Add dhcp-ignore-clid configuration option

The idea of this option was already discussed years ago on the mailing list: https://dnsmasq-discuss.thekelleys.org.narkive.com/ZoFQNaGo/always-ignore-client-identifier#post4 In our production environnement, we discovered that some devices are using 'client identifier' not unique at all, resulting on IP addresses conflicts between several devices (we saw up to four devices using same IP address). The root cause is probably a buggy operating system/configuration of decices, but this patch add a configuration workaround on server side when fixing clients is impossible. Signed-off-by: Charles Daymand <charles.daymand@wifirst.fr> Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr>
2025-12-19 10:18:25 +00:00 · 2019-06-20 10:26:40 +02:00
parent 19b0e3bf21
commit 13a58f9590
6 changed files with 23 additions and 3 deletions
--- a/3
+++ b/3
@@ -50,6 +50,9 @@ version 2.81
 	with the exception that NSEC and NSEC3 RRs must always be signed.
        Thanks to Tore Anderson for spotting and diagnosing the bug.
 	Add --dhcp-ignore-clid. This disables reading of DHCP client
 	identifier option (option 61), so clients are only identified by
 	MAC addresses.
 version 2.80
 	Add support for RFC 4039 DHCP rapid commit. Thanks to Ashram Method
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -1405,6 +1405,12 @@ address, and setting this flag enables this mode. Note that in the
 sequential mode, clients which allow a lease to expire are much more
 likely to move IP address; for this reason it should not be generally used.
 .TP
 .B --dhcp-ignore-clid
 Dnsmasq is reading 'client identifier' (RFC 2131) option sent by clients
 (if available) to identify clients. This allow to serve same IP address
 for a host using several interfaces. Use this option to disable 'client identifier'
 reading, i.e. to always identify a host using the MAC address.
 .TP
 .B --pxe-service=[tag:<tag>,]<CSA>,<menu text>[,<basename>|<bootservicetype>][,<server address>|<server_name>]
 Most uses of PXE boot-ROMS simply allow the PXE
 system to obtain an IP address and then download the file specified by
--- a/man/fr/dnsmasq.8
+++ b/man/fr/dnsmasq.8
@@ -1354,6 +1354,13 @@ Veuillez noter que dans ce mode séquentiel, les clients qui laissent expirer
 leur bail ont beaucoup plus de chance de voir leur adresse IP changer, aussi
 cette option ne devrait pas être utilisée dans un cas général.
 .TP
 .B --dhcp-ignore-clid
 Dnsmasq lit l'option 'client identifier' (RFC 2131) envoyée par les clients
 (si disponible) afin d'identifier les clients. Cela permet de distribuer la
 même adresse IP à un client utilisant plusieurs interfaces. Activer cette option
 désactive la lecture du 'client identifier', afin de toujours identifier un client
 en utilisant l'adresse MAC.
 .TP
 .B --pxe-service=[tag:<label>,]<CSA>,<entrée de menu>[,<nom de fichier>|<type de service de démarrage>][,<adresse de serveur>|<nom de serveur>]
 La plupart des ROMS de démarrage PXE ne permettent au système PXE que la simple
 obtention d'une adresse IP, le téléchargement du fichier spécifié dans
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -261,7 +261,8 @@ struct event_desc {
 #define OPT_TFTP_APREF_MAC 56
 #define OPT_RAPID_COMMIT   57
 #define OPT_UBUS           58
-#define OPT_LAST           59
+#define OPT_IGNORE_CLID    59
 #define OPT_LAST           60
 #define OPTION_BITS (sizeof(unsigned int)*8)
 #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
--- a/src/option.c
+++ b/src/option.c
@@ -167,6 +167,7 @@ struct myoption {
 #define LOPT_NAME_MATCH    355
 #define LOPT_CAA           356
 #define LOPT_SHARED_NET    357
 #define LOPT_IGNORE_CLID   358
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
@@ -339,6 +340,7 @@ static const struct myoption opts[] =
    { "dhcp-rapid-commit", 0, 0, LOPT_RAPID_COMMIT },
    { "dumpfile", 1, 0, LOPT_DUMPFILE },
    { "dumpmask", 1, 0, LOPT_DUMPMASK },
    { "dhcp-ignore-clid", 0, 0,  LOPT_IGNORE_CLID },
    { NULL, 0, 0, 0 }
  };
@@ -481,6 +483,7 @@ static struct {
  { LOPT_CPE_ID, ARG_ONE, "<text>", gettext_noop("Add client identification to forwarded DNS queries."), NULL },
  { LOPT_DNSSEC, OPT_DNSSEC_PROXY, NULL, gettext_noop("Proxy DNSSEC validation results from upstream nameservers."), NULL },
  { LOPT_INCR_ADDR, OPT_CONSEC_ADDR, NULL, gettext_noop("Attempt to allocate sequential IP addresses to DHCP clients."), NULL },
  { LOPT_IGNORE_CLID, OPT_IGNORE_CLID, NULL, gettext_noop("Ignore client identifier option sent by DHCP clients."), NULL },
  { LOPT_CONNTRACK, OPT_CONNTRACK, NULL, gettext_noop("Copy connection-track mark from queries to upstream connections."), NULL },
  { LOPT_FQDN, OPT_FQDN_UPDATE, NULL, gettext_noop("Allow DHCP clients to do their own DDNS updates."), NULL },
  { LOPT_RA, OPT_RA, NULL, gettext_noop("Send router-advertisements for interfaces doing DHCPv6"), NULL },
--- a/src/rfc2131.c
+++ b/src/rfc2131.c
@@ -234,7 +234,7 @@ size_t dhcp_reply(struct dhcp_context *context, char *iface_name, int int_index,
 	subnet_addr = option_addr(opt);
      /* If there is no client identifier option, use the hardware address */
-      if ((opt = option_find(mess, sz, OPTION_CLIENT_ID, 1)))
+      if (!option_bool(OPT_IGNORE_CLID) && (opt = option_find(mess, sz, OPTION_CLIENT_ID, 1)))
 	{
 	  clid_len = option_len(opt);
 	  clid = option_ptr(opt, 0);