Lest it be forgotten, here is a rebased version of my "dhcp-authoritative"
patch (against 77d24de). According to dnsmasq(8), this option "should
be set when dnsmasq is definitely the only DHCP server on a network",
whis is the case for libvirt-managed networks.
In practice, this option has the effect that an expired lease can be
reacquired by the client using a DHCPREQUEST unless it has been given
to another client in the meantime. Without "dhcp-authoritative", this
operation always fails, which can be quite cumbersome.
There is no protection against rogue clients hijacking other client's
IP addresses, but that isn't specific to libvirt, and IP addresses don't
provide security anyway.
This is ovbiously not aimed at production environments; it's a convenience
for developers and casual users who'd rather not be bothered with network
XML host entries or the like.
Original submission:
https://www.redhat.com/archives/libvir-list/2016-September/msg00739.html
Daniel's post where he said that "unless there's a obvious downside to it,
it seems reasonable to add that":
https://www.redhat.com/archives/libvir-list/2016-September/msg01305.html
Regards,
Martin
Martin Wilck (2):
network: add dnsmasq option 'dhcp-authoritative'
tests/networkxml2confdata: add dhcp-authoritative option
src/network/bridge_driver.c | 4 +++-
tests/networkxml2confdata/dhcp6-nat-network.conf | 1 +
tests/networkxml2confdata/dhcp6host-routed-network.conf | 1 +
tests/networkxml2confdata/isolated-network.conf | 1 +
tests/networkxml2confdata/nat-network-dns-srv-record-minimal.conf | 1 +
tests/networkxml2confdata/nat-network-dns-srv-record.conf | 1 +
tests/networkxml2confdata/nat-network-dns-txt-record.conf | 1 +
tests/networkxml2confdata/nat-network-name-with-quotes.conf | 1 +
tests/networkxml2confdata/nat-network.conf | 1 +
tests/networkxml2confdata/netboot-network.conf | 1 +
tests/networkxml2confdata/netboot-proxy-network.conf | 1 +
11 files changed, 13 insertions(+), 1 deletion(-)
--
2.10.0