Add "known-othernet" DHCP tag.

b2a9c571 · Simon Kelley · efff74c1 · b2a9c571 · b2a9c571 · b2a9c571
Commit b2a9c571 authored Apr 30, 2017 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 1 deletion

CHANGELOG CHANGELOG +5 -0

man/dnsmasq.8 man/dnsmasq.8 +2 -0

src/rfc2131.c src/rfc2131.c +7 -0

src/rfc3315.c src/rfc3315.c +8 -1

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -110,6 +110,11 @@ version 2.77
 	    an address in configured locally. Thanks to Alin Năstac
 	    for spotting the problem.

+	    Add new DHCP tag "known-othernet" which is set when only a
+	    dhcp-host exists for another subnet. Can be used to ensure
+	    that privileged hosts are not given "guest" addresses by
+	    accident. Thanks to Todd Sanket for the suggestion.
+

 version 2.76
            Include 0.0.0.0/8 in DNS rebind checks. This range 

--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -1021,6 +1021,8 @@ dhcp-host directive (or one implied by /etc/ethers) then the special
 tag "known" is set. This allows dnsmasq to be configured to
 ignore requests from unknown machines using
 .B --dhcp-ignore=tag:!known
+If the host matches only a dhcp-host directive which cannot
+be used because it specifies an address on different subnet, the tag "known-othernet" is set.
 Ethernet addresses (but not client-ids) may have
 wildcard bytes, so for example 
 .B --dhcp-host=00:20:e0:3b:13:*,ignore 

--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -487,6 +487,13 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
      known_id.next = netid;
      netid = &known_id;
    }
+  else if (find_config(daemon->dhcp_conf, NULL, clid, clid_len, 
+		       mess->chaddr, mess->hlen, mess->htype, NULL))
+    {
+      known_id.net = "known-othernet";
+      known_id.next = netid;
+      netid = &known_id;
+    }
  
  if (mess_type == 0 && !pxe)
    {

--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -526,7 +526,14 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_
      if (have_config(config, CONFIG_DISABLE))
 	ignore = 1;
    }
-
+  else if (state->clid &&
+	   find_config(daemon->dhcp_conf, NULL, state->clid, state->clid_len, state->mac, state->mac_len, state->mac_type, NULL))
+    {
+      known_id.net = "known-othernet";
+      known_id.next = state->tags;
+      state->tags = &known_id;
+    }
+  
 #ifdef OPTION6_PREFIX_CLASS
  /* OPTION_PREFIX_CLASS in ORO, send addresses in all prefix classes */
  if (daemon->prefix_classes && (msg_type == DHCP6SOLICIT || msg_type == DHCP6REQUEST))