DHCP 4.0.2, execute() and hardware address mismatch
Glenn Satchell
glenn.satchell at uniq.com.au
Mon Oct 11 16:43:31 UTC 2010
On 10/12/10 02:58, Sławomir Paszkiewicz wrote:
> Yeah! Works like a charm!
>
> Thanks a lot Patricio!
>
> 2010/10/11 Patricio Latini<p_latini at hotmail.com>:
>> Thy this
>>
>> concat (suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware,
>> 1, 1))),2),":",suffix (concat ("0", bi
>> nary-to-ascii (16, 8, "", substring(hardware, 2, 1))),2),":",suffix (concat
>> ("0", binary-to-ascii (16, 8, "", substring(hardware, 3, 1))),2),":",
>> suffix (concat ("0", binary-to-ascii (16, 8, "", substring(hardware, 4,
>> 1))),2),":",suffix (concat ("0", binary-to-ascii (16, 8, "", substring(h
>> ardware, 5, 1))),2),":",suffix (concat ("0", binary-to-ascii (16, 8, "",
>> substring(hardware, 6, 1))),2));
>>
>> Patricio
>>
>> -----Original Message-----
>> From: dhcp-users-bounces+p_latini=hotmail.com at lists.isc.org
>> [mailto:dhcp-users-bounces+p_latini=hotmail.com at lists.isc.org] On Behalf Of
>> Slawomir Paszkiewicz
>> Sent: Monday, October 11, 2010 6:41 AM
>> To: dhcp-users at lists.isc.org
>> Subject: DHCP 4.0.2, execute() and hardware address mismatch
>>
>> Hello,
>> I`m trying to migrate from DNSMasq to ISC DHCP because of failover.
>> My problem is that MAC Addresses (hardware) are in different format than
>> iptables accept (i`m executing script via execute() which call iptables
>> -A FORWARD -m mac --mac-source .... -j ACCEPT).
>>
>> In ISC DHCP logs format is correct:
>>
>> DHCPREQUEST for 10.59.146.180 from 00:d0:b8:0c:ba:d8 via eth0
>>
>> But 'hardware' (i`m using binary-to-ascii(16, 8, ":",
>> substring(hardware,1, 6));) gives me:
>>
>> 0:d0:b8:c:ba:d8 which is incorrect for iptables:
>>
>> # iptables -A FORWARD -m mac --mac-source 0:d0:b8:c:ba:d8 -s
>> 10.59.146.180 -j ACCEPT
>> iptables v1.4.4: Bad mac address "0:d0:b8:c:ba:d8"
>>
>> My question is how to get correct (for iptables) format (same as in dhcp
>> logs) ?
>>
>> Best regards,
>> paszczus
It's amazing, I created this construction in 2003, and it just keeps
coming back! Maybe I should print a t-shirt - no-one apart from the
subscribers to this list would understand it :)
Original post is here, with slightly easier to read formatting. Glad to
see it is still being found useful,
http://marc.info/?l=dhcp-server&m=105689607527110&w=2
Maybe dhcpd needs a "sprintf" statement to handle this a bit more
elegantly - think of a % escape that formats a binary representation of
hardware or ip-address to a printable... It's also a bit poor that
iptables expects leading zeroes in a mac address.
--
regards,
-glenn
--
Glenn Satchell | Miss 9: What do you
Uniq Advances Pty Ltd, Sydney Australia | do at work Dad?
mailto:glenn.satchell at uniq.com.au | Miss 6: He just
http://www.uniq.com.au tel:0409-458-580 | types random stuff.
More information about the dhcp-users
mailing list