dhcp-option on openwrt
Target
配置網絡支持dhcp option 43和option 60攜帶的capwapc的master和slave server的信息。客戶端解釋這個option43
Openwrt配置
服務器端/etc/config/dhcp
通過vendorclass來定義一個分類器,將攜帶’oakridge’vendor class的客戶端分到獨立的’oakridge’ networkid下。 然后為這些客戶強制發送option 43的信息,不論客戶端有沒有請求.
- config vendorclass 'oakridge'
- option vendorclass 'oakridge'
- option networkid 'oakridge'
- option force '1'
- list dhcp_option '43,1,4,192.168.100.117,1,4,192.168.100.20,2,12,ac1.test.com'
轉換為/var/etc/dnsmasq.conf如下
- dhcp-vendorclass=oakridge,oakridge
- dhcp-option-force=oakridge,43,1,4,192.168.100.117,1,4,192.168.100.20,2,12,ac1.test.com
客戶端配置/etc/config/network
指定vendorid為oakridge,並請求option 43
- config interface 'lan1'
- option ifname 'eth0.1'
- option type 'bridge'
- option proto 'dhcp'
- option vendorid 'oakridge'
- option reqopts '43'
-
修改客戶端udhcpc代碼,將option 43攜帶信息轉換為腳本/lib/netifd/dhcp.sh的環境變量
- --- a/networking/udhcp/common.c
- +++ b/networking/udhcp/common.c
- @@ -41,6 +41,7 @@ const struct dhcp_optflag dhcp_optflags[
- { OPTION_STRING_HOST , 0x28 }, /* DHCP_NIS_DOMAIN */
- { OPTION_IP | OPTION_LIST , 0x29 }, /* DHCP_NIS_SERVER */
- { OPTION_IP | OPTION_LIST | OPTION_REQ, 0x2a }, /* DHCP_NTP_SERVER */
- + { OPTION_STRING | OPTION_REQ, 0x2b }, /* DHCP_AC_ADDR */
- { OPTION_IP | OPTION_LIST , 0x2c }, /* DHCP_WINS_SERVER */
- { OPTION_U32 , 0x33 }, /* DHCP_LEASE_TIME */
- { OPTION_IP , 0x36 }, /* DHCP_SERVER_ID */
- @@ -108,6 +109,7 @@ const char dhcp_option_strings[] ALIGN1
- "nisdomain" "\0" /* DHCP_NIS_DOMAIN */
- "nissrv" "\0" /* DHCP_NIS_SERVER */
- "ntpsrv" "\0" /* DHCP_NTP_SERVER */
- + "acaddr" "\0" /* DHCP_AC_ADDR */
- "wins" "\0" /* DHCP_WINS_SERVER */
- "lease" "\0" /* DHCP_LEASE_TIME */
- "serverid" "\0" /* DHCP_SERVER_ID */
修改客戶端udhcpc調用的腳本/lib/netifd/dhcp.sh
- # add option43 server list into capwapc config file
- [ -n "$acaddr" ] && {
- acaddrs=`echo $acaddr | awk -F',' '{for(i=1;i <= NF; i++){ if(i%3==0)print $i}}'`;
- uci delete capwapc.server.option43_server
- for addr in $acaddrs
- do
- uci add_list capwapc.server.option43_server=$addr;
- done
- uci commit capwapc;
- }
dnsmasq的dhcp-option說明
-O, --dhcp-option=[tag:
Specify different or extra options to DHCP clients.
指定不同的或額外的options給DHCP客戶端。
By default, dnsmasq sends some standard options to DHCP clients, the netmask and broadcast address are set to the same as the host running dnsmasq, and the DNS server and default route are set to the address of the machine running dnsmasq.
缺省下,dnsmasq發送一些標准的options給DHCP客戶端,子網掩碼和廣播地址被設置跟運行dnsmasq的主機一樣,DNS服務器和缺省路由被設置為運行dnsmasq機器的地址。
(Equivalent rules apply for IPv6.)
同樣的規則適用於IPv6.
If the domain name option has been set, that is sent. This configuration allows these defaults to be overridden, or other options specified.
如果域名被設置,它被發送。這個配置允許覆寫這些缺省,或其它被指定的選項
The option, to be sent may be given as a decimal number or as “option:
被發送的option可能是十進制數字或option:<option-name,這個選項數字在RFC2132和隨后的RFC示例被指定。
The set of option-names known by dnsmasq can be discovered by running “dnsmasq --help dhcp”.
option-names的集合通過運行"dnsmasq --help dhcp"獲取。
- llwang@VM1~ $ dnsmasq --help dhcp
- Known DHCP options:
- 1 netmask
- 2 time-offset
- 3 router
- 6 dns-server
- 7 log-server
- 9 lpr-server
- 13 boot-file-size
- 15 domain-name
- 16 swap-server
- 17 root-path
- 18 extension-path
- 19 ip-forward-enable
- 20 non-local-source-routing
- 21 policy-filter
- 22 max-datagram-reassembly
- 23 default-ttl
- 26 mtu
- 27 all-subnets-local
- 31 router-discovery
- 32 router-solicitation
- 33 static-route
- 34 trailer-encapsulation
- 35 arp-timeout
- 36 ethernet-encap
- 37 tcp-ttl
- 38 tcp-keepalive
- 40 nis-domain
- 41 nis-server
- 42 ntp-server
- 44 netbios-ns
- 45 netbios-dd
- 46 netbios-nodetype
- 47 netbios-scope
- 48 x-windows-fs
- 49 x-windows-dm
- 58 T1
- 59 T2
- 60 vendor-class
- 64 nis+-domain
- 65 nis+-server
- 66 tftp-server
- 67 bootfile-name
- 68 mobile-ip-home
- 69 smtp-server
- 70 pop3-server
- 71 nntp-server
- 74 irc-server
- 77 user-class
- 93 client-arch
- 94 client-interface-id
- 97 client-machine-id
- 119 domain-search
- 120 sip-server
- 121 classless-static-route
- 125 vendor-id-encap
- 255 server-ip-address
For example, to set the default route option to 192.168.4.4, do --dhcp-option=3,192.168.4.4 or --dhcp-option = option:router, 192.168.4.4 and to set the time-server address to 192.168.0.4, do --dhcp-option = 42,192.168.0.4 or --dhcp-option = option:ntp-server, 192.168.0.4
例如,設置缺省路由為192.168.4.4,可以使用–dhcp-optoin=3,192.168.4.4或者–dhcp-option=option:router,192.168.4.4。設置time-server地址為192.168.0.4,可以使用–dhcp-option=42,192.168.0.4或者–dhcp-option=option:ntp-server,192.168.0.4
The special address 0.0.0.0 is taken to mean “the address of the machine running dnsmasq”.
專用地址0.0.0意思是運行dnsmasq機器的地址
Data types allowed are comma separated dotted-quad IPv4 addresses, []-wrapped IPv6 addresses, a decimal number, colon-separated hex digits and a text string.
數據類型允許逗號隔開的四個.的IPv4地址,[]括起來的IPv6地址,一個十進制數,冒號分割的十六進制數和一個文本字符串。
If the optional tags are given then this option is only sent when all the tags are matched.
如果可選的tag被指定,之后這個option只有當所有tags都匹配才被發送。
Special processing is done on a text argument for option 119, to conform with RFC 3397.
option 119的文本參數根據RFC 3397被特殊處理.
Text or dotted-quad IP addresses as arguments to option 120 are handled as per RFC 3361.
文本或四個.的IP地址作為option 120的參數根據每個RFC 3361被處理。
Dotted-quad IP addresses which are followed by a slash and then a netmask size are encoded as described in RFC 3442.
根據RFC 3442里的描述,四個.的IP地址加反斜線和子網掩碼被編碼。
IPv6 options are specified using the option6: keyword, followed by the option number or option name.
IPv6 options使用optoin6:keyword后面跟選項數或者名字。
The IPv6 option name space is disjoint from the IPv4 option name space.
IPv6名字空間跟IPv4選項名字空間不想交。
IPv6 addresses in options must be bracketed with square brackets, eg. --dhcp-option=option6:ntp-server,[1234::56] For IPv6, [::] means “the global address of the machine running dnsmasq”, whilst [fd00::] is replaced with the ULA, if it exists, and [fe80::] with the link-local address.
在options里的IPv6地址必須加括號。例如–dhcp-option=option6:ntp-server,[1234::56]。[::]表示運行dnsmasq的機器的全局地址。同時[fd00::]被ULA代替。
[fe80::]是link-local地址。
Be careful: no checking is done that the correct type of data for the option number is sent, it is quite possible to persuade dnsmasq to generate illegal DHCP packets with injudicious use of this flag.
注意:選項數字的數據類型的正確性不會被檢查。這個可能使dnsmasq產生非法的DHCP包因為不正當的flag的使用。
When the value is a decimal number, dnsmasq must determine how large the data item is.
當數值使個十進制數,dnsmasq必須決定這個數據項有多大。
It does this by examining the option number and/or the value, but can be overridden by appending a single letter flag as follows: b = one byte, s = two bytes, i = four bytes.
通過檢查option number和(或)數值,但是通過追加的單個字符flag覆寫。b是一個字節,s是兩個字節,i是四個字節。
This is mainly useful with encapsulated vendor class options (see below) where dnsmasq cannot determine data size from the option number.
當封裝vendor class option時,dnsmasq不能通過option number決定數據大小。這個字符flag非常有用。
Option data which consists solely of periods and digits will be interpreted by dnsmasq as an IP address, and inserted into an option as such.
option數據由單一的周期和數字被dnsmasq解釋為IP地址,
To force a literal string, use quotes. For instance when using option 66 to send a literal IP address as TFTP server name, it is necessary to do --dhcp-option=66,"1.2.3.4"
為了強制一個文本的字符串,使用雙引號。例如當使用option 66來發送一個文本IP地址作為TFTP服務器名字,必須使用–dhcp-option=66,"1.2.3.4"
Encapsulated Vendor-class options may also be specified (IPv4 only) using --dhcp-option: for instance --dhcp-option=vendor:PXEClient,1,0.0.0.0 sends the encapsulated vendor class-specific option “mftp-address=0.0.0.0” to any client whose vendor-class matches “PXEClient”.
封裝Vendor-class option可能使用–dhcp-option被指定.例如,–dhcp-option=vendor:PXEClient,1,0.0.0.0發送一個封裝的vendor-class-specific選項”mftp-address=0.0.0.0"到任何一個vendor-class是PXEClient的client。
The vendor-class matching is substring based (see --dhcp-vendorclass for details).
vendor-class匹配以子字符串為基礎(詳細見 --dhcp-vendorclass)
If a vendor-class option (number 60) is sent by dnsmasq, then that is used for selecting encapsulated options in preference to any sent by the client. It is possible to omit the vendorclass completely; --dhcp-option=vendor:,1,0.0.0.0 in which case the encapsulated option is always sent.
如果一個vendor-class選項(60)被dnsmasq發送,然后被選擇封裝選項的客戶端。它可能完全忽略vendorclass。–dhcp-option=vendor:,1,0.0.0.0在這個例子里封裝選項總是被發送。
Options may be encapsulated (IPv4 only) within other options: for instance --dhcp-option=encap:175, 190, iscsi-client0 will send option 175, within which is the option 190.
選項可能被封裝在其它選項里。例如–dhcp-option=encap:175,190, iscsi-client0將發送option175在option190里。
If multiple options are given which are encapsulated with the same option number then they will be correctly combined into one encapsulated option. encap: and vendor: are may not both be set in the same dhcp-option.
如果多個選項被給定在同一個選項的封裝里,他們將正確的本病在一個封裝選項里。encap:和vendor:不能被設置在同一個dhcp-option里。
The final variant on encapsulated options is “Vendor-Identifying Vendor Options” as specified by RFC3925.
最終封裝選項的變種是"Vendor-Identifying Vendor Option"定義在RFC3925里。
These are denoted like this: --dhcp-option=vi-encap:2, 10, text The number in the vi-encap: section is the IANA enterprise number used to identify this option. This form of encapsulation is supported in IPv6.
The address 0.0.0.0 is not treated specially in encapsulated options.
–dhcp-option=vi-encap:2,10,text. 在vi-encap:里的數字是IANA enterprise number用來標識這個選項。在IPv6里也支持。地址0.0.0.0在封裝選項里沒有特殊意義。
–dhcp-option-force=[tag:
This works in exactly the same way as --dhcp-option except that the option will always be sent, even if the client does not ask for it in the parameter request list. This is sometimes needed, for example when sending options to PXELinux.
–dhcp-option-force跟–dhcp-option的用法一樣,處理option總是被發送。即使客戶端沒有正在parameter request list里要求。比如在PXELinux里非常必要。
/etc/config/dhcp
dhcp_option list of strings no (none) The ID dhcp_option here must be with written with an underscore. OpenWrt will translate this to –dhcp-option, with a hyphen, as ultimately used by dnsmasq. Multiple option values can be given for this network-id, with a a space between them and the total string between “”. E.g. ‘26,1470’ or ‘option:mtu, 1470’ that can assign an MTU per DHCP. Your client must accept MTU by DHCP for this to work. Or “3,192.168.1.1 6,192.168.1.1” to give out gateway and dns server addresses.
dhcp_optoin是一個字符串列表,默認沒有。OpenWrt負責將這個選項轉換為dnsmasq的–dhcp-option選項,
Classifying Clients And Assigning Individual Options
分類客戶端並分配個體選項
DHCP can provide the client with numerous options, such as the domain name, NTP servers, network booting options, etc. While some settings are applicable to all hosts in a network segment, other are more specific and apply only to a group of hosts, or even only a single one. dnsmasq offers to group DHCP options and their values by a network-id, an alphanumeric identifier, and sending options only to hosts which have been tagged with that network-id.
DHCP能提供給客戶很多選項,例如domain name,NTP服務器,網絡啟動選項。然而有些設置只適用於一個網絡段里的所有主機,其它的特殊。只適用一組主機,或者甚至單個主機。dnsmasq提供了通過network-id的組識別,只發送option給有network-id標簽的主機。
In OpenWrt, you can tag hosts by the DHCP range they’re in (section dhcp), or a number of options the client might send with their DHCP request. In each of these sections, you can use the dhcp_option list to add DHCP options to be sent to hosts with this network-id.
在Openwrt里,能適用DHCP的范圍來標簽主機,或者option的數字。
Each classifying section has two configuration options: the value of the DHCP option used to distinguish clients, and the network-id that these clients should be tagged with. Here’s a template:
config classifier
option classifier 'value’
option networkid 'network-id’
list dhcp_option ‘DHCP-option’
DHCP Client的選項
UDHCPC選項說明
- udhcpc -p /var/run/udhcpc-br-lan1.pid -s /lib/netifd/dhcp.script -f -t 0 -i br-lan1 -V oakridge -C -O 43
- BusyBox v1.19.4 (2017-01-17 16:59:34 CST) multi-call binary.
-
- Usage: udhcpc [-fbnqoCRB] [-i IFACE] [-r IP] [-s PROG] [-p PIDFILE]
- [-H HOSTNAME] [-V VENDOR] [-x OPT:VAL]... [-O OPT]...
-
- -i,--interface IFACE Interface to use (default eth0)
- -p,--pidfile FILE Create pidfile
- -s,--script PROG Run PROG at DHCP events (default /usr/share/udhcpc/default.script)
- -B,--broadcast Request broadcast replies
- -t,--retries N Send up to N discover packets
- -T,--timeout N Pause between packets (default 3 seconds)
- -A,--tryagain N Wait N seconds after failure (default 20)
- -f,--foreground Run in foreground
- -b,--background Background if lease is not obtained
- -n,--now Exit if lease is not obtained
- -q,--quit Exit after obtaining lease
- -R,--release Release IP on exit
- -S,--syslog Log to syslog too
- -O,--request-option OPT Request option OPT from server (cumulative)
- -o,--no-default-options Don't request any options (unless -O is given)
- -r,--request IP Request this IP address
- -x OPT:VAL Include option OPT in sent packets (cumulative)
- Examples of string, numeric, and hex byte opts:
- -x hostname:bbox - option 12
- -x lease:3600 - option 51 (lease time)
- -x 0x3d:0100BEEFC0FFEE - option 61 (client id)
- -F,--fqdn NAME Ask server to update DNS mapping for NAME
- -H,-h,--hostname NAME Send NAME as client hostname (default none)
- -V,--vendorclass VENDOR Vendor identifier (default 'udhcp VERSION')
- -C,--clientid-none Don't send MAC as client identifier
- Signals:
- USR1 Renew current lease
- USR2 Release current lease
/etc/config/network
reqopts string no (none) Space-separated list of additional DHCP options to request from the server
sendopts string no (none) Space-separated list of additional DHCP options to send to the server. Syntax: option:value where option is either an integer code or a symbolic name such as hostname.
reqopts 字符串,額外DHCP選項請求。在參數請求列表里。
Reference
DHCP for dhsmasq config
Network for UDHCPC config
DHCP Options List
DNSMASQ Manual
UDHCPC Manual