[Dnsmasq-discuss] DNSMASQ Not Sending ACK?

Simon Kelley simon at thekelleys.org.uk
Tue Oct 10 22:50:35 BST 2017


That code is only being executed because your DHCP relay is including
the agent-id option in requests with sub-option 11, server-identifier
override.

It would be worth reading RFC 5107 to get more background on this.

The idea is that the server-identifier IP address in the DHCP exchange
should be the IP address of the _relay_ and not the IP address of the
DHCP server. This ensures that _all_ DHCP exchanges take place through
the relay. (Otherwise, the server-id is the address of the server, and
when the client comes to renew the lease, it will unicast direct to the
server, bypassing the relay)

Note that this is sufficently unusual case that I certainly can't rule
out dnsmasq bugs, but it's worth looking at what the value of the
server-id options are in all the packets, and what your relay is adding
as option 82 - suboption 11. These should be the same and be the address
of the relay. I can't tell if they are because your tcpdump has
unhelpfully resolved the serverid address to dhcp-server.localdomain,
but that doesn't look hopeful :)


Cheers,

Simon.





On 28/09/17 21:44, Jason Kary wrote:
> Hi Folks,
> 
> I was able to fix the problem by removing the following code:
> 
> lines 1107-1108 in rfc2131.c:
> 
>  if (option_addr(opt).s_addr != override.s_addr)
>    return 0;
> 
> Once I commented out this if statement the client was able to obtain the
> correct IP address via DHCP Relay.  The return 0 was causing the dnsmasq
> process to just silently ignore the DHCP Request packet.
> 
> I do not understand what the above code is checking for and why it is
> returning 0.  Maybe someone can help me the context a bit better?
> 
> Take Care
> Jason
> 
>> On Sep 25, 2017, at 4:11 PM, Jason Kary <jkary_98 at yahoo.com
>> <mailto:jkary_98 at yahoo.com>> wrote:
>>
>> Hi Chris,
>>
>> I cloned the GIT repository and tested with version 2.78test2-gb697fbb 
>>
>> I’m still seeing the server fail to respond to the request message:
>>
>> Frame 40189 (388 bytes on wire, 388 bytes captured)
>>    Arrival Time: Sep 25, 2017 20:59:01.142813000
>>    [Time delta from previous captured frame: 0.000646000 seconds]
>>    [Time delta from previous displayed frame: 0.000646000 seconds]
>>    [Time since reference or first frame: 149.170698000 seconds]
>>    Frame Number: 40189
>>    Frame Length: 388 bytes
>>    Capture Length: 388 bytes
>>    [Frame is marked: False]
>>    [Protocols in frame: eth:ip:udp:bootp]
>> Ethernet II, Src: 58:ac:78:b1:38:e1 (58:ac:78:b1:38:e1), Dst:
>> 00:0c:29:cf:10:0b (00:0c:29:cf:10:0b)
>>    Destination: 00:0c:29:cf:10:0b (00:0c:29:cf:10:0b)
>>        Address: 00:0c:29:cf:10:0b (00:0c:29:cf:10:0b)
>>        .... ...0 .... .... .... .... = IG bit: Individual address
>> (unicast)
>>        .... ..0. .... .... .... .... = LG bit: Globally unique address
>> (factory default)
>>    Source: 58:ac:78:b1:38:e1 (58:ac:78:b1:38:e1)
>>        Address: 58:ac:78:b1:38:e1 (58:ac:78:b1:38:e1)
>>        .... ...0 .... .... .... .... = IG bit: Individual address
>> (unicast)
>>        .... ..0. .... .... .... .... = LG bit: Globally unique address
>> (factory default)
>>    Type: IP (0x0800)
>> Internet Protocol, Src: 33.33.33.33 (33.33.33.33), Dst: 10.168.101.20
>> (10.168.101.20)
>>    Version: 4
>>    Header length: 20 bytes
>>    Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN:
>> 0x00)
>>        0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
>>        .... ..0. = ECN-Capable Transport (ECT): 0
>>        .... ...0 = ECN-CE: 0
>>    Total Length: 374
>>    Identification: 0xbd9b (48539)
>>    Flags: 0x00
>>        0.. = Reserved bit: Not Set
>>        .0. = Don't fragment: Not Set
>>        ..0 = More fragments: Not Set
>>    Fragment offset: 0
>>    Time to live: 255
>>    Protocol: UDP (0x11)
>>    Header checksum: 0x4acd [correct]
>>        [Good: True]
>>        [Bad : False]
>>    Source: 33.33.33.33 (33.33.33.33)
>>    Destination: 10.168.101.20 (10.168.101.20)
>> User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
>>    Source port: bootps (67)
>>    Destination port: bootps (67)
>>    Length: 354
>>    Checksum: 0x95d3 [validation disabled]
>>        [Good Checksum: False]
>>        [Bad Checksum: False]
>> Bootstrap Protocol
>>    Message type: Boot Request (1)
>>    Hardware type: Ethernet
>>    Hardware address length: 6
>>    Hops: 1
>>    Transaction ID: 0x21696b65
>>    Seconds elapsed: 0
>>    Bootp flags: 0x0000 (Unicast)
>>        0... .... .... .... = Broadcast flag: Unicast
>>        .000 0000 0000 0000 = Reserved flags: 0x0000
>>    Client IP address: 0.0.0.0 (0.0.0.0)
>>    Your (client) IP address: 0.0.0.0 (0.0.0.0)
>>    Next server IP address: 0.0.0.0 (0.0.0.0)
>>    Relay agent IP address: 33.33.33.33 (33.33.33.33)
>>    Client MAC address: 00:0c:29:65:e0:ea (00:0c:29:65:e0:ea)
>>    Client hardware address padding: 00000000000000000000
>>    Server host name not given
>>    Boot file name not given
>>    Magic cookie: (OK)
>>    Option: (t=53,l=1) DHCP Message Type = DHCP Request
>>        Option: (53) DHCP Message Type
>>        Length: 1
>>        Value: 03
>>    Option: (t=54,l=4) DHCP Server Identifier = 10.168.101.20
>>        Option: (54) DHCP Server Identifier
>>        Length: 4
>>        Value: 0AA86514
>>    Option: (t=50,l=4) Requested IP Address = 10.168.102.128
>>        Option: (50) Requested IP Address
>>        Length: 4
>>        Value: 0AA86680
>>    Option: (t=55,l=18) Parameter Request List
>>        Option: (55) Parameter Request List
>>        Length: 18
>>        Value: 011C02790F060C28292A1A770379F921FC2A
>>        1 = Subnet Mask
>>        28 = Broadcast Address
>>        2 = Time Offset
>>        121 = Classless Static Route
>>        15 = Domain Name
>>        6 = Domain Name Server
>>        12 = Host Name
>>        40 = Network Information Service Domain
>>        41 = Network Information Service Servers
>>        42 = Network Time Protocol Servers
>>        26 = Interface MTU
>>        119 = Domain Search [TODO]
>>        3 = Router
>>        121 = Classless Static Route
>>        249 = Private/Classless Static Route (Microsoft)
>>        33 = Static Route
>>        252 = Private/Proxy autodiscovery
>>        42 = Network Time Protocol Servers
>>    Option: (t=82,l=44) Agent Information Option
>>        Option: (82) Agent Information Option
>>        Length: 44
>>        Value: 010A01080006004C4F2A002F020658AC78B138E1970A0062...
>>        Agent Circuit ID: 01080006004C4F2A002F
>>        Agent Remote ID: 58AC78B138E1
>>        DHCPv4 Virtual Subnet Selection: 006262742D76786C616E
>>        Server Identifier Override: 0AA86601
>>        Link selection: 10.168.102.0
>>    End Option
>>    Padding
>>
>>
>>
>>
>> Pls find my dnsmasq.conf as follows:
>>
>> <PastedGraphic-1.tiff>
>>
>> Take Care
>> Jason
>>
>>
>>
>>> On Sep 25, 2017, at 4:10 PM, Jason Kary (jkary) <jkary at cisco.com
>>> <mailto:jkary at cisco.com>> wrote:
>>>
>>> Hi,
>>>
>>> Pls find my dnsmasq.conf as follows:
>>>
>>> <PastedGraphic-1.tiff>
>>>
>>> Take Care
>>> Jason
>>>
>>>> On Sep 22, 2017, at 5:10 PM, Chris Novakovic <chris at chrisn.me.uk
>>>> <mailto:chris at chrisn.me.uk>> wrote:
>>>>
>>>> On 22/09/2017 19:24, Jason Kary (jkary) wrote:
>>>>> Thank you for the update.  We are running version 2.66
>>>>
>>>> 2.66 is four and a half years old now, and those parts of the codebase
>>>> have been overhauled quite a lot since then --- is there any way you can
>>>> test your setup with 2.77 plus the patch in [2] from my initial reply
>>>> (or, better still, master/HEAD in the git repository)? Also, it'd be
>>>> helpful if you could post your full dnsmasq configuration.
>>>
>>
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list