Implement disableDHCP functionality:

If the Hardware object specifies that DHCP is disabled we don't respond to DHCP packets. Signed-off-by: Jacob Weinstock <[email protected]>
tinkerbell · Oct 23, 2024 · 16c3026 · 16c3026
1 parent f8b5d6d
commit 16c3026
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 32 deletions.
diff --git a/internal/backend/file/file.go b/internal/backend/file/file.go
@@ -57,6 +57,7 @@ type dhcp struct {
 	LeaseTime        int              `yaml:"leaseTime"`        // DHCP option 51.
 	Arch             string           `yaml:"arch"`             // DHCP option 93.
 	DomainSearch     []string         `yaml:"domainSearch"`     // DHCP option 119.
+	Disabled         bool             // If true, no DHCP response should be sent.
 	Netboot          netboot          `yaml:"netboot"`
 }
 
@@ -305,6 +306,9 @@ func (w *Watcher) translate(r dhcp) (*data.DHCP, *data.Netboot, error) {
 	// domain search
 	d.DomainSearch = r.DomainSearch
 
+	// disabled
+	d.Disabled = r.Disabled
+
 	// allow machine to netboot
 	n.AllowNetboot = r.Netboot.AllowPXE
 

diff --git a/internal/backend/kube/kube.go b/internal/backend/kube/kube.go
@@ -89,23 +89,8 @@ func (b *Backend) GetByMac(ctx context.Context, mac net.HardwareAddr) (*data.DHC
 		}
 	}
 
-	d, err := toDHCPData(i.DHCP)
+	d, n, err := transform(i, hardwareList.Items[0].Spec.Metadata)
 	if err != nil {
-		err = fmt.Errorf("failed to convert hardware to DHCP data: %w", err)
-		span.SetStatus(codes.Error, err.Error())
-
-		return nil, nil, err
-	}
-	// Facility is used in the default HookOS iPXE script so we get it from the hardware metadata, if set.
-	facility := ""
-	if hardwareList.Items[0].Spec.Metadata != nil {
-		if hardwareList.Items[0].Spec.Metadata.Facility != nil {
-			facility = hardwareList.Items[0].Spec.Metadata.Facility.FacilityCode
-		}
-	}
-	n, err := toNetbootData(i.Netboot, facility)
-	if err != nil {
-		err = fmt.Errorf("failed to convert hardware to netboot data: %w", err)
 		span.SetStatus(codes.Error, err.Error())
 
 		return nil, nil, err
@@ -153,23 +138,8 @@ func (b *Backend) GetByIP(ctx context.Context, ip net.IP) (*data.DHCP, *data.Net
 		}
 	}
 
-	d, err := toDHCPData(i.DHCP)
-	if err != nil {
-		err = fmt.Errorf("failed to convert hardware to DHCP data: %w", err)
-		span.SetStatus(codes.Error, err.Error())
-
-		return nil, nil, err
-	}
-	// Facility is used in the default HookOS iPXE script so we get it from the hardware metadata, if set.
-	facility := ""
-	if hardwareList.Items[0].Spec.Metadata != nil {
-		if hardwareList.Items[0].Spec.Metadata.Facility != nil {
-			facility = hardwareList.Items[0].Spec.Metadata.Facility.FacilityCode
-		}
-	}
-	n, err := toNetbootData(i.Netboot, facility)
+	d, n, err := transform(i, hardwareList.Items[0].Spec.Metadata)
 	if err != nil {
-		err = fmt.Errorf("failed to convert hardware to netboot data: %w", err)
 		span.SetStatus(codes.Error, err.Error())
 
 		return nil, nil, err
@@ -302,3 +272,27 @@ func toNetbootData(i *v1alpha1.Netboot, facility string) (*data.Netboot, error)
 
 	return n, nil
 }
+
+// transform returns data.DHCP and data.Netboot from part a v1alpha1.Interface and *v1alpha1.HardwareMetadata.
+func transform(i v1alpha1.Interface, m *v1alpha1.HardwareMetadata) (*data.DHCP, *data.Netboot, error) {
+	d, err := toDHCPData(i.DHCP)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to convert hardware to DHCP data: %w", err)
+	}
+	d.Disabled = i.DisableDHCP
+
+	// Facility is used in the default HookOS iPXE script so we get it from the hardware metadata, if set.
+	facility := ""
+	if m != nil {
+		if m.Facility != nil {
+			facility = m.Facility.FacilityCode
+		}
+	}
+
+	n, err := toNetbootData(i.Netboot, facility)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to convert hardware to netboot data: %w", err)
+	}
+
+	return d, n, nil
+}
diff --git a/internal/dhcp/data/data.go b/internal/dhcp/data/data.go
@@ -45,6 +45,7 @@ type DHCP struct {
 	LeaseTime        uint32           // DHCP option 51.
 	Arch             string           // DHCP option 93.
 	DomainSearch     []string         // DHCP option 119.
+	Disabled         bool             // If true, no DHCP response should be sent.
 }
 
 // Netboot holds info used in netbooting a client.

diff --git a/internal/dhcp/handler/reservation/handler.go b/internal/dhcp/handler/reservation/handler.go
@@ -83,6 +83,12 @@ func (h *Handler) Handle(ctx context.Context, conn *ipv4.PacketConn, p data.Pack
 
 			return
 		}
+		if d.Disabled {
+			log.Info("DHCP is disabled for this MAC address, no response sent", "type", p.Pkt.MessageType().String())
+			span.SetStatus(codes.Ok, "disabled DHCP response")
+
+			return
+		}
 		log.Info("received DHCP packet", "type", p.Pkt.MessageType().String())
 		reply = h.updateMsg(ctx, p.Pkt, d, n, dhcpv4.MessageTypeOffer)
 		log = log.WithValues("type", dhcpv4.MessageTypeOffer.String())
@@ -98,6 +104,12 @@ func (h *Handler) Handle(ctx context.Context, conn *ipv4.PacketConn, p data.Pack
 
 			return
 		}
+		if d.Disabled {
+			log.Info("DHCP is disabled for this MAC address, no response sent", "type", p.Pkt.MessageType().String())
+			span.SetStatus(codes.Ok, "disabled DHCP response")
+
+			return
+		}
 		log.Info("received DHCP packet", "type", p.Pkt.MessageType().String())
 		reply = h.updateMsg(ctx, p.Pkt, d, n, dhcpv4.MessageTypeAck)
 		log = log.WithValues("type", dhcpv4.MessageTypeAck.String())