[Dnsmasq-discuss] Behavior on DHCP denied

0zl 0zl at riseup.net
Wed Apr 19 13:32:46 UTC 2023 

On 4/19/23 13:35, 0zl wrote:

> On 4/19/23 11:38, Buck Horn wrote:
>
>>
>>> Yes this is proxy ARP in https://en.wikipedia.org/wiki/Proxy_ARP. 
>>> HostAPd has an option called proxy_arp which setups up proxy_arp 
>>> with additional requirements to meet the Hotspot 2.0 standards. It 
>>> comes built in with a couple of snoopers, including a DHCP snooper 
>>> to configure proxy_arp without the need for additional software.
>>> I've attached a pcap file, if you need any more logs or information 
>>> please let me know. Only thing I've changed for this capture is 
>>> setting the lease time to 2m in order to make it faster for me to 
>>> capture this for you, in normal operation it was set to 8hours.
>>> Note that the capture includes a ARP probe from the ESP and no 
>>> response, just keep in mind that the WiFi router does in fact 
>>> respond to it, it just doesn't do so over that bridge port so it 
>>> didn't get captured on the gateway's end.
>>
>> I think your issue starts earlier:
>> Your pcap indicates a failing lease renewal.
>>
>> Lines 12 to 18 show your ESP is attempting to renew its DHCP lease 
>> through 10.46.109.1 after ~62 seconds as expected (about half the 
>> 120secs leasetime) - but those requests seem to never have received a 
>> reply.
>>
>> In absence of a reply from the known DHCP server, lines 19 to 27 then 
>> show your ESP to send renewal requests to the broadcast address.
>>
>> As those are not answered either, your ESP finally releases its 
>> expired lease (line 28).
>>
>> It then initiates DHCP negotiation for a completely new lease, by 
>> broadcasting for DHCP servers, and it's only then that ARP probing 
>> would prompt it to DHCPDECLINE.
>>
>> But I'd have expected dnsmasq to have extended your ESP's existing 
>> lease straight for the first DHCPREQUEST for renewal (line 12).
>>
>> This would suggest that dnsmasq has not received or ignored both 
>> those DHCPREQUESTs for renewal as well as the DHCPRELEASE, which 
>> could explain both the failed renewal as well as the offending 
>> DHCPDECLINEs.
>>
>> Are you splitting your network, e.g. into several VLANs?
>>
>> It would be interesting to see what dnsmasq has been logging for that 
>> exchange, to verify whether and how dnsmasq would have received those 
>> DHCPREQUESTs for renewal.
>>
>> Kind regards,
>> Buck
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
> Some good news, it turns out my firewall was dropping any incoming 
> DHCP message that was not a broadcast (only 255.255.255.255 was 
> getting in) causing this problem.
>
> You could consider this problem solved.
>
> Sorry for all the noise and concern for nothing.
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

I declared victory too soon. NOT SOLVED.

If the ESP was reconnecting and the ARP entry was still in cache, it 
will refuse to connect HOWEVER renewal is now solved.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20230419/d03eb3ec/attachment.htm>

More information about the Dnsmasq-discuss mailing list