MIME-Version: 1.0
In-Reply-To: <54B544F2.8050808@brocade.com>
X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,BODY_8BITS, RCVD_IN_DNSWL_LOW autolearn=ham autolearn_force=no version=3.4.0
References: <RT-Ticket-38303@isc.org> <54AE8011.3080806@brocade.com> <rt-3.8.6-2416-1421160783-888.38303-5-0@isc.org> <54B544F2.8050808@brocade.com>
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1501130159
Message-ID: <54B554E5.7080104@brocade.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
X-RT-Original-Encoding: utf-8
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) by bugs.isc.org (Postfix) with ESMTP id 30F932D2004F for <dhcp-bugs@bugs.isc.org>; Tue, 13 Jan 2015 17:26:30 +0000 (UTC)
Received: from mx0b-000f0801.pphosted.com (mx0b-000f0801.pphosted.com [67.231.152.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.ams1.isc.org (Postfix) with ESMTPS id EDA051FCAB7 for <dhcp-bugs@isc.org>; Tue, 13 Jan 2015 17:26:26 +0000 (UTC)
Received: from pps.filterd (m0000700.ppops.net [127.0.0.1]) by mx0b-000f0801.pphosted.com (8.14.7/8.14.7) with SMTP id t0DGuk28025495 for <dhcp-bugs@isc.org>; Tue, 13 Jan 2015 09:26:24 -0800
Received: from hq1wp-exchub02.corp.brocade.com ([144.49.131.13]) by mx0b-000f0801.pphosted.com with ESMTP id 1rvt52hnnq-10 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT) for <dhcp-bugs@isc.org>; Tue, 13 Jan 2015 09:26:24 -0800
Received: from HQ1WP-EXHUB01.corp.brocade.com (10.70.36.14) by hq1wp-exchub02.corp.brocade.com (10.70.38.99) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 13 Jan 2015 09:26:23 -0800
Received: from [172.29.21.135] (172.29.21.135) by imap.brocade.com (10.70.36.22) with Microsoft SMTP Server (TLS) id 8.3.298.1; Tue, 13 Jan 2015 09:24:56 -0800
Delivered-To: dhcp-bugs@bugs.isc.org
Subject: Re: [ISC-Bugs #38303] [PATCH] DHCP server receives "release" message from client but does not release IP address from pool.
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68,1.0.33,0.0.0000 definitions=2015-01-13_06:2015-01-13,2015-01-13,1970-01-01 signatures=0
Return-Path: <mgillott@Brocade.com>
X-Original-To: dhcp-bugs@bugs.isc.org
Date: Tue, 13 Jan 2015 17:24:53 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.ams1.isc.org
To: George Wilkie <gwilkie@Brocade.com>, "dhcp-bugs@isc.org" <dhcp-bugs@isc.org>
Content-Transfer-Encoding: 8bit
From: Mark Gillott <mgillott@brocade.com>
RT-Message-ID: <rt-3.8.6-2438-1421169990-174.38303-0-0@isc.org>
Content-Length: 5508


On 13/01/15 16:16, George Wilkie wrote:
> Hi Cathy, ...
>
> On 01/13/2015 02:53 PM, Cathy Almond via RT wrote:
>> On Thu Jan 08 13:03:24 2015, gwilkie@brocade.com wrote:
>>> Version
>>> =======
>>> 4.3.1
>>>
>>> Description
>>> ===========
>>> When the DHCP server receives DHCP "release" message from its client,
>>> it should clear the leased IP address from its pool, but it does not.
>>>
>>> Topology
>>> ========
>>> +––––––––––+ +–––––––––––+
>>> +–––––––––––+
>>> | | | | |
>>> |
>>> | DHCP +–––––––––––––––––+ DHCP |–––––––––––––––––+ DHCP
>>> |
>>> | SERVER | | RELAY | |
>>> CLIENT |
>>> | | | | |
>>> |
>>> +––––––––––+ +–––––––––––+
>>> +–––––––––––+
>>>
>>> Steps to Reproduce
>>> ==================
>>> 1. Configure DHCP Server to provision IPv4 address.
>>> 2. Configure DHCP Relay to relay DHCP messages from DHCP clients to
>>> DHCP server.
>>> 3. Configure DHCP client to acquire IP address from DHCP Server.
>>> 4. Verify that DHCP server is able to provision IP addresses to DHCP
>>> client.
>>> 5. From DHCP client, release IP address.
>>> 6. Verify that DHCP server receives the DHCP release message and clear
>>> the
>>> leased IP address from its DHCP pool.
>>>
>>> Analysis
>>> ========
>>> The issue is that the server is not happy with the format of the
>>> RELEASE
>>> message:
>>>
>>> 2014-12-11T10:54:04.716201+00:00 server dhcpd: Listening on
>>> Socket/dp0s7
>>> 2014-12-11T10:54:04.716204+00:00 server dhcpd: Sending on
>>> Socket/dp0s7
>>> 2014-12-11T10:54:04.716206+00:00 server dhcpd: Server starting
>>> service.
>>> 2014-12-11T10:54:43.576756+00:00 server dhcpd: DHCPDISCOVER from
>>> 52:54:00:98:6f:cd (VMgillott) via 11.1.1.22
>>> 2014-12-11T10:54:44.577913+00:00 server dhcpd: DHCPOFFER on 11.1.1.23
>>> to 52:54:00:98:6f:cd (VMgillott) via 11.1.1.22
>>> 2014-12-11T10:54:44.579984+00:00 server dhcpd: DHCPREQUEST for
>>> 11.1.1.23 (10.1.1.1) from 52:54:00:98:6f:cd (VMgillott) via 11.1.1.22
>>> 2014-12-11T10:54:44.579995+00:00 server dhcpd: DHCPACK on 11.1.1.23 to
>>> 52:54:00:98:6f:cd via 11.1.1.22
>>> 2014-12-11T10:54:54.184752+00:00 server dhcpd: DHCPREQUEST for
>>> 11.1.1.21 from 52:54:00:98:6f:cd via dp0s7: ignored (not
>>> authoritative).
>>> 2014-12-11T10:55:25.827079+00:00 dhcpd: last message repeated 2 times
>>> 2014-12-11T10:56:27.332880+00:00 dhcpd: last message repeated 5 times
>>> 2014-12-11T10:56:27.595325+00:00 server dhcpd: DHCPRELEASE from
>>> 52:54:00:98:6f:cd via dp0s7: unknown network segment
>>>
>>> Solution
>>> ========
>>> The solution is to realise that DHCPRELEASE packets are unicast from
>>> client to
>>> server - no relay agent involvement.
>>> Thus there is no point in the server checking the subnet
>>> (no agent options & giaddr is zero).
>>> Essentially ignore the result of the call to locate_network():
>>>
>>> 2014-12-16T13:45:52.222230+00:00 server dhcpd: DHCPDISCOVER from
>>> 52:54:00:dd:d0:91 via 11.1.1.2
>>> 2014-12-16T13:45:53.223320+00:00 server dhcpd: DHCPOFFER on 11.1.1.25
>>> to 52:54:00:dd:d0:91 (VRHost) via 11.1.1.2
>>> 2014-12-16T13:45:53.231773+00:00 server dhcpd: DHCPREQUEST for
>>> 11.1.1.25 (10.1.1.1) from 52:54:00:dd:d0:91 (VRHost) via 11.1.1.2
>>> 2014-12-16T13:45:53.231795+00:00 server dhcpd: DHCPACK on 11.1.1.25 to
>>> 52:54:00:dd:d0:91 (VRHost) via 11.1.1.2
>>> 2014-12-16T13:46:57.468725+00:00 server dhcpd: DHCPRELEASE of
>>> 11.1.1.25 from 52:54:00:dd:d0:91 (VRHost) via dp0s7 (found)
>>>
>>> Patch
>>> =====
>>> Description: Ignore network check when processing DHCPRELEASE
>>> Since DHCPRELEASE messages are unicast direct from client to server
>>> none of
>>> fields used to verify the subnet are valid - no agent options &
>>> giaddr is
>>> zero - so don't bother.
>>> Author: Mark Gillott <mgillott@brocade.com>
>>> Origin: <upstream|backport|vendor|other>, <URL, required except if
>>> Author is present>
>>> ---
>>> This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
>>> --- a/server/dhcp.c
>>> +++ b/server/dhcp.c
>>> @@ -85,6 +85,7 @@ dhcp (struct packet *packet) {
>>> if (!locate_network(packet) &&
>>> packet->packet_type != DHCPREQUEST &&
>>> packet->packet_type != DHCPINFORM &&
>>> + packet->packet_type != DHCPRELEASE &&
>>> packet->packet_type != DHCPLEASEQUERY) {
>>> const char *s;
>>> char typebuf[32];
>>>
>>>
>> Hi George,
>>
>> Thanks for your report.
>>
>> Is it possible that the client in your example is dual-homed and is routing the
>> DHCPRELEASE via a default route which isn't the one from the interface on which
>> the lease was granted?
> It is just a simple setup. The client routes packets via the same box
> which does the dhcp relay.
> The DHCPRELEASE is sent directly to the server, so it routed through
> without doing any of the dhcp
> relay stuff. The server seems to be expecting the packet to have been
> handled by the relay.
> Mark, anything else to add?
>
> Thanks,
>
> George.
Nope that pretty much covers thing. The key is that the DHCPRELEASE is 
unicast directly from client to server - routed via the relay box (but 
NOT seen by DHCP relay itself). Thus the DHCP server sees a release 
message from a "different" subnet (see the check inside 
locate_network()) yet the message has not been "tagged" as coming via a 
DHCP relay. Thus resulting in "unknown network segment" messages.

Hopefully that makes some sense,

Mark