[Dnsmasq-discuss] DHCP packet received on <interface> which has no address

Andrew Shadura andrew.shadura at collabora.co.uk
Thu Aug 25 11:18:46 BST 2016


On 25/08/16 12:55, Albert ARIBAUD wrote:
> Hi,
> 
> Le Thu, 25 Aug 2016 11:52:41 +0300
> Andrew Shadura <andrew.shadura at collabora.co.uk> a écrit:
> 
>> Hello,
>>
>> We've run into an issue: in our configuration, there are many
>> interfaces, some of them are being served by dnsmasq-dhcp, some of
>> them use run dhcp client themselves.
> 
> Not sure I'm getting this right, but I assume you mean on some
> interfaces the host running your dnsmasq is DHCP server, and on some it
> is DHCP client.

Yes, that's correct.

>> Interfaces come and go, so it's
>> not always possible to use bind-interfaces.
> 
> This seems to imply that dnsmasq should serve (at least some) of these
> dynamic interfaces. If all dynamic interfaces should be served, then
> AFAIU bind-dynamic is what you need. Otherwise, you need some ad hoc
> means discriminate beweeen 'client' and 'server' dynamic interfaces.

There are .conf snippets for those 'server' interfaces with interface=
keyword specifying the interface name.

> Also, you haven't said how these interfaces come and go. Are they
> virtual interfaces? VLANs? taps? bridges? etc.

They are VLANs on hotplugged Ethernet interfaces, we use ifplugd to
bring some of them up and down when the link state changes.

>> Sometimes dnsmasq-dhcp
>> reacts to the DHCP packets coming from the interfaces it's not
>> supposed to work with, and as they hasn't been configured yet dnsmasq
>> complains.
> 
> Again, I'm interpreting here, but I'll assume you mean that on some
> (dynamic?) interfaces where the host is supposed to be a client,
> its dnsmasq actually does answer DHCP requests. I would understand how
> this happens if you already use bind-dynamic, otherwise I don't see how
> this is possible.

We don't use bind-dynamic. From what I see, bind-dynamic may be useful
but what I don't like about it is that it also handles new unknown
interfaces — that may be not acceptable in our case.

>> Having looked at the code, I see the warning is issued when
>> dnsmasq-dhcp has detected the interface hasn't got an address, before
>> it checks the interface name or exclusion lists. That doesn't seem
>> right to me, but I haven't come up with a reasonable patch yet.
>>
>> Could that please be fixed?
> 
> I beliveve it is perfectly right that dnsmasq can only serve IPs to a
> network segment it knows the IP subnet of, and that knowledge comes
> from the interface to that segment having an IP itself.
> 
> So the problem comes from dnsmasq listening on an up but unconfigured
> interface.
> 
> So either dnsmasq should listen on this interface, and then it is wrong
> that this interface has no IP, or dnsmasq should not listen on this
> interface, and it was a mistake to let it.

Sure, obviously. The issue as I understand it is that this particular
option isn't implemented correctly, as the code first attempts to get
the address of the interface, and checks its name only if it succeeds,
so it issues warnings also for interfaces explicitly excluded by the user.

> Or dnsmasq is receiving requests on an interface which should not
> present them but does because of your local (virtual, vlan, tap,
> bridge...) interface setup.
> 
> Of course, without more info on your setup, I might be wrong, and
> possible am. So can you please elaborate on your host's networking
> setup?


-- 
Cheers,
  Andrew

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160825/8287a208/attachment.sig>


More information about the Dnsmasq-discuss mailing list