[Dnsmasq-discuss] Bug in 2.31 and dhcp relay

Daniel Hamlin hamlin at rose-hulman.edu
Thu Jun 22 18:51:40 BST 2006 

There appears to be a bug in 2.31 (and earlier), that mishandles requests 
forwarded by a dhcp relay.  In this packet capture, 192.168.1.196 is the DHCP 
server, and 192.168.0.1 is the router (Nortel Passport 8600).  Notice the 
response is sent back to the wrong port on the relay.  According to "The DHCP 
Handbook", the response to a relay should go back to port 67, not 68 as 
dnsmasq is currently doing.   Here is a packet capture on the DHCP server 
itself:

11:41:30.591928 IP (tos 0x0, ttl 127, id 52, offset 0, flags [none], proto 17, 
length: 328) 192.168.0.1.68 > 192.168.1.196.67: BOOTP/DHCP, Requ
est from 00:0c:29:74:56:62, length: 300, hops:1, xid:0xa29971c6, flags: 
[Broadcast] (0x8000)
          Gateway IP: 192.168.0.1
          Client Ethernet Address: 00:0c:29:74:56:62 [|bootp]
11:41:32.192649 IP (tos 0x0, ttl  64, id 4, offset 0, flags [DF], proto 17, 
length: 328) 192.168.1.196.67 > 192.168.0.1.68: BOOTP/DHCP, Reply,
length: 300, hops:1, xid:0x571e52c3, flags: [Broadcast] (0x8000)
          Your IP: 192.168.0.22
          Server IP: 192.168.1.196
          Gateway IP: 192.168.0.1
          Client Ethernet Address: 00:0c:29:74:56:62 [|bootp]
11:41:32.193915 IP (tos 0x0, ttl  64, id 5, offset 0, flags [DF], proto 17, 
length: 328) 192.168.1.196.67 > 192.168.0.1.68: BOOTP/DHCP, Reply,
length: 300, hops:1, xid:0xa29971c6, flags: [Broadcast] (0x8000)
          Your IP: 192.168.0.22
          Server IP: 192.168.1.196
          Gateway IP: 192.168.0.1
          Client Ethernet Address: 00:0c:29:74:56:62 [|bootp]
11:41:34.746690 IP (tos 0x0, ttl 127, id 54, offset 0, flags [none], proto 17, 
length: 328) 192.168.0.1.68 > 192.168.1.196.67: BOOTP/DHCP, Requ
est from 00:0c:29:74:56:62, length: 300, hops:1, xid:0xa29971c6, secs:1024, 
flags: [Broadcast] (0x8000)
          Gateway IP: 192.168.0.1
          Client Ethernet Address: 00:0c:29:74:56:62 [|bootp]
11:41:34.747193 IP (tos 0x0, ttl  64, id 6, offset 0, flags [DF], proto 17, 
length: 328) 192.168.1.196.67 > 192.168.0.1.68: BOOTP/DHCP, Reply,
length: 300, hops:1, xid:0xa29971c6, secs:1024, flags: [Broadcast] (0x8000)
          Your IP: 192.168.0.22
          Server IP: 192.168.1.196
          Gateway IP: 192.168.0.1
          Client Ethernet Address: 00:0c:29:74:56:62 [|bootp]

It appears that the bug is in dhcp.c line 229:

if (mess->giaddr.s_addr)
{
  /* Send to BOOTP relay  */
  if (!dest.sin_port)
dest.sin_port = htons(DHCP_SERVER_PORT);
  dest.sin_addr = mess->giaddr;
}

when the "if (!dest.sin_port)" statement is commented out, the dhcp server 
works correctly:

if (mess->giaddr.s_addr)
{
  /* Send to BOOTP relay  */
  /*if (!dest.sin_port)*/
dest.sin_port = htons(DHCP_SERVER_PORT);
  dest.sin_addr = mess->giaddr;
}


Dan Hamlin

More information about the Dnsmasq-discuss mailing list