[Dnsmasq-discuss] Behavior on DHCP denied

0zl 0zl at riseup.net
Wed Apr 19 00:16:37 UTC 2023 

On 4/18/23 22:51, Geert Stappers wrote:
> On Tue, Apr 18, 2023 at 08:24:17PM +0100, Simon Kelley wrote:
>> On 18/04/2023 16:35, 0zl wrote:
>>> Hello,
>>>
>>> This is an issue I've experienced
>>> with ESP8266 and proxy ARP on my WiFi network.
> Please confirm that it is proxy ARP
> as in https://en.wikipedia.org/wiki/Proxy_ARP
>
>
>>> I was able to work around it by assigning the devices an
>>> infinite lease, however I think dnsmasq's behavior is undesirable.
>>>
>>> In short, ESP8266 is on a network with proxy ARP setup; getting the
>>> initial lease works fine, however once proxy ARP kicks in it fails to
>>> renew. This is the chain of events leading up to the issue:
>>>
>>>    * MCU tries to renew the address
>>>    * dnsmasq properly renews its address
>>>    * MCU sends an ARP request to check if the address is in use and
>>>      receives an ARP reply from the router because of proxy ARP
>>>    * MCU mistakenly believes that the address was assigned already even
>>>      though it was not, sends a DENIED message back to dnsmasq and tries
>>>      again
>>>    * dnsmasq then allocates the exact same address that the MCU just rejected
>>>
>>> I think in this scenario, dnsmasq should try to allocate a different
>>> address because MCU has rejected it already.
>>>
>>> Not sure what people in this mailing list think, but it feels like
>>> dnsmasq shouldn't be doing this.
>> This situation was considered and there should be sensible behaviour.
>>
>> Dnsmasq uses a hash of the MAC address to determine which the address to
>> offer to the client, which would cause the same address always to be offered
>> to the client. But if a client returns a DHCPDECLINE reply then a global
>> variable is incremented. That variable is also used as an input to the hash
>> function, so when the client asks again for an address it should get offered
>> a different one.
>>
>> So, this situation has been considered, but something is going wrong in your
>> setup. Please could you post more details of the configuration you are using
>> and logs of what happens so we can try and work out what is going wrong?
> Yes, interesting problem.
> I do hope there will be libpcap files.
>
>
> Groeten
> Geert Stappers

Yes this is proxy ARP in https://en.wikipedia.org/wiki/Proxy_ARP. 
HostAPd has an option called proxy_arp which setups up proxy_arp with 
additional requirements to meet the Hotspot 2.0 standards. It comes 
built in with a couple of snoopers, including a DHCP snooper to 
configure proxy_arp without the need for additional software.

I've attached a pcap file, if you need any more logs or information 
please let me know. Only thing I've changed for this capture is setting 
the lease time to 2m in order to make it faster for me to capture this 
for you, in normal operation it was set to 8hours.

Note that the capture includes a ARP probe from the ESP and no response, 
just keep in mind that the WiFi router does in fact respond to it, it 
just doesn't do so over that bridge port so it didn't get captured on 
the gateway's end.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: esp_dnsmasq_declined_issue.pcap
Type: application/vnd.tcpdump.pcap
Size: 19618 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230419/da1491d4/attachment-0001.pcap>

More information about the Dnsmasq-discuss mailing list