dhcp-option on openwrt

openwrt

Target

配置网络支持dhcp option 43和option 60携带的capwapc的master和slave server的信息。客户端解释这个option43

Openwrt配置

服务器端/etc/config/dhcp

通过vendorclass来定义一个分类器，将携带’oakridge’vendor class的客户端分到独立的’oakridge’ networkid下。然后为这些客户强制发送option 43的信息，不论客户端有没有请求.

config vendorclass ‘oakridge‘
option vendorclass ‘oakridge‘
option networkid ‘oakridge‘
option force ‘1‘
list dhcp_option ‘43,1,4,192.168.100.117,1,4,192.168.100.20,2,12,ac1.test.com‘

转换为/var/etc/dnsmasq.conf如下

dhcp-vendorclass=oakridge,oakridge
dhcp-option-force=oakridge,43,1,4,192.168.100.117,1,4,192.168.100.20,2,12,ac1.test.com

客户端配置/etc/config/network

指定vendorid为oakridge,并请求option 43

config interface ‘lan1‘
option ifname ‘eth0.1‘
option type ‘bridge‘
option proto ‘dhcp‘
option vendorid ‘oakridge‘
option reqopts ‘43‘

修改客户端udhcpc代码，将option 43携带信息转换为脚本/lib/netifd/dhcp.sh的环境变量

--- a/networking/udhcp/common.c
+++ b/networking/udhcp/common.c
@@ -41,6 +41,7 @@ const struct dhcp_optflag dhcp_optflags[
{ OPTION_STRING_HOST , 0x28 }, /* DHCP_NIS_DOMAIN */
{ OPTION_IP | OPTION_LIST , 0x29 }, /* DHCP_NIS_SERVER */
{ OPTION_IP | OPTION_LIST | OPTION_REQ, 0x2a }, /* DHCP_NTP_SERVER */
+ { OPTION_STRING | OPTION_REQ, 0x2b }, /* DHCP_AC_ADDR */
{ OPTION_IP | OPTION_LIST , 0x2c }, /* DHCP_WINS_SERVER */
{ OPTION_U32 , 0x33 }, /* DHCP_LEASE_TIME */
{ OPTION_IP , 0x36 }, /* DHCP_SERVER_ID */
@@ -108,6 +109,7 @@ const char dhcp_option_strings[] ALIGN1
"nisdomain" "\0" /* DHCP_NIS_DOMAIN */
"nissrv" "\0" /* DHCP_NIS_SERVER */
"ntpsrv" "\0" /* DHCP_NTP_SERVER */
+ "acaddr" "\0" /* DHCP_AC_ADDR */
"wins" "\0" /* DHCP_WINS_SERVER */
"lease" "\0" /* DHCP_LEASE_TIME */
"serverid" "\0" /* DHCP_SERVER_ID */

修改客户端udhcpc调用的脚本/lib/netifd/dhcp.sh

# add option43 server list into capwapc config file
[ -n "$acaddr" ] && {
acaddrs=`echo $acaddr | awk -F‘,‘ ‘{for(i=1;i <= NF; i++){ if(i%3==0)print $i}}‘`;
uci delete capwapc.server.option43_server
for addr in $acaddrs
do
uci add_list capwapc.server.option43_server=$addr;
done
uci commit capwapc;
}

dnsmasq的dhcp-option说明

-O, --dhcp-option=[tag:

Specify different or extra options to DHCP clients.

指定不同的或额外的options给DHCP客户端。

By default, dnsmasq sends some standard options to DHCP clients, the netmask and broadcast address are set to the same as the host running dnsmasq, and the DNS server and default route are set to the address of the machine running dnsmasq.

缺省下，dnsmasq发送一些标准的options给DHCP客户端，子网掩码和广播地址被设置跟运行dnsmasq的主机一样，DNS服务器和缺省路由被设置为运行dnsmasq机器的地址。

(Equivalent rules apply for IPv6.)

同样的规则适用于IPv6.

If the domain name option has been set, that is sent. This configuration allows these defaults to be overridden, or other options specified.

如果域名被设置，它被发送。这个配置允许覆写这些缺省，或其它被指定的选项

The option, to be sent may be given as a decimal number or as “option:

[email protected]~ $ dnsmasq --help dhcp
Known DHCP options:
1 netmask
2 time-offset
3 router
6 dns-server
7 log-server
9 lpr-server
13 boot-file-size
15 domain-name
16 swap-server
17 root-path
18 extension-path
19 ip-forward-enable
20 non-local-source-routing
21 policy-filter
22 max-datagram-reassembly
23 default-ttl
26 mtu
27 all-subnets-local
31 router-discovery
32 router-solicitation
33 static-route
34 trailer-encapsulation
35 arp-timeout
36 ethernet-encap
37 tcp-ttl
38 tcp-keepalive
40 nis-domain
41 nis-server
42 ntp-server
44 netbios-ns
45 netbios-dd
46 netbios-nodetype
47 netbios-scope
48 x-windows-fs
49 x-windows-dm
58 T1
59 T2
60 vendor-class
64 nis+-domain
65 nis+-server
66 tftp-server
67 bootfile-name
68 mobile-ip-home
69 smtp-server
70 pop3-server
71 nntp-server
74 irc-server
77 user-class
93 client-arch
94 client-interface-id
97 client-machine-id
119 domain-search
120 sip-server
121 classless-static-route
125 vendor-id-encap
255 server-ip-address

For example, to set the default route option to 192.168.4.4, do --dhcp-option=3,192.168.4.4 or --dhcp-option = option:router, 192.168.4.4 and to set the time-server address to 192.168.0.4, do --dhcp-option = 42,192.168.0.4 or --dhcp-option = option:ntp-server, 192.168.0.4

例如，设置缺省路由为192.168.4.4，可以使用–dhcp-optoin=3,192.168.4.4或者–dhcp-option=option:router,192.168.4.4。设置time-server地址为192.168.0.4，可以使用–dhcp-option=42,192.168.0.4或者–dhcp-option=option:ntp-server,192.168.0.4

The special address 0.0.0.0 is taken to mean “the address of the machine running dnsmasq”.

专用地址0.0.0意思是运行dnsmasq机器的地址

Data types allowed are comma separated dotted-quad IPv4 addresses, []-wrapped IPv6 addresses, a decimal number, colon-separated hex digits and a text string.

数据类型允许逗号隔开的四个.的IPv4地址，[]括起来的IPv6地址，一个十进制数，冒号分割的十六进制数和一个文本字符串。

If the optional tags are given then this option is only sent when all the tags are matched.

如果可选的tag被指定，之后这个option只有当所有tags都匹配才被发送。

Special processing is done on a text argument for option 119, to conform with RFC 3397.

option 119的文本参数根据RFC 3397被特殊处理.

Text or dotted-quad IP addresses as arguments to option 120 are handled as per RFC 3361.

文本或四个.的IP地址作为option 120的参数根据每个RFC 3361被处理。

Dotted-quad IP addresses which are followed by a slash and then a netmask size are encoded as described in RFC 3442.

根据RFC 3442里的描述，四个.的IP地址加反斜线和子网掩码被编码。

IPv6 options are specified using the option6: keyword, followed by the option number or option name.

IPv6 options使用optoin6:keyword后面跟选项数或者名字。

The IPv6 option name space is disjoint from the IPv4 option name space.

IPv6名字空间跟IPv4选项名字空间不想交。

IPv6 addresses in options must be bracketed with square brackets, eg. --dhcp-option=option6:ntp-server,[1234::56] For IPv6, [::] means “the global address of the machine running dnsmasq”, whilst [fd00::] is replaced with the ULA, if it exists, and [fe80::] with the link-local address.

在options里的IPv6地址必须加括号。例如–dhcp-option=option6:ntp-server,[1234::56]。[::]表示运行dnsmasq的机器的全局地址。同时[fd00::]被ULA代替。

[fe80::]是link-local地址。

Be careful: no checking is done that the correct type of data for the option number is sent, it is quite possible to persuade dnsmasq to generate illegal DHCP packets with injudicious use of this flag.

注意：选项数字的数据类型的正确性不会被检查。这个可能使dnsmasq产生非法的DHCP包因为不正当的flag的使用。

When the value is a decimal number, dnsmasq must determine how large the data item is.

当数值使个十进制数，dnsmasq必须决定这个数据项有多大。

It does this by examining the option number and/or the value, but can be overridden by appending a single letter flag as follows: b = one byte, s = two bytes, i = four bytes.

通过检查option number和（或）数值，但是通过追加的单个字符flag覆写。b是一个字节，s是两个字节，i是四个字节。

This is mainly useful with encapsulated vendor class options (see below) where dnsmasq cannot determine data size from the option number.

当封装vendor class option时，dnsmasq不能通过option number决定数据大小。这个字符flag非常有用。

Option data which consists solely of periods and digits will be interpreted by dnsmasq as an IP address, and inserted into an option as such.

option数据由单一的周期和数字被dnsmasq解释为IP地址，

To force a literal string, use quotes. For instance when using option 66 to send a literal IP address as TFTP server name, it is necessary to do --dhcp-option=66,"1.2.3.4"

为了强制一个文本的字符串，使用双引号。例如当使用option 66来发送一个文本IP地址作为TFTP服务器名字，必须使用–dhcp-option=66,"1.2.3.4"

Encapsulated Vendor-class options may also be specified (IPv4 only) using --dhcp-option: for instance --dhcp-option=vendor:PXEClient,1,0.0.0.0 sends the encapsulated vendor class-specific option “mftp-address=0.0.0.0” to any client whose vendor-class matches “PXEClient”.

封装Vendor-class option可能使用–dhcp-option被指定.例如，–dhcp-option=vendor:PXEClient,1,0.0.0.0发送一个封装的vendor-class-specific选项”mftp-address=0.0.0.0"到任何一个vendor-class是PXEClient的client。

The vendor-class matching is substring based (see --dhcp-vendorclass for details).

vendor-class匹配以子字符串为基础（详细见 --dhcp-vendorclass）

If a vendor-class option (number 60) is sent by dnsmasq, then that is used for selecting encapsulated options in preference to any sent by the client. It is possible to omit the vendorclass completely; --dhcp-option=vendor:,1,0.0.0.0 in which case the encapsulated option is always sent.

如果一个vendor-class选项（60）被dnsmasq发送，然后被选择封装选项的客户端。它可能完全忽略vendorclass。–dhcp-option=vendor:,1,0.0.0.0在这个例子里封装选项总是被发送。

Options may be encapsulated (IPv4 only) within other options: for instance --dhcp-option=encap:175, 190, iscsi-client0 will send option 175, within which is the option 190.

选项可能被封装在其它选项里。例如–dhcp-option=encap:175,190, iscsi-client0将发送option175在option190里。

If multiple options are given which are encapsulated with the same option number then they will be correctly combined into one encapsulated option. encap: and vendor: are may not both be set in the same dhcp-option.

如果多个选项被给定在同一个选项的封装里，他们将正确的本病在一个封装选项里。encap:和vendor:不能被设置在同一个dhcp-option里。

The final variant on encapsulated options is “Vendor-Identifying Vendor Options” as specified by RFC3925.

最终封装选项的变种是"Vendor-Identifying Vendor Option"定义在RFC3925里。

These are denoted like this: --dhcp-option=vi-encap:2, 10, text The number in the vi-encap: section is the IANA enterprise number used to identify this option. This form of encapsulation is supported in IPv6.

The address 0.0.0.0 is not treated specially in encapsulated options.

–dhcp-option=vi-encap:2,10,text. 在vi-encap:里的数字是IANA enterprise number用来标识这个选项。在IPv6里也支持。地址0.0.0.0在封装选项里没有特殊意义。

–dhcp-option-force=[tag:

/etc/config/dhcp

dhcp_option list of strings no (none) The ID dhcp_option here must be with written with an underscore. OpenWrt will translate this to –dhcp-option, with a hyphen, as ultimately used by dnsmasq. Multiple option values can be given for this network-id, with a a space between them and the total string between “”. E.g. ‘26,1470’ or ‘option:mtu, 1470’ that can assign an MTU per DHCP. Your client must accept MTU by DHCP for this to work. Or “3,192.168.1.1 6,192.168.1.1” to give out gateway and dns server addresses.

dhcp_optoin是一个字符串列表，默认没有。OpenWrt负责将这个选项转换为dnsmasq的–dhcp-option选项，

Classifying Clients And Assigning Individual Options

分类客户端并分配个体选项

DHCP can provide the client with numerous options, such as the domain name, NTP servers, network booting options, etc. While some settings are applicable to all hosts in a network segment, other are more specific and apply only to a group of hosts, or even only a single one. dnsmasq offers to group DHCP options and their values by a network-id, an alphanumeric identifier, and sending options only to hosts which have been tagged with that network-id.

DHCP能提供给客户很多选项，例如domain name，NTP服务器，网络启动选项。然而有些设置只适用于一个网络段里的所有主机，其它的特殊。只适用一组主机，或者甚至单个主机。dnsmasq提供了通过network-id的组识别，只发送option给有network-id标签的主机。

In OpenWrt, you can tag hosts by the DHCP range they’re in (section dhcp), or a number of options the client might send with their DHCP request. In each of these sections, you can use the dhcp_option list to add DHCP options to be sent to hosts with this network-id.

在Openwrt里，能适用DHCP的范围来标签主机，或者option的数字。

Each classifying section has two configuration options: the value of the DHCP option used to distinguish clients, and the network-id that these clients should be tagged with. Here’s a template:

config classifier

option classifier ‘value’

option networkid ‘network-id’

list dhcp_option ‘DHCP-option’

DHCP Client的选项

UDHCPC选项说明

udhcpc -p /var/run/udhcpc-br-lan1.pid -s /lib/netifd/dhcp.script -f -t 0 -i br-lan1 -V oakridge -C -O 43
BusyBox v1.19.4 (2017-01-17 16:59:34 CST) multi-call binary.
Usage: udhcpc [-fbnqoCRB] [-i IFACE] [-r IP] [-s PROG] [-p PIDFILE]
[-H HOSTNAME] [-V VENDOR] [-x OPT:VAL]... [-O OPT]...
-i,--interface IFACE Interface to use (default eth0)
-p,--pidfile FILE Create pidfile
-s,--script PROG Run PROG at DHCP events (default /usr/share/udhcpc/default.script)
-B,--broadcast Request broadcast replies
-t,--retries N Send up to N discover packets
-T,--timeout N Pause between packets (default 3 seconds)
-A,--tryagain N Wait N seconds after failure (default 20)
-f,--foreground Run in foreground
-b,--background Background if lease is not obtained
-n,--now Exit if lease is not obtained
-q,--quit Exit after obtaining lease
-R,--release Release IP on exit
-S,--syslog Log to syslog too
-O,--request-option OPT Request option OPT from server (cumulative)
-o,--no-default-options Don‘t request any options (unless -O is given)
-r,--request IP Request this IP address
-x OPT:VAL Include option OPT in sent packets (cumulative)
Examples of string, numeric, and hex byte opts:
-x hostname:bbox - option 12
-x lease:3600 - option 51 (lease time)
-x 0x3d:0100BEEFC0FFEE - option 61 (client id)
-F,--fqdn NAME Ask server to update DNS mapping for NAME
-H,-h,--hostname NAME Send NAME as client hostname (default none)
-V,--vendorclass VENDOR Vendor identifier (default ‘udhcp VERSION‘)
-C,--clientid-none Don‘t send MAC as client identifier
Signals:
USR1 Renew current lease
USR2 Release current lease

/etc/config/network

reqopts string no (none) Space-separated list of additional DHCP options to request from the server

sendopts string no (none) Space-separated list of additional DHCP options to send to the server. Syntax: option:value where option is either an integer code or a symbolic name such as hostname.

reqopts 字符串，额外DHCP选项请求。在参数请求列表里。