DHCP problem in a complex scenario with lease events
Brian Raaen
braaen at zcorum.com
Tue Oct 20 16:09:42 UTC 2009
Instead of parsing the leases file you may want to investigate the new
"execute" configuration action in dhcpd 3.1. Here is a snip of the dhcp-eval
man page
------------------------------------------------------------------------------
execute (command-path [, data-expr1, ... data-exprN]);
The execute statement runs an external command. The first argument
is a string literal containing the name or path of the command to run.
The other arguments, if present, are either string literals or data-
expressions
which evaluate to text strings, to be passed as command-line
arguments to the command.
execute is synchronous; the program will block until the external
command being run has finished. Please note that lengthy program
execution (for example, in an "on commit" in dhcpd.conf) may result in bad
performance and timeouts. Only external applications with very short
execution times are suitable for use.
Passing user-supplied data to an external application might be
dangerous. Make sure the external application checks input buffers for
validity. Non-printable ASCII characters will be converted into dhcpd.conf
language
octal escapes ("777"), make sure your external command handles them
as such.
It is possible to use the execute statement in any context, not only
on events. If you put it in a regular scope in the configuration file you
will execute that command every time a scope is evaluated.
------------------------------------------------------------------------------
Hope this is able to help.
--
----------------------
Brian Raaen
Network Engineer
braaen at zcorum.com
On Tuesday 20 October 2009, Christian Loth wrote:
> Hello everyone,
>
> I stumbled upon a showstopper for a rather complex software system I'm
> developing using DHCP as one of the components. Please excuse any awkward
> language - I'm not a native speaker.
>
> This software is a network management application that deals with untrusted
> network clients. Each client is assigned its individual IP address via DHCP.
> Network clients are identified by their MAC addresses.
>
> Users can log into a web application where they can change their clients'
MAC
> addresses. Therefore users keep their IP addresses regardless of the actual
> machine accessing the network.
>
> When changing a client to a new MAC address, the server software behind the
> web application rewrites the dhcpd.conf and restarts dhcpd.
>
> IP/MAC coupling in the configuration file is done via "fixed-
address/hardware
> ethernet" entries.
>
> The IP comes from a pool of networks managed by the server software.
>
> Now it gets interesting: by authenticating to the web application the user's
> clients are granted access through the packet filter firewall. This access
is
> only temporary and is supposed to be disabled if one of two conditions is
> met: either the lease expires or the lease is released. The max lease time
> was set to a small duration for this very purpose.
>
> By executing a special command after an expiry or a release event the packet
> filter firewall was to revoke the clients' access privileges. I used the "on
> expiry" and "on release" mechanisms in combination with "execute".
>
> Now enter the showstopper: the coupling of fixed-address with
> hardware-ethernet does not use the normal lease database. Events are not
> triggered. In short: the idea isn't working. Unfortunately I found out too
> late about "fixed-address/hardware ethernet" not triggering lease events.
>
> So here are my questions:
>
> 1) Is there any way for the "fixed-address/hardware ethernet" entries to
> trigger the lease events?
>
> If not:
>
> 2) Is there any other way to provide a fixed IP with a MAC address that
> triggers those events and should work with a web application like I
described
> above?
>
> Any help is appreciated.
>
> Best regards,
> - Christian Loth
>
>
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
More information about the dhcp-users
mailing list