DHCP 4.0.2, execute() and hardware address mismatch

Sławomir Paszkiewicz paszczus at gmail.com
Wed Oct 20 06:55:06 UTC 2010 

Yeah! Now it works fine and leases file looks much better :)

Thank you Uwe!

W dniu 19 października 2010 20:44 użytkownik <Uwe.Buchwitz at gavi.de> napisał:

> No need to use the set Statement in release/expiry again. Just look at the
> leases in the leases file. The set Value for ClientIP is stored there and
> can be addressed again.
>
>
> ------------------------------
>
>
>
> I`ve been testing that hack for a while and i found one problem:
>
> While commit everything is ok, but on release/expiry i`m getting an error
> in logs:
>
> 2010-10-19 13:15:23 data: hardware: raw packet not available
> 2010-10-19 13:15:23 data: hardware: raw packet not available
> 2010-10-19 13:15:23 data: hardware: raw packet not available
> 2010-10-19 13:15:23 data: hardware: raw packet not available
> 2010-10-19 13:15:23 data: hardware: raw packet not available
> 2010-10-19 13:15:23 data: hardware: raw packet not available
> 2010-10-19 13:15:23 data: hardware: raw packet not available
> 2010-10-19 13:15:23 data: hardware: raw packet not available
> 2010-10-19 13:15:23 execute_statement argv[0] = /opt/dnsmasq/dhcpv2
> 2010-10-19 13:15:23 execute_statement argv[1] = del
> 2010-10-19 13:15:23 execute: bad arg 2
> 2010-10-19 13:15:23 execute_statement argv[1] = del
> 2010-10-19 13:15:23 execute: bad arg 2
>
> and script fails, because of missing ClientMAC.
>
>
> My config:
>
> on release {
>
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
>
> set ClientMAC = concat (suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,1, 1))),2),":",suffix (concat ("0", binary-to-ascii (16,
> 8, "", substring(hardware, 2, 1))),2),":",suffix (concat("0",
> binary-to-ascii (16, 8, "", substring(hardware, 3, 1))),2),":",suffix
> (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,
> 4,1))),2),":",suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware, 5, 1))),2),":",suffix (concat ("0", binary-to-ascii (16,
> 8, "",substring(hardware, 6, 1))),2));
>
> execute("/opt/dnsmasq/dhcpv2", "del", clientMAC, clientIP);
> }
>
> on expiry {
>
> set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
>
> set ClientMAC = concat (suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware,1, 1))),2),":",suffix (concat ("0", binary-to-ascii (16,
> 8, "", substring(hardware, 2, 1))),2),":",suffix (concat("0",
> binary-to-ascii (16, 8, "", substring(hardware, 3, 1))),2),":",suffix
> (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,
> 4,1))),2),":",suffix (concat ("0", binary-to-ascii (16, 8, "",
> substring(hardware, 5, 1))),2),":",suffix (concat ("0", binary-to-ascii (16,
> 8, "",substring(hardware, 6, 1))),2));
>
> execute("/opt/dnsmasq/dhcpv2", "del", clientMAC, clientIP);
>
> }
>
> Best regards,
> paszczus
>
> W dniu 18 października 2010 09:11 użytkownik <*Uwe.Buchwitz at gavi.de*<Uwe.Buchwitz at gavi.de>>
> napisał:
> Hello,
>
> with:
>
>          ( concat (
>                         suffix (concat ("0", binary-to-ascii (16, 8,
> "",substring(hardware, 1, 1))),2),":",
>                         suffix (concat ("0", binary-to-ascii (16, 8,
> "",substring(hardware, 2, 1))),2),":",
>                         suffix (concat ("0", binary-to-ascii (16, 8,
> "",substring(hardware, 3, 1))),2),":",
>                         suffix (concat ("0", binary-to-ascii (16, 8,
> "",substring(hardware, 4, 1))),2),":",
>                         suffix (concat ("0", binary-to-ascii (16, 8,
> "",substring(hardware, 5, 1))),2),":",
>                         suffix (concat ("0", binary-to-ascii (16, 8,
> "",substring(hardware, 6, 1))),2)
>                 ),
>
> you get the correct format.
>
> Best regards,
>
> Uwe
>
>   Von: Sławomir Paszkiewicz <*paszczus at gmail.com* <paszczus at gmail.com>>
> An: *dhcp-hackers at lists.isc.org* <dhcp-hackers at lists.isc.org>  Datum: 11.10.2010
> 12:41  Betreff: DHCP 4.0.2, execute() and hardware address mismatch  Gesendet
> von: dhcp-hackers-bounces+uwe.buchwitz=*gavi.de* <http://gavi.de/>@*
> lists.isc.org* <http://lists.isc.org/>
>
>  ------------------------------
>
>
>
> Hello,
> I`m trying to migrate from DNSMasq to ISC DHCP because of failover.
> My problem is that MAC Addresses (hardware) are in different format than
> iptables accept (i`m executing script via execute() which call iptables
> -A FORWARD -m mac --mac-source .... -j ACCEPT).
>
> In ISC DHCP logs format is correct:
>
> DHCPREQUEST for 10.59.146.180 from 00:d0:b8:0c:ba:d8 via eth0
>
> But 'hardware' (i`m using binary-to-ascii(16, 8, ":",
> substring(hardware,1, 6));) gives me:
>
> 0:d0:b8:c:ba:d8 which is incorrect for iptables:
>
> # iptables -A FORWARD -m mac --mac-source 0:d0:b8:c:ba:d8 -s
> 10.59.146.180 -j ACCEPT
> iptables v1.4.4: Bad mac address "0:d0:b8:c:ba:d8"
>
> My question is how to get correct (for iptables) format (same as in dhcp
> logs) ?
>
> Best regards,
> paszczus
> _______________________________________________
> dhcp-hackers mailing list*
> **dhcp-hackers at lists.isc.org* <dhcp-hackers at lists.isc.org>
> *https://lists.isc.org/mailman/listinfo/dhcp-hackers*<https://lists.isc.org/mailman/listinfo/dhcp-hackers>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-hackers/attachments/20101020/fc42e9d8/attachment.html>

More information about the dhcp-hackers mailing list