[Dnsmasq-discuss] [PATCH] Offered IPv4 DHCP multiple times

Mon Dec 13 23:04:54 UTC 2021

Hello Simon and others.

In certain situations, dnsmasq DHCP will offer multiple different
clients single IP address. Later it ACKs the first client and NACK the
second. It relies on ability of those clients to retry, but it seems
netbooting software often cannot recover from such behaviour.

Attaching script I use to reproduce this issue. Just create some local
bridge, have a limited IP pool on its dhcp-range option. Just few
addresses above actual number instances. They start roughtly at the same
time.

There is also pcap file in linked bug with some other reports. Good
summary is in commetn 85 [3].

In attached patches, I introduced thing I call temporary leases. Those
leases are never saved into leased file. They have short time duration,
set to 30 s same as ping timeout. It ensures even with
dhcp-sequential-ip, different clients have reservations for different
addresses. It helps especially in case --no-ping is used. Without this
change it takes quite long to retry multiple times
discover-offer-request solutions. Because pings contain sort of
workaround for this deficiency, but will cover only 6 different
addresses in default configuration. Then it switches to overload,
similar to no-ping. Then it offers multiple clients the same address,
but when the 2nd client requests the lease, it denies it again.

I think I were able to find relative simple algorithm. I think IPv6
should receive similar approach. We side-stepped this by offering
different address in ACK in thread [4]. While it seems that works, I
think it would be better to not offer address it later rejects itself.
We test DHCP clients abilities for no good reason.

With this patches, even multiple clients without ping boot fast enough,
even when they start at similar time. Starting at similar time if common
thing on boot of cloud hosting instances, which may use dnsmasq for
local caching. OpenStack is example that recorded it, but it can happen
even in normal machines. For example in a classroom with 10 computers.

Would you look at it or test it, whether some issues with those changes
can be found?

Cheers,
Petr

3. https://bugzilla.redhat.com/show_bug.cgi?id=2028704#c85
4.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q3/015585.html

On 12/8/21 01:18, Petr Menšík wrote:
>
> Hi Simon and others,
>
> I am debugging strange issue, which happens inside OpenStack in
> certain situations. It seems under not precisely defined conditions
> dnsmasq returns "no address available" error even in situation, when
> not yet all leases are used.
>
> It seems do_icmp_ping is responsible for ruling out recently tried IP
> addresses. It seems a bit weird address allocation happens only for
> addresses recently not pinged. I have found another place which does
> do_icmp_ping, but does not use hash value computed from hardware
> address. Even when it is already known at that time. First patch
> attached adds hash also to second place. That should mean single
> address would use shared ping. The second patch simplifies a bit
> do_icmp_patch and its return value. Instead of artificially ensuring
> hash would match, just return correct value when hash matches. The
> second change is just optional optimization.
>
> Few details are at RH bug #2028704 [1]. Original tested version 2.79
> did not contain commit 0669ee7a69a
> <http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0669ee7a69a004ce34fed41e50aa575f8e04427b>
> [2], which improves the situation. But I think there remain cases when
> ping is not accepted when it should be. Testing with latest release
> did not work according to report. I think the first patch may fix
> still missing part.
>
> Cheers,
> Petr
>
> 1. https://bugzilla.redhat.com/show_bug.cgi?id=2028704
> 2.
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0669ee7a69a004ce34fed41e50aa575f8e04427b
>
> -- 
> Petr Menšík
> Software Engineer
> Red Hat, http://www.redhat.com/
> email: pemensik at redhat.com
> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20211214/52987f84/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: setup.sh
Type: application/x-shellscript
Size: 922 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20211214/52987f84/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0006-Handle-case-when-temporary-lease-is-from-different-s.patch
Type: text/x-patch
Size: 4610 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20211214/52987f84/attachment-0008.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-Ensure-temporary-leases-are-ignored-on-save.patch
Type: text/x-patch
Size: 10106 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20211214/52987f84/attachment-0009.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Reuse-temporary-leases-if-no-free-address-remains.patch
Type: text/x-patch
Size: 10315 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20211214/52987f84/attachment-0010.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0003-Create-temporary-leases-on-DISCOVER-message.patch
Type: text/x-patch
Size: 8441 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20211214/52987f84/attachment-0011.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Simplify-ICMP-ping-from-dhcp.patch
Type: text/x-patch
Size: 3900 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20211214/52987f84/attachment-0012.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-icmp-ping-hash-also-when-pinging-requested-addre.patch
Type: text/x-patch
Size: 3304 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20211214/52987f84/attachment-0013.bin>