Re: [PATCH] network: don't use dhcp-authoritative on static networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/16/2016 11:58 AM, Martin Wilck wrote:
"Static" DHCP networks are those where no dynamic DHCP range is
defined, only a list of host entries is used to serve permanent
IP addresses. On such networks, we don't want dnsmasq to reply
to other requests than those statically defined. But
"dhcp-authoritative" will cause dnsmasq to do just that.
Therefore we can't use "dhcp-authoritative" for static networks.

Not surprising that this simple change would have unexpected consequences - that seems to be a basic law of the universe :-)

ACK to this, but it has me wondering 1) what is the range for which it returns a positive response? Is it for anything within the IP address/netmask of the interface it's listening on? Or something larger than that? (Does it just blindly ACK any request it gets?) and 2) Do we know for certain that the same thing doesn't happen when there is also a dhcp range defined?

I'll wait for an answer to these before I push.


Fixes: 4ac20b3ae "network: add dnsmasq option 'dhcp-authoritative'"
Signed-off-by: Martin Wilck <mwilck@xxxxxxxx>
---
  src/network/bridge_driver.c                             | 9 ++++++++-
  tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 -
  2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index ae1589d8c..17c6f3a0f 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -1355,7 +1355,14 @@ networkDnsmasqConfContents(virNetworkObjPtr network,
          if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET)) {
              if (ipdef->nranges || ipdef->nhosts) {
                  virBufferAddLit(&configbuf, "dhcp-no-override\n");
-                virBufferAddLit(&configbuf, "dhcp-authoritative\n");
+		/*
+                 * Use "dhcp-authoritative" only for dynamic DHCP.
+                 * In a static-only network, it would cause dnsmasq
+                 * to reply to requests from other hosts than those
+                 * statically defined.
+                 */
+		if (ipdef->nranges || !ipdef->nhosts)
+                    virBufferAddLit(&configbuf, "dhcp-authoritative\n");
              }
if (ipdef->tftproot) {
diff --git a/tests/networkxml2confdata/dhcp6host-routed-network.conf b/tests/networkxml2confdata/dhcp6host-routed-network.conf
index 87a149880..5728ee430 100644
--- a/tests/networkxml2confdata/dhcp6host-routed-network.conf
+++ b/tests/networkxml2confdata/dhcp6host-routed-network.conf
@@ -10,7 +10,6 @@ bind-dynamic
  interface=virbr1
  dhcp-range=192.168.122.1,static
  dhcp-no-override
-dhcp-authoritative
  dhcp-range=2001:db8:ac10:fd01::1,static,64
  dhcp-hostsfile=/var/lib/libvirt/dnsmasq/local.hostsfile
  addn-hosts=/var/lib/libvirt/dnsmasq/local.addnhosts


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux