MIME-Version: 1.0 X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,BODY_8BITS autolearn=ham autolearn_force=no version=3.4.0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=1 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1501080107 Content-Type: text/plain; charset="utf-8"; format=flowed Message-ID: <54AE8011.3080806@brocade.com> Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) by bugs.isc.org (Postfix) with ESMTP id 3AE782D20571 for ; Thu, 8 Jan 2015 13:03:23 +0000 (UTC) Received: from mx0b-000f0801.pphosted.com (mx0b-000f0801.pphosted.com [IPv6:2620:100:9005:71::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx.ams1.isc.org (Postfix) with ESMTPS id E6EDD1FCAB7 for ; Thu, 8 Jan 2015 13:03:19 +0000 (UTC) Received: from pps.filterd (m0000700 [127.0.0.1]) by mx0b-000f0801.pphosted.com (8.14.5/8.14.5) with SMTP id t08BaCFw027687 for ; Thu, 8 Jan 2015 05:03:18 -0800 Received: from hq1wp-exchub02.corp.brocade.com ([144.49.131.13]) by mx0b-000f0801.pphosted.com with ESMTP id 1rsdkwst0a-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for ; Thu, 08 Jan 2015 05:03:17 -0800 Received: from HQ1WP-EXHUB01.corp.brocade.com (10.70.36.14) by hq1wp-exchub02.corp.brocade.com (10.70.38.99) with Microsoft SMTP Server (TLS) id 14.3.123.3; Thu, 8 Jan 2015 05:03:16 -0800 Received: from [172.29.20.27] (172.29.20.27) by imap.brocade.com (10.70.36.22) with Microsoft SMTP Server (TLS) id 8.3.298.1; Thu, 8 Jan 2015 05:03:16 -0800 Delivered-To: dhcp-bugs@bugs.isc.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0 Subject: [PATCH] DHCP server receives "release" message from client but does not release IP address from pool. Return-Path: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68,1.0.33,0.0.0000 definitions=2015-01-08_04:2015-01-07,2015-01-08,1970-01-01 signatures=0 X-Original-To: dhcp-bugs@bugs.isc.org Date: Thu, 8 Jan 2015 13:03:13 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.ams1.isc.org To: Content-Transfer-Encoding: 8bit From: George Wilkie X-RT-Original-Encoding: utf-8 Content-Length: 4170 Version ======= 4.3.1 Description =========== When the DHCP server receives DHCP "release" message from its client, it should clear the leased IP address from its pool, but it does not. Topology ======== +––––––––––+ +–––––––––––+ +–––––––––––+ | | | | | | | DHCP +–––––––––––––––––+ DHCP |–––––––––––––––––+ DHCP | | SERVER | | RELAY | | CLIENT | | | | | | | +––––––––––+ +–––––––––––+ +–––––––––––+ Steps to Reproduce ================== 1. Configure DHCP Server to provision IPv4 address. 2. Configure DHCP Relay to relay DHCP messages from DHCP clients to DHCP server. 3. Configure DHCP client to acquire IP address from DHCP Server. 4. Verify that DHCP server is able to provision IP addresses to DHCP client. 5. From DHCP client, release IP address. 6. Verify that DHCP server receives the DHCP release message and clear the leased IP address from its DHCP pool. Analysis ======== The issue is that the server is not happy with the format of the RELEASE message: 2014-12-11T10:54:04.716201+00:00 server dhcpd: Listening on Socket/dp0s7 2014-12-11T10:54:04.716204+00:00 server dhcpd: Sending on Socket/dp0s7 2014-12-11T10:54:04.716206+00:00 server dhcpd: Server starting service. 2014-12-11T10:54:43.576756+00:00 server dhcpd: DHCPDISCOVER from 52:54:00:98:6f:cd (VMgillott) via 11.1.1.22 2014-12-11T10:54:44.577913+00:00 server dhcpd: DHCPOFFER on 11.1.1.23 to 52:54:00:98:6f:cd (VMgillott) via 11.1.1.22 2014-12-11T10:54:44.579984+00:00 server dhcpd: DHCPREQUEST for 11.1.1.23 (10.1.1.1) from 52:54:00:98:6f:cd (VMgillott) via 11.1.1.22 2014-12-11T10:54:44.579995+00:00 server dhcpd: DHCPACK on 11.1.1.23 to 52:54:00:98:6f:cd via 11.1.1.22 2014-12-11T10:54:54.184752+00:00 server dhcpd: DHCPREQUEST for 11.1.1.21 from 52:54:00:98:6f:cd via dp0s7: ignored (not authoritative). 2014-12-11T10:55:25.827079+00:00 dhcpd: last message repeated 2 times 2014-12-11T10:56:27.332880+00:00 dhcpd: last message repeated 5 times 2014-12-11T10:56:27.595325+00:00 server dhcpd: DHCPRELEASE from 52:54:00:98:6f:cd via dp0s7: unknown network segment Solution ======== The solution is to realise that DHCPRELEASE packets are unicast from client to server - no relay agent involvement. Thus there is no point in the server checking the subnet (no agent options & giaddr is zero). Essentially ignore the result of the call to locate_network(): 2014-12-16T13:45:52.222230+00:00 server dhcpd: DHCPDISCOVER from 52:54:00:dd:d0:91 via 11.1.1.2 2014-12-16T13:45:53.223320+00:00 server dhcpd: DHCPOFFER on 11.1.1.25 to 52:54:00:dd:d0:91 (VRHost) via 11.1.1.2 2014-12-16T13:45:53.231773+00:00 server dhcpd: DHCPREQUEST for 11.1.1.25 (10.1.1.1) from 52:54:00:dd:d0:91 (VRHost) via 11.1.1.2 2014-12-16T13:45:53.231795+00:00 server dhcpd: DHCPACK on 11.1.1.25 to 52:54:00:dd:d0:91 (VRHost) via 11.1.1.2 2014-12-16T13:46:57.468725+00:00 server dhcpd: DHCPRELEASE of 11.1.1.25 from 52:54:00:dd:d0:91 (VRHost) via dp0s7 (found) Patch ===== Description: Ignore network check when processing DHCPRELEASE Since DHCPRELEASE messages are unicast direct from client to server none of fields used to verify the subnet are valid - no agent options & giaddr is zero - so don't bother. Author: Mark Gillott Origin: , --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/server/dhcp.c +++ b/server/dhcp.c @@ -85,6 +85,7 @@ dhcp (struct packet *packet) { if (!locate_network(packet) && packet->packet_type != DHCPREQUEST && packet->packet_type != DHCPINFORM && + packet->packet_type != DHCPRELEASE && packet->packet_type != DHCPLEASEQUERY) { const char *s; char typebuf[32];