[BUG?] dhclient sends packets with source IP address that has been deleted

Kevin Oberman rkoberman at gmail.com
Thu Apr 9 03:47:57 UTC 2015 

On Wed, Apr 8, 2015 at 1:03 AM, J.R. Oldroyd <fbsd at opal.com> wrote:

> On Tue, 7 Apr 2015 14:53:54 +0000 Brooks Davis <brooks at freebsd.org> wrote:
> >
> > On Mon, Apr 06, 2015 at 08:13:56PM -0700, Yuri wrote:
> > > I am observing what dhclient sends to the server. Source IP of the
> > > packet it sends is the previous DHCP lease. This address doesn't exist
> > > any more, because I manually deleted it with 'ifconfig em0 remove <IP>'
> > > command. Yet, when I rerun dhclient, it takes this address from
> > > /var/db/dhclient.leases.em0 and sends the UDP packet with this
> > > non-existent IP as source address in IP header.
> > >
> > > This looks very weird to me, though I am not sure what the practical
> > > implications of this might be. My guess is that it is able to do this
> > > because it injects packets with bpf.
> > > Should this thing be fixed, or this is harmless?
> > >
> > > Some other host might have this IP address by the time dhclient runs,
> > > and this might cause confusion somewhere.
> >
> > I suppose that since dhclient has been killed and restarted it can't
> > know it's on the same network, but in practice you want to try to get
> > the same lease again and fall back if it turns out you've moved or your
> dhcp
> > server is broken and lost state.  I don't see how this would hurt
> anything.
> >
> > -- Brooks
>
> This bit me, too, some time back, when I was writing some custom dhcpd
> back-end scripts.
>
> dhclient is broadcasting (to 255.255.255.255) an initial DHCPREQUEST
> to try to re-obtain its old IP.  The old IP is used as the source IP
> and the message body also contains the old IP request.
>
> From RFC2131, section 4.1:
>
>    DHCP messages broadcast by a client prior to that client obtaining
>    its IP address must have the source address field in the IP header
>    set to 0.
>
> Note the "must" there.
>
> So the current behavior looks like an error, to me.
>
> If the re-obtaining of the old IP fails, DHCPDISCOVER messages are
> then sent and these do have source 0.0.0.0 which is per the standard.
>
>         -jr
>

This one gets rather confusing and is subject to some interpretation. The
idea is that a system should attempt to maintain the same address, if
possible. That is why the dhclient.leases files are there. Even if a system
has its interface shut down or is rebooted, the file contains the last
assigned address. If it issues a request and the network is different, it
will not get the address. If it is on the same network, it will get it's
old address.

>From the RFC 4.3.2 DHCPREQUEST message:
'requested IP address' option MUST be filled in with client's notion of its
previously assigned address.

The data in dhclient.leases provides that notion, and the interface has had
a previously assigned address, but I agree that this is debatable. I think
the word "notion" provides a clear indication of the intent. I know that
Windows XP-SP2 behaved this way. I have not looked at anything more recent
as that what we ran at work when I last was responsible for running a DHCP
server.
--
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com

More information about the freebsd-net mailing list