dhcp: Only send client identifier if identity_lease is enabled
authorTobias Brunner <tobias@strongswan.org>
Wed, 11 Apr 2018 08:51:01 +0000 (10:51 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 18 May 2018 16:04:01 +0000 (18:04 +0200)
The client identifier serves as unique identifier just like a unique MAC
address would, so even with identity_leases disabled some DHCP servers
might assign unique leases per identity.

conf/plugins/dhcp.opt
src/libcharon/plugins/dhcp/dhcp_socket.c
testing/tests/ikev2/dhcp-dynamic/posttest.dat
testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
testing/tests/swanctl/dhcp-dynamic/posttest.dat

index 9c7b860..6b337bc 100644 (file)
@@ -9,7 +9,8 @@ charon.plugins.dhcp.force_server_address = no
        192.168.0.255) as server address might work.
 
 charon.plugins.dhcp.identity_lease = no
-       Derive user-defined MAC address from hash of IKE identity.
+       Derive user-defined MAC address from hash of IKE identity and send client
+       identity DHCP option.
 
 charon.plugins.dhcp.server = 255.255.255.255
        DHCP server unicast or broadcast IP address.
index 320b17b..c26fcc9 100644 (file)
@@ -268,7 +268,8 @@ static int prepare_dhcp(private_dhcp_socket_t *this,
                remaining -= sizeof(dhcp_option_t) + option->len;
        }
 
-       if (remaining >= sizeof(dhcp_option_t) + 2)
+       if (this->identity_lease &&
+               remaining >= sizeof(dhcp_option_t) + 2)
        {
                option = (dhcp_option_t*)&dhcp->options[optlen];
                option->type = DHCP_CLIENT_ID;
index d4a05b2..60be3f9 100644 (file)
@@ -1,8 +1,9 @@
 moon::ipsec stop
 carol::ipsec stop
 dave::ipsec stop
-venus::cat /var/state/dhcp/dhcpd.leases
+venus::cat /var/lib/dhcp/dhcpd.leases
 venus::service isc-dhcp-server stop 2> /dev/null
+venus::rm /var/lib/dhcp/dhcpd.leases*; touch /var/lib/dhcp/dhcpd.leases
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
index 37e8b02..466fc93 100644 (file)
@@ -3,8 +3,9 @@ dave::swanctl --terminate --ike home
 carol::systemctl stop strongswan-swanctl
 dave::systemctl stop strongswan-swanctl
 moon::systemctl stop strongswan-swanctl
-venus::cat /var/state/dhcp/dhcpd.leases
-venus::server isc-dhcp-server stop 2> /dev/null
+venus::cat /var/lib/dhcp/dhcpd.leases
+venus::service isc-dhcp-server stop 2> /dev/null
+venus::rm /var/lib/dhcp/dhcpd.leases*; touch /var/lib/dhcp/dhcpd.leases
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush