Discussion:
[Dnsmasq-discuss] DHCP Relay across VLANs
Ray Ramadorai
2017-09-15 00:26:11 UTC
Permalink
I recently was trying to transition from OpenWRT to LEDE and ran into a
problem with DHCP relay not working correctly after the transition. I have
taken debug about as far as I can and am looking for some help going
forward.



Some details on network and configuration:



Network A (VLAN82) 192.168.42.0/24

Host: DHCP Server 192.168.42.4

Host: Relay 192.168.42.41 on interface (eth0.82)



Network B (VLAN85) 192.168.85.0/24

Host: DHCP Client MAC: (00:0c:29:ed:03:a5)

Host: Relay 192.168.85.2 on interface (eth0.85)



dnsmasq.conf on the Relay host:



dhcp-authoritative

domain-needed

localise-queries

read-ethers

bogus-priv

expand-hosts

local-service

domain=lan

server=/lan/

dhcp-leasefile=/tmp/dhcp.leases

resolv-file=/tmp/resolv.conf.auto

stop-dns-rebind

rebind-localhost-ok

dhcp-broadcast=tag:needs-broadcast

addn-hosts=/tmp/hosts

conf-dir=/tmp/dnsmasq.d

user=dnsmasq

group=dnsmasq

dhcp-relay=192.168.85.2,192.168.42.4



The platform is a set of virtual machines running on x86 hardware.



Software versions working case:

Kernel: Linux Openwrt 3.18.23 #1 SMP Sun Jan 31 15:32:38 CET 2016 x86_64
GNU/Linux

DNSMasq: Dnsmasq version 2.73 Copyright (c) 2000-2015 Simon Kelley

Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6
no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify



Software versions NOT working case:

Kernel: Linux LEDE 4.4.71 #0 SMP Wed Jun 7 19:24:41 2017 x86_64 GNU/Linux

Dnsmasq version 2.77 Copyright (c) 2000-2016 Simon Kelley

Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6
no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect
inotify



In the working case the normal 4 packet DHCP handshake occurs as expected
and the relay passes the packets between the DHCP server and the client.



In the failing case the client request packet gets from the client to the
relay and then on to the dhcp server via the relay. The response from the
dhcp server makes it back to the relay, but then the corresponding packet
from the relay to the client never gets sent. Though I see the packet come
back from the server it is not clear that DNSMasq sees the packet. I can
attach TCP dumps as needed. Any help in further debug steps to determine
if dnsmasq is not seeing the response from the DHCP server or is not sending
the packet and why would be very helpful.



I also came across this bug that looks similar but I am not sure has been
reported upstream:



https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1686192





Thanks



Ray Ramadorai
Chris Novakovic
2017-09-15 01:40:28 UTC
Permalink
Kernel:  Linux Openwrt 3.18.23 #1 SMP Sun Jan 31 15:32:38 CET 2016
x86_64 GNU/Linux
DNSMasq:  Dnsmasq version 2.73  Copyright (c) 2000-2015 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC
loop-detect inotify
 
Kernel:  Linux LEDE 4.4.71 #0 SMP Wed Jun 7 19:24:41 2017 x86_64 GNU/Linux
Dnsmasq version 2.77  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID
loop-detect inotify
DHCP relay was broken by a commit shortly before 2.76 was released [1],
and this breakage was itself recently fixed by a commit that'll
eventually make it into 2.78 [2]. If you're able to compile dnsmasq
yourself, could you check that [2] fixes the problem you're seeing?

[1]
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ff325644c7afae2588583f935f4ea9b9694eb52e
[2]
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1649f709e7351f0c6bbfedc5bd32744b330e2bcd
Ray Ramadorai
2017-09-16 03:29:30 UTC
Permalink
Hi Chris,

Thank you for the note. I was able to get the LEDE build environment
working and recompiled dnsmasq with the patch. The patch, when applied to
v2.77, worked and DHCP relay is working as expected in my use case.

Thanks for the help!

Ray

-----Original Message-----
From: Chris Novakovic [mailto:***@chrisn.me.uk]
Sent: Thursday, September 14, 2017 6:40 PM
To: Ray Ramadorai
Cc: dnsmasq-***@lists.thekelleys.org.uk
Subject: Re: [Dnsmasq-discuss] DHCP Relay across VLANs
Kernel:  Linux Openwrt 3.18.23 #1 SMP Sun Jan 31 15:32:38 CET 2016
x86_64 GNU/Linux
DNSMasq:  Dnsmasq version 2.73  Copyright (c) 2000-2015 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC
loop-detect inotify
 
Kernel:  Linux LEDE 4.4.71 #0 SMP Wed Jun 7 19:24:41 2017 x86_64 GNU/Linux
Dnsmasq version 2.77  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP
no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID
loop-detect inotify
DHCP relay was broken by a commit shortly before 2.76 was released [1], and
this breakage was itself recently fixed by a commit that'll eventually make
it into 2.78 [2]. If you're able to compile dnsmasq yourself, could you
check that [2] fixes the problem you're seeing?

[1]
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ff325644c7afae2588
583f935f4ea9b9694eb52e
[2]
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1649f709e7351f0c6b
bfedc5bd32744b330e2bcd

André Valentin
2017-09-15 09:21:08 UTC
Permalink
Hello Ray,

I used the attached patch to fix the problem:
--- a/src/dhcp.c 2016-10-26 20:29:04.756059875 +0200
+++ b/src/dhcp.c 2016-10-26 20:27:57.793515090 +0200
@@ -420,6 +420,11 @@ void dhcp_packet(time_t now, int pxe_fd)
if (ioctl(daemon->dhcpfd, SIOCSARP, &arp_req) == -1)
my_syslog(MS_DHCP | LOG_ERR, _("ARP-cache injection failed: %s"), strerror(errno));
}
+ /* This is a reply that is to be relayed, unset target interface
+ to enforce routing. */
+ if (is_relay_reply) {
+ pkt->ipi_ifindex = 0;
+ }
}
#elif defined(HAVE_SOLARIS_NETWORK)
else if ((ntohs(mess->flags) & 0x8000) || mess->hlen != ETHER_ADDR_LEN || mess->htype != ARPHRD_ETHER)

I sent it to the mailinglist, but there was no interest in it. Please try and inform me.

Kind regards,

André
I recently was trying to transition from OpenWRT to LEDE and ran into a problem with DHCP relay not working correctly after the transition.  I have taken debug about as far as I can and am looking for some help going forward. 
 
 
Network A (VLAN82) 192.168.42.0/24
                Host: DHCP Server 192.168.42.4
                Host: Relay 192.168.42.41 on interface (eth0.82)
 
Network B (VLAN85) 192.168.85.0/24
                Host: DHCP Client MAC:  (00:0c:29:ed:03:a5)
                Host: Relay 192.168.85.2 on interface (eth0.85)
 
 
dhcp-authoritative
domain-needed
localise-queries
read-ethers
bogus-priv
expand-hosts
local-service
domain=lan
server=/lan/
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
user=dnsmasq
group=dnsmasq
dhcp-relay=192.168.85.2,192.168.42.4
 
The platform is a set of virtual machines running on x86 hardware. 
 
Kernel:  Linux Openwrt 3.18.23 #1 SMP Sun Jan 31 15:32:38 CET 2016 x86_64 GNU/Linux
DNSMasq:  Dnsmasq version 2.73  Copyright (c) 2000-2015 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
 
Kernel:  Linux LEDE 4.4.71 #0 SMP Wed Jun 7 19:24:41 2017 x86_64 GNU/Linux
Dnsmasq version 2.77  Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify
 
In the working case the normal 4 packet DHCP handshake occurs as expected and the relay passes the packets between the DHCP server and the client. 
 
In the failing case the client request packet gets from the client to the relay and then on to the dhcp server via the relay.  The response from the dhcp server makes it back to the relay, but then the corresponding packet from the relay to the client never gets sent.  Though I see the packet come back from the server it is not clear that DNSMasq sees the packet.  I can attach TCP dumps as needed.   Any help in further debug steps to determine if dnsmasq is not seeing the response from the DHCP server or is not sending the packet and why would be very helpful. 
 
 
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1686192
 
 
Thanks
 
Ray Ramadorai
 
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Continue reading on narkive:
Loading...