Discussion:
[Dnsmasq-discuss] dnsmasq - dhcp unicast or multicast
Simon Röblreiter
2016-10-26 17:06:40 UTC
Permalink
Hello, dnsmasq-community!


I ran into a strange situation today.
I was configuring a virtual mikrotik router (routerOS)
to request a specific IP from my provider.

I did a series of tests in my local network.
When I checked the traces I was capturing, I noticed,
that routerOS was sending multiple dhcp-discover packets
in a burst-like manner and dnsmasq responded multiple times.
I suggest that is intended behaviour in order to ensure
the fastest possible completion of the handshake.

What puzzled me, was the fact, that each frame of the
communication was a broadcast.
Shouldn't each device send unicast frames as soon as
it knows the mac-address of the other device?

To be able to compare against something, i also traced
the dhcp-handshake of my smartphone (Galaxy S2 / cyanogenmod13)
to the same server.

You can view screenshots of the two traces through the following link:
(I wanted to attach them to the mail, but there's a size limit of 40KB.
@mod: Sorry for the repost. Didn't know that.)

https://www.gasslfeld.at/showcase/dnsmasq/

The cyanogenmod-handshake is doubled because I switched
the wifi on and off two times.
Both traces were captured with tshark directly on the machine
running dnsmasq (OS=ubilinux).

Any suggestions?


Thanks in advance!
Simon Röblreiter
Albert ARIBAUD
2016-10-26 20:11:31 UTC
Permalink
Hi Simon,

Le Wed, 26 Oct 2016 19:06:40 +0200
Post by Simon Röblreiter
Hello, dnsmasq-community!
I ran into a strange situation today.
I was configuring a virtual mikrotik router (routerOS)
to request a specific IP from my provider.
I did a series of tests in my local network.
When I checked the traces I was capturing, I noticed,
that routerOS was sending multiple dhcp-discover packets
in a burst-like manner and dnsmasq responded multiple times.
I suggest that is intended behaviour in order to ensure
the fastest possible completion of the handshake.
What puzzled me, was the fact, that each frame of the
communication was a broadcast.
Shouldn't each device send unicast frames as soon as
it knows the mac-address of the other device?
A DHCP client can set a flag in its requests to ask that replies be
broadcast. Probably routerOS requests broadcasts.
Post by Simon Röblreiter
To be able to compare against something, i also traced
the dhcp-handshake of my smartphone (Galaxy S2 / cyanogenmod13)
to the same server.
(I wanted to attach them to the mail, but there's a size limit of
Maybe you could have captured to file and attached the files? Plus,
this would have allowed me (or anyone else) to check whether the
client frames had the broadcast request flag set. :)
Post by Simon Röblreiter
https://www.gasslfeld.at/showcase/dnsmasq/
The cyanogenmod-handshake is doubled because I switched
the wifi on and off two times.
Both traces were captured with tshark directly on the machine
running dnsmasq (OS=ubilinux).
DHCP clients are allowed to request broadcast replies.
Post by Simon Röblreiter
Any suggestions?
What do you need a suggestion for?
Post by Simon Röblreiter
Thanks in advance!
Simon Röblreiter
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Amicalement,
--
Albert.
Simon Röblreiter
2016-10-26 21:31:31 UTC
Permalink
Bonsoir, Albert!

I should have taken a closer look at
https://tools.ietf.org/html/rfc2131.

It is explained well there.
My problem was just that i did not know what to look for.

RouterOS indeed sets the broadcast flag in each message.
Post by Albert ARIBAUD
Post by Simon Röblreiter
Any suggestions?
What do you need a suggestion for?
I want to reduce broadcast traffic as much as possible to keep the
network clean, but as your answer implies, this behaviour is
RFC-conform and the only point I can work on is the client.

I guess even IF there was a way to force unicast replies,
it would not be a sane decision because you never can tell
how some clients react.

I will therefore try to dig into the DHCP-Client of RouterOS and see,
what I can do.

Merci beaucoup!
Post by Albert ARIBAUD
Hi Simon,
Le Wed, 26 Oct 2016 19:06:40 +0200
Post by Simon Röblreiter
Hello, dnsmasq-community!
I ran into a strange situation today.
I was configuring a virtual mikrotik router (routerOS)
to request a specific IP from my provider.
I did a series of tests in my local network.
When I checked the traces I was capturing, I noticed,
that routerOS was sending multiple dhcp-discover packets
in a burst-like manner and dnsmasq responded multiple times.
I suggest that is intended behaviour in order to ensure
the fastest possible completion of the handshake.
What puzzled me, was the fact, that each frame of the
communication was a broadcast.
Shouldn't each device send unicast frames as soon as
it knows the mac-address of the other device?
A DHCP client can set a flag in its requests to ask that replies be
broadcast. Probably routerOS requests broadcasts.
Post by Simon Röblreiter
To be able to compare against something, i also traced
the dhcp-handshake of my smartphone (Galaxy S2 / cyanogenmod13)
to the same server.
(I wanted to attach them to the mail, but there's a size limit of
Maybe you could have captured to file and attached the files? Plus,
this would have allowed me (or anyone else) to check whether the
client frames had the broadcast request flag set. :)
Post by Simon Röblreiter
https://www.gasslfeld.at/showcase/dnsmasq/
The cyanogenmod-handshake is doubled because I switched
the wifi on and off two times.
Both traces were captured with tshark directly on the machine
running dnsmasq (OS=ubilinux).
DHCP clients are allowed to request broadcast replies.
Post by Simon Röblreiter
Any suggestions?
What do you need a suggestion for?
Post by Simon Röblreiter
Thanks in advance!
Simon Röblreiter
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Amicalement,
Simon Röblreiter
2016-10-23 19:57:17 UTC
Permalink
Hello, dnsmasq-community!


I ran into a strange situation today.
I was configuring a virtual mikrotik router (routerOS)
to request a specific IP from my provider.

I did a series of tests in my local network.
When I checked the traces I was capturing, I noticed,
that routerOS was sending multiple dhcp-discover packets
in a burst-like manner and dnsmasq responded multiple times.
I suggest that is intended behaviour in order to ensure
the fastest possible completion of the handshake.

What puzzled me, was the fact, that each frame of the
communication was a broadcast.
Shouldn't each device send unicast frames as soon as
it knows the mac-address of the other device?

To be able to compare against something, i also traced
the dhcp-handshake of my smartphone (Galaxy S2 / cyanogenmod13)
to the same server.

You can view screenshots of the two traces as attachments
to this mail and through the following link:

https://www.gasslfeld.at/showcase/dnsmasq/

The cyanogenmod-handshake is doubled because I switched
the wifi on and off two times.
Both traces were captured with tshark directly on the machine
running dnsmasq (OS=ubilinux).

Any suggestions?


Thanks in advance!
Simon Röblreiter

Loading...