Send dhcp-users mailing list submissions to
[email protected]
Advertising
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. All the IP address from the DHCP leases (shankha)
2. Multiple chrooted dhcp servers for vlans on Linux?
([email protected])
3. RE: Multiple chrooted dhcp servers for vlans on Linux?
(Cuttler, Brian (HEALTH))
4. Match on suboption of option 43 vendor-encapsulated-options
(Bob Harold)
5. Re: Multiple chrooted dhcp servers for vlans on Linux?
(Chuck Anderson)
----------------------------------------------------------------------
Message: 1
Date: Fri, 26 Feb 2016 10:28:17 -0500
From: shankha <[email protected]>
To: [email protected]
Subject: All the IP address from the DHCP leases
Message-ID:
<cao_l6qgg7d3iq6+xodb9kheq2fborik_ztmff+pnshjqu+4...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Hi,
I was trying to program DHCP leases and going through the dhcpctl API's
Is there a way I can get a list of all the leases (or the IP address)
from the dhcp server.
I do not know the IP address before hand.
Thanks
------------------------------
Message: 2
Date: Fri, 26 Feb 2016 10:51:41 -0800
From: <[email protected]>
To: <[email protected]>
Subject: Multiple chrooted dhcp servers for vlans on Linux?
Message-ID: <0c5d01d170c6$baf35600$30da0200$@com>
Content-Type: text/plain; charset="us-ascii"
The goal is to have multiple chrooted dhcpd processes, one for each of four
vlans, such that a compromise of a more public one won't affect a more
private one.
Server version is isc-dhcpd-4.3.3-P1 and Linux is a recent install of
Debian.
I've got them all running but looking at dhcpd processes in netstat I don't
think it'll actually work in practice.
Even though each one is specified to a particular vlan interface they all
appear to be listening to 0.0.0.0 and I see nothing visible differentiating
them.
Are they really all listing on every vlan, and does that mean incoming
requests over one vlan will be handled by whatever server happens to grab
the request (3 out of 4 chance it's the wrong one)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20160226/95815f5f/attachment-0001.html>
------------------------------
Message: 3
Date: Fri, 26 Feb 2016 19:00:55 +0000
From: "Cuttler, Brian (HEALTH)" <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: RE: Multiple chrooted dhcp servers for vlans on Linux?
Message-ID:
<dm2pr09mb031808f6dc1aa174d7c430e4ba...@dm2pr09mb0318.namprd09.prod.outlook.com>
Content-Type: text/plain; charset="us-ascii"
Don't you want to use virtual network interfaces, bind each dhcp to one of
those and use different helper addresses for each vlan/network range?
From: [email protected]
[mailto:[email protected]] On Behalf Of [email protected]
Sent: Friday, February 26, 2016 1:52 PM
To: [email protected]
Subject: Multiple chrooted dhcp servers for vlans on Linux?
The goal is to have multiple chrooted dhcpd processes, one for each of four
vlans, such that a compromise of a more public one won't affect a more private
one.
Server version is isc-dhcpd-4.3.3-P1 and Linux is a recent install of Debian.
I've got them all running but looking at dhcpd processes in netstat I don't
think it'll actually work in practice.
Even though each one is specified to a particular vlan interface they all
appear to be listening to 0.0.0.0 and I see nothing visible differentiating
them.
Are they really all listing on every vlan, and does that mean incoming requests
over one vlan will be handled by whatever server happens to grab the request (3
out of 4 chance it's the wrong one)?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20160226/a6214995/attachment-0001.html>
------------------------------
Message: 4
Date: Fri, 26 Feb 2016 14:31:49 -0500
From: Bob Harold <[email protected]>
To: Users of ISC DHCP <[email protected]>
Subject: Match on suboption of option 43 vendor-encapsulated-options
Message-ID:
<ca+nkc8dwe3rd-hga5br8zzukbsaa30w+jqkmkwnxb+pb7qv...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
I have Cisco cable modems and will soon deploy another vendor's modem that
needs a different set of options, but both use the same
vendor-class-identifier "docsis3.0:", so I want to match on the
"vendor-name" which is suboption 10 in option 43
vendor-encapsulated-options. To start, I am trying to get DHCP to log the
value, but I am failing somewhere.
Wireshark shows that the REQUEST packet includes:
Option: (43) Vendor-Specific Information (CableLabs)
Length: 103
...
Option 43 Suboption: (10) Vendor Name
Length: 5
Vendor Name: Cisco
I have put this in dhcpd.conf:
log (info, concat( "extra logging vendorID=", pick-first-value( option
vendor-class-identifier, "no-vendor-class-id" ) ) );
set vendor-string = option vendor-class-identifier;
option space docsis;
option docsis.vendor-name code 10 = text;
class "docsis" {
match if option vendor-class-identifier = "docsis3.0:";
vendor-option-space docsis;
log (info, concat( "extra logging vendor-name=", pick-first-value( option
docsis.vendor-name, "no-vendor-name" ) ) );
log (info, concat( "extra vendor-encapsulated-options ", pick-first-value(
binary-to-ascii( 16, 8, ":", vendor-encapsulated-options ), "no-vend-opt" )
) );
log (info, concat( "extra vivso ", pick-first-value( binary-to-ascii( 16,
8, ":", vivso), "no-vivso" ) ) );
}
class "cisco" {
match if ( ( substring(hardware,1,3) = 08:80:39 ) or
( substring(hardware,1,3) = 10:5f:49 ) or
( substring(hardware,1,3) = 34:bd:fa ) or
( substring(hardware,1,3) = 54:d4:6f ) or
( substring(hardware,1,3) = 68:ee:96 ) or
( substring(hardware,1,3) = e4:48:c7) );
log (info, "extra class cisco" );
}
But I get this in the log file:
Feb 26 14:13:08 adonis12 dhcpd: extra class cisco
Feb 26 14:13:08 adonis12 dhcpd: extra logging vendor-name=no-vendor-name
Feb 26 14:13:08 adonis12 dhcpd: extra vendor-encapsulated-options
no-vend-opt
Feb 26 14:13:08 adonis12 dhcpd: extra vivso no-vivso
Feb 26 14:13:08 adonis12 dhcpd: DHCPREQUEST for 10.213.139.100 from
54:d4:6f:d0:28:2e via 10.213.139.97
Feb 26 14:13:08 adonis12 dhcpd: DHCPACK on 10.213.139.100 to
54:d4:6f:d0:28:2e via 10.213.139.97
Is there something wrong in my log syntax?
Is there any way to turn up DHCP debugging to the point where it tells me
all the fields that it reads from each packet?
Has anyone else matched or logged a suboption of option 43?
I would be glad to post more of the gory details, just let me know what you
want to see. I was hoping to avoid a really long email.
--
Bob Harold
University of Michigan
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20160226/104fac62/attachment-0001.html>
------------------------------
Message: 5
Date: Fri, 26 Feb 2016 15:22:23 -0500
From: Chuck Anderson <[email protected]>
To: [email protected]
Subject: Re: Multiple chrooted dhcp servers for vlans on Linux?
Message-ID: <[email protected]>
Content-Type: text/plain; charset=us-ascii
This won't work unless you use separate full virtual machines...
You could make it work on a single machine maybe, but you'd need to
recompile the dhcpd with USE_SOCKETS. Then dhcpd will only work to
serve remote clients via a relay agent, not local clients directly
connected to the same VLAN as the server. This is because local
clients must be served via a raw socket rather than a normal udp
socket. The reason is that responses to local, on-link clients must
contain specific IP headers and MAC address headers that cannot be set
via a regular udp socket, such as the all-ones broadcast address. I
may have the exact details wrong, but that is the gist of it.
On Fri, Feb 26, 2016 at 10:51:41AM -0800, [email protected] wrote:
> The goal is to have multiple chrooted dhcpd processes, one for each of four
> vlans, such that a compromise of a more public one won't affect a more
> private one.
>
>
>
> Server version is isc-dhcpd-4.3.3-P1 and Linux is a recent install of
> Debian.
>
>
>
> I've got them all running but looking at dhcpd processes in netstat I don't
> think it'll actually work in practice.
>
>
>
> Even though each one is specified to a particular vlan interface they all
> appear to be listening to 0.0.0.0 and I see nothing visible differentiating
> them.
>
>
>
> Are they really all listing on every vlan, and does that mean incoming
> requests over one vlan will be handled by whatever server happens to grab
> the request (3 out of 4 chance it's the wrong one)?
------------------------------
_______________________________________________
dhcp-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/dhcp-users
End of dhcp-users Digest, Vol 88, Issue 32
******************************************
