Re: [Dnsmasq-discuss] Disabling dynamic DHCP assignment for known hosts

[Todd Sankey]

I tried a different approach. I created a patch (attached) so that the tag
"knownother" is applied if there is a host definition that applies to a
different context. In our setup, we then added "dhcp-ignore=tag:knownother".

On Wed, Mar 15, 2017 at 1:14 PM, Todd Sankey  wrote:

> Our setup has two wifi networks with different network addresses, one for
> employees and one for guests. On the employee network, the hosts all have
> static host entries that include IP addresses. The guest network has no
> static host entries. What we would like to do is prevent the employee
> machines from getting any assignment on the guest network.
>
> We tried using "tag:!known" in the dhcp-range configuration, and we have
> tried a tag-if statement that sets a tag based on the guest network
> interface and known followed by a dhcp-ignore. Neither works.
>
> Looking through the code, I think it is because when looking for a
> dhcp_config entry, the search is filtered by whether the assigned address
> is valid for the interface the request was received on. Since the static
> assignments are only valid for the employee network, when a request is
> received on the guest network, the static assignments are not valid so the
> "known" tag is never set. As a result, neither the dhcp-range tag filter
> nor the tag-if filter has the desired effect.
>
> I next tried having dhcp-host entries for every employee machine, one with
> a static assignment on the employee network, and one with a static
> assignment on guest network and appending "ignore" to the guest network
> entry. This seems to have the desired behaviour in that employee machines
> cannot get on the guest network. However, this obviously doubles the work
> of maintaining the host list. I am also not sure what this does to the
> guest address range having these static but ignored assignments.
>
> Is there a better way to do this in the current version (2.76)?
>
> If not, would it be a reasonable feature request to extend the handling of
> dhcp-host settings so that if there is an IP assignment and "ignore" is
> specified, then the host is ignored on networks where the IP assignment is
> not valid?
>


knownother.patch
Description: Binary data
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Logging of dhcp_script output

[Petr Mensik]

Hi Simon,

I like your changes. New shorter log is definitely helpful, separate log 
section helps. The only bug I found is red white space highlight in the patch.

However I did yet another fix for remaining dhcp-script init action.
It completely ignored any error in structure and silently skipped the rest of 
database. If there was any message in stdin of init script, it just died 
silently.
The only thing that were visible was SIGPIPE from dhcp-script, because it did 
not read whole database, if that signal was logged at all.
My new patch handles garbage in leases database. If the line is wrong, it logs 
part of wrong line and skips the rest of init.
I thought about die in that case. I think it would be better for backward 
compatibility to start with empty leases as before.

--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemen...@redhat.com  PGP: 65C6C973

- Original Message -
From: "Simon Kelley" 
To: dnsmasq-discuss@lists.thekelleys.org.uk
Sent: Sunday, April 16, 2017 9:29:21 PM
Subject: Re: [Dnsmasq-discuss] [PATCH] Logging of dhcp_script output

I like this. Yes, I know you can do it with shell magic, but this is
easier and what I would expect to happen.

I've changed the patch quite a lot:

1) Don't go to large effort to report "never happen" errors from pipe(),
just silently handle them in the same way as fork()

2) Don't do any of this when the -d debug flag is in effect, as it's
already defined that the script gets stdin, stdout and stderr from the
dnsmasq process in that case.

3) Expand the subject-based logging that already exists, DHCP stuff
comes from dnsmasq-dhcp, script output comes from dhcp-script. That
avoids the wordy preamble to every line otherwise.

4) Pull the copy-to-log code out of the loop wait()ing for processes to
die, it makes more sense to iterate until the descriptors close, then
reap child processes.

5) Rationalise conditional compilation stuff. There may be more of that
in a subsequent commit.

6) Update the man page to reflect new reality (!)

Any remaining bugs are mine, but Petr please check that I didn't break
things.


Cheers,

Simon.



On 24/03/17 17:38, Petr Mensik wrote:
> Hi!
> 
> Some guys using dnsmasq in virtual machines and OpenStack use custom 
> dhcp_script to manage leases of clients.
> However they complain if there is anything wrong with them, then are just 
> told broken pipe and no information.
> 
> We understand it should not produce any output under normal operation. But it 
> would be really helpful if at least anything was visible in logs. Especially 
> for errors happening under rare circumstances.
> I have prepared patch to forward events from helper. It prevents SIGPIPE 
> receiving if script does write anything. And logs it from dnsmasq.
> It seems very handy to me.
> 
> It was not simple to forward it to main log. I would like opinions if it is 
> useful or dangerous.
> Do you consider it worth merging Simon?
> 
> Best Regards,
> Petr
> --
> Petr Menšík
> Software Engineer
> Red Hat, http://www.redhat.com/
> email: pemen...@redhat.com  PGP: 65C6C973
> 
> 
> 
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 



___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
From cf2831d52884452f039e05cc16f6562cbe6db650 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= 
Date: Wed, 19 Apr 2017 19:32:54 +0200
Subject: [PATCH] Verify leases database format, log errors if present.

---
 src/lease.c | 110 +++-
 1 file changed, 65 insertions(+), 45 deletions(-)

diff --git a/src/lease.c b/src/lease.c
index fc6cbe9..77da638 100644
--- a/src/lease.c
+++ b/src/lease.c
@@ -21,67 +21,38 @@
 static struct dhcp_lease *leases = NULL, *old_leases = NULL;
 static int dns_dirty, file_dirty, leases_left;
 
-void lease_init(time_t now)
+static int read_leases(time_t now, FILE *leasestream)
 {
   unsigned long ei;
   struct all_addr addr;
   struct dhcp_lease *lease;
   int clid_len, hw_len, hw_type;
-  FILE *leasestream;
-  
-  leases_left = daemon->dhcp_max;
-  
-  if (option_bool(OPT_LEASE_RO))
-{
-  /* run " init" once to get the
-	 initial state of the database. If leasefile-ro is
-	 set without a script, we just do without any 
-	 lease database. */
-#ifdef HAVE_SCRIPT
-  if (daemon->lease_change_command)
-	{
-	  strcpy(daemon->dhcp_buff, daemon->lease_change_command);
-	  strcat(daemon->dhcp_buff, " init");
-	  leasestream = popen(daemon->dhcp_buff, "r");
-	}
-  else
-#endif
-	{
-  file_dirty = dns_dirty = 0;
-  return;
-}
+  int found = 0;
+  int items;
+
+  *daemon->dhcp_buff3 = *daemon->dhcp_buff2 = '\0';
+