klibc ipconfig misbehavior in a network with DHCP snooping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


(H. Peter Anvin was CC'd in the original message, but the lkml mailer
rejected it because of an html subpart... sorry)

Bear with me, because I'm no DHCP expert, nor any sort of kernel/networking
expert in any sense. (This is actually my first post to the lkml or to any
kernel developer.)

I found a problem with klibc's "ipconfig" program, or at least, behavior
that breaks DHCP on my thin clients (LTSP 5.0). It has to do with setting
the giaddr field on dhcp_send in dhcp_proto.c, line 164.

static int dhcp_send(struct netdev *dev, struct iovec *vec)
 struct bootp_hdr bootp;

 memset(&bootp, 0, sizeof(struct bootp_hdr));

 bootp.op = BOOTP_REQUEST;
 bootp.htype = dev->hwtype;
 bootp.hlen = dev->hwlen;
 bootp.xid = dev->bootp.xid;
 bootp.ciaddr = dev->ip_addr;
 bootp.giaddr = dev-> bootp.gateway; //<-- HERE
 bootp.secs = htons(time(NULL) - dev->open_time);
 memcpy(bootp.chaddr, dev->hwaddr, 16);

I'm not sure why the giaddr field should be set on a DHCP request, but it
causes a Cisco relay agent with DHCP snooping turned on to drop the
request. I know ipconfig has options to both manually set a gateway and
configure the interface via dhcp, but IMO it shouldn't be sending it as part
of the DHCPREQUEST packet.

When I went to Cisco about the issue, this is exactly what they explained:

This looks like the thin client is not following the standards for DHCP
relay information specified in RFC3046. This RFC states the following:

A DHCP relay agent may receive a client DHCP packet forwarded from a
 BOOTP/DHCP relay agent closer to the client. Such a packet will have
 giaddr as non-zero, and may or may not already have a DHCP Relay
 Agent option in it.

 ***Relay agents configured to add a Relay Agent option which receive a
 client DHCP packet with a nonzero giaddr SHALL discard the packet if
 the giaddr spoofs a giaddr address implemented by the local agent

 Otherwise, the relay agent SHALL forward any received DHCP packet
 with a valid non-zero giaddr WITHOUT adding any relay agent options.
 Per RFC 2131 <
;http://www.faqs.org/rfcs /rfc2131.html>, it shall also NOT modify the
giaddr value.

The part that I highlighted specifies that a relay agent should discard
the packet if the giaddr address is spoofs a giaddr address implemented
by the relay agent. This appears to be the case due to the fact that
the DHCP request packet has a giaddr address of the relay agent
specified in the DHCP offer.

Now, when I changed the noted line above to:

bootp.giaddr = INADDR_ANY;

then recompile, and rebuild my initrd, the relay agent forwards the DHCP
request just fine.

Can anyone comment on why giaddr needs to be set on a DHCP request? Is this
a simple bug, or is there something deeper going on here?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux