[Dnsmasq-discuss] [feature proposal] Alpha sort of files under conf-dir

[Evgenii Seliavka]

Hi there,

I am extensively using dnsmasq in conjunction with *--conf-dir
*configuration property.
My test env is *CentOS Linux release 7.4.1708 (Core) *with
*3.10.0-693.17.1.el7.x86_64* kernel.
In our set up we strongly relying on the order dnsmasq will read and apply
DNS records under the configuration directory. Basically, we have files
like: 0001_this_should_be_first, 0002_comes_second, etc. and we expecting
them to be read in alpha order. We need this strict ordering guarantee
because of PTR records, according to the documentation only first A record
will receive corresponding PTR record:

*--host-record=[,],[],[][,]
Add A,  and PTR records to the DNS. This adds one or more names to the
DNS with associated IPv4 (A) and IPv6 () records. A name may appear in
more than one --host-record and therefore be assigned more than one
address. Only the first address creates a PTR record linking the address to
the name. This is the same rule as is used reading hosts-files.
--host-record options are considered to be read before host-files, so a
name appearing there inhibits PTR-record creation if it appears in
hosts-file also. Unlike hosts-files, names are not expanded, even when
--expand-hosts is in effect. Short and long names may appear in the same
--host-record, eg. --host-record=laptop,laptop.thekelleys.org
,192.168.0.1,1234::100 If the time-to-live is
given, it overrides the default, which is zero or the value of --local-ttl.
The value is a positive integer and gives the time-to-live in seconds.*

The problem is that *readdir* syscall can't guarantee any order
http://man7.org/linux/man-pages/man3/readdir.3.html at least on Linux.

I prepared this small patch(see the attachment) and want to know community
opinion on how useful it is?

-- 
Best Regards,
Seliavka Evgenii


0001-Support-alpha-ordering-of-files-under-conf-dir-if-an.patch
Description: Binary data
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] pxe-service line for UEFI system?

[Michal Zatloukal]

In the meantime, I tried a simpler case [1] of UEFI PXE services
config, which I confirmed to work.

I intended to replace my config with this and work up towards the
fancier tag-operated version, but made a wrong assumption and _added_
the trivial config to existing set of config files (adding .bak to the
filename didn't stop the original from being loaded). Strangely, now
option 43 contained all services for CSA 7 - both conditional, and
unconditional ones, which were previosly missing. This actually
happens even when the new config file is reduced to a single,
unconditional pxe-service line. That's not how this should work, or is
it? Is there a particular order to these pxe-* config options? IMHO
the fact that only the menu items are missing, but prompt is sent,
should indicate that setting tags is correct.

I'll do from-the-ground-up experiment soon, hopefully finding at which
point dnsmasq stops sending the boot options.

Cheers,
MZ

[1]
# Commented out to use my existing config, must be included if using standalone.
#dhcp-range=10.0.0.10,10.0.0.240,2h
#log-dhcp
#tftp-root=/tftpboot
#dhcp-no-override
pxe-prompt="dnsmasq menu"
pxe-service=0, "Boot BIOS PXElinux", bios/pxelinux
pxe-service=0, "Boot BIOS iPXE", ipxe/undionly.kpxe
pxe-service=7, "Boot UEFI CSA 7", efi64/syslinux.efi
pxe-service=7, "Other item CSA 7",etc/other.efi
pxe-service=9, "Boot UEFI CSA 9", efi64/syslinux.efi
pxe-service=9, "Other item CSA 9",etc/other.efi
pxe-service=0, "Exit menu"
pxe-service=7, "Exit menu"
pxe-service=9, "Exit menu"

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 - Multiple reservations for single host

[Pali Rohár]

On Tuesday 07 January 2020 13:57:02 Harald Jensås wrote:
> On Tue, 2020-01-07 at 10:51 +0100, Pali Rohár wrote:
> > Hi Harald! What are differences between your patch and mine which
> > adds
> > support for it too (plus honor assignment based on MAC address)?
> > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q4/013545.html
> > 
> 
> My patch allow creating multiple IPv6 address reservations for the same
> host (MAC address), your patch allow a single IPv6 address to be
> reserved for multiple MAC addresses?

Yes! Now I see difference :-) I misread your description.

> Also, Your patch allow dnsmasq to abandon a lease if a new request
> using the same MAC address but a different IAID comes. My patch instead
> makes it possible to configure multiple IPv6 addresses for a single MAC
> address. The first request matching MAC will get leased to that
> CLID/IAID combo. Another request from the same MAC using a different
> CLID/IAID combo get's a lease using the second reservation, and so on.
> No lease is abandoned before either the client does a release or the
> lease_time is reached without the client renewing.
> 
> I came up with this approach after realizing Simon already expressed
> that the approach of allowing the server to abandon a lease is a bad
> idea. Quoting Simon from [1]:
> 
> """ Allowing the IDs to change is a bad idea,
> since in DHCPv6 they are the only thing
> that identifies a client. If you lease an
> address to a CLID/IAID combo, then you
> can't lease it to another CLID/IAID until
> that lease has expired. """
> 
> 
> As I understand the RFC's your approach of allowing a lease to be
> abandoned is not allowed.

Theoretically it is not according to RFC, but also whole assignment
based on MAC address is not according to RFC.

And there are usecases for assignment based on MAC address even it is
against RFC. One example is multi OS laptop or another example is PXE
booting which will always would use different IAID in PXE and in then
booted system.

> Personally and practically I like the `honor
> assignment based on MAC address` patch, but it would also break
> compatibility with a client that intentionally ask for multiple leases.
> A client is allowed to do so according to RFC. Maby the `honor
> assignment based on MAC address` patch need's an iteration that adds a
> configuration flag enabling the behaviour + doc update that clarifies
> the behaviour is breaking RFC complience?

Assignment based on MAC address is useless and does not work without my
patch which honors this option. Basically currently whole option for
assigning IPv6 based on MAC address is broken and dnsmasq does not
respect this option.

I have no problem with updating documentation or patch itself, but I
have not got any comment for whole year that something is wrong in that
patch or that documentation needs to be updated.

-- 
Pali Rohár
pali.ro...@gmail.com


signature.asc
Description: PGP signature
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 - Multiple reservations for single host

[Simon Kelley]

On 23/12/2019 11:24, Harald Jensas wrote:
> Hi,
> 
> The patch below is a slight alteration to a possible solution
> discussed in 
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/011289.html.
> 
> My approach here does not require making dhcp-host conditional on a
> tag. However, making dhcp-host conditional on a tag would be a nice
> addition that could be introduced as a follow up to this to have a
> match on the tag of the final OS to keep the provisioned system
> consistently configured with a specific address can be very handy. For
> the Openstack use-case I am working in, this however is'nt necessary.
> 
> I have confirmed that the patch below together with a small change in
> Openstack Ironic (see: https://review.opendev.org/72) solved the
> long standing issue when doing network booting and node provisioning
> in combination with static only dhcp configuration.
> 
> We are looking forward to comments and feedback regarding this approach.
> 
> Thank you!
> 

If I've understood correctly, this looks like it might be a viable
solution. Question: how many addresses do you configure for each host,
and is this fragile if the boot process changes, for instance to add new
steps? Could we add new syntax to dhcp-host which allows it to configure
a range of addresses, rather than having a number of dhcp-host entries
for each stage of the boot process? That would be a bigger change, but
might be a neater solution?

I guess that the final adddress that the host ends up with depends on
the number of addresses allocated by other parts of the boot process,
but as the DNS entry ends up pointing to that final address (does it? -
need to check this) that's not a problem.

Simon.




Simon.





___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] IPv6 configuration for Android clients

[Geert Stappers]

On Tue, Jan 07, 2020 at 01:42:45PM +0100, Michal Zatloukal wrote:
> On Tue, 7 Jan 2020 at 11:43, Geert Stappers wrote:
> > On 07-01-2020 03:52, Juha Heinanen wrote:
> > > In order to support IPv6 address allocation to Android clients I have
> > > tried to extend default Debian NetworkManager Wifi hotspot dnsmasq
> > > configuration:
> > >
> > > 18240 ?S  0:00 /usr/sbin/dnsmasq --conf-file=/dev/null 
> > > --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo 
> > > --clear-on-reload --strict-order --listen-address=10.42.0.1 
> > > --dhcp-range=10.42.0.10,10.42.0.254,60m --dhcp-lease-max=50 
> > > --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-wlp1s0.leases 
> > > --pid-file=/run/nm-dnsmasq-wlp1s0.pid 
> > > --conf-dir=/etc/NetworkManager/dnsmasq-shared.d
> > >
> > > with file local.conf in /etc/NetworkManager/dnsmasq-shared.d:
> > >
> > > enable-ra
> > > dhcp-range=::,constructor:wlp1s0,ra-names,slaac,infinite
> > > dhcp-authoritative
> > > log-dhcp
> > >
> > > Interface wlps1s0 has these addresses:
> > >
> > > wlp1s0: flags=4163  mtu 1500
> > > inet 10.42.0.1  netmask 255.255.255.0  broadcast 10.42.0.255
> > > inet6 fe80::14c0:c516:36cb:8b44  prefixlen 64  scopeid 0x20
> > > inet6 2001:db8:0:1::1  prefixlen 64  scopeid 0x0
> >
> > That seems to be output of `ifconfig wlp1s0`.
> >
> > Advice:   use  `ip address show dev wlp1s0` or shorthand `ip a sh dev
> > wlp1s0`.  Because `ifconfig` is not in pace with kernel development,
> > `ip` is.
> >
> > >
> > > When I start dnsmasq, I get to syslog:
> > >
> > > Jan  7 04:46:10 char NetworkManager[18816]:   [1578365170.5750] 
> > > dnsmasq-manager: starting dnsmasq...
> > > Jan  7 04:46:10 char dnsmasq[18847]: started, version 2.80 cachesize 150
> > > Jan  7 04:46:10 char dnsmasq[18847]: compile time options: IPv6 
> > > GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth 
> > > DNSSEC loop-detect inotify dumpfile
> > > Jan  7 04:46:10 char dnsmasq[18847]: chown of PID file 
> > > /run/nm-dnsmasq-wlp1s0.pid failed: Operation not permitted
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCP, IP range 10.42.0.10 -- 
> > > 10.42.0.254, lease time 1h
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 
> > > wlp1s0
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on wlp1s0
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 
> > > 2001:db8:0:1::, constructed for wlp1s0
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> > > 2001:db8:0:1::, constructed for wlp1s0
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: IPv6 router advertisement 
> > > enabled
> > > Jan  7 04:46:10 char dnsmasq[18847]: no servers found in 
> > > /etc/resolv.conf, will retry
> > > Jan  7 04:46:10 char dnsmasq[18847]: cleared cache
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> > > 2001:db8:0:1::, old prefix for wlp1s0
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 
> > > 2001:db8:0:1::, constructed for wlp1s0
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> > > 2001:db8:0:1::, constructed for wlp1s0
> > > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> > > 2001:db8:0:1::, old prefix for wlp1s0
> > >
> > > When I connect my Android device to this hotspot, I get to syslog:
> > >
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 available DHCP 
> > > range: 10.42.0.10 -- 10.42.0.254
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 vendor class: 
> > > android-dhcp-9
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPDISCOVER(wlp1s0) 
> > > a8:3e:0e:ab:65:dd
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 tags: wlp1s0
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPOFFER(wlp1s0) 
> > > 10.42.0.214 a8:3e:0e:ab:65:dd
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 
> > > 1:netmask, 3:router, 6:dns-server, 15:domain-name,
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 
> > > 26:mtu, 28:broadcast, 51:lease-time, 58:T1,
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 
> > > 59:T2, 43:vendor-encap
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 next server: 
> > > 10.42.0.1
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  1 
> > > option: 53 message-type  2
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 
> > > option: 54 server-identifier  10.42.0.1
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 
> > > option: 51 lease-time  1h
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 
> > > option: 58 T1  30m
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 
> > > option: 59 T2  52m30s
> > > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 
> > > 

Re: [Dnsmasq-discuss] IPv6 configuration for Android clients

[Simon Kelley]

On 07/01/2020 02:52, Juha Heinanen wrote:

> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> 2001:db8:0:1::, old prefix for wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 
> 2001:db8:0:1::, constructed for wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> 2001:db8:0:1::, constructed for wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> 2001:db8:0:1::, old prefix for wlp1s0

^^^

I'll take a guess the the preferred lifetime for that address on the
interface is zero. As Geert suggests, use "ip" not "ifconfig" to get the
interface information: it will tell you such things.


Simon.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Struggling with multiple nameservers

[Harry Moyes]

I now have a functional set up. Exactly what was the issue with the 
pihole derivative of dnsmasq, is still not not entirely clear.


I suspect that the compiled in options used in the pihole derivative 
differ from the set compiled into the Debian/raspbian version of 
dnsmasq, that I matched when I compiled the version of dnsmasq2.80.


dnsmasq very usefully reports the compiled in options with the -v flag.

The pihole derivative has lost that rather useful feature, so exactly 
what options it has been complied with is hard to tell.


The config we have eventually arrived at gives correct behaviour for 
both versions of dnsmasq and the pihole derivative.


However what is also clear is that the issue was not related to dnsmasq 
in any way, so sorry for disturbing the list.


Harry

On 01/01/2020 21:54, Harry Moyes wrote:



On 01/01/2020 16:30, Geert Stappers wrote:

On Wed, Jan 01, 2020 at 03:36:33PM +, Harry Moyes wrote:
I have a Raspberry Pi configured with two dummy interfaces in 
addition to

the default Ethernet interface.

I have a workable configuration on the pi with unbound and NSD on the 
two

virtual interfaces, and dnsmasq on the Ethernet and loopback interfaces.

Workable that is with this package loaded. (present default raspbian 
default

install)

dnsmasq/stable,now2.76-5+rpt1+deb9u1 all[installed] dnsmasq-
base/stable,now2.76-5+rpt1+deb9u1 armhf [installed,automatic]

and this config fragment:

Why only a fragment?


Brevity ?

netadmin@namepi:/etc/dnsmasq.d $ ls
01-pihole.conf  02-pihole.conf  README
netadmin@namepi:

This config is the standard config installed by pihole-FTL

netadmin@namepi:/etc/dnsmasq.d $ cat 01-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

### 

#  FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. 
  #
# ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT 
UPDATE #

#  #
#    IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:  #
#  /etc/pihole/setupVars.conf  #
#  #
#    ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE  #
#    WITHIN /etc/dnsmasq.d/yourname.conf  #
### 



addn-hosts=/etc/pihole/gravity.list
addn-hosts=/etc/pihole/black.list
addn-hosts=/etc/pihole/local.list


localise-queries


no-resolv



cache-size=1

log-queries
log-facility=/var/log/pihole.log
local-ttl=2
log-async
netadmin@namepi:

netadmin@namepi:/etc/dnsmasq.d $ cat 02-pihole.conf
# Pi-hole: A black hole for Internet advertisements
# (c) 2017 Pi-hole, LLC (https://pi-hole.net)
# Network-wide ad blocking via your own hardware.
#
# Dnsmasq config for Pi-hole's FTLDNS
#
# This file is copyright under the latest version of the EUPL.
# Please see LICENSE file for your rights under this license.

### 


#    This file contains additional directives for pihole-FTL  #
# to integrate with the unbound and NSD nameservers also active on this 
Pi    #

#  #
#    IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:  #
#  /etc/pihole/setupVars.conf  #
### 



bind-interfaces
listen-address=172.25.25.146
listen-address=127.0.0.1
server=192.168.55.9
no-dhcp-interface=eth0
no-dhcp-interface=dummy0
no-dhcp-interface=dummy1
netadmin@namepi:


This config works with the standard raspbian package.

netadmin@namepi:/etc/dnsmasq.d $ dnsmasq -v
Dnsmasq version 2.76  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua 
TFTP conntrack ipset auth DNSSEC loop-detect inotify


This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.
netadmin@namepi:/etc/dnsmasq.d $

It allows three nameservers to co-exist in the same Pi on three separate
interfaces. Nameserving functions correctly.


My problem is that pihole-FTL does not work with this configuration.
even though the interface and port are free, it errors out and refuses 
to bind. In effect it's ignoring the bind-interfaces directive, trying 
to bind port 53 on all interfaces, and erroring out, even though the

interface and port it is assigned to is available.

I'm trying to establish if this change in behaviour has occurred in 
mainline dnsmasq, or in the pihole-FTL fork.



bind-interfaces
listen-address=172.25.25.146

} 

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 - Multiple reservations for single host

[Harald Jensås]

On Tue, 2020-01-07 at 10:51 +0100, Pali Rohár wrote:
> Hi Harald! What are differences between your patch and mine which
> adds
> support for it too (plus honor assignment based on MAC address)?
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q4/013545.html
> 

My patch allow creating multiple IPv6 address reservations for the same
host (MAC address), your patch allow a single IPv6 address to be
reserved for multiple MAC addresses?

Also, Your patch allow dnsmasq to abandon a lease if a new request
using the same MAC address but a different IAID comes. My patch instead
makes it possible to configure multiple IPv6 addresses for a single MAC
address. The first request matching MAC will get leased to that
CLID/IAID combo. Another request from the same MAC using a different
CLID/IAID combo get's a lease using the second reservation, and so on.
No lease is abandoned before either the client does a release or the
lease_time is reached without the client renewing.

I came up with this approach after realizing Simon already expressed
that the approach of allowing the server to abandon a lease is a bad
idea. Quoting Simon from [1]:

""" Allowing the IDs to change is a bad idea,
since in DHCPv6 they are the only thing
that identifies a client. If you lease an
address to a CLID/IAID combo, then you
can't lease it to another CLID/IAID until
that lease has expired. """


As I understand the RFC's your approach of allowing a lease to be
abandoned is not allowed. Personally and practically I like the `honor
assignment based on MAC address` patch, but it would also break
compatibility with a client that intentionally ask for multiple leases.
A client is allowed to do so according to RFC. Maby the `honor
assignment based on MAC address` patch need's an iteration that adds a
configuration flag enabling the behaviour + doc update that clarifies
the behaviour is breaking RFC complience?


--
Harald

[1] 
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/011289.html


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] IPv6 configuration for Android clients

[Michal Zatloukal]

Last time I checked, Android doesn't do DHCP6 (at all, even if
instructed with M/O bits in RA).

Either way, IMHO you should first be looking for RTR-SOLICIT and
RTR-ADVERT log messages. The solicitation and advertisement packets
themselves should be relatively easy to find in a pcap capture with
"icmp6" filter. If you don't get anything in pcap (captured at the
dnsmasq end) while toggling WiFi on the android device on and off,
then something is blocking/breaking multicast.

MZ

On Tue, 7 Jan 2020 at 11:43, Geert Stappers
 wrote:
>
>
> On 07-01-2020 03:52, Juha Heinanen wrote:
> > In order to support IPv6 address allocation to Android clients I have
> > tried to extend default Debian NetworkManager Wifi hotspot dnsmasq
> > configuration:
> >
> > 18240 ?S  0:00 /usr/sbin/dnsmasq --conf-file=/dev/null 
> > --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo 
> > --clear-on-reload --strict-order --listen-address=10.42.0.1 
> > --dhcp-range=10.42.0.10,10.42.0.254,60m --dhcp-lease-max=50 
> > --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-wlp1s0.leases 
> > --pid-file=/run/nm-dnsmasq-wlp1s0.pid 
> > --conf-dir=/etc/NetworkManager/dnsmasq-shared.d
> >
> > with file local.conf in /etc/NetworkManager/dnsmasq-shared.d:
> >
> > enable-ra
> > dhcp-range=::,constructor:wlp1s0,ra-names,slaac,infinite
> > dhcp-authoritative
> > log-dhcp
> >
> > Interface wlps1s0 has these addresses:
> >
> > wlp1s0: flags=4163  mtu 1500
> > inet 10.42.0.1  netmask 255.255.255.0  broadcast 10.42.0.255
> > inet6 fe80::14c0:c516:36cb:8b44  prefixlen 64  scopeid 0x20
> > inet6 2001:db8:0:1::1  prefixlen 64  scopeid 0x0
>
> That seems to be output of `ifconfig wlp1s0`.
>
> Advice:   use  `ip address show dev wlp1s0` or shorthand `ip a sh dev
> wlp1s0`.  Because `ifconfig` is not in pace with kernel development,
> `ip` is.
>
> >
> > When I start dnsmasq, I get to syslog:
> >
> > Jan  7 04:46:10 char NetworkManager[18816]:   [1578365170.5750] 
> > dnsmasq-manager: starting dnsmasq...
> > Jan  7 04:46:10 char dnsmasq[18847]: started, version 2.80 cachesize 150
> > Jan  7 04:46:10 char dnsmasq[18847]: compile time options: IPv6 GNU-getopt 
> > DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC 
> > loop-detect inotify dumpfile
> > Jan  7 04:46:10 char dnsmasq[18847]: chown of PID file 
> > /run/nm-dnsmasq-wlp1s0.pid failed: Operation not permitted
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCP, IP range 10.42.0.10 -- 
> > 10.42.0.254, lease time 1h
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 
> > wlp1s0
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on wlp1s0
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 
> > 2001:db8:0:1::, constructed for wlp1s0
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> > 2001:db8:0:1::, constructed for wlp1s0
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: IPv6 router advertisement enabled
> > Jan  7 04:46:10 char dnsmasq[18847]: no servers found in /etc/resolv.conf, 
> > will retry
> > Jan  7 04:46:10 char dnsmasq[18847]: cleared cache
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> > 2001:db8:0:1::, old prefix for wlp1s0
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 
> > 2001:db8:0:1::, constructed for wlp1s0
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> > 2001:db8:0:1::, constructed for wlp1s0
> > Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> > 2001:db8:0:1::, old prefix for wlp1s0
> >
> > When I connect my Android device to this hotspot, I get to syslog:
> >
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 available DHCP range: 
> > 10.42.0.10 -- 10.42.0.254
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 vendor class: 
> > android-dhcp-9
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPDISCOVER(wlp1s0) 
> > a8:3e:0e:ab:65:dd
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 tags: wlp1s0
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPOFFER(wlp1s0) 
> > 10.42.0.214 a8:3e:0e:ab:65:dd
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 
> > 1:netmask, 3:router, 6:dns-server, 15:domain-name,
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 
> > 26:mtu, 28:broadcast, 51:lease-time, 58:T1,
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 
> > 59:T2, 43:vendor-encap
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 next server: 10.42.0.1
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  1 option: 
> > 53 message-type  2
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option: 
> > 54 server-identifier  10.42.0.1
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option: 
> > 51 lease-time  1h
> > Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 - Multiple reservations for single host

[Pali Rohár]

Hi Harald! What are differences between your patch and mine which adds
support for it too (plus honor assignment based on MAC address)?
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q4/013545.html

On Tuesday 07 January 2020 10:01:59 Harald Jensås wrote:
> Reposting this, as it seems my e-mail client mangled the patch by
> inserting line-breaks etc.
> 
> On Mon, 2019-12-23 at 12:24 +0100, Harald Jensas wrote:
> > Hi,
> > 
> > The patch below is a slight alteration to a possible solution
> > discussed in 
> > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/011289.html
> > .
> > 
> > My approach here does not require making dhcp-host conditional on a
> > tag. However, making dhcp-host conditional on a tag would be a nice
> > addition that could be introduced as a follow up to this to have a
> > match on the tag of the final OS to keep the provisioned system
> > consistently configured with a specific address can be very handy.
> > For
> > the Openstack use-case I am working in, this however is'nt necessary.
> > 
> > I have confirmed that the patch below together with a small change in
> > Openstack Ironic (see: https://review.opendev.org/72) solved the
> > long standing issue when doing network booting and node provisioning
> > in combination with static only dhcp configuration.
> > 
> > We are looking forward to comments and feedback regarding this
> > approach.
> > 
> > Thank you!
> > 
> > Regards
> > Harald Jensås
> > 
> 
> From 8b238dcf99dcf3332ec1c76fbb5af283db65a637 Mon Sep 17 00:00:00 2001
> From: Harald Jensås 
> Date: Wed, 18 Dec 2019 23:59:11 +0100
> Subject: [PATCH] DHCPv6 - Multiple reservations for single host
> 
> This change adds support for multiple dhcpv6 host
> reservations. The same clid or hwaddr can be used in
> multiple --dhcp-host entries.
> 
> When receiving a request and a config containing an ip
> address is found, a test is done to see if the address is
> already leased to a different CLID/IAID. In case the ip
> address in the config was already used, skip_entry is
> incremented and find_config() is re-executed. find_config()
> will now skip the first config it finds, and continue
> looking for another config entry to return. This repeats
> until all possible config entries has been exhausted.
> 
> Using multiple reservations for a single host makes it
> possible to maintain a static leases only configuration
> which support network booting systems with UEFI firmware
> that request a new address (a new SOLICIT with a new IA_NA
> option using a new IAID) for different boot modes, for
> instance 'PXE over IPv6', and HTTP-Boot over IPv6. Open
> Virtual Machine Firmware (OVMF) and most UEFI firmware
> build on the EDK2 code base exhibit this behaviour.
> 
> RFC 8415 which updates RFC 3315 describes a single client
> request multiple IA's of any kind. These clients do this,
> using a new SOLICIT to request each IA. The clients could
> pack all IA's in one SOLICIT, but doing it individually as
> the above mentioned implementations do should not be a
> problem.
> ---
>  src/dhcp-common.c | 19 ---
>  src/dnsmasq.h |  3 ++-
>  src/lease.c   |  2 +-
>  src/rfc2131.c |  6 +++---
>  src/rfc3315.c | 29 +++--
>  5 files changed, 45 insertions(+), 14 deletions(-)
> 
> diff --git a/src/dhcp-common.c b/src/dhcp-common.c
> index 602873e..5e770de 100644
> --- a/src/dhcp-common.c
> +++ b/src/dhcp-common.c
> @@ -299,7 +299,8 @@ struct dhcp_config *find_config(struct dhcp_config 
> *configs,
>   struct dhcp_context *context,
>   unsigned char *clid, int clid_len,
>   unsigned char *hwaddr, int hw_len, 
> - int hw_type, char *hostname)
> + int hw_type, char *hostname,
> + int skip_entries)
>  {
>int count, new;
>struct dhcp_config *config, *candidate; 
> @@ -312,15 +313,23 @@ struct dhcp_config *find_config(struct dhcp_config 
> *configs,
> if (config->clid_len == clid_len && 
> memcmp(config->clid, clid, clid_len) == 0 &&
> is_config_in_context(context, config))
> +   {
> + if (--skip_entries > 0)
> +   continue;
>   return config;
> -   
> +   }
> +
> /* dhcpcd prefixes ASCII client IDs by zero which is wrong, but we 
> try and
>cope with that here. This is IPv4 only. context==NULL implies 
> IPv4, 
>see lease_update_from_configs() */
> if ((!context || !(context->flags & CONTEXT_V6)) && *clid == 0 && 
> config->clid_len == clid_len-1  &&
> memcmp(config->clid, clid+1, clid_len-1) == 0 &&
> is_config_in_context(context, config))
> +   {
> + if (--skip_entries > 0)
> +   continue;
>   return config;
> +   }
>   }
>
>  
> @@ -328,7 +337,11 @@ struct dhcp_config 

Re: [Dnsmasq-discuss] IPv6 configuration for Android clients

[Geert Stappers]

On 07-01-2020 03:52, Juha Heinanen wrote:
> In order to support IPv6 address allocation to Android clients I have
> tried to extend default Debian NetworkManager Wifi hotspot dnsmasq
> configuration:
>
> 18240 ?S  0:00 /usr/sbin/dnsmasq --conf-file=/dev/null --no-hosts 
> --keep-in-foreground --bind-interfaces --except-interface=lo 
> --clear-on-reload --strict-order --listen-address=10.42.0.1 
> --dhcp-range=10.42.0.10,10.42.0.254,60m --dhcp-lease-max=50 
> --dhcp-leasefile=/var/lib/NetworkManager/dnsmasq-wlp1s0.leases 
> --pid-file=/run/nm-dnsmasq-wlp1s0.pid 
> --conf-dir=/etc/NetworkManager/dnsmasq-shared.d
>
> with file local.conf in /etc/NetworkManager/dnsmasq-shared.d:
>
> enable-ra
> dhcp-range=::,constructor:wlp1s0,ra-names,slaac,infinite
> dhcp-authoritative
> log-dhcp
>
> Interface wlps1s0 has these addresses:
>
> wlp1s0: flags=4163  mtu 1500
> inet 10.42.0.1  netmask 255.255.255.0  broadcast 10.42.0.255
> inet6 fe80::14c0:c516:36cb:8b44  prefixlen 64  scopeid 0x20
> inet6 2001:db8:0:1::1  prefixlen 64  scopeid 0x0

That seems to be output of `ifconfig wlp1s0`.

Advice:   use  `ip address show dev wlp1s0` or shorthand `ip a sh dev
wlp1s0`.  Because `ifconfig` is not in pace with kernel development,
`ip` is.

>
> When I start dnsmasq, I get to syslog:
>
> Jan  7 04:46:10 char NetworkManager[18816]:   [1578365170.5750] 
> dnsmasq-manager: starting dnsmasq...
> Jan  7 04:46:10 char dnsmasq[18847]: started, version 2.80 cachesize 150
> Jan  7 04:46:10 char dnsmasq[18847]: compile time options: IPv6 GNU-getopt 
> DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect 
> inotify dumpfile
> Jan  7 04:46:10 char dnsmasq[18847]: chown of PID file 
> /run/nm-dnsmasq-wlp1s0.pid failed: Operation not permitted
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCP, IP range 10.42.0.10 -- 
> 10.42.0.254, lease time 1h
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 
> 2001:db8:0:1::, constructed for wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> 2001:db8:0:1::, constructed for wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: IPv6 router advertisement enabled
> Jan  7 04:46:10 char dnsmasq[18847]: no servers found in /etc/resolv.conf, 
> will retry
> Jan  7 04:46:10 char dnsmasq[18847]: cleared cache
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> 2001:db8:0:1::, old prefix for wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: DHCPv4-derived IPv6 names on 
> 2001:db8:0:1::, constructed for wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> 2001:db8:0:1::, constructed for wlp1s0
> Jan  7 04:46:10 char dnsmasq-dhcp[18847]: router advertisement on 
> 2001:db8:0:1::, old prefix for wlp1s0
>
> When I connect my Android device to this hotspot, I get to syslog:
>
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 available DHCP range: 
> 10.42.0.10 -- 10.42.0.254
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 vendor class: 
> android-dhcp-9
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPDISCOVER(wlp1s0) 
> a8:3e:0e:ab:65:dd 
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 tags: wlp1s0
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 DHCPOFFER(wlp1s0) 
> 10.42.0.214 a8:3e:0e:ab:65:dd 
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 
> 1:netmask, 3:router, 6:dns-server, 15:domain-name, 
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 
> 26:mtu, 28:broadcast, 51:lease-time, 58:T1, 
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 requested options: 
> 59:T2, 43:vendor-encap
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 next server: 10.42.0.1
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  1 option: 53 
> message-type  2
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option: 54 
> server-identifier  10.42.0.1
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option: 51 
> lease-time  1h
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option: 58 
> T1  30m
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option: 59 
> T2  52m30s
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option:  1 
> netmask  255.255.255.0
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option: 28 
> broadcast  10.42.0.255
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option:  3 
> router  10.42.0.1
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 sent size:  4 option:  6 
> dns-server  10.42.0.1
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 available DHCP range: 
> 10.42.0.10 -- 10.42.0.254
> Jan  7 04:51:11 char dnsmasq-dhcp[18847]: 4061430237 vendor 

Re: [Dnsmasq-discuss] [PATCH] DHCPv6 - Multiple reservations for single host

[Harald Jensås]

Reposting this, as it seems my e-mail client mangled the patch by
inserting line-breaks etc.

On Mon, 2019-12-23 at 12:24 +0100, Harald Jensas wrote:
> Hi,
> 
> The patch below is a slight alteration to a possible solution
> discussed in 
> http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/011289.html
> .
> 
> My approach here does not require making dhcp-host conditional on a
> tag. However, making dhcp-host conditional on a tag would be a nice
> addition that could be introduced as a follow up to this to have a
> match on the tag of the final OS to keep the provisioned system
> consistently configured with a specific address can be very handy.
> For
> the Openstack use-case I am working in, this however is'nt necessary.
> 
> I have confirmed that the patch below together with a small change in
> Openstack Ironic (see: https://review.opendev.org/72) solved the
> long standing issue when doing network booting and node provisioning
> in combination with static only dhcp configuration.
> 
> We are looking forward to comments and feedback regarding this
> approach.
> 
> Thank you!
> 
> Regards
> Harald Jensås
> 

From 8b238dcf99dcf3332ec1c76fbb5af283db65a637 Mon Sep 17 00:00:00 2001
From: Harald Jensås 
Date: Wed, 18 Dec 2019 23:59:11 +0100
Subject: [PATCH] DHCPv6 - Multiple reservations for single host

This change adds support for multiple dhcpv6 host
reservations. The same clid or hwaddr can be used in
multiple --dhcp-host entries.

When receiving a request and a config containing an ip
address is found, a test is done to see if the address is
already leased to a different CLID/IAID. In case the ip
address in the config was already used, skip_entry is
incremented and find_config() is re-executed. find_config()
will now skip the first config it finds, and continue
looking for another config entry to return. This repeats
until all possible config entries has been exhausted.

Using multiple reservations for a single host makes it
possible to maintain a static leases only configuration
which support network booting systems with UEFI firmware
that request a new address (a new SOLICIT with a new IA_NA
option using a new IAID) for different boot modes, for
instance 'PXE over IPv6', and HTTP-Boot over IPv6. Open
Virtual Machine Firmware (OVMF) and most UEFI firmware
build on the EDK2 code base exhibit this behaviour.

RFC 8415 which updates RFC 3315 describes a single client
request multiple IA's of any kind. These clients do this,
using a new SOLICIT to request each IA. The clients could
pack all IA's in one SOLICIT, but doing it individually as
the above mentioned implementations do should not be a
problem.
---
 src/dhcp-common.c | 19 ---
 src/dnsmasq.h |  3 ++-
 src/lease.c   |  2 +-
 src/rfc2131.c |  6 +++---
 src/rfc3315.c | 29 +++--
 5 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/src/dhcp-common.c b/src/dhcp-common.c
index 602873e..5e770de 100644
--- a/src/dhcp-common.c
+++ b/src/dhcp-common.c
@@ -299,7 +299,8 @@ struct dhcp_config *find_config(struct dhcp_config *configs,
struct dhcp_context *context,
unsigned char *clid, int clid_len,
unsigned char *hwaddr, int hw_len, 
-   int hw_type, char *hostname)
+   int hw_type, char *hostname,
+   int skip_entries)
 {
   int count, new;
   struct dhcp_config *config, *candidate; 
@@ -312,15 +313,23 @@ struct dhcp_config *find_config(struct dhcp_config 
*configs,
  if (config->clid_len == clid_len && 
  memcmp(config->clid, clid, clid_len) == 0 &&
  is_config_in_context(context, config))
+ {
+   if (--skip_entries > 0)
+ continue;
return config;
- 
+ }
+
  /* dhcpcd prefixes ASCII client IDs by zero which is wrong, but we 
try and
 cope with that here. This is IPv4 only. context==NULL implies 
IPv4, 
 see lease_update_from_configs() */
  if ((!context || !(context->flags & CONTEXT_V6)) && *clid == 0 && 
config->clid_len == clid_len-1  &&
  memcmp(config->clid, clid+1, clid_len-1) == 0 &&
  is_config_in_context(context, config))
+ {
+   if (--skip_entries > 0)
+ continue;
return config;
+ }
}
   
 
@@ -328,7 +337,11 @@ struct dhcp_config *find_config(struct dhcp_config 
*configs,
 for (config = configs; config; config = config->next)
   if (config_has_mac(config, hwaddr, hw_len, hw_type) &&
  is_config_in_context(context, config))
-   return config;
+  {
+if (--skip_entries > 0)
+  continue;
+return config;
+  }
   
   if (hostname && context)
 for (config = configs; config; config = config->next)
diff --git a/src/dnsmasq.h b/src/dnsmasq.h