On 2020-07-22, Marcos Madeira | Secure Networks <[email protected]> wrote: > Hello ports@, > > I am unable to get broadcast DHCP requests to be generated on openbsd > 6.6 and 6.7 using the packaged versions of monitoring-plugins, which are > monitoring-plugins-2.2p8 and monitoring-plugins-2.2p9, respectively. > > I have tested the package on a few different environments and it boils > down to this: > > - unicast DHCP is working fine with something like: -i vio1 -v -t 3 -m > "52:54:00:f3:e9:cb" -r 10.10.0.10 -s 10.10.0.2 -u > > - if the server runs something like > '/usr/local/libexec/nagios/check_dhcp -i vio1', which should be a > broadcast request: > > - packets will always exit through the first phsical ethernet > interface (e.g. vio0) > > - no reply received > > - if the server runs something like > '/usr/local/libexec/nagios/check_dhcp -i vio0' > > - if the interface has no address, a packet will not be sent at all. > No local unicast addess needed with IPv4 broadcast DHCP client > > - if the interface has an address, no DHCP replies are ever received > > Unicast-based DHCP monitoring works fine, but this type of monitoring > does not meet the criteria for rogue DHCP server detection. > > Can anyone confirm/deny this before I get an opportunity to look at the > code?
I don't know about the check_dhcp issue, but I have one comment, make sure you don't have dhcpd/dhclient running at the same time on the same interface, they hijack dhcp packets using bpf's "fildrop" mechanism and don't send them to other applications.
