'' in
resolv.conf(5). That lets dhcpd(8) resolve your names before
net/unbound(8) has come up.

$ grep ^include:  /var/unbound/etc/unbound.conf.local
  include: /var/unbound/etc/localzone.hosts.conf
$ getent hosts | hoststounbound.sh hosts  \
  /var/unbound/etc/localzone.hosts.conf
$ sudo unbound-control -c /var/unbound/etc/unbound.conf.local reload

$ cat hoststounbound.sh # handle with care!
#!/bin/sh -e
local _zone=${1:-hosts}
function _doit {
local _zone=${1}
local _ip=
local _names=
local _name=
local _word_count=
local _word=
print server:\n
print local-zone: \${_zone}\ transparent\n
while read _line; do
[[ X${_line} == X#* ]]  continue
_ip=
_names=
_word_count=0
for _word in $_line; do
if [[ $_word_count -eq 0 ]]; then
# first: ip
_ip=${_word}
elif [[ X${_word} == X#* ]]; then
# skip after # in line
break
else
# remains: names and aliases
_names=${_names}${_word} 
fi
_word_count=$((_word_count + 1))
done
# skip localhost
#[[ X${_ip} == X127.0.0.1 || X${_ip} == X::1 ]]  
continue
a=A
[[ X${_ip} == X*:* ]]  a=
for _name in $_names; do
print local-data: \${_name} ${a} ${_ip}\
print local-data-ptr: \${_ip} ${_name}\\n
done
done
}
_doit ${_zone}

 Also as nice as it is to have the core dhcpd create pf tables it has
 otherwise very limited functionality, such as lack of support for
 option space, which can be used to request a system release it's
 lease on shutdown 

I could not figure out which dhcp option(s) you are referring to. Please
specify option number and RFC number. 

For options with names see:
dhcp-options(5) (beeing reworked currently)
/usr/src/usr.sbin/dhcpd/tables.c

For options without names use e.g. ``option-252''

 thereby keeping the created *_ip_tables more

Do you mean pf.conf(5) tables here? Or dhcp leases table
(/var/db/dhcpd.leases)?

 up-to-date. Option space is also good for preventing some of the WPAD
 nonsense and assisting in NetBIOS configurations.

Could you be more specific, please?

Bye, Marcus
 
 Using the packaged dhcpd would most likely eliminate the startup issue
 and provide the missing dhcpd functionality but one would also lose
 the tight pf integration.

Re: dhcpd not starting

2013-01-01 Thread Chris Smith 
On Tue, Jan 1, 2013 at 7:59 AM, MERIGHI Marcus mcmer-open...@tor.at wrote:
 I could not figure out which dhcp option(s) you are referring to. Please
 specify option number and RFC number.

 For options with names see:
 dhcp-options(5) (beeing reworked currently)
 /usr/src/usr.sbin/dhcpd/tables.c

 For options without names use e.g. ``option-252''

 thereby keeping the created *_ip_tables more

 Do you mean pf.conf(5) tables here? Or dhcp leases table
 (/var/db/dhcpd.leases)?

 up-to-date. Option space is also good for preventing some of the WPAD
 nonsense and assisting in NetBIOS configurations.

 Could you be more specific, please?

Hopefully this commented section of dhcpd.conf I normally use will help:
=
#windoze
option space windoze;
option windoze.nbt  code 1 = unsigned integer 32;
option windoze.release  code 2 = unsigned integer 32;
option windoze.metric   code 3 = unsigned integer 32;
# 1 = enable NetBIOS over TCP
# 2 = disable NetBIOS over TCP
option windoze.nbt 1;
# 1 = send DHCPRELEASE on shutdown
option windoze.release 1;
# default route cost metric
option windoze.metric 1;
#/windoze
option wpad-url code 252 = text;
option wpad-url \n\000;
#option wpad-url http://192.168.99.123/proxy.pac\n;;

if substring (option vendor-class-identifier, 0, 8) = MSFT 5.0 {
vendor-option-space windoze;
option netbios-node-type 8;
}
=

Is any of this available in base dhcpd? Maybe I'm just missing it.

Thanks,

Chris

dhcpd not starting

2012-12-31 Thread Chris Smith 
Maybe it's a problem due to Unbound being a package and not part of
the core system, but a normal configuration such as:

host hostname.example.com  {
  hardware ethernet 00:1a:80:f4:75:ad;
  fixed-address hostname.example.com;
  }

has to be rewritten as:

host hostname.example.com  {
  hardware ethernet 00:1a:30:64:75:bc;
  fixed-address 172.38.202.17;
  }

thereby duplicating efforts or dhcpd will not start on reboot since
pkg scripts start after everything else and Unbound has not yet been
started.

Also as nice as it is to have the core dhcpd create pf tables it has
otherwise very limited functionality, such as lack of support for
option space, which can be used to request a system release it's
lease on shutdown thereby keeping the created *_ip_tables more
up-to-date. Option space is also good for preventing some of the WPAD
nonsense and assisting in NetBIOS configurations.

Using the packaged dhcpd would most likely eliminate the startup issue
and provide the missing dhcpd functionality but one would also lose
the tight pf integration.

Re: dhcpd not starting

2012-12-31 Thread mxb 
For in base  dhcpd you should read manual for dhcpd.conf.
Else you can invoke it with some debug/verbose flag in order to get some output 
regarding what it likes/dislikes in your dhcpd.conf.

On 31 dec 2012, at 16:19, Chris Smith obsd_m...@chrissmith.org wrote:

 Maybe it's a problem due to Unbound being a package and not part of
 the core system, but a normal configuration such as:
 
 host hostname.example.com  {
  hardware ethernet 00:1a:80:f4:75:ad;
  fixed-address hostname.example.com;
  }
 
 has to be rewritten as:
 
 host hostname.example.com  {
  hardware ethernet 00:1a:30:64:75:bc;
  fixed-address 172.38.202.17;
  }
 
 thereby duplicating efforts or dhcpd will not start on reboot since
 pkg scripts start after everything else and Unbound has not yet been
 started.
 
 Also as nice as it is to have the core dhcpd create pf tables it has
 otherwise very limited functionality, such as lack of support for
 option space, which can be used to request a system release it's
 lease on shutdown thereby keeping the created *_ip_tables more
 up-to-date. Option space is also good for preventing some of the WPAD
 nonsense and assisting in NetBIOS configurations.
 
 Using the packaged dhcpd would most likely eliminate the startup issue
 and provide the missing dhcpd functionality but one would also lose
 the tight pf integration.