DHCP problem in a complex scenario with lease events

Brian Raaen braaen at zcorum.com
Tue Oct 20 16:09:42 UTC 2009

Instead of parsing the leases file you may want to investigate the new 
"execute" configuration action in dhcpd 3.1.  Here is a snip of the dhcp-eval 
man page

execute (command-path [, data-expr1, ... data-exprN]);

         The execute statement runs an external command.  The first argument 
is a string literal containing  the  name  or path  of  the  command  to run.  
The other arguments, if present, are either string literals or data-
         which evaluate to text strings, to be passed as command-line 
arguments to the command.

         execute is synchronous; the program will block until the external 
command being run has  finished.   Please  note that  lengthy  program 
execution (for example, in an "on commit" in dhcpd.conf) may result in bad 
performance and timeouts.  Only external applications with very short 
execution times are suitable for use.

         Passing user-supplied data to an external application might be 
dangerous.  Make  sure  the  external  application checks  input  buffers  for  
validity.  Non-printable ASCII characters will be converted into dhcpd.conf 
         octal escapes ("777"), make sure your external command handles them 
as such.

         It is possible to use the execute statement in any context, not only 
on events. If you put it in a regular  scope in the configuration file you 
will execute that command every time a scope is evaluated.

Hope this is able to help.


Brian Raaen
Network Engineer
braaen at zcorum.com

On Tuesday 20 October 2009, Christian Loth wrote:
> Hello everyone,
> I stumbled upon a showstopper for a rather complex software system I'm 
> developing using DHCP as one of the components. Please excuse any awkward 
> language - I'm not a native speaker.
> This software is a network management application that deals with untrusted 
> network clients. Each client is assigned its individual IP address via DHCP. 
> Network clients are identified by their MAC addresses. 
> Users can log into a web application where they can change their clients' 
> addresses. Therefore  users keep their IP addresses regardless of the actual 
> machine accessing the network.
> When changing a client to a new MAC address, the server software behind the 
> web application rewrites the dhcpd.conf and restarts dhcpd.
> IP/MAC coupling in the configuration file is done via "fixed-
> ethernet" entries.
> The IP comes from a pool of networks managed by the server software.
> Now it gets interesting: by authenticating to the web application the user's 
> clients are granted access through the packet filter firewall. This access 
> only temporary and is supposed to be disabled if one of two conditions is 
> met: either the lease expires or the lease is released. The max lease time 
> was set to a small duration for this very purpose.
> By executing a special command after an expiry or a release event the packet 
> filter firewall was to revoke the clients' access privileges. I used the "on 
> expiry" and "on release" mechanisms in combination with "execute".
> Now enter the showstopper: the coupling of fixed-address with 
> hardware-ethernet  does not use the normal lease database. Events are not 
> triggered. In short: the idea isn't working. Unfortunately I found out too 
> late about "fixed-address/hardware ethernet" not triggering lease events.
> So here are my questions:
> 1) Is there any way for the "fixed-address/hardware ethernet" entries to 
> trigger the lease events?
> If not:
> 2) Is there any other way to provide a fixed IP with a MAC address that 
> triggers those events and should work with a web application like I 
> above?
> Any help is appreciated.
> Best regards,
> - Christian Loth
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list