How does DHCPD determine what IP address to assign and...
David W. Hankins
David_Hankins at isc.org
Wed Jan 2 16:30:15 UTC 2008
On Mon, Dec 31, 2007 at 07:02:12PM +0000, Simon Hobson wrote:
> The problem isn't that the server doesn't handle it, it's that the
> way a mix of allow and deny in the same pool interact - it is defined
> but non-obvious (and I can't recall how it works anyway !).
I _always_ have to check the code.
if ((uid_lease -> pool -> prohibit_list &&
permitted (packet, uid_lease -> pool -> prohibit_list)) ||
(uid_lease -> pool -> permit_list &&
!permitted (packet, uid_lease -> pool -> permit_list))) {
log_info ("not permitted: %s",
...
}
It's not intuitive...permit and deny lists don't go onto one ACL with
preservation of order of operations like normal people expect.
I'm also thinking of making 'deny' de rigeur in a future version of
the software, to open up some opportunities for optimization.
We'd still support 'allow' statements, but we'd only do it by
synthesizing the inverse denies.
So you may just as well always use deny...
--
Ash bugud-gul durbatuluk agh burzum-ishi krimpatul.
Why settle for the lesser evil? https://secure.isc.org/store/t-shirt/
--
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
More information about the dhcp-users
mailing list