WG: Re: DHCP 4.0.2, execute() and hardware address mismatch

Uwe.Buchwitz at gavi.de Uwe.Buchwitz at gavi.de
Tue Oct 19 18:44:17 UTC 2010 

No need to use the set Statement in release/expiry again. Just look at the 
leases in the leases file. The set Value for ClientIP is stored there and 
can be addressed again.















I`ve been testing that hack for a while and i found one problem:

While commit everything is ok, but on release/expiry i`m getting an error 
in logs:

2010-10-19 13:15:23 data: hardware: raw packet not available
2010-10-19 13:15:23 data: hardware: raw packet not available
2010-10-19 13:15:23 data: hardware: raw packet not available
2010-10-19 13:15:23 data: hardware: raw packet not available
2010-10-19 13:15:23 data: hardware: raw packet not available
2010-10-19 13:15:23 data: hardware: raw packet not available
2010-10-19 13:15:23 data: hardware: raw packet not available
2010-10-19 13:15:23 data: hardware: raw packet not available
2010-10-19 13:15:23 execute_statement argv[0] = /opt/dnsmasq/dhcpv2
2010-10-19 13:15:23 execute_statement argv[1] = del
2010-10-19 13:15:23 execute: bad arg 2
2010-10-19 13:15:23 execute_statement argv[1] = del
2010-10-19 13:15:23 execute: bad arg 2

and script fails, because of missing ClientMAC.


My config:

on release {

set ClientIP = binary-to-ascii(10, 8, ".", leased-address);

set ClientMAC = concat (suffix (concat ("0", binary-to-ascii (16, 8, "", 
substring(hardware,1, 1))),2),":",suffix (concat ("0", binary-to-ascii 
(16, 8, "", substring(hardware, 2, 1))),2),":",suffix (concat("0", 
binary-to-ascii (16, 8, "", substring(hardware, 3, 1))),2),":",suffix 
(concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 
4,1))),2),":",suffix (concat ("0", binary-to-ascii (16, 8, "", 
substring(hardware, 5, 1))),2),":",suffix (concat ("0", binary-to-ascii 
(16, 8, "",substring(hardware, 6, 1))),2));

execute("/opt/dnsmasq/dhcpv2", "del", clientMAC, clientIP);
}

on expiry {

set ClientIP = binary-to-ascii(10, 8, ".", leased-address);

set ClientMAC = concat (suffix (concat ("0", binary-to-ascii (16, 8, "", 
substring(hardware,1, 1))),2),":",suffix (concat ("0", binary-to-ascii 
(16, 8, "", substring(hardware, 2, 1))),2),":",suffix (concat("0", 
binary-to-ascii (16, 8, "", substring(hardware, 3, 1))),2),":",suffix 
(concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 
4,1))),2),":",suffix (concat ("0", binary-to-ascii (16, 8, "", 
substring(hardware, 5, 1))),2),":",suffix (concat ("0", binary-to-ascii 
(16, 8, "",substring(hardware, 6, 1))),2));

execute("/opt/dnsmasq/dhcpv2", "del", clientMAC, clientIP);

}

Best regards,
paszczus

W dniu 18 października 2010 09:11 użytkownik <Uwe.Buchwitz at gavi.de> 
napisał:
Hello, 

with: 

         ( concat ( 
                        suffix (concat ("0", binary-to-ascii (16, 8, 
"",substring(hardware, 1, 1))),2),":", 
                        suffix (concat ("0", binary-to-ascii (16, 8, 
"",substring(hardware, 2, 1))),2),":", 
                        suffix (concat ("0", binary-to-ascii (16, 8, 
"",substring(hardware, 3, 1))),2),":", 
                        suffix (concat ("0", binary-to-ascii (16, 8, 
"",substring(hardware, 4, 1))),2),":", 
                        suffix (concat ("0", binary-to-ascii (16, 8, 
"",substring(hardware, 5, 1))),2),":", 
                        suffix (concat ("0", binary-to-ascii (16, 8, 
"",substring(hardware, 6, 1))),2) 
                ),

you get the correct format. 

Best regards, 

Uwe 


Von: 
Sławomir Paszkiewicz <paszczus at gmail.com> 
An: 
dhcp-hackers at lists.isc.org 
Datum: 
11.10.2010 12:41 
Betreff: 
DHCP 4.0.2, execute() and hardware address mismatch 
Gesendet von: 
dhcp-hackers-bounces+uwe.buchwitz=gavi.de at lists.isc.org




Hello,
I`m trying to migrate from DNSMasq to ISC DHCP because of failover.
My problem is that MAC Addresses (hardware) are in different format than
iptables accept (i`m executing script via execute() which call iptables
-A FORWARD -m mac --mac-source .... -j ACCEPT).

In ISC DHCP logs format is correct:

DHCPREQUEST for 10.59.146.180 from 00:d0:b8:0c:ba:d8 via eth0

But 'hardware' (i`m using binary-to-ascii(16, 8, ":",
substring(hardware,1, 6));) gives me:

0:d0:b8:c:ba:d8 which is incorrect for iptables:

# iptables -A FORWARD -m mac --mac-source 0:d0:b8:c:ba:d8 -s
10.59.146.180 -j ACCEPT
iptables v1.4.4: Bad mac address "0:d0:b8:c:ba:d8"

My question is how to get correct (for iptables) format (same as in dhcp
logs) ?

Best regards,
paszczus
_______________________________________________
dhcp-hackers mailing list
dhcp-hackers at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-hackers


_______________________________________________
dhcp-hackers mailing list
dhcp-hackers at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-hackers
_______________________________________________
dhcp-hackers mailing list
dhcp-hackers at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-hackers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-hackers/attachments/20101019/5c188743/attachment.html>

More information about the dhcp-hackers mailing list