Re: dhclient ignore
How did it end up looking?
Just a reminder really, since I use this already/anyway. :)
2012/7/27 Kenneth R Westerback kwesterb...@rogers.com:
I like this on first read. In fact I thought this already existed.
I'll actually look more closely at the code tomorrow.
Ken
On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
I have a system with two network interfaces (em0 and em1), running dhcp
on both. Both dhcp servers provide me with a nameserver, but only one
of them works (I can't fix this). There is a config file for dhclient
I can use, but it only supports the supersede keyword. I don't want
to statically configure a nameserver override for em1, because the
whole point is that the good nameserver on em0 can change. I just
want to say pretend this option did not arrive.
Diff below adds a little support for an ignore keyword. Like
supersede, except don't actually use the supplied value.
Index: clparse.c
===
RCS file: /cvs/src/sbin/dhclient/clparse.c,v
retrieving revision 1.38
diff -u -p -r1.38 clparse.c
--- clparse.c 10 Dec 2011 17:15:27 - 1.38
+++ clparse.c 27 Jul 2012 01:59:10 -
@@ -170,6 +170,11 @@ parse_client_statement(FILE *cfile)
if (code != -1)
config-default_actions[code] = ACTION_SUPERSEDE;
return;
+ case TOK_IGNORE:
+ code = parse_option_decl(cfile, config-defaults[0]);
+ if (code != -1)
+ config-default_actions[code] = ACTION_IGNORE;
+ return;
case TOK_APPEND:
code = parse_option_decl(cfile, config-defaults[0]);
if (code != -1)
Index: conflex.c
===
RCS file: /cvs/src/sbin/dhclient/conflex.c,v
retrieving revision 1.14
diff -u -p -r1.14 conflex.c
--- conflex.c 10 Dec 2011 17:36:40 - 1.14
+++ conflex.c 27 Jul 2012 01:15:19 -
@@ -337,6 +337,7 @@ static const struct keywords {
{ filename, TOK_FILENAME },
{ fixed-address, TOK_FIXED_ADDR },
{ hardware, TOK_HARDWARE },
+ { ignore, TOK_IGNORE },
{ initial-interval, TOK_INITIAL_INTERVAL },
{ interface, TOK_INTERFACE },
{ lease, TOK_LEASE },
Index: dhclient.c
===
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.146
diff -u -p -r1.146 dhclient.c
--- dhclient.c9 Jul 2012 16:21:21 - 1.146
+++ dhclient.c27 Jul 2012 01:59:35 -
@@ -1535,6 +1535,9 @@ priv_script_write_params(char *prefix, s
if (config-defaults[i].len) {
if (lease-options[i].len) {
switch (config-default_actions[i]) {
+ case ACTION_IGNORE:
+ /* handled below */
+ break;
case ACTION_DEFAULT:
dp = lease-options[i].data;
len = lease-options[i].len;
@@ -1588,6 +1591,9 @@ supersede:
len = lease-options[i].len;
dp = lease-options[i].data;
} else {
+ len = 0;
+ }
+ if (len config-default_actions[i] == ACTION_IGNORE) {
len = 0;
}
if (len) {
Index: dhclient.conf.5
===
RCS file: /cvs/src/sbin/dhclient/dhclient.conf.5,v
retrieving revision 1.21
diff -u -p -r1.21 dhclient.conf.5
--- dhclient.conf.5 9 Apr 2011 19:53:00 - 1.21
+++ dhclient.conf.5 27 Jul 2012 02:05:28 -
@@ -244,6 +244,14 @@ in the
.Ic supersede
statement.
.It Xo
+.Ic ignore No { Op Ar option declaration
+.Oo , Ar ... option declaration Oc }
+.Xc
+If for some set of options the client should always ignore the
+value supplied by the server, these values can be defined in the
+.Ic ignore
+statement.
+.It Xo
.Ic prepend No { Op Ar option declaration
.Oo , Ar ... option declaration Oc }
.Xc
Index: dhcpd.h
===
RCS file: /cvs/src/sbin/dhclient/dhcpd.h,v
retrieving revision 1.76
diff -u -p -r1.76 dhcpd.h
--- dhcpd.h 9 Jul 2012 16:21:21 - 1.76
+++ dhcpd.h 27 Jul 2012 01:18:18 -
@@ -130,6 +130,7 @@ struct client_config {
struct option_data defaults[256];
enum {
ACTION_DEFAULT,
+ ACTION_IGNORE,
ACTION_SUPERSEDE,
ACTION_PREPEND,
ACTION_APPEND
Re: dhclient ignore
On Fri, Jul 27, 2012 at 00:42, Brynet wrote:
On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
I have a system with two network interfaces (em0 and em1), running dhcp
on both. Both dhcp servers provide me with a nameserver, but only one
of them works (I can't fix this). There is a config file for dhclient
I can use, but it only supports the supersede keyword. I don't want
to statically configure a nameserver override for em1, because the
whole point is that the good nameserver on em0 can change. I just
want to say pretend this option did not arrive.
Diff below adds a little support for an ignore keyword. Like
supersede, except don't actually use the supplied value.
Not commenting on the diff or the feature, which could indeed be the
corect solution, if maybe only to work around some strict/broken servers.
I was under the impression that if you added an request statement
excluding the 'domain-name-servers' option the server would honour that and
only offer the options you've explictly requested..
Does something like this work for you?
interface em0 {
request subnet-mask, broadcast-address, routers, domain-name-servers;
}
interface em1 {
request subnet-mask, broadcast-address, routers;
}
Oh, nice, I hadn't thought of that. On the downside, if I add another
interface that works normally, I've made a mess of dhclient.conf. I'd
much prefer to blacklist interfaces instead of relying on an endless
series of whitelists.
That said, the part about the server should honor this is sadly not
true. In a quick test, the server still sent back domain-name-servers
even though it wasn't requested, and the way the dhclient code is
written, it will accept unrequested options. I'm not convinced this
is a bug in either server or client, I can justify both behaviors,
even if they frustrate me atm.
Re: dhclient ignore
One can set a dhclient-script to ignore things and then call
the real dhclient-script, but I like this diff better.
Penned by Kenneth R Westerback on 20120726 21:43.39, we have:
| I like this on first read. In fact I thought this already existed.
| I'll actually look more closely at the code tomorrow.
|
| Ken
|
| On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
| I have a system with two network interfaces (em0 and em1), running dhcp
| on both. Both dhcp servers provide me with a nameserver, but only one
| of them works (I can't fix this). There is a config file for dhclient
| I can use, but it only supports the supersede keyword. I don't want
| to statically configure a nameserver override for em1, because the
| whole point is that the good nameserver on em0 can change. I just
| want to say pretend this option did not arrive.
|
| Diff below adds a little support for an ignore keyword. Like
| supersede, except don't actually use the supplied value.
|
| Index: clparse.c
| ===
| RCS file: /cvs/src/sbin/dhclient/clparse.c,v
| retrieving revision 1.38
| diff -u -p -r1.38 clparse.c
| --- clparse.c 10 Dec 2011 17:15:27 - 1.38
| +++ clparse.c 27 Jul 2012 01:59:10 -
| @@ -170,6 +170,11 @@ parse_client_statement(FILE *cfile)
| if (code != -1)
| config-default_actions[code] = ACTION_SUPERSEDE;
| return;
| + case TOK_IGNORE:
| + code = parse_option_decl(cfile, config-defaults[0]);
| + if (code != -1)
| + config-default_actions[code] = ACTION_IGNORE;
| + return;
| case TOK_APPEND:
| code = parse_option_decl(cfile, config-defaults[0]);
| if (code != -1)
| Index: conflex.c
| ===
| RCS file: /cvs/src/sbin/dhclient/conflex.c,v
| retrieving revision 1.14
| diff -u -p -r1.14 conflex.c
| --- conflex.c 10 Dec 2011 17:36:40 - 1.14
| +++ conflex.c 27 Jul 2012 01:15:19 -
| @@ -337,6 +337,7 @@ static const struct keywords {
| { filename, TOK_FILENAME },
| { fixed-address, TOK_FIXED_ADDR },
| { hardware, TOK_HARDWARE },
| + { ignore, TOK_IGNORE },
| { initial-interval, TOK_INITIAL_INTERVAL },
| { interface, TOK_INTERFACE },
| { lease, TOK_LEASE },
| Index: dhclient.c
| ===
| RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
| retrieving revision 1.146
| diff -u -p -r1.146 dhclient.c
| --- dhclient.c 9 Jul 2012 16:21:21 - 1.146
| +++ dhclient.c 27 Jul 2012 01:59:35 -
| @@ -1535,6 +1535,9 @@ priv_script_write_params(char *prefix, s
| if (config-defaults[i].len) {
| if (lease-options[i].len) {
| switch (config-default_actions[i]) {
| + case ACTION_IGNORE:
| + /* handled below */
| + break;
| case ACTION_DEFAULT:
| dp = lease-options[i].data;
| len = lease-options[i].len;
| @@ -1588,6 +1591,9 @@ supersede:
| len = lease-options[i].len;
| dp = lease-options[i].data;
| } else {
| + len = 0;
| + }
| + if (len config-default_actions[i] == ACTION_IGNORE) {
| len = 0;
| }
| if (len) {
| Index: dhclient.conf.5
| ===
| RCS file: /cvs/src/sbin/dhclient/dhclient.conf.5,v
| retrieving revision 1.21
| diff -u -p -r1.21 dhclient.conf.5
| --- dhclient.conf.5 9 Apr 2011 19:53:00 - 1.21
| +++ dhclient.conf.5 27 Jul 2012 02:05:28 -
| @@ -244,6 +244,14 @@ in the
| .Ic supersede
| statement.
| .It Xo
| +.Ic ignore No { Op Ar option declaration
| +.Oo , Ar ... option declaration Oc }
| +.Xc
| +If for some set of options the client should always ignore the
| +value supplied by the server, these values can be defined in the
| +.Ic ignore
| +statement.
| +.It Xo
| .Ic prepend No { Op Ar option declaration
| .Oo , Ar ... option declaration Oc }
| .Xc
| Index: dhcpd.h
| ===
| RCS file: /cvs/src/sbin/dhclient/dhcpd.h,v
| retrieving revision 1.76
| diff -u -p -r1.76 dhcpd.h
| --- dhcpd.h 9 Jul 2012 16:21:21 - 1.76
| +++ dhcpd.h 27 Jul 2012 01:18:18 -
| @@ -130,6 +130,7 @@ struct client_config {
| struct option_data
Re: dhclient ignore
Ted Unangst wrote:
[...] I just want to say pretend this option did not arrive.
Diff below adds a little support for an ignore keyword. Like
supersede, except don't actually use the supplied value.
Put another way, dhclient has a default permit policy (it will use
any nameserver information sent by the dhcp server even when you
didn't ask the server for that information in the first place), and
you want to add a blacklist on top of that (in other words, manually
enumerate badness in /etc/dhclient.conf). I think it would be much
better for dhclient to have a default deny policy (always ignore any
information coming from the server that you didn't ask for) and use
what is actually requested by dhclient from the server as a whitelist.
See here http://marc.info/?l=openbsd-techm=131302612614702w=2 for a
previous message of mine on that topic, and here
http://marc.info/?l=openbsd-miscm=131914644924795w=2 for another
discussion.
Brynet wrote:
I was under the impression that if you added an request statement
excluding the 'domain-name-servers' option the server would honour that and
only offer the options you've explictly requested..
No, in practice many dhcp servers will send you nameserver information
even when you don't ask for it (I guess it's ISPs' way of saying they
think they know better than their users what's good for them...)
Does something like this work for you?
interface em0 {
request subnet-mask, broadcast-address, routers, domain-name-servers;
}
interface em1 {
request subnet-mask, broadcast-address, routers;
}
This would work if dhclient were using a default deny policy.
Unfortunately it doesn't, so your suggestion doesn't work.
Philippe
dhclient ignore
I have a system with two network interfaces (em0 and em1), running dhcp
on both. Both dhcp servers provide me with a nameserver, but only one
of them works (I can't fix this). There is a config file for dhclient
I can use, but it only supports the supersede keyword. I don't want
to statically configure a nameserver override for em1, because the
whole point is that the good nameserver on em0 can change. I just
want to say pretend this option did not arrive.
Diff below adds a little support for an ignore keyword. Like
supersede, except don't actually use the supplied value.
Index: clparse.c
===
RCS file: /cvs/src/sbin/dhclient/clparse.c,v
retrieving revision 1.38
diff -u -p -r1.38 clparse.c
--- clparse.c 10 Dec 2011 17:15:27 - 1.38
+++ clparse.c 27 Jul 2012 01:59:10 -
@@ -170,6 +170,11 @@ parse_client_statement(FILE *cfile)
if (code != -1)
config-default_actions[code] = ACTION_SUPERSEDE;
return;
+ case TOK_IGNORE:
+ code = parse_option_decl(cfile, config-defaults[0]);
+ if (code != -1)
+ config-default_actions[code] = ACTION_IGNORE;
+ return;
case TOK_APPEND:
code = parse_option_decl(cfile, config-defaults[0]);
if (code != -1)
Index: conflex.c
===
RCS file: /cvs/src/sbin/dhclient/conflex.c,v
retrieving revision 1.14
diff -u -p -r1.14 conflex.c
--- conflex.c 10 Dec 2011 17:36:40 - 1.14
+++ conflex.c 27 Jul 2012 01:15:19 -
@@ -337,6 +337,7 @@ static const struct keywords {
{ filename, TOK_FILENAME },
{ fixed-address, TOK_FIXED_ADDR },
{ hardware, TOK_HARDWARE },
+ { ignore, TOK_IGNORE },
{ initial-interval, TOK_INITIAL_INTERVAL },
{ interface, TOK_INTERFACE },
{ lease, TOK_LEASE },
Index: dhclient.c
===
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.146
diff -u -p -r1.146 dhclient.c
--- dhclient.c 9 Jul 2012 16:21:21 - 1.146
+++ dhclient.c 27 Jul 2012 01:59:35 -
@@ -1535,6 +1535,9 @@ priv_script_write_params(char *prefix, s
if (config-defaults[i].len) {
if (lease-options[i].len) {
switch (config-default_actions[i]) {
+ case ACTION_IGNORE:
+ /* handled below */
+ break;
case ACTION_DEFAULT:
dp = lease-options[i].data;
len = lease-options[i].len;
@@ -1588,6 +1591,9 @@ supersede:
len = lease-options[i].len;
dp = lease-options[i].data;
} else {
+ len = 0;
+ }
+ if (len config-default_actions[i] == ACTION_IGNORE) {
len = 0;
}
if (len) {
Index: dhclient.conf.5
===
RCS file: /cvs/src/sbin/dhclient/dhclient.conf.5,v
retrieving revision 1.21
diff -u -p -r1.21 dhclient.conf.5
--- dhclient.conf.5 9 Apr 2011 19:53:00 - 1.21
+++ dhclient.conf.5 27 Jul 2012 02:05:28 -
@@ -244,6 +244,14 @@ in the
.Ic supersede
statement.
.It Xo
+.Ic ignore No { Op Ar option declaration
+.Oo , Ar ... option declaration Oc }
+.Xc
+If for some set of options the client should always ignore the
+value supplied by the server, these values can be defined in the
+.Ic ignore
+statement.
+.It Xo
.Ic prepend No { Op Ar option declaration
.Oo , Ar ... option declaration Oc }
.Xc
Index: dhcpd.h
===
RCS file: /cvs/src/sbin/dhclient/dhcpd.h,v
retrieving revision 1.76
diff -u -p -r1.76 dhcpd.h
--- dhcpd.h 9 Jul 2012 16:21:21 - 1.76
+++ dhcpd.h 27 Jul 2012 01:18:18 -
@@ -130,6 +130,7 @@ struct client_config {
struct option_data defaults[256];
enum {
ACTION_DEFAULT,
+ ACTION_IGNORE,
ACTION_SUPERSEDE,
ACTION_PREPEND,
ACTION_APPEND
Index: dhctoken.h
===
RCS file: /cvs/src/sbin/dhclient/dhctoken.h,v
retrieving revision 1.5
diff -u -p -r1.5 dhctoken.h
--- dhctoken.h 15 May 2006 08:10:57 - 1.5
+++ dhctoken.h 27 Jul 2012 01:15:54 -
@@ -79,6 +79,7 @@
#define TOK_REJECT 292
#define TOK_FDDI
Re: dhclient ignore
I like this on first read. In fact I thought this already existed.
I'll actually look more closely at the code tomorrow.
Ken
On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
I have a system with two network interfaces (em0 and em1), running dhcp
on both. Both dhcp servers provide me with a nameserver, but only one
of them works (I can't fix this). There is a config file for dhclient
I can use, but it only supports the supersede keyword. I don't want
to statically configure a nameserver override for em1, because the
whole point is that the good nameserver on em0 can change. I just
want to say pretend this option did not arrive.
Diff below adds a little support for an ignore keyword. Like
supersede, except don't actually use the supplied value.
Index: clparse.c
===
RCS file: /cvs/src/sbin/dhclient/clparse.c,v
retrieving revision 1.38
diff -u -p -r1.38 clparse.c
--- clparse.c 10 Dec 2011 17:15:27 - 1.38
+++ clparse.c 27 Jul 2012 01:59:10 -
@@ -170,6 +170,11 @@ parse_client_statement(FILE *cfile)
if (code != -1)
config-default_actions[code] = ACTION_SUPERSEDE;
return;
+ case TOK_IGNORE:
+ code = parse_option_decl(cfile, config-defaults[0]);
+ if (code != -1)
+ config-default_actions[code] = ACTION_IGNORE;
+ return;
case TOK_APPEND:
code = parse_option_decl(cfile, config-defaults[0]);
if (code != -1)
Index: conflex.c
===
RCS file: /cvs/src/sbin/dhclient/conflex.c,v
retrieving revision 1.14
diff -u -p -r1.14 conflex.c
--- conflex.c 10 Dec 2011 17:36:40 - 1.14
+++ conflex.c 27 Jul 2012 01:15:19 -
@@ -337,6 +337,7 @@ static const struct keywords {
{ filename, TOK_FILENAME },
{ fixed-address, TOK_FIXED_ADDR },
{ hardware, TOK_HARDWARE },
+ { ignore, TOK_IGNORE },
{ initial-interval, TOK_INITIAL_INTERVAL },
{ interface, TOK_INTERFACE },
{ lease, TOK_LEASE },
Index: dhclient.c
===
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.146
diff -u -p -r1.146 dhclient.c
--- dhclient.c9 Jul 2012 16:21:21 - 1.146
+++ dhclient.c27 Jul 2012 01:59:35 -
@@ -1535,6 +1535,9 @@ priv_script_write_params(char *prefix, s
if (config-defaults[i].len) {
if (lease-options[i].len) {
switch (config-default_actions[i]) {
+ case ACTION_IGNORE:
+ /* handled below */
+ break;
case ACTION_DEFAULT:
dp = lease-options[i].data;
len = lease-options[i].len;
@@ -1588,6 +1591,9 @@ supersede:
len = lease-options[i].len;
dp = lease-options[i].data;
} else {
+ len = 0;
+ }
+ if (len config-default_actions[i] == ACTION_IGNORE) {
len = 0;
}
if (len) {
Index: dhclient.conf.5
===
RCS file: /cvs/src/sbin/dhclient/dhclient.conf.5,v
retrieving revision 1.21
diff -u -p -r1.21 dhclient.conf.5
--- dhclient.conf.5 9 Apr 2011 19:53:00 - 1.21
+++ dhclient.conf.5 27 Jul 2012 02:05:28 -
@@ -244,6 +244,14 @@ in the
.Ic supersede
statement.
.It Xo
+.Ic ignore No { Op Ar option declaration
+.Oo , Ar ... option declaration Oc }
+.Xc
+If for some set of options the client should always ignore the
+value supplied by the server, these values can be defined in the
+.Ic ignore
+statement.
+.It Xo
.Ic prepend No { Op Ar option declaration
.Oo , Ar ... option declaration Oc }
.Xc
Index: dhcpd.h
===
RCS file: /cvs/src/sbin/dhclient/dhcpd.h,v
retrieving revision 1.76
diff -u -p -r1.76 dhcpd.h
--- dhcpd.h 9 Jul 2012 16:21:21 - 1.76
+++ dhcpd.h 27 Jul 2012 01:18:18 -
@@ -130,6 +130,7 @@ struct client_config {
struct option_data defaults[256];
enum {
ACTION_DEFAULT,
+ ACTION_IGNORE,
ACTION_SUPERSEDE,
ACTION_PREPEND,
ACTION_APPEND
Index: dhctoken.h
===
RCS file: /cvs/src/sbin/dhclient/dhctoken.h,v
retrieving
Re: dhclient ignore
On Thu, Jul 26, 2012 at 10:09:28PM -0400, Ted Unangst wrote:
I have a system with two network interfaces (em0 and em1), running dhcp
on both. Both dhcp servers provide me with a nameserver, but only one
of them works (I can't fix this). There is a config file for dhclient
I can use, but it only supports the supersede keyword. I don't want
to statically configure a nameserver override for em1, because the
whole point is that the good nameserver on em0 can change. I just
want to say pretend this option did not arrive.
Diff below adds a little support for an ignore keyword. Like
supersede, except don't actually use the supplied value.
Not commenting on the diff or the feature, which could indeed be the
corect solution, if maybe only to work around some strict/broken servers.
I was under the impression that if you added an request statement
excluding the 'domain-name-servers' option the server would honour that and
only offer the options you've explictly requested..
Does something like this work for you?
interface em0 {
request subnet-mask, broadcast-address, routers, domain-name-servers;
}
interface em1 {
request subnet-mask, broadcast-address, routers;
}
-Bryan.
