dhcpcd icon indicating copy to clipboard operation
dhcpcd copied to clipboard
verified publisher icon NetworkConfiguration

Option whitelist / Rouge DHCP replies

Open incognico opened this issue 1 year ago • 3 comments

Is there some way to have a option whitelist? Currently there is "option", which tells dhcpcd which ones to request. Also there is "nooption" which acts as a blacklist for options in the reply. But all (not explicitly requested) options in the reply which are not blacklisted via "nooption" will get accounted for.

Would be nice to either have something like "allowoptions" as a whitelist or a config parameter to enable a behaviour that only the explicitly requested options get respected in a reply and any surplus ones get discarded.

incognico avatar Dec 06 '24 11:12 incognico

What you could do is supply your own dhcpcd-definitions.conf and re-compile dhcpcd using it. Any options not in your list won't be exported to the environment.

That won't stop dhcpcd from using what it understands via code however. Does that meet your needs for the time being?

rsmarples avatar Dec 07 '24 08:12 rsmarples

That seems to do the job. Would calling exit in the entry hook achive the same, or will dhcpcd do some more unwanted stuff on its own, in contrast to a stripped dhcpcd-definitions.conf?

incognico avatar Jan 15 '25 09:01 incognico

It will do the same, yes.

You could also use the —noconfigure option so that dhcpcd does nothing at all to configure the system and you’re on your own.

rsmarples avatar Jan 17 '25 07:01 rsmarples