dhcpcd-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

RE: dhcpcd and bootp.

Blanchard, Todd

Sat Jan 17 00:55:54 2015
Thanks for the quick response, Roy.

Blacklisting is not a very good option for our scenario. Off-hand, the easiest solution I can think of is the 'opposite' of the require option.

I can require option 51 (lease_time) to enforce DHCP-only (and exclude BOOTP).

If I could require option 51 to *not* be present, it seems I could exclude DHCP in lieu of BOOTP (at least in this case). Lease time does not make much sense for BOOTP, although I have not looked at in great detail.

I don't know how difficult that would be considering the design either.

Thanks,
Todd


-----Original Message-----
From: Roy Marples [mailto:roy@xxxxxxxxxxxx] 
Sent: Friday, January 16, 2015 4:36 PM
To: Blanchard, Todd; dhcpcd-discuss@xxxxxxxxxxxx
Subject: Re: [dhcpcd-discuss] dhcpcd and bootp.

Hi Todd

On 16/01/2015 23:27, Blanchard, Todd wrote:
> From the the dhcpcd man page:
> 
> "To enforce that *dhcpcd* only responds to DHCP servers and not BOOTP 
> servers, you can *require* _dhcp_message_type_."
> 
> A test of the bootp server bootpd shows that the above does not work. 
> Bootpd returns DHCP Message Type (53) - Offer. Perhaps this is a 
> problem with bootpd?
> 
> Nonetheless, I would like to separate DHCP and BOOTP from the client  
> perspective.
> 
> 1.  To have dhcpcd accept an offer/ack only from a dhcp server, I can 
> require option 51 (lease time). While this is perhaps not perfect, it 
> works by rejecting the bootp offer because there is no lease time.
> 
> 2. I am unable to make dhcpcd work **only** with a bootp server 
> (ignore dhcp offers, but accept those from a bootp server). Any 
> suggestions?

The problem is that the vendor area in the BOOTP protocol can contain anything.
RFC1542 recommends it starts with 4 byte cookie (like DHCP in RFC2131) so the rest of the content can be understood. However, there is no mention on how the rest of the vendor area should look.

So, it's perfectly possible for a bootp server to send valid DHCP options in the vendor area to confuse dhcpcd.

As such, 1) is entirely upto the user to try and find a non matching option. I've updated the comment in the code you saw to this:
http://roy.marples.name/projects/dhcpcd/ci/e75e391234bd938660992d380e4bc8ca009b73ed?sbs=0

2) this is not presently supported and again for the reasons above isn't an exact science to implement either.

So as this is a black art with no clear answer, maybe there is another way to restrict this. So what is your use case?
Would blacklisting or whitelisting server ip addresses be of use as dhcpcd supports this?

Thanks

Roy
Follow-Ups:
Re: dhcpcd and bootp.Roy Marples
References:
dhcpcd and bootp.Blanchard, Todd
Re: dhcpcd and bootp.Roy Marples
Archive administrator: postmaster@marples.name