Send dhcp-users mailing list submissions to
dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
dhcp-users-requ...@lists.isc.org
You can reach the person managing the list at
dhcp-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."
Today's Topics:
1. OMAPI host retention problem (perl-list)
2. DHCPD 4.1.1-P1 Occasional Segfault (Norman Elton)
3. Re: Option 82 logging on dhcpd 4.1.1 and red hat 6 (Alex Moen)
4. Re: Option 82 logging on dhcpd 4.1.1 and red hat 6
(Glenn Satchell)
5. Re: DHCPD 4.1.1-P1 Occasional Segfault (Glenn Satchell)
----------------------------------------------------------------------
Message: 1
Date: Tue, 4 Oct 2016 13:00:23 -0400 (EDT)
From: perl-list <perl-l...@network1.net>
To: dhcp-users@lists.isc.org
Subject: OMAPI host retention problem
Message-ID:
<330442355.4603.1475600423332.javamail.zim...@network1.net>
Content-Type: text/plain; charset="utf-8"
Folks,
I am currently developing a feature of our DHCP management software to add
hosts to our failover peer DHCP servers (version 4.3.3) via OMAPI. An example
set of commands is shown here:
/usr/bin/omshell << EOF
server 10.0.0.1
port 51337
connect
new host
set name = "3112"
set hardware-address = 00:01:02:03:04:05
set hardware-type = 1
create
EOF
/usr/bin/omshell << EOF
server 10.0.0.2
port 51337
connect
new host
set name = "3112"
set hardware-address = 00:01:02:03:04:05
set hardware-type = 1
create
EOF
The problem I'm having is that a small number of the hosts seem to disappear
over some unknown length of time (perhaps when large numbers of other hosts are
added).
It seemed to work fine when only using a small handful of hosts (8). Once I
started experimenting with real world numbers of hosts (~15,000 hosts), then
some of the existing hosts began to disappear. There was no OMAPI command sent
to remove them or anything. They just suddenly weren't there in the
dhcpd.leases file and could no longer get an address (allow known clients).
Any idea how I should proceed with troubleshooting this? Do OMAPI added hosts
support large numbers? Is there some speed limit to adding hosts that I should
observe to avoid problems?
The purpose of this work is to avoid the need to restart the DHCP server when
adding or removing the host like is necessary when using the host {} statement
in the config file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20161004/0b816b73/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 4 Oct 2016 16:28:21 -0400
From: Norman Elton <normel...@gmail.com>
To: Users of ISC DHCP <dhcp-users@lists.isc.org>
Subject: DHCPD 4.1.1-P1 Occasional Segfault
Message-ID:
<capcnwuefzpqmv3savxjgbjkzq1w6fsodszxqedkr21uqgq1...@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
We are running RHEL6's version of ISC dhcpd (based on 4.1.1-p1). Every
few months, one of our servers mysteriously segfaults:
dhcpd[30744]: segfault at 7f3ff02712c8 ip 00007f3ff02712c8 sp
00007ffe16d0eb58 error 15 in libc-2.12.so[7f3ff0271000+2000]
What is the recommended way to begin finding a root cause?
Thanks!
Norman Elton
College of William & Mary
------------------------------
Message: 3
Date: Tue, 4 Oct 2016 16:17:54 -0500
From: Alex Moen <al...@ndtel.com>
To: dhcp-users@lists.isc.org
Subject: Re: Option 82 logging on dhcpd 4.1.1 and red hat 6
Message-ID: <9ba83d0e-eca7-85e1-478a-9b10fcdb0...@ndtel.com>
Content-Type: text/plain; charset=utf-8; format=flowed
OK... I think you're barking up the right tree. In my experience, some
devices don't give the circuit-id info in text but rather binary. So,
try this copy of one of my configs:
-----------------------------------------------------
## Option 82 Class
class "myvendor" {
match if option agent.circuit-id = 00:04:00:6b:00:84;
}
# Test Option 82 logging
if exists agent.circuit-id
{
log (info, concat(
"Lease for ", binary-to-ascii (10, 8, ".", leased-address),
" with circuit-id ", binary-to-ascii (10, 8, ".", option
agent.circuit-id),
" is assigned using Option82"
));
}
-----------------------------------------------------
I work for an ISP, so we use the circuit-id to log which IP address is
used on which port. On some devices (IE: Allied Telesis iMAP products),
the circuit-id data is in binary, while on Paradyne and Calix gear, it
is given as text. So, I actually log 4 times to cover all possible
situations.
You may have to change the "10, 8" to larger values, and may even have
to add some extra ", x, x" after the "option agent.circuit-id",
depending on the data you're looking for.
Wireshark captures do wonders to help determine what you need to do to
get the data that is important to you.
As much as I don't like their equipment, Zyxel has a helpful page about
this:
http://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN
Good luck!
Alex
On 10/04/2016 11:49 AM, project722 wrote:
> Hmmm.. OK here is the log for the test client.
>
> Oct 4 11:39:20 dhcpd: Lease for X.X.X.X with circuit-id
>
> That's all it said.
>
> I know that my ACL class for circuit id works as it was allowed to get
> an IP address.
>
> The log line reported back the correct IP so I know that the
>
> "Lease for ", binary-to-ascii (10, 8, ".", leased-address),
>
> Line in my logging clause works.
>
> But why did it stop there? Do I need to remove the parethesis around
> "option agent.circuit-id" since I am not using parenthesis in my ACL class?
>
> On Tue, Oct 4, 2016 at 11:25 AM, project722 <project...@gmail.com
> <mailto:project...@gmail.com>> wrote:
>
> Alfred - thanks but your setup is much more complex than mine.
>
> Alex, I have put in the changes as you suggested and it passed
> validation. I'll report back what the logs look like or if I have
> any further problems.
>
> Thanks!
>
> On Tue, Oct 4, 2016 at 11:12 AM, Alex Moen <al...@ndtel.com
> <mailto:al...@ndtel.com>> wrote:
>
> Just comparing with mine, it seems that the "option
> agent.circuit-id" needs to be in parens. And, I don't know the
> use of the "(leased-address)" is. So, try this:
>
> -----------------------------------------------------
> ## Option 82 Class
> class "myvendor" {
> match if option agent.circuit-id = 00:04:00:6b:00:84;
> }
>
> # Test Option 82 logging
> if exists agent.circuit-id
> {
> log (info, concat(
> "Lease for ", binary-to-ascii (10, 8, ".", leased-address),
> " with circuit-id ", (option agent.circuit-id),
> " is assigned using Option82"
> ));
> }
>
> pool {
> allow members of "myvendor";
> range x.x.x.x x.x.x.x;
> }
> -----------------------------------------------------
>
> This should give you a line that looks something like:
>
> Lease for 192.168.0.10 with circuit-id Ethernet 5 is assigned
> using Option82
>
> Obviously, your circuit-id will most likely be something other
> than "Ethernet 5", but you get the idea.
>
> If I'm way off base, someone please correct me!
>
> Good luck,
>
> Alex
>
>
>
> On 10/04/2016 10:27 AM, project722 wrote:
>
> Hello DHCP experts! We are implementing Option 82 in our
> network and I am just scratching the surface of how to setup
> my server. I have successfully created my first Option 82
> ACL based on the agent circuit ID that is contained in the
> packet, now I just need guidance on how I get the Option 82
> data into the logs. Here is my O82 setup on the server:
>
> ## Option 82 Class
> class "myvendor" {
> match if option agent.circuit-id = 00:04:00:6b:00:84;
> }
>
> # Test Option 82 logging
> if exists agent.circuit-id
> {
> log (info, concat( "Lease for ", option agent.circuit-id
> (leased-address), "is an address assigned using Option82"));
> }
>
> pool {
> allow members of "myvendor";
> range x.x.x.x x.x.x.x;
> }
>
> The problem I am having is when I go to check the conf
> before restarting dhcpd I am getting the error:
>
> etc/dhcp/dhcpd.conf line 135: right parenthesis expected.
> log (info, concat( "Lease for ", option agent.circuit-id (
> ^
> Can anyone tell me what I am doing wrong and how to fix this
> error?
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>
>
>
> --
> Alex Moen
> NSTII
> Calix System Specialist
> North Dakota Telephone Company
> 701-662-6481 <tel:701-662-6481>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
> <https://lists.isc.org/mailman/listinfo/dhcp-users>
>
>
>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
Alex Moen
NSTII
Calix System Specialist
North Dakota Telephone Company
701-662-6481
------------------------------
Message: 4
Date: Wed, 5 Oct 2016 11:01:04 +1100
From: "Glenn Satchell" <glenn.satch...@uniq.com.au>
To: "Users of ISC DHCP" <dhcp-users@lists.isc.org>
Subject: Re: Option 82 logging on dhcpd 4.1.1 and red hat 6
Message-ID:
<e19ec3063da44cebfc10ef7a71f6a36d.squir...@mail.uniq.com.au>
Content-Type: text/plain;charset=iso-8859-1
There may be non-ascii characters in your option agent.circuit-id, so try
a suitable binary-to-ascii() around it. If there is a non-ascii or null it
won't print anything.
The parenthesis around a variable make no difference, they just control
order of parameters.
regards,
-glenn
On Wed, October 5, 2016 3:49 am, project722 wrote:
> Hmmm.. OK here is the log for the test client.
>
> Oct 4 11:39:20 dhcpd: Lease for X.X.X.X with circuit-id
>
> That's all it said.
>
> I know that my ACL class for circuit id works as it was allowed to get an
> IP address.
>
> The log line reported back the correct IP so I know that the
>
> "Lease for ", binary-to-ascii (10, 8, ".", leased-address),
>
> Line in my logging clause works.
>
> But why did it stop there? Do I need to remove the parenthesis around
> "option agent.circuit-id" since I am not using parenthesis in my ACL
> class?
>
> On Tue, Oct 4, 2016 at 11:25 AM, project722 <project...@gmail.com> wrote:
>
>> Alfred - thanks but your setup is much more complex than mine.
>>
>> Alex, I have put in the changes as you suggested and it passed
>> validation.
>> I'll report back what the logs look like or if I have any further
>> problems.
>>
>> Thanks!
>>
>> On Tue, Oct 4, 2016 at 11:12 AM, Alex Moen <al...@ndtel.com> wrote:
>>
>>> Just comparing with mine, it seems that the "option agent.circuit-id"
>>> needs to be in parens. And, I don't know the use of the
>>> "(leased-address)"
>>> is. So, try this:
>>>
>>> -----------------------------------------------------
>>> ## Option 82 Class
>>> class "myvendor" {
>>> match if option agent.circuit-id = 00:04:00:6b:00:84;
>>> }
>>>
>>> # Test Option 82 logging
>>> if exists agent.circuit-id
>>> {
>>> log (info, concat(
>>> "Lease for ", binary-to-ascii (10, 8, ".", leased-address),
>>> " with circuit-id ", (option agent.circuit-id),
>>> " is assigned using Option82"
>>> ));
>>> }
>>>
>>> pool {
>>> allow members of "myvendor";
>>> range x.x.x.x x.x.x.x;
>>> }
>>> -----------------------------------------------------
>>>
>>> This should give you a line that looks something like:
>>>
>>> Lease for 192.168.0.10 with circuit-id Ethernet 5 is assigned using
>>> Option82
>>>
>>> Obviously, your circuit-id will most likely be something other than
>>> "Ethernet 5", but you get the idea.
>>>
>>> If I'm way off base, someone please correct me!
>>>
>>> Good luck,
>>>
>>> Alex
>>>
>>>
>>>
>>> On 10/04/2016 10:27 AM, project722 wrote:
>>>
>>>> Hello DHCP experts! We are implementing Option 82 in our network and I
>>>> am just scratching the surface of how to setup my server. I have
>>>> successfully created my first Option 82 ACL based on the agent circuit
>>>> ID
>>>> that is contained in the packet, now I just need guidance on how I get
>>>> the
>>>> Option 82 data into the logs. Here is my O82 setup on the server:
>>>>
>>>> ## Option 82 Class
>>>> class "myvendor" {
>>>> match if option agent.circuit-id = 00:04:00:6b:00:84;
>>>> }
>>>>
>>>> # Test Option 82 logging
>>>> if exists agent.circuit-id
>>>> {
>>>> log (info, concat( "Lease for ", option agent.circuit-id
>>>> (leased-address), "is an address assigned using Option82"));
>>>> }
>>>>
>>>> pool {
>>>> allow members of "myvendor";
>>>> range x.x.x.x x.x.x.x;
>>>> }
>>>>
>>>> The problem I am having is when I go to check the conf before
>>>> restarting
>>>> dhcpd I am getting the error:
>>>>
>>>> etc/dhcp/dhcpd.conf line 135: right parenthesis expected.
>>>> log (info, concat( "Lease for ", option agent.circuit-id (
>>>> ^
>>>> Can anyone tell me what I am doing wrong and how to fix this error?
>>>>
>>>>
>>>> _______________________________________________
>>>> dhcp-users mailing list
>>>> dhcp-users@lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>>>
>>>
>>>
>>> --
>>> Alex Moen
>>> NSTII
>>> Calix System Specialist
>>> North Dakota Telephone Company
>>> 701-662-6481
>>>
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>
>>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
Message: 5
Date: Wed, 5 Oct 2016 20:36:05 +1100
From: "Glenn Satchell" <glenn.satch...@uniq.com.au>
To: "Users of ISC DHCP" <dhcp-users@lists.isc.org>
Subject: Re: DHCPD 4.1.1-P1 Occasional Segfault
Message-ID:
<1587970f4076658f73f29419670e9ecb.squir...@mail.uniq.com.au>
Content-Type: text/plain;charset=iso-8859-1
The root cause is poor code in a very old version.
The simple fix is to run a newer version, I'm sure there are RPMs around
for newer ones that don't have that problem.
I think this might be the bug, fixed around 4.2.0. This is from the
RELNOTES file distributed with the source.
! Two packets were found that cause a server to halt. The code
has been updated to properly process or reject the packets as
appropriate. Thanks to David Zych at University of Illinois
for reporting this issue. [ISC-Bugs #24960]
One CVE number for each class of packet.
CVE-2011-2748
CVE-2011-2749
But if you're going to patch the code and recompile, just go to the newer
version.
regards,
-glenn
On Wed, October 5, 2016 7:28 am, Norman Elton wrote:
> We are running RHEL6's version of ISC dhcpd (based on 4.1.1-p1). Every
> few months, one of our servers mysteriously segfaults:
>
> dhcpd[30744]: segfault at 7f3ff02712c8 ip 00007f3ff02712c8 sp
> 00007ffe16d0eb58 error 15 in libc-2.12.so[7f3ff0271000+2000]
>
> What is the recommended way to begin finding a root cause?
>
> Thanks!
>
> Norman Elton
> College of William & Mary
> _______________________________________________
> dhcp-users mailing list
> dhcp-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
------------------------------
Subject: Digest Footer
_______________________________________________
dhcp-users mailing list
dhcp-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
------------------------------
End of dhcp-users Digest, Vol 96, Issue 5
*****************************************
