Re: [Dnsmasq-discuss] 3 secs dhcp delay

2019-01-21 Thread Simon Kelley



On 21/01/2019 08:59, Harald Dunkel wrote:
> On 1/18/19 10:36 AM, Harald Dunkel wrote:
>>
>> Do you think dnsmasq could watch/ping its IP address range while it is
>> idle, caching the result? It might examine the local arp table as well:
>> If there is an entry with matching MAC and IP address, isn't it
>> reasonable
>> to assume that the IP address is not in use somewhere else?
>>
> 
> PS: I found https://tools.ietf.org/html/rfc5227 on the web. Interesting
> read, but probably it won't help to avoid the delay.

RFC5227 is an elaboration of the ARP-based method.

Using ARP probes works at the client, but it's never applicable for the
server, because the server may not be located in the same
broadcast-domain as the client(s). Using DHCP relay, the server can be
on another subnet entirely. This is why servers use ICMP for conflict
detection, as it's a routable protocol.


> 

Simon.


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] 3 secs dhcp delay

2019-01-21 Thread Simon Kelley



On 21/01/2019 11:49, Roy Marples wrote:

> 
>> Will dnsmasq offer another IP address in case it receives a decline?
> 
> It does with my testing, unless I hardcode the hardware address to a
> fixed IP. This results in an infinite loop, but there's no real way
> around that.


It's supposed to give up on the fixed IP, log a message and allocate a
pool IP instead under that circumstance. If you can repeat this I'd be
interested in the details, as it's a bug.


Cheers,


Simon.



___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] 3 secs dhcp delay

2019-01-21 Thread Roy Marples

On 21/01/2019 08:59, Harald Dunkel wrote:

But AFAICS strongswan's dhcp plugin doesn't, and
surely it is not alone.


Use another DHCP client that does then?
There's no reason why dhcpcd can't work with StrongSwan. You even get a 
DHCPv6 client for free which StrongSwan doesn't support.



Will dnsmasq offer another IP address in case it receives a decline?


It does with my testing, unless I hardcode the hardware address to a 
fixed IP. This results in an infinite loop, but there's no real way 
around that.


Roy

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] 3 secs dhcp delay

2019-01-21 Thread Harald Dunkel

On 1/18/19 10:36 AM, Harald Dunkel wrote:


Do you think dnsmasq could watch/ping its IP address range while it is
idle, caching the result? It might examine the local arp table as well:
If there is an entry with matching MAC and IP address, isn't it reasonable
to assume that the IP address is not in use somewhere else?



PS: I found https://tools.ietf.org/html/rfc5227 on the web. Interesting
read, but probably it won't help to avoid the delay.

I would agree that it should the job of the client to make sure that
the IP address is not in use yet, and to reply with a DHCPDECLINE to
the dhcp server. But AFAICS strongswan's dhcp plugin doesn't, and
surely it is not alone.

Will dnsmasq offer another IP address in case it receives a decline?


Thanx anyway. Keep on your good work

Harri

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] 3 secs dhcp delay

2019-01-18 Thread Geert Stappers
On Fri, Jan 18, 2019 at 10:36:19AM +0100, Harald Dunkel wrote:
> On 1/17/19 11:58 PM, Simon Kelley wrote:>
} } http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2019q1/012822.html
} } }  ... VPN ...
> > The delay is while dnsmasq tests the address it's about to allocate in
> > case some host is already using it. It sends a ICMP echo request
> > (essentially a ping) and if it gets a reply, the test fails. After a 3
> > second timeout the test succeeds and the address is allocated. If you're
> > happy that there are no machines using IP addresses without leasing
> > them, or that the similar test that DHCP clients do will find this, then
> > you can disable the check in dnsmasq using the --no-oing config flag.
> } you can disable the check in dnsmasq using the --no-ping config flag.

 --no-Ping

Quoting dnsmasq manual page

  -5, --no-ping
 (IPv4  only)  By default, the DHCP server will attempt to ensure
 that an address is not in use before allocating it to a host. It
 does  this  by  sending an ICMP echo request (aka "ping") to the
 address in question. If it gets a reply, then the  address  must
 already be in use, and another is tried. This flag disables this
 check. Use with caution.


The 3 seconds from the subject line explained
and how to avoid that delay.


> Do you think dnsmasq could watch/ping its IP address range while it is
> idle, caching the result? It might examine the local arp table as well:
> If there is an entry with matching MAC and IP address, isn't it reasonable
> to assume that the IP address is not in use somewhere else?


I think that "make dnsmasq a network monitor"
should be in seperate thread.



Regards
Geert Stappers
DevOps engineer

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] 3 secs dhcp delay

2019-01-18 Thread Harald Dunkel

Hi Simon,

On 1/17/19 11:58 PM, Simon Kelley wrote:>
> The delay is while dnsmasq tests the address it's about to allocate in
> case some host is already using it. It sends a ICMP echo request
> (essentially a ping) and if it gets a reply, the test fails. After a 3
> second timeout the test succeeds and the address is allocated. If you're
> happy that there are no machines using IP addresses without leasing
> them, or that the similar test that DHCP clients do will find this, then
> you can disable the check in dnsmasq using the --no-oing config flag.
>

Do you think dnsmasq could watch/ping its IP address range while it is
idle, caching the result? It might examine the local arp table as well:
If there is an entry with matching MAC and IP address, isn't it reasonable
to assume that the IP address is not in use somewhere else?


Regards
Harri

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] 3 secs dhcp delay

2019-01-18 Thread Roy Marples

On 17/01/2019 22:58, Simon Kelley wrote:

The delay is while dnsmasq tests the address it's about to allocate in
case some host is already using it. It sends a ICMP echo request
(essentially a ping) and if it gets a reply, the test fails. After a 3
second timeout the test succeeds and the address is allocated. If you're
happy that there are no machines using IP addresses without leasing
them, or that the similar test that DHCP clients do will find this, then
you can disable the check in dnsmasq using the --no-oing config flag.


NetBSD and Solaris do IPv4 DaD checks using ARP in the kernel, so the 
DHCP client doesn't strictly have to do anything other than listen to 
the kernel notifying the DaD result.


Roy

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss


Re: [Dnsmasq-discuss] 3 secs dhcp delay

2019-01-17 Thread Simon Kelley


On 17/01/2019 10:30, Harald Dunkel wrote:
> Hi folks,
> 
> I see a 3 to 4 secs delay for dnsmasq's dhcp protocol. Example:
> 
> Strongswan's dhcp plugin obtains an IP address on behalf of the peer (a
> road warrior laptop). The strongswan logfile on the host says
> 
> :
> Jan 14 10:48:07 18[IKE]  peer requested virtual IP %any
> Jan 14 10:48:07 18[CFG]  sending DHCP DISCOVER to
> 172.16.122.9
> Jan 14 10:48:08 18[CFG]  sending DHCP DISCOVER to
> 172.16.122.9
> Jan 14 10:48:10 18[CFG]  sending DHCP DISCOVER to
> 172.16.122.9
> Jan 14 10:48:10 16[CFG] received DHCP OFFER 172.16.122.65 from 172.16.122.9
> Jan 14 10:48:10 18[CFG]  sending DHCP REQUEST for
> 172.16.122.65 to 172.16.122.9
> Jan 14 10:48:10 18[CFG]  sending DHCP REQUEST for
> 172.16.122.65 to 172.16.122.9
> Jan 14 10:48:10 18[CFG]  sending DHCP REQUEST for
> 172.16.122.65 to 172.16.122.9
> Jan 14 10:48:10 15[CFG] received DHCP ACK for 172.16.122.65
> Jan 14 10:48:10 18[IKE]  assigning virtual IP
> 172.16.122.65 to peer 'C=DE, ST=NRW, L=Metropolis, O=example AG,
> CN=roadwarrior.ac.example.de, E=secur...@example.de'
> :
> 
> dnsmasq's logfile contains this:
> 
> :
> Jan 14 10:48:00 dnsmasq-dhcp[10542]: 1657285313 available DHCP range:
> 172.16.122.10 -- 172.16.122.254
> Jan 14 10:48:00 dnsmasq-dhcp[10542]: 1657285313 DHCPRELEASE(eth1)
> 172.16.122.65 7a:a7:c5:fc:7d:59
> Jan 14 10:48:07 dnsmasq-dhcp[10542]: 2364812771 available DHCP range:
> 172.16.122.10 -- 172.16.122.254
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPDISCOVER(eth1)
> 7a:a7:c5:fc:7d:59
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 tags: eth1
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPOFFER(eth1)
> 172.16.122.65 7a:a7:c5:fc:7d:59
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 requested options:
> 6:dns-server, 44:netbios-ns
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 next server: 172.16.122.9
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  1 option: 53
> message-type  2
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 54
> server-identifier  172.16.122.9
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 51
> lease-time  12h
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 58
> T1  6h
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 59
> T2  10h30m
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option:  1
> netmask  255.255.255.0
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 28
> broadcast  172.16.122.255
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option:  6
> dns-server  172.16.122.9
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 available DHCP range:
> 172.16.122.10 -- 172.16.122.254
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPDISCOVER(eth1)
> 7a:a7:c5:fc:7d:59
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 tags: eth1
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPOFFER(eth1)
> 172.16.122.65 7a:a7:c5:fc:7d:59
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 requested options:
> 6:dns-server, 44:netbios-ns
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 next server: 172.16.122.9
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  1 option: 53
> message-type  2
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 54
> server-identifier  172.16.122.9
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 51
> lease-time  12h
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 58
> T1  6h
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 59
> T2  10h30m
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option:  1
> netmask  255.255.255.0
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 28
> broadcast  172.16.122.255
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option:  6
> dns-server  172.16.122.9
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 available DHCP range:
> 172.16.122.10 -- 172.16.122.254
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPDISCOVER(eth1)
> 7a:a7:c5:fc:7d:59
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 tags: eth1
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPOFFER(eth1)
> 172.16.122.65 7a:a7:c5:fc:7d:59
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 requested options:
> 6:dns-server, 44:netbios-ns
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 next server: 172.16.122.9
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  1 option: 53
> message-type  2
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 54
> server-identifier  172.16.122.9
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 51
> lease-time  12h
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 58
> T1  6h
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 59
> T2  10h30m
> Jan 14 10:48:10 dnsmasq-dhcp[10542]: 

[Dnsmasq-discuss] 3 secs dhcp delay

2019-01-17 Thread Harald Dunkel

Hi folks,

I see a 3 to 4 secs delay for dnsmasq's dhcp protocol. Example:

Strongswan's dhcp plugin obtains an IP address on behalf of the peer (a
road warrior laptop). The strongswan logfile on the host says

:
Jan 14 10:48:07 18[IKE]  peer requested virtual IP %any
Jan 14 10:48:07 18[CFG]  sending DHCP DISCOVER to 172.16.122.9
Jan 14 10:48:08 18[CFG]  sending DHCP DISCOVER to 172.16.122.9
Jan 14 10:48:10 18[CFG]  sending DHCP DISCOVER to 172.16.122.9
Jan 14 10:48:10 16[CFG] received DHCP OFFER 172.16.122.65 from 172.16.122.9
Jan 14 10:48:10 18[CFG]  sending DHCP REQUEST for 172.16.122.65 
to 172.16.122.9
Jan 14 10:48:10 18[CFG]  sending DHCP REQUEST for 172.16.122.65 
to 172.16.122.9
Jan 14 10:48:10 18[CFG]  sending DHCP REQUEST for 172.16.122.65 
to 172.16.122.9
Jan 14 10:48:10 15[CFG] received DHCP ACK for 172.16.122.65
Jan 14 10:48:10 18[IKE]  assigning virtual IP 172.16.122.65 to 
peer 'C=DE, ST=NRW, L=Metropolis, O=example AG, CN=roadwarrior.ac.example.de, 
E=secur...@example.de'
:

dnsmasq's logfile contains this:

:
Jan 14 10:48:00 dnsmasq-dhcp[10542]: 1657285313 available DHCP range: 
172.16.122.10 -- 172.16.122.254
Jan 14 10:48:00 dnsmasq-dhcp[10542]: 1657285313 DHCPRELEASE(eth1) 172.16.122.65 
7a:a7:c5:fc:7d:59
Jan 14 10:48:07 dnsmasq-dhcp[10542]: 2364812771 available DHCP range: 
172.16.122.10 -- 172.16.122.254
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPDISCOVER(eth1) 
7a:a7:c5:fc:7d:59
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 tags: eth1
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPOFFER(eth1) 172.16.122.65 
7a:a7:c5:fc:7d:59
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 requested options: 
6:dns-server, 44:netbios-ns
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 next server: 172.16.122.9
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  1 option: 53 
message-type  2
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 54 
server-identifier  172.16.122.9
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 51 
lease-time  12h
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 58 T1  6h
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 59 T2  
10h30m
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option:  1 
netmask  255.255.255.0
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 28 
broadcast  172.16.122.255
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option:  6 
dns-server  172.16.122.9
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 available DHCP range: 
172.16.122.10 -- 172.16.122.254
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPDISCOVER(eth1) 
7a:a7:c5:fc:7d:59
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 tags: eth1
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPOFFER(eth1) 172.16.122.65 
7a:a7:c5:fc:7d:59
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 requested options: 
6:dns-server, 44:netbios-ns
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 next server: 172.16.122.9
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  1 option: 53 
message-type  2
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 54 
server-identifier  172.16.122.9
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 51 
lease-time  12h
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 58 T1  6h
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 59 T2  
10h30m
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option:  1 
netmask  255.255.255.0
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 28 
broadcast  172.16.122.255
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option:  6 
dns-server  172.16.122.9
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 available DHCP range: 
172.16.122.10 -- 172.16.122.254
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPDISCOVER(eth1) 
7a:a7:c5:fc:7d:59
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 tags: eth1
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 DHCPOFFER(eth1) 172.16.122.65 
7a:a7:c5:fc:7d:59
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 requested options: 
6:dns-server, 44:netbios-ns
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 next server: 172.16.122.9
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  1 option: 53 
message-type  2
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 54 
server-identifier  172.16.122.9
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 51 
lease-time  12h
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 58 T1  6h
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 59 T2  
10h30m
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option:  1 
netmask  255.255.255.0
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4 option: 28 
broadcast  172.16.122.255
Jan 14 10:48:10 dnsmasq-dhcp[10542]: 2364812771 sent size:  4