[Dnsmasq-discuss] dnsmasq DHCP behind a DHCP relay, without directly-connected addresses

James Brown jbrown at easypost.com
Thu Aug 11 21:01:44 BST 2016 

The relay is just dhcrelay3 running with default options. 10.90.95.121 is
the address of the machine running dnsmasq.

/usr/sbin/dhcrelay3 -d -i bond0.1274 -i bond0.1215 -c 12 -A 576 -m discard
10.90.95.121

Looking at the dhcrelay source code, it looks like it just sets giaddr to
the first ip address assigned on the system running the relay:

   741     if (!packet->giaddr.s_addr)
   742         packet->giaddr = ip->addresses[0]

If dnsmasq really does rely on giaddr being set to an address in the
correct subnet, it looks like I may have to replace dhcrelay3.
Unfortunately, it's running on Brocade vRouter (a routing platform with a
Linux control plane based on the earlier Vyatta product and related to the
open-source VyOS product), so that might be tricky.

On Thu, Aug 11, 2016 at 12:06 PM, Simon Kelley <simon at thekelleys.org.uk>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> OK, so the "ignored" thing was a red-herring, now we have the actual log
> s.
>
> You're ASCII art got mangled, so I can't work out exactly what the
> network topology is, but the logs show why no address is being allocated
> :
>
> dnsmasq-dhcp: 529627704 available DHCP subnet: 10.90.95.65/255.255.255.1
> 92
> dnsmasq-dhcp: 529627704 DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no
> address available
>
> As  0c:c4:7a:8e:1d:62 only has a dhcp-host address on
> 10.88.177.0/255.255.255.128 but dnsmasq thinks it's on
> 10.90.95.65/255.255.255.192.
>
> What needs to happen is that the DHCP relay forwards the DHCP discover
> packet to dnsmasq, and before it does that, it sets the "giaddr" field
> to the relay's address _on_the_subnet_where_the_host_is.
>
> So in this case, giaddr should be set to 10.88.177.1, which would
> enable dnsmasq to allocate it an address on that subnet, and not the
> subnet where the request arrives at the dnsmasq server.
>
> How is the DHCP relay configured?
>
> Simon.
>
>
> On 10/08/16 02:25, James Brown wrote:
> > Hi Simon:
> >
> > The string "ignore" does not occur in my config. Below is the
> > current entire config that I'm running on while I test this,
> > without the networks re-written into the clearer forms above:
> >
> > no-resolv server=8.8.8.8 no-daemon no-hosts log-facility=/dev/null
> > log-dhcp log-queries enable-tftp tftp-root=/srv/install/tftp
> > port=0 dhcp-option=6,10.90.95.113
> > dhcp-range=10.88.81.65,static,255.255.255.192
> > dhcp-range=10.90.95.65,static,255.255.255.192
> > dhcp-range=10.91.78.0,static,255.255.255.192
> > dhcp-range=10.88.177.0,static,255.255.255.128
> > dhcp-host=0c:c4:7a:8e:1d:62,10.88.177.107
> > dhcp-option=3,10.88.177.1
> >
> > And the output when trying to boot the machine listed under
> > dhcp-host:
> >
> > dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile time
> > options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua
> > TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify
> > dnsmasq-dhcp: DHCP, static leases only on 10.88.177.0, lease time
> > 1h dnsmasq-dhcp: DHCP, static leases only on 10.91.78.0, lease time
> > 1h dnsmasq-dhcp: DHCP, static leases only on 10.90.95.65, lease
> > time 1h dnsmasq-dhcp: DHCP, static leases only on 10.88.81.65,
> > lease time 1h dnsmasq-tftp: TFTP root is /srv/install/tftp
> > dnsmasq-dhcp: 529627704 available DHCP subnet:
> > 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 529627704
> > DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
> > dnsmasq-dhcp: 529627704 available DHCP subnet:
> > 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 529627704
> > DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
> > dnsmasq-dhcp: 4100833080 available DHCP subnet:
> > 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
> > DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
> > dnsmasq-dhcp: 4100833080 available DHCP subnet:
> > 10.90.95.65/255.255.255.192 dnsmasq-dhcp: 4100833080
> > DHCPDISCOVER(bond0) 0c:c4:7a:8e:1d:62 no address available
> >
> > On Wed, Aug 3, 2016 at 2:57 PM, Simon Kelley
> > <simon at thekelleys.org.uk> wrote: "dnsmasq-dhcp: 1302931552
> > DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored"
> >
> > Implies that you've somehow configured dnsmasq to ignore this
> > client, either with
> >
> > dhcp-host=<stuff to id client>,ignore
> >
> > or
> >
> > dhcp-ignore=<some tags>
> >
> >
> > Maybe take a look at the rest of the config you didn't post or post
> > it here? Fixing this problem is necessary before looking at the
> > subnet address selection stuff, which should be possible using a
> > DHCP relay.
> >
> > Cheers,
> >
> > Simon.
> >
> >
> >
> > On 02/08/16 23:43, James Brown wrote:
> >>>> I have a setup roughly like the following ASCII-art diagram
> >>>> (numbers and number of VLANs simplified greatly):
> >>>>
> >>>>
> >>>> |===== VLAN 1 : 10.0.1.0/24  ======|    |============== VLAN
> >>>> 2: 10.0.2.0/24 ==============| |
> >>>> | | | |   |------------------|        |-------------| | |
> >>>> | admin host   |        |  gateway    | | |   |
> >>>> 10.0.1.2/24   | | 10.0.1.1/24 |
> >>>> |----------------------------|      | | |------------------|
> >>>> | 10.0.2.1/24 |       |   client host | | |
> >>>> | etc         |       | should get static lease of |      |
> >>>> | |-------------|       | 10.0.2.x |      | | |    |
> >>>> |----------------------------|      |
> >>>> |==================================|
> >>>> |=================================================|
> >>>>
> >>>> ?We have multiple VLANs each of which has its own subnet.
> >>>> They're bridged by a single multi-homed gateway (actually, an
> >>>> HA pair of them, but whatever). The gateway is running
> >>>> dhrelay3 and forwarding DHCP requests to the admin host in
> >>>> the administrative VLAN, which is running dnsmasq with a
> >>>> database of addresses to hand out.? I would prefer to be able
> >>>> to avoid having to put that database on the gateway and have
> >>>> a bunch of dynamic host configuration on a router. The admin
> >>>> host is single-homed.
> >>>>
> >>>> The dnsmasq config looks like the following (I've removed
> >>>> most of the entries and config to simplify the question):
> >>>>
> >>>> port = 0 dhcp-range=10.0.1.0,static,255.255.255.0
> >>>> dhcp-range=10.0.2.0,static,255.255.255.0
> >>>> dhcp-option=6,10.0.2.3 dhcp-option=3,10.0.2.1
> >>>> dhcp-host=00:aa:bb:cc:dd:ee,10.2.0.86
> >>>>
> >>>> Unfortunately, dnsmasq seems to refuse to hand out addresses
> >>>> from a non-directly-connected subnet. When the requests come
> >>>> in from 00:aa:bb:cc:dd:ee, I just get the following logged:
> >>>>
> >>>> dnsmasq: started, version 2.76 DNS disabled dnsmasq: compile
> >>>> time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
> >>>> DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC
> >>>> loop-detect inotify dnsmasq-dhcp: DHCP, static leases only on
> >>>> 10.0.1.0, lease time 1h dnsmasq-dhcp: DHCP, static leases
> >>>> only on 10.0.2.0, lease time 1h dnsmasq-dhcp: DHCP, static
> >>>> leases only on 10.0.3.0, lease time 1h dnsmasq-dhcp:
> >>>> 1302931552 available DHCP subnet: 10.0.1.0/255.255.255.0
> >>>> dnsmasq-dhcp: 1302931552 DHCPDISCOVER(bond0)
> >>>> 00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp: 1302931552 available
> >>>> DHCP subnet: 10.0.1.0/255.255.255.0 dnsmasq-dhcp: 1302931552
> >>>> DHCPDISCOVER(bond0) 00:aa:bb:cc:dd:ee ignored dnsmasq-dhcp:
> >>>> 4279941416 available DHCP subnet: 10.0.1.0/255.255.255.0
> >>>> dnsmasq-dhcp: 4279941416 DHCPDISCOVER(bond0)
> >>>> 00:aa:bb:cc:dd:ee ignored
> >>>>
> >>>> ?Tcpdump of the packets being received by ?the host look
> >>>> roughly like the following:
> >>>>
> >>>> 22:23:57.987953 IP (tos 0x0, ttl 64, id 48608, offset 0,
> >>>> flags [DF], proto UDP (17), length 328) 10.0.1.1.bootps >
> >>>> admin.bootps: BOOTP/DHCP, Request from 00:aa:bb:cc:dd:ee (oui
> >>>> Unknown), length 300, hops 1, xid 0x4ec4ba20, secs 24, Flags
> >>>> [none] Gateway-IP 10.0.1.1 Client-Ethernet-Address
> >>>> 00:aa:bb:cc:dd:ee (oui Unknown) Vendor-rfc1048 Extensions
> >>>> Magic Cookie 0x63825363 DHCP-Message Option 53, length 1:
> >>>> Discover Parameter-Request Option 55, length 13: Subnet-Mask,
> >>>> BR, Time-Zone, Classless-Static-Route Domain-Name,
> >>>> Domain-Name-Server, Hostname, YD YS, NTP, MTU, Option 119
> >>>> Default-Gateway
> >>>>
> >>>> ?I would like for the admin host (10.0.1.1/24) to be able to
> >>>> hand out IP addresses to hosts in any VLAN without having to
> >>>> multi-home it. Is this just impossible in dnsmasq, or is
> >>>> there some magic option that will tell it to hand out IP
> >>>> addresses on a non-connected subnet when the request goes
> >>>> through a relay?
> >>>>
> >>>> I've attempted to go through the source code, but even once
> >>>> I figured out the idiosyncratic indentation style of
> >>>> rfc2131.c, I still can't figure out precisely where the logic
> >>>> to generate this message lives.
> >>>>
> >>>> ?Thanks for any help y'all can provide.?
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> Dnsmasq-discuss mailing list
> >>>> Dnsmasq-discuss at lists.thekelleys.org.uk
> >>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >>>>
> >>
> >>
> >>>>
> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBCAAGBQJXrMy7AAoJEBXN2mrhkTWiNWEP/0r2KXUyWqYHP1ULlQyiDny8
> LXQSkvPp/FeyExHQdunvtkyXnmKfHpUkNSl8b5zhYyH1xouobHwe9DTdju6qRb79
> gfMRRRS7R1wRzemzfE872/zRpXPI9kCZoWuh3ff2AewqXKwjkdWtgURghF0A5AfW
> gVNYYIjnASj88EGVlsRwL/u4fULc34peAYuFZ0qnw1qjZPt3otaWLtu2iz2qCG1x
> oHMCC+r2XiaHGSxcUxwYOj2vbKGEb3axcFtSQvrsrS7MjeHHy8Q7GP6D8kN/N7ir
> vtohdof709/75WJG7BPh2o6fKe1+4cujM7YojbcGsakqXSPnCzZm7FNfjdPXoj4c
> oYKAFdPnebzza8aQbrD0lf3ssDvbp+LMWEGosjyw4uNX0YMZm+qPykALXReL4dbT
> OC8cIT36grNrdW4ajL1VgisgqDbt4FEAKFAXdWvVodI4h00Ohul9hPBYT1Jmn30t
> rdlI+uZZosQ17d/uXYudU8v/trkrKNhh/BDYBWCvGRvK2zWDNUA/53uUcVOneI56
> co3LF9W6/9Um6edulGbFNPuOBpWCLN75DU2yTmgmUlyVPk+yu+g9mcgGyz7RvqNI
> NRDsVDhv4oF4kp7/QkGqE+/EFyeTLrzGMgvoKy6wV+uc+0olHlKaiJ31e45XOhxL
> RIftDYws8P9cYt5rmWYh
> =qm0U
> -----END PGP SIGNATURE-----
>



-- 
James Brown
Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160811/30e5e4ec/attachment-0001.html>

More information about the Dnsmasq-discuss mailing list