diff options
author | Shawn Routhier <sar@isc.org> | 2012-11-16 15:02:13 -0800 |
---|---|---|
committer | Shawn Routhier <sar@isc.org> | 2012-11-16 15:02:13 -0800 |
commit | f8380d3ff2a1db349b05fec75d2e12ac1a0b9c89 (patch) | |
tree | 7a6262f5df71ea128984441bf2ad1827677d8caa /includes/site.h | |
parent | 3aa562f8ad63d047eaafb01968730a6effb2d952 (diff) | |
download | isc-dhcp-f8380d3ff2a1db349b05fec75d2e12ac1a0b9c89.tar.gz |
[master]
+- Add support for a simple check that the server id in a request message
+ to a failover peer matches the server id of the server. This support
+ is enabled by editing the file includes/site.h and uncommenting the
+ definition for SERVER_ID_CHECK. The option has several restrictions
+ and issues - please read the comment in the site.h file before
+ enabling it.
+ [ISC-Bugs #31463]
Diffstat (limited to 'includes/site.h')
-rw-r--r-- | includes/site.h | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/includes/site.h b/includes/site.h index f424129d..76be056c 100644 --- a/includes/site.h +++ b/includes/site.h @@ -248,3 +248,30 @@ computed for a NAK may not match that computed for an ACK. */ #define SERVER_ID_FOR_NAK + +/* When processing a request do a simple check to compare the + server id the client sent with the one the server would send. + In order to minimize the complexity of the code the server + only checks for a server id option in the global and subnet + scopes. Complicated configurations may result in differnet + server ids for this check and when the server id for a reply + packet is determined, which would prohibit the server from + responding. + + The primary use for this option is when a client broadcasts + a request but requires the response to come from one of the + failover peers. An example of this would be when a client + reboots while its lease is still active - in this case both + servers will normally respond. Most of the time the client + won't check the server id and can use either of the responses. + However if the client does check the server id it may reject + the response if it came from the wrong peer. If the timing + is such that the "wrong" peer responds first most of the time + the client may not get an address for some time. + + Currently this option is only available when failover is in + use. + + Care should be taken before enabling this option. */ + +/* #define SERVER_ID_CHECK */ |