From a660a076db5a419963e0429a71201d07445ba6ea Mon Sep 17 00:00:00 2001 From: =?utf8?q?David=20H=C3=A4rdeman?= Date: Thu, 9 Oct 2025 16:16:53 +0200 Subject: [PATCH] base-files: generate a global DHCP DUID MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit odhcp6c and odhcpd currently generate custom DUIDS on a per-interface basis using the MAC address of the given interface. This is contrary to how DUIDs are meant to be used, as the client identifier will vary from interface to interface, while it is meant to remain stable for a given host, no matter how the network hardware changes (see RFC8415, §11). The same problem exists in odhcpd, which also generates server-side DUIDs on a per-interface basis. In order to support a stable per-device DUID, generate one on first boot and store it via uci. Currently, a DUID-UUID style clientid is generated. This is mostly meant as an RFC, and we might consider using a different kind of DUID instead (DUID-LLT, DUID-EN). One drawback is that this will typically change the DUID used on existing OpenWrt devices when upgrading to a new release. However, that seems unavoidable and is a one-time pain in order to have stable DUIDs (and in many cases, it shouldn't cause any issues). v2: move the uci cfg generation outside of an IPv6-only block since this is relevant to the DHCPv4 client as well Signed-off-by: David Härdeman Link: https://github.com/openwrt/openwrt/pull/20359 Signed-off-by: Robert Marko --- package/base-files/files/bin/config_generate | 15 ++++++++------- .../etc/uci-defaults/14_network-generate-clientid | 9 +++++++++ 2 files changed, 17 insertions(+), 7 deletions(-) create mode 100644 package/base-files/files/etc/uci-defaults/14_network-generate-clientid diff --git a/package/base-files/files/bin/config_generate b/package/base-files/files/bin/config_generate index 7507aa612c..18fae054d4 100755 --- a/package/base-files/files/bin/config_generate +++ b/package/base-files/files/bin/config_generate @@ -44,14 +44,15 @@ generate_static_network() { set network.loopback.device='lo' set network.loopback.proto='static' add_list network.loopback.ipaddr='127.0.0.1/8' + delete network.globals + set network.globals='globals' + set network.globals.dhcp_default_duid='auto' EOF - [ -e /proc/sys/net/ipv6 ] && { - uci -q batch <<-EOF - delete network.globals - set network.globals='globals' - set network.globals.ula_prefix='auto' - EOF - } + [ -e /proc/sys/net/ipv6 ] && { + uci -q batch <<-EOF + set network.globals.ula_prefix='auto' + EOF + } if json_is_a dsl object; then json_select dsl diff --git a/package/base-files/files/etc/uci-defaults/14_network-generate-clientid b/package/base-files/files/etc/uci-defaults/14_network-generate-clientid new file mode 100644 index 0000000000..70da185c20 --- /dev/null +++ b/package/base-files/files/etc/uci-defaults/14_network-generate-clientid @@ -0,0 +1,9 @@ +[ "$(uci -q get network.globals.dhcp_default_duid)" != "auto" ] && exit 0 + +uci -q batch <<-EOF >/dev/null + # DUID-UUID - RFC6355 + set network.globals.dhcp_default_duid="$(hexdump -vn 16 -e '"0004" 2/2 "%x"' /dev/urandom)" + commit network +EOF + +exit 0 -- 2.30.2