(code change offer inside) To enable dynamic leases with parameters

shodanx · January 7, 2026, 8:27pm

Hi,

I have found a bug in /etc/init.d/dnsmasq

That prevented creating dynamic leases with parameters

because of this line

[ -z "$ip" ] && [ -z "$name" ] && [ -z "$hostid" ] && return 0

Changing the function like this allows dynamic leases without an ip address, hostname (and hostid ? I’m not sure what that is)

dhcp_host_add() {
        local cfg="$1"
        local hosttag nametime addrs duids macs tags mtags

        config_get_bool force "$cfg" force 0

        config_get networkid "$cfg" networkid
        [ -n "$networkid" ] && dhcp_option_add "$cfg" "$networkid" "$force"

        config_get_bool enable "$cfg" enable 1
        [ "$enable" = "0" ] && return 0

        config_get name "$cfg" name
        config_get ip "$cfg" ip
        config_get hostid "$cfg" hostid
        config_get mac "$cfg" mac
        config_get duid "$cfg" duid
        [ -z "$ip" ] && [ -z "$name" ] && [ -z "$hostid" ] && [ -z "$mac" ] && [ -z "$duid" ] && return 0


        config_get_bool dns "$cfg" dns 0
        [ "$dns" = "1" ] && [ -n "$ip" ] && [ -n "$name" ] && {
                echo "$ip $name${DOMAIN:+.$DOMAIN}" >> "$HOSTFILE_TMP"
        }

        config_get tag "$cfg" tag

        add_tag() {
                mtags="${mtags}tag:$1,"
        }
        config_list_foreach "$cfg" match_tag add_tag

        if [ -n "$mac" ]; then
                # --dhcp-host=00:20:e0:3b:13:af,192.168.0.199,lap
                # many MAC are possible to track a laptop ON/OFF dock
                for m in $mac; do append macs "$m" ","; done
        fi

        if [ $DNSMASQ_DHCP_VER -eq 6 ] && [ -n "$duid" ]; then
                # --dhcp-host=id:00:03:00:01:12:00:00:01:02:03,[::beef],lap
                # one (virtual) machine gets one DUID per RFC3315
                duids="id:${duid// */}"
        fi

        if [ -z "$macs" ] && [ -z "$duids" ]; then
                # --dhcp-host=lap,192.168.0.199,[::beef]
                [ -n "$name" ] || return 0
                macs="$name"
                name=""
        fi

        if [ -n "$hostid" ]; then
                hex_to_hostid hostid "$hostid"
        fi

        if [ -n "$tag" ]; then
                for t in $tag; do append tags "$t" ",set:"; done
        fi

        config_get_bool broadcast "$cfg" broadcast 0
        config_get leasetime "$cfg" leasetime

        [ "$broadcast" = "0" ] && broadcast= || broadcast=",set:needs-broadcast"

        hosttag="${networkid:+,set:${networkid}}${tags:+,set:${tags}}$broadcast"
        nametime="${name:+,$name}${leasetime:+,$leasetime}"

        if [ $DNSMASQ_DHCP_VER -eq 6 ]; then
                addrs="${ip:+,$ip}${hostid:+,[::$hostid]}"
                xappend "--dhcp-host=$mtags$macs${duids:+,$duids}$hosttag$addrs$nametime"
        else
                xappend "--dhcp-host=$mtags$macs$hosttag${ip:+,$ip}$nametime"
        fi
}

I have tested this, it is great and works well.

The point is that this allows you to change dhcp options for a range of MAC addresses in my case.

So in my system I have all MAC which match

de:ad:be:ef:*:*

have dhcp option

3,10.0.0.254

which is a non-routing address (later will be a fakeinternet router)

The point is to block internet access to the whole range of MAC address without incumbering the router with IP filtering address, which require static lease management, which I want to avoid as much as possible. And I’ll add my cell phone, TVs and IoT devices by MAC address wildcard.

So I would like to submit this change to this file.

github.com/openwrt/openwrt

package/network/services/dnsmasq/files/dnsmasq.init

master

#!/bin/sh /etc/rc.common
# Copyright (C) 2007-2012 OpenWrt.org

START=19

USE_PROCD=1
PROG=/usr/sbin/dnsmasq

ADD_LOCAL_DOMAIN=1
ADD_LOCAL_HOSTNAME=1
ADD_WAN_FQDN=0
ADD_LOCAL_FQDN=""

BASECONFIGFILE="/var/etc/dnsmasq.conf"
EXTRACONFFILE="extraconfig.conf"
BASEHOSTFILE="/tmp/hosts/dhcp"
TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf"
TIMEVALIDFILE="/var/state/dnsmasqsec"
BASEDHCPSTAMPFILE="/var/run/dnsmasq"
DHCPBOGUSHOSTNAMEFILE="/usr/share/dnsmasq/dhcpbogushostname.conf"

This file has been truncated. show original

I have made a series of sed commands which apply the change to the original file

see this thread for more details

grep -A10 'config_get name "$cfg" name' /etc/init.d/dnsmasqsed -i '/\[ -z "\$ip" \] && \[ -z "\$name" \] && \[ -z "\$hostid" \] && return 0/d' /etc/init.d/dnsmasq
sed -i '/^[[:space:]]*config_get \(mac\|duid\) "\$cfg" \(mac\|duid\)/d' /etc/init.d/dnsmasq
sed -i '/config_get hostid "\$cfg" hostid/a\        config_get mac "$cfg" mac' /etc/init.d/dnsmasq
sed -i '/config_get mac "\$cfg" mac/a\        config_get duid "$cfg" duid' /etc/init.d/dnsmasq
sed -i '/config_get duid "$cfg" duid/a\        [ -z "$ip" ] && [ -z "$name" ] && [ -z "$hostid" ] && [ -z "$mac" ] && [ -z "$duid" ] && return 0' /etc/init.d/dnsmasq
grep -A10 'config_get name "$cfg" name' /etc/init.d/dnsmasq

This resolves this question

probably this too

maybe this

maybe this eventually

probably this

maybe this

necessary for this, but still not enough

maybe this

maybe this but not enough on its own

Dante · January 7, 2026, 8:33pm

Why don't you open a PR in a relevant repo instead?

shodanx · January 7, 2026, 8:51pm

I’m not familiar with that system.

frollic · January 7, 2026, 9:01pm

shodanx · January 7, 2026, 9:44pm

ok, that’s really a lot of text to read …

brada4 · January 7, 2026, 9:50pm

You have subnets for that. Nothing in improved config management prevents user from changing IP or MAC

shodanx · January 7, 2026, 10:03pm

brada4

my solution, which is just fixing a bug in /etc/init.d/dnsmasq

Can isolate one host or a class of hosts in FOUR operations

How do you send a host to another subnet without creating static leases ?

Is it even possible to do that in Luci ?

And when you do that, how do you ping them ?

How does routing work ?

Is my Netgear Wax202 going to try and router 40gbps of traffic through its tiny CPU ?

What is “improved config management“ ?

brada4 · January 7, 2026, 10:39pm

Heard of DHCP relay?

Your sarcasm is misplaced.

shodanx · January 7, 2026, 10:52pm

I’m not being sarcastic,

Not creating static lease is precisely the point of my change

It removes the check which prevents dynamic leases that dnsmasq support

instead of my methods of creating a dhcp tag to change the gateway and then apply this tag to individual and ranges of mac addresses,

You suggest that, if I understand what you suggest,

create a new interface
dedicate a router port to that interface
(how does that work on a router with only one LAN one WAN port ?)
create separate physical network on separate physical ports
assign a static IP to that device
on a separate subnet
run a second dnsmasq instance in dhcp relay mode
and set the gateway of that dnsmasq instance to something else
setup routing rules between the subnets, which will route interhost traffic through my router’s tiny cpu
and now if I want to switch a host between the two gateway, I need to physically go and reconnect cables

Why is that better than

Set DHCP Tag to MAC(s),
set gateway to DHCP Tag
?

Here is all that was needed to enable this

brada4 · January 7, 2026, 11:36pm

Make a pull request, sed for patch and pictures are totally non-standard approach

btw cidr bcp aka network segmentation turns 20 this year