[Dnsmasq-discuss] Problem when WinXP firewall is activated (d
oes not reply to ping)
Simon Kelley
simon at thekelleys.org.uk
Sun Dec 3 10:34:09 GMT 2006
Raphaël Huck wrote:
>>>>As I understand it, the client should try an arping before using the
>>>>address it has been given by the server.
>>>>
>>>>The interesting question is whether WinXP actually implements this
>>>>arping. If Windows follows the specification on this, there should be
>>>>no point in the server using arping.
>>>
>>>
>>>I'm going to check if WinXP does the arping check.
>
>
> DHCP client computers running Windows 2000 or Windows XP that obtain an IP
> address use a gratuitous ARP request to perform client-based conflict
> detection before completing configuration and use of a server offered IP
> address. If the DHCP client detects a conflict, it will send a DHCP decline
> message (DHCPDECLINE) to the server.
>
>
> So it seems that Windows XP does an ARP check before using an IP address.
> I'll check that with Wireshark on Monday.
>
>
>>>But the other problem with a SOHO including a DHCP server is that a SOHO
>>>is often rebooted (because the user changed settings which require a
>>>reboot, because of a power failure,...).
>>>
>>>So each time it reboots, the lease file is cleared.
>
>
>>Which is a bug in the SOHO. Assuming by SOHO you mean WRT-54G-class
>>stuff, then you might like to consider moving to DD-WRT. I worked with
>>them to add hooks into dnsmasq so that the lease file can be stored in
>>the non-volatile RAM and not trashed on a reboot. You might also like to
>>consider asking the developers of your current firmware to implement the
>>same thing.
>
>
> Could you give me pointers on how to do that?
Set the (rather misnamed) --leasefile-ro flag. That actually stops
dnsmasq from using a lease file at all. Instead it relies a script which
gets run at start-up and whenever a lease changes, to maintain the lease
database. Dnsmasq needs to be pointed at this script using the
--dhcp-script option.
Using this mechanism, it is possible to store the lease database in any
storage system (a SQL database, for instance). The dnsmasq distribution
has a sample script (in contrib/wrt/lease_update.sh) which uses the
"nvram" command to keep the lease database in the router's non-voltile
memory. This is exactly what you need.
> Is it always safe to reload an old lease file on reboot?
Yes. On a system which doesn't maintain system time over a reboot,
dnsmasq needs to be compiled with HAVE_BROKEN_RTC set to cope with its
idea of time changing over a reboot. This likely to be the case on a
WRT-class router.
>
>
>>>I have the issue only in this case: the SOHO reboots, the WinXP PC
>>>(firewall enabled) has 192.168.1.20, the Linux PC also has 192.168.1.20,
>>>and in the lease file of dnsmasq, 192.168.1.20 corresponds to the MAC
>>>address of the WinXP PC.
>
>
>>That does look like WinXP might be broken: I'd be interested in the
>>results of your tests.
>
>
> Again, I'll have to check with Wireshark on Monday. Why do you think it's
> WinXP the problem?
As far as I can see, the only order of events which could get to the
situation you see is:
Linux box has lease on 192.168.1.20
router reboots (and clears leasefile)
Windows box takes a lease and gets 192.168.1.20
If the ARP check had worked during the windows box lease-aquisition, it
would have seen the Linux box on 192.168.1.20, and taken an alternative
address.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list