OS-5195: DHCP spoofing protection should allow permitting all Client Identifiers


Issue Type:Bug
Priority:4 - Normal
Created at:2016-03-01T01:29:04.000Z
Updated at:2018-06-08T18:49:54.657Z


Created by:Former user
Reported by:Former user
Assigned to:Former user


Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2018-06-08T18:49:54.648Z)

Fix Versions

2018-06-21 Underwater Reactor (Release Date: 2018-06-21)

Related Issues


There should be a link property on VNICs that allows permitting all DHCP Client Identifiers, since there's no way to reasonably track them, and for people setting up KVM instances, there's no way for them to reasonably know ahead of time what Client Identifier will be used during network setup during installation. This allow-all-dhcp-cids property will allow us to make it so that, unless someone has specified which CIDs are permitted, we can allow all through.


Comment by Former user
Created at 2018-06-08T00:00:17.270Z

To test these changes, I verified that:

Comment by Jira Bot
Created at 2018-06-08T18:47:50.718Z

illumos-joyent commit c6b0ac12851403af18c06800770e65c0314956fb (branch master, by Cody Peter Mello)

OS-5195 DHCP spoofing protection should allow permitting all Client Identifiers
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Dan McDonald <danmcd@joyent.com>