Send dhcp-users mailing list submissions to dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/dhcp-users or, via email, send a message with subject or body 'help' to dhcp-users-requ...@lists.isc.org You can reach the person managing the list at dhcp-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..." Today's Topics: 1. OMAPI host retention problem (perl-list) 2. DHCPD 4.1.1-P1 Occasional Segfault (Norman Elton) 3. Re: Option 82 logging on dhcpd 4.1.1 and red hat 6 (Alex Moen) 4. Re: Option 82 logging on dhcpd 4.1.1 and red hat 6 (Glenn Satchell) 5. Re: DHCPD 4.1.1-P1 Occasional Segfault (Glenn Satchell) ---------------------------------------------------------------------- Message: 1 Date: Tue, 4 Oct 2016 13:00:23 -0400 (EDT) From: perl-list <perl-l...@network1.net> To: dhcp-users@lists.isc.org Subject: OMAPI host retention problem Message-ID: <330442355.4603.1475600423332.javamail.zim...@network1.net> Content-Type: text/plain; charset="utf-8" Folks, I am currently developing a feature of our DHCP management software to add hosts to our failover peer DHCP servers (version 4.3.3) via OMAPI. An example set of commands is shown here: /usr/bin/omshell << EOF server 10.0.0.1 port 51337 connect new host set name = "3112" set hardware-address = 00:01:02:03:04:05 set hardware-type = 1 create EOF /usr/bin/omshell << EOF server 10.0.0.2 port 51337 connect new host set name = "3112" set hardware-address = 00:01:02:03:04:05 set hardware-type = 1 create EOF The problem I'm having is that a small number of the hosts seem to disappear over some unknown length of time (perhaps when large numbers of other hosts are added). It seemed to work fine when only using a small handful of hosts (8). Once I started experimenting with real world numbers of hosts (~15,000 hosts), then some of the existing hosts began to disappear. There was no OMAPI command sent to remove them or anything. They just suddenly weren't there in the dhcpd.leases file and could no longer get an address (allow known clients). Any idea how I should proceed with troubleshooting this? Do OMAPI added hosts support large numbers? Is there some speed limit to adding hosts that I should observe to avoid problems? The purpose of this work is to avoid the need to restart the DHCP server when adding or removing the host like is necessary when using the host {} statement in the config file. -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20161004/0b816b73/attachment-0001.html> ------------------------------ Message: 2 Date: Tue, 4 Oct 2016 16:28:21 -0400 From: Norman Elton <normel...@gmail.com> To: Users of ISC DHCP <dhcp-users@lists.isc.org> Subject: DHCPD 4.1.1-P1 Occasional Segfault Message-ID: <capcnwuefzpqmv3savxjgbjkzq1w6fsodszxqedkr21uqgq1...@mail.gmail.com> Content-Type: text/plain; charset=UTF-8 We are running RHEL6's version of ISC dhcpd (based on 4.1.1-p1). Every few months, one of our servers mysteriously segfaults: dhcpd[30744]: segfault at 7f3ff02712c8 ip 00007f3ff02712c8 sp 00007ffe16d0eb58 error 15 in libc-2.12.so[7f3ff0271000+2000] What is the recommended way to begin finding a root cause? Thanks! Norman Elton College of William & Mary ------------------------------ Message: 3 Date: Tue, 4 Oct 2016 16:17:54 -0500 From: Alex Moen <al...@ndtel.com> To: dhcp-users@lists.isc.org Subject: Re: Option 82 logging on dhcpd 4.1.1 and red hat 6 Message-ID: <9ba83d0e-eca7-85e1-478a-9b10fcdb0...@ndtel.com> Content-Type: text/plain; charset=utf-8; format=flowed OK... I think you're barking up the right tree. In my experience, some devices don't give the circuit-id info in text but rather binary. So, try this copy of one of my configs: ----------------------------------------------------- ## Option 82 Class class "myvendor" { match if option agent.circuit-id = 00:04:00:6b:00:84; } # Test Option 82 logging if exists agent.circuit-id { log (info, concat( "Lease for ", binary-to-ascii (10, 8, ".", leased-address), " with circuit-id ", binary-to-ascii (10, 8, ".", option agent.circuit-id), " is assigned using Option82" )); } ----------------------------------------------------- I work for an ISP, so we use the circuit-id to log which IP address is used on which port. On some devices (IE: Allied Telesis iMAP products), the circuit-id data is in binary, while on Paradyne and Calix gear, it is given as text. So, I actually log 4 times to cover all possible situations. You may have to change the "10, 8" to larger values, and may even have to add some extra ", x, x" after the "option agent.circuit-id", depending on the data you're looking for. Wireshark captures do wonders to help determine what you need to do to get the data that is important to you. As much as I don't like their equipment, Zyxel has a helpful page about this: http://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=009391&lang=EN Good luck! Alex On 10/04/2016 11:49 AM, project722 wrote: > Hmmm.. OK here is the log for the test client. > > Oct 4 11:39:20 dhcpd: Lease for X.X.X.X with circuit-id > > That's all it said. > > I know that my ACL class for circuit id works as it was allowed to get > an IP address. > > The log line reported back the correct IP so I know that the > > "Lease for ", binary-to-ascii (10, 8, ".", leased-address), > > Line in my logging clause works. > > But why did it stop there? Do I need to remove the parethesis around > "option agent.circuit-id" since I am not using parenthesis in my ACL class? > > On Tue, Oct 4, 2016 at 11:25 AM, project722 <project...@gmail.com > <mailto:project...@gmail.com>> wrote: > > Alfred - thanks but your setup is much more complex than mine. > > Alex, I have put in the changes as you suggested and it passed > validation. I'll report back what the logs look like or if I have > any further problems. > > Thanks! > > On Tue, Oct 4, 2016 at 11:12 AM, Alex Moen <al...@ndtel.com > <mailto:al...@ndtel.com>> wrote: > > Just comparing with mine, it seems that the "option > agent.circuit-id" needs to be in parens. And, I don't know the > use of the "(leased-address)" is. So, try this: > > ----------------------------------------------------- > ## Option 82 Class > class "myvendor" { > match if option agent.circuit-id = 00:04:00:6b:00:84; > } > > # Test Option 82 logging > if exists agent.circuit-id > { > log (info, concat( > "Lease for ", binary-to-ascii (10, 8, ".", leased-address), > " with circuit-id ", (option agent.circuit-id), > " is assigned using Option82" > )); > } > > pool { > allow members of "myvendor"; > range x.x.x.x x.x.x.x; > } > ----------------------------------------------------- > > This should give you a line that looks something like: > > Lease for 192.168.0.10 with circuit-id Ethernet 5 is assigned > using Option82 > > Obviously, your circuit-id will most likely be something other > than "Ethernet 5", but you get the idea. > > If I'm way off base, someone please correct me! > > Good luck, > > Alex > > > > On 10/04/2016 10:27 AM, project722 wrote: > > Hello DHCP experts! We are implementing Option 82 in our > network and I am just scratching the surface of how to setup > my server. I have successfully created my first Option 82 > ACL based on the agent circuit ID that is contained in the > packet, now I just need guidance on how I get the Option 82 > data into the logs. Here is my O82 setup on the server: > > ## Option 82 Class > class "myvendor" { > match if option agent.circuit-id = 00:04:00:6b:00:84; > } > > # Test Option 82 logging > if exists agent.circuit-id > { > log (info, concat( "Lease for ", option agent.circuit-id > (leased-address), "is an address assigned using Option82")); > } > > pool { > allow members of "myvendor"; > range x.x.x.x x.x.x.x; > } > > The problem I am having is when I go to check the conf > before restarting dhcpd I am getting the error: > > etc/dhcp/dhcpd.conf line 135: right parenthesis expected. > log (info, concat( "Lease for ", option agent.circuit-id ( > ^ > Can anyone tell me what I am doing wrong and how to fix this > error? > > > _______________________________________________ > dhcp-users mailing list > dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org> > https://lists.isc.org/mailman/listinfo/dhcp-users > <https://lists.isc.org/mailman/listinfo/dhcp-users> > > > > -- > Alex Moen > NSTII > Calix System Specialist > North Dakota Telephone Company > 701-662-6481 <tel:701-662-6481> > > _______________________________________________ > dhcp-users mailing list > dhcp-users@lists.isc.org <mailto:dhcp-users@lists.isc.org> > https://lists.isc.org/mailman/listinfo/dhcp-users > <https://lists.isc.org/mailman/listinfo/dhcp-users> > > > > > > _______________________________________________ > dhcp-users mailing list > dhcp-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/dhcp-users > -- Alex Moen NSTII Calix System Specialist North Dakota Telephone Company 701-662-6481 ------------------------------ Message: 4 Date: Wed, 5 Oct 2016 11:01:04 +1100 From: "Glenn Satchell" <glenn.satch...@uniq.com.au> To: "Users of ISC DHCP" <dhcp-users@lists.isc.org> Subject: Re: Option 82 logging on dhcpd 4.1.1 and red hat 6 Message-ID: <e19ec3063da44cebfc10ef7a71f6a36d.squir...@mail.uniq.com.au> Content-Type: text/plain;charset=iso-8859-1 There may be non-ascii characters in your option agent.circuit-id, so try a suitable binary-to-ascii() around it. If there is a non-ascii or null it won't print anything. The parenthesis around a variable make no difference, they just control order of parameters. regards, -glenn On Wed, October 5, 2016 3:49 am, project722 wrote: > Hmmm.. OK here is the log for the test client. > > Oct 4 11:39:20 dhcpd: Lease for X.X.X.X with circuit-id > > That's all it said. > > I know that my ACL class for circuit id works as it was allowed to get an > IP address. > > The log line reported back the correct IP so I know that the > > "Lease for ", binary-to-ascii (10, 8, ".", leased-address), > > Line in my logging clause works. > > But why did it stop there? Do I need to remove the parenthesis around > "option agent.circuit-id" since I am not using parenthesis in my ACL > class? > > On Tue, Oct 4, 2016 at 11:25 AM, project722 <project...@gmail.com> wrote: > >> Alfred - thanks but your setup is much more complex than mine. >> >> Alex, I have put in the changes as you suggested and it passed >> validation. >> I'll report back what the logs look like or if I have any further >> problems. >> >> Thanks! >> >> On Tue, Oct 4, 2016 at 11:12 AM, Alex Moen <al...@ndtel.com> wrote: >> >>> Just comparing with mine, it seems that the "option agent.circuit-id" >>> needs to be in parens. And, I don't know the use of the >>> "(leased-address)" >>> is. So, try this: >>> >>> ----------------------------------------------------- >>> ## Option 82 Class >>> class "myvendor" { >>> match if option agent.circuit-id = 00:04:00:6b:00:84; >>> } >>> >>> # Test Option 82 logging >>> if exists agent.circuit-id >>> { >>> log (info, concat( >>> "Lease for ", binary-to-ascii (10, 8, ".", leased-address), >>> " with circuit-id ", (option agent.circuit-id), >>> " is assigned using Option82" >>> )); >>> } >>> >>> pool { >>> allow members of "myvendor"; >>> range x.x.x.x x.x.x.x; >>> } >>> ----------------------------------------------------- >>> >>> This should give you a line that looks something like: >>> >>> Lease for 192.168.0.10 with circuit-id Ethernet 5 is assigned using >>> Option82 >>> >>> Obviously, your circuit-id will most likely be something other than >>> "Ethernet 5", but you get the idea. >>> >>> If I'm way off base, someone please correct me! >>> >>> Good luck, >>> >>> Alex >>> >>> >>> >>> On 10/04/2016 10:27 AM, project722 wrote: >>> >>>> Hello DHCP experts! We are implementing Option 82 in our network and I >>>> am just scratching the surface of how to setup my server. I have >>>> successfully created my first Option 82 ACL based on the agent circuit >>>> ID >>>> that is contained in the packet, now I just need guidance on how I get >>>> the >>>> Option 82 data into the logs. Here is my O82 setup on the server: >>>> >>>> ## Option 82 Class >>>> class "myvendor" { >>>> match if option agent.circuit-id = 00:04:00:6b:00:84; >>>> } >>>> >>>> # Test Option 82 logging >>>> if exists agent.circuit-id >>>> { >>>> log (info, concat( "Lease for ", option agent.circuit-id >>>> (leased-address), "is an address assigned using Option82")); >>>> } >>>> >>>> pool { >>>> allow members of "myvendor"; >>>> range x.x.x.x x.x.x.x; >>>> } >>>> >>>> The problem I am having is when I go to check the conf before >>>> restarting >>>> dhcpd I am getting the error: >>>> >>>> etc/dhcp/dhcpd.conf line 135: right parenthesis expected. >>>> log (info, concat( "Lease for ", option agent.circuit-id ( >>>> ^ >>>> Can anyone tell me what I am doing wrong and how to fix this error? >>>> >>>> >>>> _______________________________________________ >>>> dhcp-users mailing list >>>> dhcp-users@lists.isc.org >>>> https://lists.isc.org/mailman/listinfo/dhcp-users >>>> >>> >>> >>> -- >>> Alex Moen >>> NSTII >>> Calix System Specialist >>> North Dakota Telephone Company >>> 701-662-6481 >>> >>> _______________________________________________ >>> dhcp-users mailing list >>> dhcp-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/dhcp-users >>> >> >> > _______________________________________________ > dhcp-users mailing list > dhcp-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ Message: 5 Date: Wed, 5 Oct 2016 20:36:05 +1100 From: "Glenn Satchell" <glenn.satch...@uniq.com.au> To: "Users of ISC DHCP" <dhcp-users@lists.isc.org> Subject: Re: DHCPD 4.1.1-P1 Occasional Segfault Message-ID: <1587970f4076658f73f29419670e9ecb.squir...@mail.uniq.com.au> Content-Type: text/plain;charset=iso-8859-1 The root cause is poor code in a very old version. The simple fix is to run a newer version, I'm sure there are RPMs around for newer ones that don't have that problem. I think this might be the bug, fixed around 4.2.0. This is from the RELNOTES file distributed with the source. ! Two packets were found that cause a server to halt. The code has been updated to properly process or reject the packets as appropriate. Thanks to David Zych at University of Illinois for reporting this issue. [ISC-Bugs #24960] One CVE number for each class of packet. CVE-2011-2748 CVE-2011-2749 But if you're going to patch the code and recompile, just go to the newer version. regards, -glenn On Wed, October 5, 2016 7:28 am, Norman Elton wrote: > We are running RHEL6's version of ISC dhcpd (based on 4.1.1-p1). Every > few months, one of our servers mysteriously segfaults: > > dhcpd[30744]: segfault at 7f3ff02712c8 ip 00007f3ff02712c8 sp > 00007ffe16d0eb58 error 15 in libc-2.12.so[7f3ff0271000+2000] > > What is the recommended way to begin finding a root cause? > > Thanks! > > Norman Elton > College of William & Mary > _______________________________________________ > dhcp-users mailing list > dhcp-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/dhcp-users > ------------------------------ Subject: Digest Footer _______________________________________________ dhcp-users mailing list dhcp-users@lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ End of dhcp-users Digest, Vol 96, Issue 5 *****************************************