use client id for IPv6 DHCP host definition

Originally, only a host name was used to associate a
DHCPv6 request with a specific IPv6 address.  Further testing
demonstrates that this is an unreliable method and, instead,
a client-id or DUID needs to be used.  According to DHCPv6
standards, this id can be a duid-LLT, duid-LL, or duid-UUID
even though dnsmasq will accept almost any text string.

Although validity checking of a specified string makes sure it is
hexadecimal notation with bytes separated by colons, there is no
rigorous check to make sure it meets the standard.

Documentation and schemas have been updated.

Signed-off-by: Gene Czarcinski <gene@czarc.net>
Signed-off-by: Laine Stump <laine@laine.org>
This commit is contained in:
Gene Czarcinski 2013-02-15 14:02:26 -05:00 committed by Laine Stump
parent 8e3c1f2ebb
commit 0b73a763f3
14 changed files with 179 additions and 17 deletions

View File

@ -782,6 +782,11 @@
<p>
Below is another IPv6 varition. Instead of a dhcp range being
specified, this example has a couple of IPv6 host definitions.
Note that most of the dhcp host definitions use an "id" (client
id or DUID) since this has proven to be a more reliable way
of specifying the interface and its association with an IPv6
address. The first is a DUID-LLT, the second a DUID-LL, and
the third a DUID-UUID. <span class="since">Since 1.0.3</span>
</p>
<pre>
@ -797,7 +802,9 @@
&lt;ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" &gt;
&lt;dhcp&gt;
&lt;host name="paul" ip="2001:db8:ca2:2:3::1" /&gt;
&lt;host name="bob" ip="2001:db8:ca2:2:3::2" /&gt;
&lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66" ip="2001:db8:ca2:2:3::2" /&gt;
&lt;host id="0:3:0:1:0:16:3e:11:22:33" name="ralph" ip="2001:db8:ca2:2:3::3" /&gt;
&lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="badbob" ip="2001:db8:ca2:2:3::4" /&gt;
&lt;/dhcp&gt;
&lt;/ip&gt;
&lt;/network&gt;</pre>
@ -828,6 +835,11 @@
<p>
This variation of an isolated network defines only IPv6.
Note that most of the dhcp host definitions use an "id" (client
id or DUID) since this has proven to be a more reliable way
of specifying the interface and its association with an IPv6
address. The first is a DUID-LLT, the second a DUID-LL, and
the third a DUID-UUID. <span class="since">Since 1.0.3</span>
</p>
<pre>
@ -837,7 +849,9 @@
&lt;ip family="ipv6" address="2001:db8:ca2:6::1" prefix="64" &gt;
&lt;dhcp&gt;
&lt;host name="peter" ip="2001:db8:ca2:6:6::1" /&gt;
&lt;host name="dariusz" ip="2001:db8:ca2:6:6::2" /&gt;
&lt;host id="0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66" ip="2001:db8:ca2:6:6::2" /&gt;
&lt;host id="0:3:0:1:0:16:3e:11:22:33" name="dariusz" ip="2001:db8:ca2:6:6::3" /&gt;
&lt;host id="0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63" name="anita" ip="2001:db8:ca2:6:6::4" /&gt;
&lt;/dhcp&gt;
&lt;/ip&gt;
&lt;/network&gt;</pre>

View File

@ -101,6 +101,65 @@
</data>
</define>
<!--====================================================================-->
<!--The duid is a unique identifier used in DHCPv6 to identity an -->
<!--interface on a device (system). The duid is often used by servers -->
<!--such as dnsmasq to assign a specific IP address (and optionally a -->
<!--name to an interface. The applicable standards are RFC3315 and -->
<!--RFC6355. These standards actualy require the duid to be fixed for -->
<!--the hardward device and applicable to all network interfaces on -->
<!--that device. It is not clear that any software currently enforces -->
<!--this requirement although it could be implemented manually. -->
<!--====================================================================-->
<!--There are currently four types of duids defined: -->
<!-- type 1, duid-LLT, link-layer (MAC) plus 32 bit time when the -->
<!-- duid-LLT was created in seconds from January 1, 2000 -->
<!-- type 2, duid-EN, 32 bit "enterprise number" followed by a -->
<!-- variable length unique identifier. -->
<!-- type 3, duid-LL, link-layer (MAC) -->
<!-- type 4, duid-UUID, a 128 bit UUID (16 bytes) -->
<!--RFC3315 states that the maximum length of a duid is 128 bytes plus -->
<!--the 16 bit type field. Often, the machine type is "1" which is the -->
<!--number assigned to ethernet. -->
<define name="duidLLT">
<data type="string">
<!-- 0======| type======| 0======| machine type======| time================| link-layer============| -->
<param name="pattern">[0]{1,2}:[0]{0,1}[1]:[0]{1,2}:[0]{0,1}[a-fA-F1-9](:[a-fA-F0-9]{1,2}){4}(:[a-fA-F0-9]{1,2}){6,8}</param>
</data>
</define>
<define name="duidEN">
<data type="string">
<!-- 0======| type======| Enterprise number===| unique id ==============| -->
<param name="pattern">[0]{1,2}:[0]{0,1}[2](:[a-fA-F0-9]{1,2}){4}(:[a-fA-F0-9]{1,2}){1,124}</param>
</data>
</define>
<define name="duidLL">
<data type="string">
<!-- 0======| type======| 0======| machine type======| link-layer============| -->
<param name="pattern">[0]{1,2}:[0]{0,1}[3]:[0]{1,2}:[0]{0,1}[a-fA-F1-9](:[a-fA-F0-9]{1,2}){6,8}</param>
</data>
</define>
<define name="duidUUID">
<data type="string">
<!-- 0======| type======| UUID=================| -->
<param name="pattern">[0]{1,2}:[0]{0,1}[4](:[a-fA-F0-9]{1,2}){16}</param>
</data>
</define>
<define name="DUID">
<choice>
<ref name="duidLLT"/>
<ref name="duidEN"/>
<ref name="duidLL"/>
<ref name="duidUUID"/>
</choice>
</define>
<!--======================================================================-->
<!-- An ipv4 "dotted quad" address -->
<define name="ipv4Addr">
<data type="string">

View File

@ -280,7 +280,10 @@
<element name="host">
<choice>
<group>
<attribute name="mac"><ref name="uniMacAddr"/></attribute>
<choice>
<attribute name="mac"><ref name="uniMacAddr"/></attribute>
<attribute name="id"><ref name="DUID"/></attribute>
</choice>
<optional>
<attribute name="name"><text/></attribute>
</optional>

View File

@ -118,6 +118,7 @@ static void
virNetworkDHCPHostDefClear(virNetworkDHCPHostDefPtr def)
{
VIR_FREE(def->mac);
VIR_FREE(def->id);
VIR_FREE(def->name);
}
@ -678,7 +679,7 @@ virNetworkDHCPHostDefParseXML(const char *networkName,
virNetworkDHCPHostDefPtr host,
bool partialOkay)
{
char *mac = NULL, *name = NULL, *ip = NULL;
char *mac = NULL, *name = NULL, *ip = NULL, *id = NULL;
virMacAddr addr;
virSocketAddr inaddr;
int ret = -1;
@ -707,10 +708,20 @@ virNetworkDHCPHostDefParseXML(const char *networkName,
}
}
id = virXMLPropString(node, "id");
if (id) {
char *cp = id + strspn(id, "0123456789abcdefABCDEF:");
if (*cp) {
virReportError(VIR_ERR_XML_ERROR,
_("Invalid character '%c' in id '%s' of network '%s'"),
*cp, id, networkName);
}
}
name = virXMLPropString(node, "name");
if (name && (!c_isalpha(name[0]))) {
virReportError(VIR_ERR_XML_ERROR,
_("Cannot use name address '%s' in network '%s'"),
_("Cannot use host name '%s' in network '%s'"),
name, networkName);
goto cleanup;
}
@ -738,10 +749,10 @@ virNetworkDHCPHostDefParseXML(const char *networkName,
* address or name (IPv4)
*/
if (VIR_SOCKET_ADDR_IS_FAMILY(&def->address, AF_INET6)) {
if (!name) {
if (!(id || name)) {
virReportError(VIR_ERR_XML_ERROR,
_("Static host definition in IPv6 network '%s' "
"must have name attribute"),
"must have id or name attribute"),
networkName);
goto cleanup;
}
@ -763,6 +774,8 @@ virNetworkDHCPHostDefParseXML(const char *networkName,
host->mac = mac;
mac = NULL;
host->id = id;
id = NULL;
host->name = name;
name = NULL;
if (ip)
@ -771,6 +784,7 @@ virNetworkDHCPHostDefParseXML(const char *networkName,
cleanup:
VIR_FREE(mac);
VIR_FREE(id);
VIR_FREE(name);
VIR_FREE(ip);
return ret;
@ -2189,6 +2203,8 @@ virNetworkIpDefFormat(virBufferPtr buf,
virBufferAddLit(buf, "<host ");
if (def->hosts[ii].mac)
virBufferAsprintf(buf, "mac='%s' ", def->hosts[ii].mac);
if (def->hosts[ii].id)
virBufferAsprintf(buf, "id='%s' ", def->hosts[ii].id);
if (def->hosts[ii].name)
virBufferAsprintf(buf, "name='%s' ", def->hosts[ii].name);
if (VIR_SOCKET_ADDR_VALID(&def->hosts[ii].ip)) {

View File

@ -66,6 +66,7 @@ typedef struct _virNetworkDHCPHostDef virNetworkDHCPHostDef;
typedef virNetworkDHCPHostDef *virNetworkDHCPHostDefPtr;
struct _virNetworkDHCPHostDef {
char *mac;
char *id;
char *name;
virSocketAddr ip;
};

View File

@ -599,7 +599,8 @@ networkBuildDnsmasqDhcpHostsList(dnsmasqContext *dctx,
for (i = 0; i < ipdef->nhosts; i++) {
virNetworkDHCPHostDefPtr host = &(ipdef->hosts[i]);
if (VIR_SOCKET_ADDR_VALID(&host->ip))
if (dnsmasqAddDhcpHost(dctx, host->mac, &host->ip, host->name, ipv6) < 0)
if (dnsmasqAddDhcpHost(dctx, host->mac, &host->ip,
host->name, host->id, ipv6) < 0)
return -1;
}

View File

@ -303,6 +303,7 @@ hostsfileAdd(dnsmasqHostsfile *hostsfile,
const char *mac,
virSocketAddr *ip,
const char *name,
const char *id,
bool ipv6)
{
char *ipstr = NULL;
@ -314,11 +315,20 @@ hostsfileAdd(dnsmasqHostsfile *hostsfile,
/* the first test determines if it is a dhcpv6 host */
if (ipv6) {
if (virAsprintf(&hostsfile->hosts[hostsfile->nhosts].host, "%s,[%s]",
name, ipstr) < 0)
goto alloc_error;
}
else if (name && mac) {
if (name && id) {
if (virAsprintf(&hostsfile->hosts[hostsfile->nhosts].host,
"id:%s,%s,[%s]", id, name, ipstr) < 0)
goto alloc_error;
} else if (name && !id) {
if (virAsprintf(&hostsfile->hosts[hostsfile->nhosts].host,
"%s,[%s]", name, ipstr) < 0)
goto alloc_error;
} else if (!name && id) {
if (virAsprintf(&hostsfile->hosts[hostsfile->nhosts].host,
"id:%s,[%s]", id, ipstr) < 0)
goto alloc_error;
}
} else if (name && mac) {
if (virAsprintf(&hostsfile->hosts[hostsfile->nhosts].host, "%s,%s,%s",
mac, ipstr, name) < 0)
goto alloc_error;
@ -511,9 +521,10 @@ dnsmasqAddDhcpHost(dnsmasqContext *ctx,
const char *mac,
virSocketAddr *ip,
const char *name,
const char *id,
bool ipv6)
{
return hostsfileAdd(ctx->hostsfile, mac, ip, name, ipv6);
return hostsfileAdd(ctx->hostsfile, mac, ip, name, id, ipv6);
}
/*

View File

@ -86,6 +86,7 @@ int dnsmasqAddDhcpHost(dnsmasqContext *ctx,
const char *mac,
virSocketAddr *ip,
const char *name,
const char *id,
bool ipv6);
int dnsmasqAddHost(dnsmasqContext *ctx,
virSocketAddr *ip,

View File

@ -15,8 +15,11 @@
<ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'>
<dhcp>
<range start='2001:db8:ac10:fd01::1:10' end='2001:db8:ac10:fd01::1:ff' />
<host name='ralph' ip='2001:db8:ac10:fd01::1:20' />
<host id='0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63' ip='2001:db8:ac10:fd01::1:20' />
<host name='paul' ip='2001:db8:ac10:fd01::1:21' />
<host id='0:3:0:1:0:16:3e:11:22:33' name='peter.xyz' ip='2001:db8:ac10:fd01::1:22' />
<host id='0:3:0:1:0:16:3e:44:55:33' ip='2001:db8:ac10:fd01::1:23' />
<host id='0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66' name='badbob' ip='2001:db8:ac10:fd01::1:24' />
</dhcp>
</ip>
<ip family='ipv4' address='10.24.10.1'>

View File

@ -7,8 +7,11 @@
<ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'>
<dhcp>
<range start='2001:db8:ac10:fd01::1:10' end='2001:db8:ac10:fd01::1:ff' />
<host name='ralph' ip='2001:db8:ac10:fd01::1:20' />
<host id='0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63' ip='2001:db8:ac10:fd01::1:20' />
<host name='paul' ip='2001:db8:ac10:fd01::1:21' />
<host id='0:3:0:1:0:16:3e:11:22:33' name='peter.xyz' ip='2001:db8:ac10:fd01::1:22' />
<host id='0:3:0:1:0:16:3e:44:55:33' ip='2001:db8:ac10:fd01::1:23' />
<host id='0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66' name='badbob' ip='2001:db8:ac10:fd01::1:24' />
</dhcp>
</ip>
</network>

View File

@ -12,8 +12,11 @@
</ip>
<ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'>
<dhcp>
<host name='ralph' ip='2001:db8:ac10:fd01::1:20' />
<host id='0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63' ip='2001:db8:ac10:fd01::1:20' />
<host name='paul' ip='2001:db8:ac10:fd01::1:21' />
<host id='0:3:0:1:0:16:3e:11:22:33' name='peter.xyz' ip='2001:db8:ac10:fd01::1:22' />
<host id='0:3:0:1:0:16:3e:44:55:33' ip='2001:db8:ac10:fd01::1:23' />
<host id='0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66' name='badbob' ip='2001:db8:ac10:fd01::1:24' />
</dhcp>
</ip>
</network>

View File

@ -0,0 +1,22 @@
<network>
<name>local</name>
<uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
<forward dev='eth1' mode='route'/>
<bridge name='virbr1' stp='on' delay='0' />
<mac address='12:34:56:78:9A:BC'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<host mac='00:16:3e:77:e2:ed' name='a.example.com' ip='192.168.122.10' />
<host mac='00:16:3e:3e:a9:1a' name='b.example.com' ip='192.168.122.11' />
</dhcp>
</ip>
<ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'>
<dhcp>
<host id='0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63' ip='2001:db8:ac10:fd01::1:20' />
<host name='paul' ip='2001:db8:ac10:fd01::1:21' />
<host id='0:3:0:1:0:16:3e:11:22:33' name='peter.xyz' ip='2001:db8:ac10:fd01::1:22' />
<host id='0:3:0:1:0:16:3e:44:55:33' ip='2001:db8:ac10:fd01::1:23' />
<host id='0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66' name='badbob' ip='2001:db8:ac10:fd01::1:24' />
</dhcp>
</ip>
</network>

View File

@ -0,0 +1,24 @@
<network>
<name>local</name>
<uuid>81ff0d90-c91e-6742-64da-4a736edb9a9b</uuid>
<forward dev='eth1' mode='route'>
<interface dev='eth1'/>
</forward>
<bridge name='virbr1' stp='on' delay='0' />
<mac address='12:34:56:78:9A:BC'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<host mac='00:16:3e:77:e2:ed' name='a.example.com' ip='192.168.122.10' />
<host mac='00:16:3e:3e:a9:1a' name='b.example.com' ip='192.168.122.11' />
</dhcp>
</ip>
<ip family='ipv6' address='2001:db8:ac10:fd01::1' prefix='64'>
<dhcp>
<host id='0:4:7e:7d:f0:7d:a8:bc:c5:d2:13:32:11:ed:16:ea:84:63' ip='2001:db8:ac10:fd01::1:20' />
<host name='paul' ip='2001:db8:ac10:fd01::1:21' />
<host id='0:3:0:1:0:16:3e:11:22:33' name='peter.xyz' ip='2001:db8:ac10:fd01::1:22' />
<host id='0:3:0:1:0:16:3e:44:55:33' ip='2001:db8:ac10:fd01::1:23' />
<host id='0:1:0:1:18:aa:62:fe:0:16:3e:44:55:66' name='badbob' ip='2001:db8:ac10:fd01::1:24' />
</dhcp>
</ip>
</network>

View File

@ -92,6 +92,7 @@ mymain(void)
} while (0)
#define DO_TEST(name) DO_TEST_FULL(name, 0)
DO_TEST("dhcp6host-routed-network");
DO_TEST("empty-allow-ipv6");
DO_TEST("isolated-network");
DO_TEST("routed-network");