DHCP issues in v3

Matthew Newton mcn4 at leicester.ac.uk
Fri Oct 11 01:19:20 CEST 2013


Hi,

Finally got around to trying DHCP this evening. A bit late to hit v3 I'm
afraid, but I've unfortunately been too busy to spend much time looking at
FreeRADIUS recently. I figured I'd get it to act as a simple DHCP server for my
network, and try and put together a simple HOWTO. Or at least, I would have
done if I'd got that far ;-)

This is completely compiled from HEAD (61040c8fbd), using
./configure --enable-developer -C --prefix=/opt/fr3
Debian wheezy system:
Linux elk 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux

I removed sites-enabled/{default,inner-tunnel}, and symlinked in
sites-available/dhcp, then edited it as follows to start with:

listen {
  ipaddr = 81.187.50.101
  port = 67
  type = dhcp
#  interface = br0
  broadcast = yes
}

(I set my local network config in the update reply sections, and
set DHCP-Your-IP-Address with unlang in an if block for the MAC
address.)

===============================================================================
....
radiusd: #### Loading Virtual Servers ####
server { # from file /opt/fr3/etc/raddb/radiusd.conf
} # server
server dhcp { # from file /opt/fr3/etc/raddb/sites-enabled/dhcp
 Module: Checking dhcp DHCP-Discover {...} for more modules to load
 Module: Checking dhcp DHCP-Request {...} for more modules to load
 Module: Checking dhcp (null) {...} for more modules to load
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "dhcp"
    ipaddr = 81.187.50.101
    port = 67
WARNING: No "interface" setting is defined.  Only unicast DHCP will work.
}
Listening on dhcp address 81.187.50.101 port 67 as server dhcp
Opening new proxy address * port 0
Listening on proxy address * port 54463
Ready to process requests.
===============================================================================

This config, as noted by the warning about unicast only, did not
work - it didn't see the broadcast packets. This is the only
unsurprising result :-)

Next - with as above, and also "interface = br0". This time, no warning about
unicast only, but it still didn't see the broadcast packets.  This doesn't
surprise me entirely, as I've specifically set an IP address, but there is no
warning.

===============================================================================
....
radiusd: #### Loading Virtual Servers ####
server { # from file /opt/fr3/etc/raddb/radiusd.conf
} # server
server dhcp { # from file /opt/fr3/etc/raddb/sites-enabled/dhcp
 Module: Checking dhcp DHCP-Discover {...} for more modules to load
 Module: Checking dhcp DHCP-Request {...} for more modules to load
 Module: Checking dhcp (null) {...} for more modules to load
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "dhcp"
    ipaddr = 81.187.50.101
    port = 67
}
Listening on dhcp interface br0 address 81.187.50.101 port 67 as server dhcp
Opening new proxy address * port 0
Listening on proxy address * port 35326
Ready to process requests.
===============================================================================


Next I have "ipaddr = *" and again commented out the interface option (not
expecting it necessarily to work - the warning appears again). This works fine
until FR tries to send a reply, and we get a segfault.

Complete radiusd -X output, in gdb:

===============================================================================
root at elk:/opt/fr3/sbin# gdb --args ./radiusd -X 
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /opt/fr3/sbin/radiusd...done.
(gdb) run
Starting program: /opt/fr3/sbin/radiusd -X
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
radiusd: FreeRADIUS Version 3.0.1 (git #61040c8), for host x86_64-unknown-linux-gnu, built on Oct 10 2013 at 21:03:18
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including dictionary file /opt/fr3/etc/raddb/dictionary
including configuration file /opt/fr3/etc/raddb/radiusd.conf
including configuration file /opt/fr3/etc/raddb/proxy.conf
including configuration file /opt/fr3/etc/raddb/clients.conf
including files in directory /opt/fr3/etc/raddb/mods-enabled/
including configuration file /opt/fr3/etc/raddb/mods-enabled/unix
including configuration file /opt/fr3/etc/raddb/mods-enabled/echo
including configuration file /opt/fr3/etc/raddb/mods-enabled/dhcp
including configuration file /opt/fr3/etc/raddb/mods-enabled/cache_eap
including configuration file /opt/fr3/etc/raddb/mods-enabled/dynamic_clients
including configuration file /opt/fr3/etc/raddb/mods-enabled/ntlm_auth
including configuration file /opt/fr3/etc/raddb/mods-enabled/always
including configuration file /opt/fr3/etc/raddb/mods-enabled/soh
including configuration file /opt/fr3/etc/raddb/mods-enabled/logintime
including configuration file /opt/fr3/etc/raddb/mods-enabled/replicate
including configuration file /opt/fr3/etc/raddb/mods-enabled/radutmp
including configuration file /opt/fr3/etc/raddb/mods-enabled/attr_filter
including configuration file /opt/fr3/etc/raddb/mods-enabled/pap
including configuration file /opt/fr3/etc/raddb/mods-enabled/passwd
including configuration file /opt/fr3/etc/raddb/mods-enabled/utf8
including configuration file /opt/fr3/etc/raddb/mods-enabled/expiration
including configuration file /opt/fr3/etc/raddb/mods-enabled/expr
including configuration file /opt/fr3/etc/raddb/mods-enabled/realm
including configuration file /opt/fr3/etc/raddb/mods-enabled/eap
including configuration file /opt/fr3/etc/raddb/mods-enabled/linelog
including configuration file /opt/fr3/etc/raddb/mods-enabled/preprocess
including configuration file /opt/fr3/etc/raddb/mods-enabled/digest
including configuration file /opt/fr3/etc/raddb/mods-enabled/detail
including configuration file /opt/fr3/etc/raddb/mods-enabled/files
including configuration file /opt/fr3/etc/raddb/mods-enabled/exec
including configuration file /opt/fr3/etc/raddb/mods-enabled/sradutmp
including configuration file /opt/fr3/etc/raddb/mods-enabled/detail.log
including configuration file /opt/fr3/etc/raddb/mods-enabled/chap
including configuration file /opt/fr3/etc/raddb/mods-enabled/mschap
including files in directory /opt/fr3/etc/raddb/policy.d/
including configuration file /opt/fr3/etc/raddb/policy.d/operator-name
including configuration file /opt/fr3/etc/raddb/policy.d/canonicalization
including configuration file /opt/fr3/etc/raddb/policy.d/dhcp
including configuration file /opt/fr3/etc/raddb/policy.d/cui
including configuration file /opt/fr3/etc/raddb/policy.d/filter
including configuration file /opt/fr3/etc/raddb/policy.d/eap
including configuration file /opt/fr3/etc/raddb/policy.d/control
including configuration file /opt/fr3/etc/raddb/policy.d/accounting
including files in directory /opt/fr3/etc/raddb/sites-enabled/
including configuration file /opt/fr3/etc/raddb/sites-enabled/dhcp
main {
 security {
  allow_core_dumps = no
 }
}
main {
  name = "radiusd"
  prefix = "/opt/fr3"
  localstatedir = "/opt/fr3/var"
  sbindir = "/opt/fr3/sbin"
  logdir = "/opt/fr3/var/log/radius"
  run_dir = "/opt/fr3/var/run/radiusd"
  libdir = "/opt/fr3/lib"
  radacctdir = "/opt/fr3/var/log/radius/radacct"
  hostname_lookups = no
  max_request_time = 30
  cleanup_delay = 5
  max_requests = 1024
  pidfile = "/opt/fr3/var/run/radiusd/radiusd.pid"
  checkrad = "/opt/fr3/sbin/checkrad"
  debug_level = 0
  proxy_requests = yes
 log {
  stripped_names = no
  auth = no
  auth_badpass = no
  auth_goodpass = no
  colourise = yes
 }
 security {
  max_attributes = 200
  reject_delay = 1
  status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
  retry_delay = 5
  retry_count = 3
  default_fallback = no
  dead_time = 120
  wake_all_if_all_dead = no
 }
 home_server localhost {
  ipaddr = 127.0.0.1
  port = 1812
  type = "auth"
  secret = "testing123"
  response_window = 20
  max_outstanding = 65536
  zombie_period = 40
  status_check = "status-server"
  ping_interval = 30
  check_interval = 30
  num_answers_to_alive = 3
  revive_interval = 120
  status_check_timeout = 4
  coa {
    irt = 2
    mrt = 16
    mrc = 5
    mrd = 30
  }
  limit {
    max_connections = 16
    max_requests = 0
    lifetime = 0
    idle_timeout = 0
  }
 }
 home_server_pool my_auth_failover {
  type = fail-over
  home_server = localhost
 }
 realm example.com {
  auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
  ipaddr = 127.0.0.1
  require_message_authenticator = no
  secret = "testing123"
  nas_type = "other"
  proto = "*"
  limit {
    max_connections = 16
    lifetime = 0
    idle_timeout = 30
  }
 }
radiusd: #### Instantiating modules ####
 instantiate {
 }
 modules {
  # Loaded module rlm_unix
  # Instantiating module "unix" from file /opt/fr3/etc/raddb/mods-enabled/unix
  unix {
    radwtmp = "/opt/fr3/var/log/radius/radwtmp"
  }
  # Loaded module rlm_exec
  # Instantiating module "echo" from file /opt/fr3/etc/raddb/mods-enabled/echo
  exec echo {
    wait = yes
    program = "/bin/echo %{User-Name}"
    input_pairs = "request"
    output_pairs = "reply"
    shell_escape = yes
  }
  # Loaded module rlm_dhcp
  # Instantiating module "dhcp" from file /opt/fr3/etc/raddb/mods-enabled/dhcp
  # Loaded module rlm_cache
  # Instantiating module "cache_eap" from file /opt/fr3/etc/raddb/mods-enabled/cache_eap
  cache cache_eap {
    key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
    ttl = 15
    max_entries = 16384
    epoch = 0
    add_stats = no
  }
  # Loaded module rlm_dynamic_clients
  # Instantiating module "dynamic_clients" from file /opt/fr3/etc/raddb/mods-enabled/dynamic_clients
  # Instantiating module "ntlm_auth" from file /opt/fr3/etc/raddb/mods-enabled/ntlm_auth
  exec ntlm_auth {
    wait = yes
    program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
    shell_escape = yes
  }
  # Loaded module rlm_always
  # Instantiating module "fail" from file /opt/fr3/etc/raddb/mods-enabled/always
  always fail {
    rcode = "fail"
    simulcount = 0
    mpp = no
  }
  # Instantiating module "reject" from file /opt/fr3/etc/raddb/mods-enabled/always
  always reject {
    rcode = "reject"
    simulcount = 0
    mpp = no
  }
  # Instantiating module "noop" from file /opt/fr3/etc/raddb/mods-enabled/always
  always noop {
    rcode = "noop"
    simulcount = 0
    mpp = no
  }
  # Instantiating module "handled" from file /opt/fr3/etc/raddb/mods-enabled/always
  always handled {
    rcode = "handled"
    simulcount = 0
    mpp = no
  }
  # Instantiating module "updated" from file /opt/fr3/etc/raddb/mods-enabled/always
  always updated {
    rcode = "updated"
    simulcount = 0
    mpp = no
  }
  # Instantiating module "notfound" from file /opt/fr3/etc/raddb/mods-enabled/always
  always notfound {
    rcode = "notfound"
    simulcount = 0
    mpp = no
  }
  # Instantiating module "ok" from file /opt/fr3/etc/raddb/mods-enabled/always
  always ok {
    rcode = "ok"
    simulcount = 0
    mpp = no
  }
  # Loaded module rlm_soh
  # Instantiating module "soh" from file /opt/fr3/etc/raddb/mods-enabled/soh
  soh {
    dhcp = yes
  }
  # Loaded module rlm_logintime
  # Instantiating module "logintime" from file /opt/fr3/etc/raddb/mods-enabled/logintime
  logintime {
    minimum_timeout = 60
  }
  # Loaded module rlm_replicate
  # Instantiating module "replicate" from file /opt/fr3/etc/raddb/mods-enabled/replicate
  # Loaded module rlm_radutmp
  # Instantiating module "radutmp" from file /opt/fr3/etc/raddb/mods-enabled/radutmp
  radutmp {
    filename = "/opt/fr3/var/log/radius/radutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    permissions = 384
    caller_id = yes
  }
  # Loaded module rlm_attr_filter
  # Instantiating module "attr_filter.post-proxy" from file /opt/fr3/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.post-proxy {
    filename = "/opt/fr3/etc/raddb/mods-config/attr_filter/post-proxy"
    key = "%{Realm}"
    relaxed = no
  }
reading pairlist file /opt/fr3/etc/raddb/mods-config/attr_filter/post-proxy
  # Instantiating module "attr_filter.pre-proxy" from file /opt/fr3/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.pre-proxy {
    filename = "/opt/fr3/etc/raddb/mods-config/attr_filter/pre-proxy"
    key = "%{Realm}"
    relaxed = no
  }
reading pairlist file /opt/fr3/etc/raddb/mods-config/attr_filter/pre-proxy
  # Instantiating module "attr_filter.access_reject" from file /opt/fr3/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.access_reject {
    filename = "/opt/fr3/etc/raddb/mods-config/attr_filter/access_reject"
    key = "%{User-Name}"
    relaxed = no
  }
reading pairlist file /opt/fr3/etc/raddb/mods-config/attr_filter/access_reject
  # Instantiating module "attr_filter.access_challenge" from file /opt/fr3/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.access_challenge {
    filename = "/opt/fr3/etc/raddb/mods-config/attr_filter/access_challenge"
    key = "%{User-Name}"
    relaxed = no
  }
reading pairlist file /opt/fr3/etc/raddb/mods-config/attr_filter/access_challenge
  # Instantiating module "attr_filter.accounting_response" from file /opt/fr3/etc/raddb/mods-enabled/attr_filter
  attr_filter attr_filter.accounting_response {
    filename = "/opt/fr3/etc/raddb/mods-config/attr_filter/accounting_response"
    key = "%{User-Name}"
    relaxed = no
  }
reading pairlist file /opt/fr3/etc/raddb/mods-config/attr_filter/accounting_response
  # Loaded module rlm_pap
  # Instantiating module "pap" from file /opt/fr3/etc/raddb/mods-enabled/pap
  pap {
    auto_header = no
    normalise = yes
  }
  # Loaded module rlm_passwd
  # Instantiating module "etc_passwd" from file /opt/fr3/etc/raddb/mods-enabled/passwd
  passwd etc_passwd {
    filename = "/etc/passwd"
    format = "*User-Name:Crypt-Password:"
    delimiter = ":"
    ignore_nislike = no
    ignore_empty = yes
    allow_multiple_keys = no
    hash_size = 100
  }
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  # Loaded module rlm_utf8
  # Instantiating module "utf8" from file /opt/fr3/etc/raddb/mods-enabled/utf8
  # Loaded module rlm_expiration
  # Instantiating module "expiration" from file /opt/fr3/etc/raddb/mods-enabled/expiration
  # Loaded module rlm_expr
  # Instantiating module "expr" from file /opt/fr3/etc/raddb/mods-enabled/expr
  expr {
    safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
  # Loaded module rlm_realm
  # Instantiating module "IPASS" from file /opt/fr3/etc/raddb/mods-enabled/realm
  realm IPASS {
    format = "prefix"
    delimiter = "/"
    ignore_default = no
    ignore_null = no
  }
  # Instantiating module "suffix" from file /opt/fr3/etc/raddb/mods-enabled/realm
  realm suffix {
    format = "suffix"
    delimiter = "@"
    ignore_default = no
    ignore_null = no
  }
  # Instantiating module "realmpercent" from file /opt/fr3/etc/raddb/mods-enabled/realm
  realm realmpercent {
    format = "suffix"
    delimiter = "%"
    ignore_default = no
    ignore_null = no
  }
  # Instantiating module "ntdomain" from file /opt/fr3/etc/raddb/mods-enabled/realm
  realm ntdomain {
    format = "prefix"
    delimiter = "\"
    ignore_default = no
    ignore_null = no
  }
  # Loaded module rlm_eap
  # Instantiating module "eap" from file /opt/fr3/etc/raddb/mods-enabled/eap
  eap {
    default_eap_type = "md5"
    timer_expire = 60
    ignore_unknown_eap_types = no
    mod_accounting_username_bug = no
    max_sessions = 4096
  }
   # Linked to sub-module rlm_eap_md5
   # Linked to sub-module rlm_eap_leap
   # Linked to sub-module rlm_eap_gtc
   gtc {
    challenge = "Password: "
    auth_type = "PAP"
   }
   # Linked to sub-module rlm_eap_tls
   tls {
    tls = "tls-common"
   }
   tls-config tls-common {
    rsa_key_exchange = no
    dh_key_exchange = yes
    rsa_key_length = 512
    dh_key_length = 512
    verify_depth = 0
    ca_path = "/opt/fr3/etc/raddb/certs"
    pem_file_type = yes
    private_key_file = "/opt/fr3/etc/raddb/certs/server.pem"
    certificate_file = "/opt/fr3/etc/raddb/certs/server.pem"
    ca_file = "/opt/fr3/etc/raddb/certs/ca.pem"
    private_key_password = "whatever"
    dh_file = "/opt/fr3/etc/raddb/certs/dh"
    fragment_size = 1024
    include_length = yes
    check_crl = no
    cipher_list = "DEFAULT"
    ecdh_curve = "prime256v1"
    cache {
      enable = yes
      lifetime = 24
      max_entries = 255
    }
    verify {
    }
    ocsp {
      enable = no
      override_cert_url = yes
      url = "http://127.0.0.1/ocsp/"
      use_nonce = yes
      timeout = 0
      softfail = yes
    }
   }
   # Linked to sub-module rlm_eap_ttls
   ttls {
    tls = "tls-common"
    default_eap_type = "md5"
    copy_request_to_tunnel = no
    use_tunneled_reply = no
    virtual_server = "inner-tunnel"
    include_length = yes
    require_client_cert = no
   }
Using cached TLS configuration from previous invocation
   # Linked to sub-module rlm_eap_peap
   peap {
    tls = "tls-common"
    default_method = "mschapv2"
    copy_request_to_tunnel = no
    use_tunneled_reply = no
    proxy_tunneled_request_as_eap = yes
    virtual_server = "inner-tunnel"
    soh = no
    require_client_cert = no
   }
Using cached TLS configuration from previous invocation
   # Linked to sub-module rlm_eap_mschapv2
   mschapv2 {
    with_ntdomain_hack = no
    send_error = no
   }
  # Loaded module rlm_linelog
  # Instantiating module "linelog" from file /opt/fr3/etc/raddb/mods-enabled/linelog
  linelog {
    filename = "/opt/fr3/var/log/radius/linelog"
    permissions = 384
    format = "This is a log message for %{User-Name}"
    reference = "%{%{Packet-Type}:-format}"
  }
  # Loaded module rlm_preprocess
  # Instantiating module "preprocess" from file /opt/fr3/etc/raddb/mods-enabled/preprocess
  preprocess {
    huntgroups = "/opt/fr3/etc/raddb/mods-config/preprocess/huntgroups"
    hints = "/opt/fr3/etc/raddb/mods-config/preprocess/hints"
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    with_alvarion_vsa_hack = no
  }
reading pairlist file /opt/fr3/etc/raddb/mods-config/preprocess/huntgroups
reading pairlist file /opt/fr3/etc/raddb/mods-config/preprocess/hints
  # Loaded module rlm_digest
  # Instantiating module "digest" from file /opt/fr3/etc/raddb/mods-enabled/digest
  # Loaded module rlm_detail
  # Instantiating module "detail" from file /opt/fr3/etc/raddb/mods-enabled/detail
  detail {
    filename = "/opt/fr3/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
    header = "%t"
    permissions = 384
    dir_permissions = 493
    locking = no
    log_packet_header = no
  }
  # Loaded module rlm_files
  # Instantiating module "files" from file /opt/fr3/etc/raddb/mods-enabled/files
  files {
    filename = "/opt/fr3/etc/raddb/mods-config/files/authorize"
    usersfile = "/opt/fr3/etc/raddb/mods-config/files/authorize"
    acctusersfile = "/opt/fr3/etc/raddb/mods-config/files/accounting"
    preproxy_usersfile = "/opt/fr3/etc/raddb/mods-config/files/pre-proxy"
    compat = "no"
  }
reading pairlist file /opt/fr3/etc/raddb/mods-config/files/authorize
reading pairlist file /opt/fr3/etc/raddb/mods-config/files/authorize
reading pairlist file /opt/fr3/etc/raddb/mods-config/files/accounting
reading pairlist file /opt/fr3/etc/raddb/mods-config/files/pre-proxy
  # Instantiating module "exec" from file /opt/fr3/etc/raddb/mods-enabled/exec
  exec {
    wait = no
    input_pairs = "request"
    shell_escape = yes
  }
  # Instantiating module "sradutmp" from file /opt/fr3/etc/raddb/mods-enabled/sradutmp
  radutmp sradutmp {
    filename = "/opt/fr3/var/log/radius/sradutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    permissions = 420
    caller_id = no
  }
  # Instantiating module "auth_log" from file /opt/fr3/etc/raddb/mods-enabled/detail.log
  detail auth_log {
    filename = "/opt/fr3/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    dir_permissions = 493
    locking = no
    log_packet_header = no
  }
  # Instantiating module "reply_log" from file /opt/fr3/etc/raddb/mods-enabled/detail.log
  detail reply_log {
    filename = "/opt/fr3/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    dir_permissions = 493
    locking = no
    log_packet_header = no
  }
  # Instantiating module "pre_proxy_log" from file /opt/fr3/etc/raddb/mods-enabled/detail.log
  detail pre_proxy_log {
    filename = "/opt/fr3/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    dir_permissions = 493
    locking = no
    log_packet_header = no
  }
  # Instantiating module "post_proxy_log" from file /opt/fr3/etc/raddb/mods-enabled/detail.log
  detail post_proxy_log {
    filename = "/opt/fr3/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
    header = "%t"
    permissions = 384
    dir_permissions = 493
    locking = no
    log_packet_header = no
  }
  # Loaded module rlm_chap
  # Instantiating module "chap" from file /opt/fr3/etc/raddb/mods-enabled/chap
  # Loaded module rlm_mschap
  # Instantiating module "mschap" from file /opt/fr3/etc/raddb/mods-enabled/mschap
  mschap {
    use_mppe = yes
    require_encryption = no
    require_strong = no
    with_ntdomain_hack = yes
   passchange {
   }
    allow_retry = yes
  }
 } # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /opt/fr3/etc/raddb/radiusd.conf
} # server
server dhcp { # from file /opt/fr3/etc/raddb/sites-enabled/dhcp
 Module: Checking dhcp DHCP-Discover {...} for more modules to load
 Module: Checking dhcp DHCP-Request {...} for more modules to load
 Module: Checking dhcp (null) {...} for more modules to load
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "dhcp"
    ipaddr = *
    port = 67
WARNING: No "interface" setting is defined.  Only unicast DHCP will work.
}
Listening on dhcp address * port 67 as server dhcp
Opening new proxy address * port 0
Listening on proxy address * port 48075
Ready to process requests.

Received DHCP-Request of id 070673d3 from 0.0.0.0:68 to 255.255.255.255:67
  DHCP-Opcode = Client-Message
  DHCP-Hardware-Type = Ethernet
  DHCP-Hardware-Address-Length = 6
  DHCP-Hop-Count = 0
  DHCP-Transaction-Id = 117863379
  DHCP-Number-of-Seconds = 0
  DHCP-Flags = 0
  DHCP-Client-IP-Address = 0.0.0.0
  DHCP-Your-IP-Address = 0.0.0.0
  DHCP-Server-IP-Address = 0.0.0.0
  DHCP-Gateway-IP-Address = 0.0.0.0
  DHCP-Client-Hardware-Address = 84:51:81:af:c6:09
  DHCP-Message-Type += DHCP-Request
  DHCP-Client-Identifier += e0:2f:89:00:00:00
  DHCP-Requested-IP-Address += 81.187.50.124
  DHCP-DHCP-Maximum-Msg-Size += 1500
  DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6'
  DHCP-Hostname += 'android-c4225d1bbc9aee2f'
  DHCP-Parameter-Request-List += DHCP-Subnet-Mask
  DHCP-Parameter-Request-List += DHCP-Static-Routes
  DHCP-Parameter-Request-List += DHCP-Router-Address
  DHCP-Parameter-Request-List += DHCP-Domain-Name-Server
  DHCP-Parameter-Request-List += DHCP-Domain-Name
  DHCP-Parameter-Request-List += DHCP-Broadcast-Address
  DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time
  DHCP-Parameter-Request-List += DHCP-Renewal-Time
  DHCP-Parameter-Request-List += DHCP-Rebinding-Time
Trying sub-section dhcp DHCP-Request {...}
(0)  dhcp DHCP-Request {
(0)   update reply {
(0)     DHCP-Message-Type = DHCP-Ack
(0)   } # update reply = noop
(0)   update reply {
(0)     DHCP-Domain-Name-Server = 81.187.50.99
(0)     DHCP-Domain-Name-Server = 81.187.50.101
(0)     DHCP-Subnet-Mask = 255.255.255.192
(0)     DHCP-Router-Address = 81.187.50.100
(0)     DHCP-IP-Address-Lease-Time = 300
(0)     DHCP-DHCP-Server-Identifier = 81.187.50.101
(0)   } # update reply = noop
(0)   ? if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09") 
(0)   expand: "84:51:81:af:c6:09" -> '84:51:81:af:c6:09'
(0)   expand: "%{DHCP-Client-Hardware-Address}" -> '84:51:81:af:c6:09'
(0)   ? if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  -> TRUE
(0)   if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  {
(0)    update reply {
(0)     DHCP-Your-IP-Address = 81.187.50.124
(0)    } # update reply = noop
(0)   } # if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  = noop
(0)   [ok] = ok
(0)  } # dhcp DHCP-Request = ok
(0) DHCP: Reply will be sent unicast to your-ip-address
Sending DHCP-Ack of id 070673d3 from 0.0.0.0:67 to 81.187.50.124:68
(0) Finished request 0.
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received DHCP-Request of id 070673d3 from 0.0.0.0:68 to 255.255.255.255:67
Sending DHCP-Ack of id 070673d3 from 0.0.0.0:67 to 81.187.50.124:68
Waking up in 8.4 seconds.
Received DHCP-Discover of id 3f2516a1 from 0.0.0.0:68 to 255.255.255.255:67
  DHCP-Opcode = Client-Message
  DHCP-Hardware-Type = Ethernet
  DHCP-Hardware-Address-Length = 6
  DHCP-Hop-Count = 0
  DHCP-Transaction-Id = 1059395233
  DHCP-Number-of-Seconds = 4
  DHCP-Flags = 0
  DHCP-Client-IP-Address = 0.0.0.0
  DHCP-Your-IP-Address = 0.0.0.0
  DHCP-Server-IP-Address = 0.0.0.0
  DHCP-Gateway-IP-Address = 0.0.0.0
  DHCP-Client-Hardware-Address = 84:51:81:af:c6:09
  DHCP-Message-Type += DHCP-Discover
  DHCP-Client-Identifier += a0:39:89:00:00:00
  DHCP-DHCP-Maximum-Msg-Size += 1500
  DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6'
  DHCP-Hostname += 'android-c4225d1bbc9aee2f'
  DHCP-Parameter-Request-List += DHCP-Subnet-Mask
  DHCP-Parameter-Request-List += DHCP-Static-Routes
  DHCP-Parameter-Request-List += DHCP-Router-Address
  DHCP-Parameter-Request-List += DHCP-Domain-Name-Server
  DHCP-Parameter-Request-List += DHCP-Domain-Name
  DHCP-Parameter-Request-List += DHCP-Broadcast-Address
  DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time
  DHCP-Parameter-Request-List += DHCP-Renewal-Time
  DHCP-Parameter-Request-List += DHCP-Rebinding-Time
Trying sub-section dhcp DHCP-Discover {...}
(1)  dhcp DHCP-Discover {
(1)   update reply {
(1)     DHCP-Message-Type = DHCP-Offer
(1)   } # update reply = noop
(1)   update reply {
(1)     DHCP-Domain-Name-Server = 81.187.50.99
(1)     DHCP-Domain-Name-Server = 81.187.50.101
(1)     DHCP-Subnet-Mask = 255.255.255.192
(1)     DHCP-Router-Address = 81.187.50.100
(1)     DHCP-IP-Address-Lease-Time = 300
(1)     DHCP-DHCP-Server-Identifier = 81.187.50.101
(1)   } # update reply = noop
(1)   ? if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09") 
(1)   expand: "84:51:81:af:c6:09" -> '84:51:81:af:c6:09'
(1)   expand: "%{DHCP-Client-Hardware-Address}" -> '84:51:81:af:c6:09'
(1)   ? if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  -> TRUE
(1)   if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  {
(1)    update reply {
(1)     DHCP-Your-IP-Address = 81.187.50.124
(1)    } # update reply = noop
(1)   } # if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  = noop
(1)   [ok] = ok
(1)  } # dhcp DHCP-Discover = ok
(1) DHCP: Reply will be sent unicast to your-ip-address

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff735a56b in strlcpy (dst=0x7fffffffe5f4 "", src=0x0, siz=16) at src/lib/strlcpy.c:47
47        if ((*d++ = *s++) == 0)
(gdb) 
(gdb) 
(gdb) 
(gdb) 
(gdb) bt
#0  0x00007ffff735a56b in strlcpy (dst=0x7fffffffe5f4 "", src=0x0, siz=16) at src/lib/strlcpy.c:47
#1  0x00007ffff13c7988 in fr_dhcp_add_arp_entry (fd=7, interface=0x0, macaddr=0x8950b0, ip=0x894920)
    at src/modules/proto_dhcp/dhcp.c:1526
#2  0x00007ffff13c40d9 in dhcp_process (request=0x892d30) at src/modules/proto_dhcp/dhcpd.c:507
#3  0x0000000000432b42 in request_running (request=0x892d30, action=1) at src/main/process.c:1210
#4  0x0000000000431dbe in request_queue_or_run (request=0x892d30, process=0x432a78 <request_running>)
    at src/main/process.c:849
#5  0x0000000000433235 in request_receive (listener=0x8913e0, packet=0x892640, client=0x891548, 
    fun=0x7ffff13c379f <dhcp_process>) at src/main/process.c:1409
#6  0x00007ffff13c456f in dhcp_socket_recv (listener=0x8913e0) at src/modules/proto_dhcp/dhcpd.c:629
#7  0x0000000000438b2b in event_socket_handler (xel=0x87b3b0, fd=7, ctx=0x8913e0) at src/main/process.c:3494
#8  0x00007ffff736279b in fr_event_loop (el=0x87b3b0) at src/lib/event.c:414
#9  0x0000000000439cb8 in radius_event_process () at src/main/process.c:4211
#10 0x0000000000428335 in main (argc=2, argv=0x7fffffffec18) at src/main/radiusd.c:473
(gdb) quit
A debugging session is active.

  Inferior 1 [process 7992] will be killed.

Quit anyway? (y or n) y
root at elk:/opt/fr3/sbin# 
===============================================================================

The segfault comes from sock->interface not being set. I've not dug to find out
where/if this should be set (I'm guessing from the incoming interface, rather
than the config?)


Finally, I tried the remaining option - ipaddr = * and interface = br0. This
time, the server seems to react and respond as I would expect. However,
tcpdump/wireshark confirm that there is no actual data in any packets that are
sent.

(Note it also doesn't show the interface or broadcast options in the debug
output listen section shown below.)


===============================================================================
....
radiusd: #### Loading Virtual Servers ####
server { # from file /opt/fr3/etc/raddb/radiusd.conf
} # server
server dhcp { # from file /opt/fr3/etc/raddb/sites-enabled/dhcp
 Module: Checking dhcp DHCP-Discover {...} for more modules to load
 Module: Checking dhcp DHCP-Request {...} for more modules to load
 Module: Checking dhcp (null) {...} for more modules to load
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "dhcp"
    ipaddr = *
    port = 67
}
Listening on dhcp interface br0 address * port 67 as server dhcp
Opening new proxy address * port 0
Listening on proxy address * port 46919
Ready to process requests.
Received DHCP-Request of id 34565f7b from 0.0.0.0:68 to 255.255.255.255:67
  DHCP-Opcode = Client-Message
  DHCP-Hardware-Type = Ethernet
  DHCP-Hardware-Address-Length = 6
  DHCP-Hop-Count = 0
  DHCP-Transaction-Id = 878075771
  DHCP-Number-of-Seconds = 0
  DHCP-Flags = 0
  DHCP-Client-IP-Address = 0.0.0.0
  DHCP-Your-IP-Address = 0.0.0.0
  DHCP-Server-IP-Address = 0.0.0.0
  DHCP-Gateway-IP-Address = 0.0.0.0
  DHCP-Client-Hardware-Address = 84:51:81:af:c6:09
  DHCP-Message-Type += DHCP-Request
  DHCP-Client-Identifier += 80:21:52:01:00:00
  DHCP-Requested-IP-Address += 81.187.50.124
  DHCP-DHCP-Maximum-Msg-Size += 1500
  DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6'
  DHCP-Hostname += 'android-c4225d1bbc9aee2f'
  DHCP-Parameter-Request-List += DHCP-Subnet-Mask
  DHCP-Parameter-Request-List += DHCP-Static-Routes
  DHCP-Parameter-Request-List += DHCP-Router-Address
  DHCP-Parameter-Request-List += DHCP-Domain-Name-Server
  DHCP-Parameter-Request-List += DHCP-Domain-Name
  DHCP-Parameter-Request-List += DHCP-Broadcast-Address
  DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time
  DHCP-Parameter-Request-List += DHCP-Renewal-Time
  DHCP-Parameter-Request-List += DHCP-Rebinding-Time
Trying sub-section dhcp DHCP-Request {...}
(0)  dhcp DHCP-Request {
(0)   update reply {
(0)     DHCP-Message-Type = DHCP-Ack
(0)   } # update reply = noop
(0)   update reply {
(0)     DHCP-Domain-Name-Server = 81.187.50.99
(0)     DHCP-Domain-Name-Server = 81.187.50.101
(0)     DHCP-Subnet-Mask = 255.255.255.192
(0)     DHCP-Router-Address = 81.187.50.100
(0)     DHCP-IP-Address-Lease-Time = 300
(0)     DHCP-DHCP-Server-Identifier = 81.187.50.101
(0)   } # update reply = noop
(0)   ? if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09") 
(0)   expand: "84:51:81:af:c6:09" -> '84:51:81:af:c6:09'
(0)   expand: "%{DHCP-Client-Hardware-Address}" -> '84:51:81:af:c6:09'
(0)   ? if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  -> TRUE
(0)   if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  {
(0)    update reply {
(0)     DHCP-Your-IP-Address = 81.187.50.124
(0)    } # update reply = noop
(0)   } # if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  = noop
(0)   [ok] = ok
(0)  } # dhcp DHCP-Request = ok
(0) DHCP: Reply will be sent unicast to your-ip-address
Sending DHCP-Ack of id 34565f7b from 0.0.0.0:67 to 81.187.50.124:68
(0) Finished request 0.
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received DHCP-Request of id 34565f7b from 0.0.0.0:68 to 255.255.255.255:67
Sending DHCP-Ack of id 34565f7b from 0.0.0.0:67 to 81.187.50.124:68
Waking up in 7.4 seconds.
Received DHCP-Discover of id 06d6253a from 0.0.0.0:68 to 255.255.255.255:67
  DHCP-Opcode = Client-Message
  DHCP-Hardware-Type = Ethernet
  DHCP-Hardware-Address-Length = 6
  DHCP-Hop-Count = 0
  DHCP-Transaction-Id = 114697530
  DHCP-Number-of-Seconds = 4
  DHCP-Flags = 0
  DHCP-Client-IP-Address = 0.0.0.0
  DHCP-Your-IP-Address = 0.0.0.0
  DHCP-Server-IP-Address = 0.0.0.0
  DHCP-Gateway-IP-Address = 0.0.0.0
  DHCP-Client-Hardware-Address = 84:51:81:af:c6:09
  DHCP-Message-Type += DHCP-Discover
  DHCP-Client-Identifier += 40:2b:52:01:00:00
  DHCP-DHCP-Maximum-Msg-Size += 1500
  DHCP-Vendor-Class-Identifier += 'dhcpcd-5.5.6'
  DHCP-Hostname += 'android-c4225d1bbc9aee2f'
  DHCP-Parameter-Request-List += DHCP-Subnet-Mask
  DHCP-Parameter-Request-List += DHCP-Static-Routes
  DHCP-Parameter-Request-List += DHCP-Router-Address
  DHCP-Parameter-Request-List += DHCP-Domain-Name-Server
  DHCP-Parameter-Request-List += DHCP-Domain-Name
  DHCP-Parameter-Request-List += DHCP-Broadcast-Address
  DHCP-Parameter-Request-List += DHCP-IP-Address-Lease-Time
  DHCP-Parameter-Request-List += DHCP-Renewal-Time
  DHCP-Parameter-Request-List += DHCP-Rebinding-Time
Trying sub-section dhcp DHCP-Discover {...}
(1)  dhcp DHCP-Discover {
(1)   update reply {
(1)     DHCP-Message-Type = DHCP-Offer
(1)   } # update reply = noop
(1)   update reply {
(1)     DHCP-Domain-Name-Server = 81.187.50.99
(1)     DHCP-Domain-Name-Server = 81.187.50.101
(1)     DHCP-Subnet-Mask = 255.255.255.192
(1)     DHCP-Router-Address = 81.187.50.100
(1)     DHCP-IP-Address-Lease-Time = 300
(1)     DHCP-DHCP-Server-Identifier = 81.187.50.101
(1)   } # update reply = noop
(1)   ? if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09") 
(1)   expand: "84:51:81:af:c6:09" -> '84:51:81:af:c6:09'
(1)   expand: "%{DHCP-Client-Hardware-Address}" -> '84:51:81:af:c6:09'
(1)   ? if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  -> TRUE
(1)   if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  {
(1)    update reply {
(1)     DHCP-Your-IP-Address = 81.187.50.124
(1)    } # update reply = noop
(1)   } # if ("%{DHCP-Client-Hardware-Address}" == "84:51:81:af:c6:09")  = noop
(1)   [ok] = ok
(1)  } # dhcp DHCP-Discover = ok
(1) DHCP: Reply will be sent unicast to your-ip-address
Sending DHCP-Offer of id 06d6253a from 0.0.0.0:67 to 81.187.50.124:68
(1) Finished request 1.
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
Received DHCP-Discover of id 06d6253a from 0.0.0.0:68 to 255.255.255.255:67
Sending DHCP-Offer of id 06d6253a from 0.0.0.0:67 to 81.187.50.124:68
Waking up in 1.4 seconds.
(0) Cleaning up request packet ID 878075771 with timestamp +72
Waking up in 3.9 seconds.
(1) Cleaning up request packet ID 114697530 with timestamp +76
Ready to process requests.
===============================================================================


tcpdump output captured at the same time as the above looks like:

===============================================================================
23:52:02.049560 84:51:81:af:c6:09 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 356: (tos 0x0, ttl 64, id 59810, offset 0, flags [none], proto UDP (17), length 342)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:51:81:af:c6:09, length 314, xid 0x34565f7b, Flags [none]
          Client-Ethernet-Address 84:51:81:af:c6:09
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Client-ID Option 61, length 7: ether 84:51:81:af:c6:09
            Requested-IP Option 50, length 4: 81.187.50.124
            MSZ Option 57, length 2: 1500
            Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"
            Hostname Option 12, length 24: "android-c4225d1bbc9aee2f"
            Parameter-Request Option 55, length 9: 
              Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server
              Domain-Name, BR, Lease-Time, RN
              RB
23:52:04.594247 84:51:81:af:c6:09 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 356: (tos 0x0, ttl 64, id 21472, offset 0, flags [none], proto UDP (17), length 342)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:51:81:af:c6:09, length 314, xid 0x34565f7b, secs 3, Flags [none]
          Client-Ethernet-Address 84:51:81:af:c6:09
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Request
            Client-ID Option 61, length 7: ether 84:51:81:af:c6:09
            Requested-IP Option 50, length 4: 81.187.50.124
            MSZ Option 57, length 2: 1500
            Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"
            Hostname Option 12, length 24: "android-c4225d1bbc9aee2f"
            Parameter-Request Option 55, length 9: 
              Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server
              Domain-Name, BR, Lease-Time, RN
              RB
23:52:06.018481 84:51:81:af:c6:09 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 350: (tos 0x0, ttl 64, id 2980, offset 0, flags [none], proto UDP (17), length 336)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:51:81:af:c6:09, length 308, xid 0x6d6253a, secs 4, Flags [none]
          Client-Ethernet-Address 84:51:81:af:c6:09
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 84:51:81:af:c6:09
            MSZ Option 57, length 2: 1500
            Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"
            Hostname Option 12, length 24: "android-c4225d1bbc9aee2f"
            Parameter-Request Option 55, length 9: 
              Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server
              Domain-Name, BR, Lease-Time, RN
              RB
23:52:06.019153 68:05:ca:06:81:3d > 84:51:81:af:c6:09, ethertype IPv4 (0x0800), length 42: (tos 0x0, ttl 64, id 63857, offset 0, flags [none], proto UDP (17), length 28)
    81.187.50.101.67 > 81.187.50.124.68:  [|bootp]
23:52:10.641952 84:51:81:af:c6:09 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 350: (tos 0x0, ttl 64, id 44791, offset 0, flags [none], proto UDP (17), length 336)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:51:81:af:c6:09, length 308, xid 0x6d6253a, secs 9, Flags [none]
          Client-Ethernet-Address 84:51:81:af:c6:09
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 84:51:81:af:c6:09
            MSZ Option 57, length 2: 1500
            Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"
            Hostname Option 12, length 24: "android-c4225d1bbc9aee2f"
            Parameter-Request Option 55, length 9: 
              Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server
              Domain-Name, BR, Lease-Time, RN
              RB
23:52:10.642087 68:05:ca:06:81:3d > 84:51:81:af:c6:09, ethertype IPv4 (0x0800), length 42: (tos 0x0, ttl 64, id 63858, offset 0, flags [none], proto UDP (17), length 28)
    81.187.50.101.67 > 81.187.50.124.68:  [|bootp]
23:52:19.144317 84:51:81:af:c6:09 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 350: (tos 0x0, ttl 64, id 20549, offset 0, flags [none], proto UDP (17), length 336)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 84:51:81:af:c6:09, length 308, xid 0x6d6253a, secs 17, Flags [none]
          Client-Ethernet-Address 84:51:81:af:c6:09
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Discover
            Client-ID Option 61, length 7: ether 84:51:81:af:c6:09
            MSZ Option 57, length 2: 1500
            Vendor-Class Option 60, length 12: "dhcpcd-5.5.6"
            Hostname Option 12, length 24: "android-c4225d1bbc9aee2f"
            Parameter-Request Option 55, length 9: 
              Subnet-Mask, Static-Route, Default-Gateway, Domain-Name-Server
              Domain-Name, BR, Lease-Time, RN
              RB
23:52:19.144980 68:05:ca:06:81:3d > 84:51:81:af:c6:09, ethertype IPv4 (0x0800), length 42: (tos 0x0, ttl 64, id 63859, offset 0, flags [none], proto UDP (17), length 28)
    81.187.50.101.67 > 81.187.50.124.68:  [|bootp]
===============================================================================


Note - the ACKs don't seem to appear on the wire at all, the 'offers' have
essentially zero length (42 byte packets).

Any hints?

As a last thing, I'm also getting:

Waking up in 2.9 seconds.
(0) Cleaning up request packet ID -1355165549 with timestamp +12
Waking up in 3.9 seconds.
(1) Cleaning up request packet ID -56667974 with timestamp +16
Ready to process requests.

I'm sure there shouldn't be negative IDs there...?

Cheers,

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Devel mailing list