On Tue, May 23, 2023 at 03:43:46PM +0800, Linyih Teng wrote: > Geert Stappers 於 2023年5月23日 週二 下午1:59寫道: > > On Tue, May 23, 2023 at 12:05:08AM +0100, Simon Kelley wrote: > > > On 22/05/2023 12:18, Linyih Teng wrote: > > > > In the manual page is written: > > > > > -X, --dhcp-lease-max=<number> > > > > > Limits dnsmasq to the specified maximum number of DHCP > > > > > leases. The default is 1000. This limit is to prevent DoS > > > > > attacks from hosts which create thousands of leases and use > > > > > lots of memory in the dnsmasq process. > > > > > > > > Hello, > > > > > > > > I'm using dnsmasq2.89 and testing the maximum lease count of the DHCPv6 > > > > server with the *dhcp-lease-max* option. > > > > > > > > For the testing, I'm using below configuration: > > > > > > > > *dhcp-lease-max* = 512 > > > > *dhcp-range*=tag:pool0,2022::1,2022::1f:ffff:ffff:fffe,64,120m > > > > tag-if=set:pool0,tag:intfv0 > > > > > > > > > > > > However, when the number of clients reaches the maximum number, the > > > > server still provides IPs to clients. Is this the expected behavior of > > > > DHCPv6? > > > > > > > There's a possible difference between the number of clients and the number > > > of DHCP leases, since leases can expire to be deleted by the client. > > > > > > Are you saying that the number of simultaneous DHCP leases increases > > > without > > > bound, or that the 513th client gets a lease? Have you checked the number > > > of > > > leases in the dnsmasq.leases file? > > > > Original Poster has yet to say what the expected behaviour should be. > > For the test.. i'm just curious, there is no other reason.
Acknowledge > However, On the client side, I wrote simple scripts to run the dhclient, > and this script will sequentially run 512 dhclient.(the number 512 is not a > magic value, other values will happen same situation.) > > steps of the script: > > 1. create macvlan interface(It will make different MAC address for clients) > 2. run dhclient with macvlan interface > 3. get an IP from DHCPv6 server > 4. kill the dhclient and remove the macvlan interface > 5. back to step 1. and go on. > Mailinglist archive has shell script doing that https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q2/017135.html > Results: > > After scripts, if the 513th client comes, the server will serve the IP to > the 513th client. but it is not just lease max + 1 th client getting > this issue, all after the 512th client can get IP from the server. > At this time, the lease entries are remaining at 512, and all after > clients will not appear in the lease file. > > > > > Thing I am saying: Why limit dhcp-range by dhcp-lease-max? When DHCP-clients exhaust the DHCP pool ( the dhcp-range ) then is the DHCP pool exhausted (and it is too late for DOS prevention). Groeten Geert Stappers -- Silence is hard to parse _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
