On Wed, Jul 05, 2017 at 04:37:39PM +0200, Reyk Floeter wrote:
> Hi,
> 
> landry@ sees many log messages 'DHCPINFORM from xx but ciaddr yy is
> not consistent with actual address' in a setup where dhcpd runs behind
> dhcrelay.
> 
> The code in dhcpd's dhcpinform() seems wrong - it assumes that ciaddr
> (the client IP) is identical to the packet source address and it
> doesn't consider a relay, indicated by giaddr (gateway).
> 
> I looked at isc-dhcpd code and, omg my eyes are bleeding, it seems to
> handle DHCPINFORM from relayed clients with giaddr set.
> 
> So it seems that dhcpd never accepted DHCPINFORM from clients behind a
> relay, and the diff below changes it and stops the log spam.  But it
> also changes behavior, so it needs some testing and maybe feedback
> from DHCP experts (prodding krw).

I've put this on a 6.1 vm behind a dhcrelay at work, previously the
w7 clients were apparently sending DHCPINFORM every ~10mn, and in bursts:

Jul  5 14:52:42 oberalp dhcpd[92834]: DHCPINFORM from 172.20.85.254 but ciaddr 
172.20.85.124 is not consistent with actual address
Jul  5 14:52:45 oberalp dhcpd[92834]: DHCPINFORM from 172.20.85.254 but ciaddr 
172.20.85.124 is not consistent with actual address
Jul  5 14:54:11 oberalp last message repeated 2 times
Jul  5 14:55:23 oberalp dhcpd[92834]: DHCPINFORM from 172.20.85.254 but ciaddr 
172.20.85.107 is not consistent with actual address
Jul  5 14:55:26 oberalp dhcpd[92834]: DHCPINFORM from 172.20.85.254 but ciaddr 
172.20.85.107 is not consistent with actual address
Jul  5 14:56:50 oberalp last message repeated 2 times

With this diff, now the clients still send DHCPINFORM, some every ~10mn,
some every ~30m, still in bursts, and the DHCPACK is sent back:

Jul  6 11:08:06 oberalp dhcpd[42317]: DHCPACK to 172.20.85.107 
(<xx:xx:xx:xx:xx:xx>) via 172.20.85.254
Jul  6 11:08:09 oberalp dhcpd[42317]: DHCPINFORM from 172.20.85.254
Jul  6 11:08:09 oberalp dhcpd[42317]: DHCPACK to 172.20.85.107 
(<xx:xx:xx:xx:xx:xx>) via 172.20.85.254
Jul  6 11:18:13 oberalp dhcpd[42317]: DHCPINFORM from 172.20.85.254
Jul  6 11:18:13 oberalp dhcpd[42317]: DHCPACK to 172.20.85.107 
(<xx:xx:xx:xx:xx:xx>) via 172.20.85.254
Jul  6 11:18:16 oberalp dhcpd[42317]: DHCPINFORM from 172.20.85.254
Jul  6 11:18:16 oberalp dhcpd[42317]: DHCPACK to 172.20.85.107 
(<xx:xx:xx:xx:xx:xx>) via 172.20.85.254
Jul  6 11:19:13 oberalp dhcpd[42317]: DHCPINFORM from 172.20.85.254
Jul  6 11:19:13 oberalp dhcpd[42317]: DHCPACK to 172.20.85.122 
(<yy:yy:yy:yy:yy:yy>) via 172.20.85.254
Jul  6 11:19:16 oberalp dhcpd[42317]: DHCPINFORM from 172.20.85.254
Jul  6 11:19:16 oberalp dhcpd[42317]: DHCPACK to 172.20.85.122 
(<yy:yy:yy:yy:yy:yy>) via 172.20.85.254
Jul  6 11:20:58 oberalp dhcpd[42317]: DHCPINFORM from 172.20.85.254
Jul  6 11:20:58 oberalp dhcpd[42317]: DHCPACK to 172.20.85.122 
(<yy:yy:yy:yy:yy:yy>) via 172.20.85.254
Jul  6 11:21:01 oberalp dhcpd[42317]: DHCPINFORM from 172.20.85.254
Jul  6 11:21:01 oberalp dhcpd[42317]: DHCPACK to 172.20.85.122 
(<yy:yy:yy:yy:yy:yy>) via 172.20.85.254

dhcpdump of the DHCPINFORM request:

OPTION:  53 (  1) DHCP message type         8 (DHCPINFORM)
OPTION:  61 (  7) Client-identifier         <xx>
OPTION:  12 (  7) Host name                 <redacted>
OPTION:  60 (  8) Vendor class identifier   MSFT 5.0
OPTION:  55 ( 13) Parameter Request List      1 (Subnet mask)
                                             15 (Domainname)
                                              3 (Routers)
                                              6 (DNS server)
                                             44 (NetBIOS name server)
                                             46 (NetBIOS node type)
                                             47 (NetBIOS scope)
                                             31 (Perform router discovery)
                                             33 (Static route)
                                            121 (Classless Static Route)
                                            249 (MSFT - Classless route)
                                             43 (Vendor specific info)
                                            252 (MSFT - WinSock Proxy Auto 
Detect)

So i dunno if the clients behavious will adapt over time (searching for
'windows7 dhcpinform' on the interwebs leads to tons of pages..), or if it's
even worse in terms of syslog spam, but at least it seems more 'correct'
dhcp-wise, and apparently the client still has a working network.

Can't really okay it as i dont have all the big picture details,
but at least it doesnt break this setup.

Landry

Reply via email to