DHCP: ARP issue, FR2.x vs FR 3.x

Fajar A. Nugraha list at fajar.net
Fri Jan 13 16:06:43 CET 2012 

On Fri, Jan 13, 2012 at 8:48 PM, Alan DeKok <aland at deployingradius.com> wrote:
>  Arg.  "interface" isn't set.  I've fixed that.

Yep, that fixed the segfault issue alright :D

There's still problems though.

First, while migrating my old test config, I forgot to uncomment
mac2ip, which means there are no DHCP-Your-IP-Address attribute. When
it receive dhcp discover packet, the server died with

#================================================================
server dhcp {
Trying sub-section dhcp DHCP-Discover {...}
+- entering group DHCP-Discover {...}
++[reply] returns noop
++[reply] returns noop
++[ok] returns ok
ASSERT FAILED dhcpd.c[412]: vp != NULL
Aborted
#================================================================

I don't think it should do that.

Second, there's still no packet sent to the client. And there's
nothing in the debug log about updating
ARP cache. FR debug log (starting from dhcp section):
#================================================================
server dhcp { # from file /etc/freeradius/sites-enabled/dhcp
 modules {
 Module: Checking dhcp DHCP-Discover {...} for more modules to load
 Module: Linked to module rlm_passwd
 Module: Instantiating module "mac2ip" from file /etc/freeradius/modules/mac2ip
  passwd mac2ip {
	filename = "/etc/freeradius/mac2ip"
	format = "*DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address"
	delimiter = ","
	ignorenislike = yes
	ignoreempty = yes
	allowmultiplekeys = no
	hashsize = 100
  }
rlm_passwd: nfields: 2 keyfield 0(DHCP-Client-Hardware-Address) listable: no
 Module: Linked to module rlm_always
 Module: Instantiating module "ok" from file /etc/freeradius/modules/always
  always ok {
	rcode = "ok"
	simulcount = 0
	mpp = no
  }
 Module: Checking dhcp DHCP-Request {...} for more modules to load
 Module: Checking dhcp (null) {...} for more modules to load
/etc/freeradius/sites-enabled/dhcp[243]: No name specified for
Post-Auth-Type block
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
	type = "auth"
	ipaddr = *
	port = 0
}
listen {
	type = "acct"
	ipaddr = *
	port = 0
}
listen {
	type = "auth"
	ipaddr = 127.0.0.1
	port = 18120
}
listen {
	type = "dhcp"
	ipaddr = 255.255.255.255
	port = 67
	src_ipaddr = 172.16.101.1
}
listen {
	type = "dhcp"
	ipaddr = 172.16.101.1
	port = 67
WARNING: No "interface" setting is defined.  Only unicast DHCP will work.
	src_interface = "dummy1"
}
 ... adding new socket proxy address * port 48701
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on dhcp interface dummy1 address 255.255.255.255 port 67 as
server dhcp
Listening on dhcp address 172.16.101.1 port 67 as server dhcp
Listening on proxy address * port 1814
Ready to process requests.
Received DHCP-Discover of id 90df5d69 from 0.0.0.0:68 to 255.255.255.255:67
	DHCP-Opcode = Client-Message
	DHCP-Hardware-Type = Ethernet
	DHCP-Hardware-Address-Length = 6
	DHCP-Hop-Count = 0
	DHCP-Transaction-Id = 2430557545
	DHCP-Number-of-Seconds = 0
	DHCP-Flags = 0
	DHCP-Client-IP-Address = 0.0.0.0
	DHCP-Your-IP-Address = 0.0.0.0
	DHCP-Server-IP-Address = 0.0.0.0
	DHCP-Gateway-IP-Address = 0.0.0.0
	DHCP-Client-Hardware-Address = 08:00:27:a2:13:b9
	DHCP-Message-Type = DHCP-Discover
	DHCP-Parameter-Request-List = DHCP-Subnet-Mask
	DHCP-Parameter-Request-List = DHCP-Broadcast-Address
	DHCP-Parameter-Request-List = DHCP-Time-Offset
	DHCP-Parameter-Request-List = DHCP-Router-Address
	DHCP-Parameter-Request-List = DHCP-Domain-Name
	DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
	DHCP-Parameter-Request-List = DHCP-Hostname
	DHCP-Parameter-Request-List = DHCP-NTP-Servers
server dhcp {
Trying sub-section dhcp DHCP-Discover {...}
+- entering group DHCP-Discover {...}
++[reply] returns noop
++[reply] returns noop
[mac2ip] Added DHCP-Your-IP-Address: '172.16.101.101' to reply_items
++[mac2ip] returns ok
++[ok] returns ok
} # server dhcp
	DHCP-Subnet-Mask = 255.255.255.0
	DHCP-Router-Address = 172.16.101.1
	DHCP-Domain-Name-Server = 8.8.8.8
	DHCP-IP-Address-Lease-Time = 60
	DHCP-DHCP-Server-Identifier = 172.16.101.1
Sending DHCP-Offer of id 90df5d69 from 172.16.101.1:67 to 172.16.101.101:68
Finished request 0.
Cleaning up request 0 ID -1864409751 with timestamp +18
Going to the next request
Ready to process requests.
Received DHCP-Discover of id 90df5d69 from 0.0.0.0:68 to 255.255.255.255:67
	DHCP-Opcode = Client-Message
	DHCP-Hardware-Type = Ethernet
	DHCP-Hardware-Address-Length = 6
	DHCP-Hop-Count = 0
	DHCP-Transaction-Id = 2430557545
	DHCP-Number-of-Seconds = 5
	DHCP-Flags = 0
	DHCP-Client-IP-Address = 0.0.0.0
	DHCP-Your-IP-Address = 0.0.0.0
	DHCP-Server-IP-Address = 0.0.0.0
	DHCP-Gateway-IP-Address = 0.0.0.0
	DHCP-Client-Hardware-Address = 08:00:27:a2:13:b9
	DHCP-Message-Type = DHCP-Discover
	DHCP-Parameter-Request-List = DHCP-Subnet-Mask
	DHCP-Parameter-Request-List = DHCP-Broadcast-Address
	DHCP-Parameter-Request-List = DHCP-Time-Offset
	DHCP-Parameter-Request-List = DHCP-Router-Address
	DHCP-Parameter-Request-List = DHCP-Domain-Name
	DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
	DHCP-Parameter-Request-List = DHCP-Hostname
	DHCP-Parameter-Request-List = DHCP-NTP-Servers
server dhcp {
Trying sub-section dhcp DHCP-Discover {...}
+- entering group DHCP-Discover {...}
++[reply] returns noop
++[reply] returns noop
[mac2ip] Added DHCP-Your-IP-Address: '172.16.101.101' to reply_items
++[mac2ip] returns ok
++[ok] returns ok
} # server dhcp
	DHCP-Subnet-Mask = 255.255.255.0
	DHCP-Router-Address = 172.16.101.1
	DHCP-Domain-Name-Server = 8.8.8.8
	DHCP-IP-Address-Lease-Time = 60
	DHCP-DHCP-Server-Identifier = 172.16.101.1
Sending DHCP-Offer of id 90df5d69 from 172.16.101.1:67 to 172.16.101.101:68
Finished request 1.
Cleaning up request 1 ID -1864409751 with timestamp +23
Going to the next request
Ready to process requests.
#================================================================


tcpdump:
#================================================================
21:54:27.316739 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:a2:13:b9, length 300, xid 0x90df5d69, Flags [none]
	  Client-Ethernet-Address 08:00:27:a2:13:b9
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Discover
	    Parameter-Request Option 55, length 8:
	      Subnet-Mask, BR, Time-Zone, Default-Gateway
	      Domain-Name, Domain-Name-Server, Hostname, NTP
21:54:27.316755 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:a2:13:b9, length 300, xid 0x90df5d69, Flags [none]
	  Client-Ethernet-Address 08:00:27:a2:13:b9
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Discover
	    Parameter-Request Option 55, length 8:
	      Subnet-Mask, BR, Time-Zone, Default-Gateway
	      Domain-Name, Domain-Name-Server, Hostname, NTP
21:54:27.319714 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.16.101.101 tell 172.16.101.1, length 28
21:54:28.319761 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.16.101.101 tell 172.16.101.1, length 28
21:54:29.319717 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.16.101.101 tell 172.16.101.1, length 28
21:54:32.319326 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:a2:13:b9, length 300, xid 0x90df5d69, secs 5, Flags [none]
	  Client-Ethernet-Address 08:00:27:a2:13:b9
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Discover
	    Parameter-Request Option 55, length 8:
	      Subnet-Mask, BR, Time-Zone, Default-Gateway
	      Domain-Name, Domain-Name-Server, Hostname, NTP
21:54:32.319354 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none],
proto UDP (17), length 328)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:a2:13:b9, length 300, xid 0x90df5d69, secs 5, Flags [none]
	  Client-Ethernet-Address 08:00:27:a2:13:b9
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Discover
	    Parameter-Request Option 55, length 8:
	      Subnet-Mask, BR, Time-Zone, Default-Gateway
	      Domain-Name, Domain-Name-Server, Hostname, NTP
21:54:32.323727 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.16.101.101 tell 172.16.101.1, length 28
21:54:33.323764 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.16.101.101 tell 172.16.101.1, length 28
21:54:34.323763 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.16.101.101 tell 172.16.101.1, length 28
#================================================================


If I manually force add arp entry using "arp -i dummy1 -s
172.16.101.101 08:00:27:a2:13:b9", then it works. Looks like there's
still problem in arp cache update code.

-- 
Fajar

More information about the Freeradius-Devel mailing list