<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>On 4/19/23 11:38, Buck Horn wrote:<br>

    </p>

    <blockquote type="cite"

      cite="mid:em9421c00f-4a64-46e6-b014-299fd90df356@user-pc">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <style>#xffcbed036da340a4b009f89cb76d76a0{

        font-family:Tahoma;

        font-size:12pt;

}</style>

      <style id="css_styles" type="text/css">blockquote.cite { margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc }blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding-top: 0px; }a img { border: 0px; }li[style='text-align: center;'], li[style='text-align: right;'] {  list-style-position: inside;}body { font-family: Tahoma; font-size: 12pt;   }</style>

      <div><br>

      </div>

      <div id="x4ec356ad6bce4a2">

        <blockquote type="cite" class="cite2">

          <div class="plain_line">Yes this is proxy ARP in

            <a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/Proxy_ARP">https://en.wikipedia.org/wiki/Proxy_ARP</a>. HostAPd has an

            option called proxy_arp which setups up proxy_arp with

            additional requirements to meet the Hotspot 2.0 standards.

            It comes built in with a couple of snoopers, including a

            DHCP snooper to configure proxy_arp without the need for

            additional software.</div>

          <div class="plain_line"> </div>

          <div class="plain_line">I've attached a pcap file, if you need

            any more logs or information please let me know. Only thing

            I've changed for this capture is setting the lease time to

            2m in order to make it faster for me to capture this for

            you, in normal operation it was set to 8hours.</div>

          <div class="plain_line"> </div>

          <div class="plain_line">Note that the capture includes a ARP

            probe from the ESP and no response, just keep in mind that

            the WiFi router does in fact respond to it, it just doesn't

            do so over that bridge port so it didn't get captured on the

            gateway's end.</div>

        </blockquote>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">I think your issue starts earlier:</div>

        <div id="x4ec356ad6bce4a2">Your pcap indicates a failing lease

          renewal.</div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">Lines 12 to 18 show your ESP is

          attempting to renew its DHCP lease through 10.46.109.1 after

          ~62 seconds as expected (about half the 120secs leasetime) -

          but those requests seem to never have received a reply.</div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">In absence of a reply from the known

          DHCP server, lines 19 to 27 then show your ESP to send renewal

          requests to the broadcast address.</div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">As those are not answered either,

          your ESP finally releases its expired lease (line 28).</div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">It then initiates DHCP negotiation

          for a completely new lease, by broadcasting for DHCP servers,

          and it's only then that ARP probing would prompt it to

          DHCPDECLINE.</div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">

          <div>

            <div id="x4ec356ad6bce4a2">But I'd have expected dnsmasq to

              have extended your ESP's existing lease straight for the

              first DHCPREQUEST for renewal (line 12).</div>

          </div>

        </div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">This would suggest that dnsmasq has

          not received or ignored both those DHCPREQUESTs for renewal as

          well as the DHCPRELEASE, which could explain both the failed

          renewal as well as the offending DHCPDECLINEs.</div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">Are you splitting your network, e.g.

          into several VLANs?</div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">It would be interesting to see what

          dnsmasq has been logging for that exchange, to verify whether

          and how dnsmasq would have received those DHCPREQUESTs for

          renewal.</div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

        <div id="x4ec356ad6bce4a2">Kind regards,</div>

        <div id="x4ec356ad6bce4a2">Buck</div>

        <div id="x4ec356ad6bce4a2"><br>

        </div>

      </div>

      <br>

      <fieldset class="moz-mime-attachment-header"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Dnsmasq-discuss mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a>

<a class="moz-txt-link-freetext" href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a>

</pre>

    </blockquote>

    <p>I think your analysis is on point and no that network in

      particular is not split into several VLANs. The dnsmasq logs don't

      show anything special, what config should I set to make the logs

      more useful?<br>

    </p>

  </body>

</html>