Subject: [A possible solution to] Re: A strange problem involving PF and DHCP
To: None <netbsd-users@netbsd.org>
From: Mark Cullen <mark.r.cullen@gmail.com>
List: netbsd-users
Date: 06/16/2006 21:39:33
Mark Cullen wrote:
> Mark Cullen wrote:
>
>> matthew sporleder wrote:
>>
>>>>> [snip]
>>
>>
>>
>>>
>>> I think it's actually both udp and, possibly, tcp.
>>>
>>
>> Are you sure? I'm not seeing any more blocked packets in the logs now?
>>
>> >>> [snip]
>>
>>>
>>>
>>> Try running dhcpd in verbose mode or tcpdump-ing the server's
>>> interface and look for broadcasts. Your server definitely saw the
>>> unicast because it sent you the NAK.
>>>
>>
>> Did you mean dhclient in verbose mode? I don't think my modem (the
>> DHCP server in this instance) runs anything UNIX-like :) I'm not
>> seeing any options to run dhclient in verbose mode anyhow?
>>
>> I'll definately try tcpdump'ing fxp1 later on (can't right this
>> minute) and get back to you though.
>>
>> Also, maybe these sysctl's have something to do with it (probably
>> nothing to do with it at all, but I thought I might ask)?!
>>
>> (root@bone)/root# sysctl -a -d | grep "broadcast"
>> net.inet.ip.directed-broadcast: Enable forwarding of broadcast datagrams
>> net.inet.ip.hostzerobroadcast: All zeroes address is broadcast address
>>
>> hostzerobroadcase = 1 and directed-broadcast = 0. Is this right?
>>
>> Thanks!!
>>
>
> Well, joy. About 10 seconds after I sent that it did it again, so...
>
> tcpdump, while it's stuck in the loop, shows nothing at all. When I
> restart dhclient, I get:
>
> ---
> 15:29:38.016313 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP,
> Request from 00:04:ac:23:02:77, length: 300
> ---
>
> and all starts working again. I'm not seeing anything from the modem, or
> 0.0.0.0, being blocked by pf in the logs :-( I don't really understand
> why it doesn't work until I kill dhclient and start it again? Any ideas?
>
>
Well, I think what was happening is:
o The modem thinking that my IP address has changed. I have a static
IP, so it actually hasn't, but my connection does like to drop due to a
poor quality phone line :-(
o dhclient tried to renew the address, it send a NAK because it
assumes my IP address had changed
o dhclient tries to get a new address by starting over, starting with
a DHCPDISCOVER, but the IP address wasn't released.
o The modem receives the broadcast from dhclient, but drops it as it's
from the old IP address?
o The modem continues to drop the requests as the IP address never
gets released from the interface
I don't know for sure.... so I could be wrong. The modem in question, by
the way, is an ADSLNation XModem CE (no longer in production).
Anyway, I had the dhclient timeout set to 10, and retry set to 3, so it
starts over really quickly. I've edited /sbin/dhclient-script so that
when FAIL occurs (which happens after the DHCPDISCOVERS fail), it
removes the default route and delete's the IP address from the interface:
---
EXPIRE|FAIL|RELEASE|STOP)
if [ "$reason" = "FAIL" ]; then
route delete default
ifconfig fxp1 delete
fi
[...]
;;
---
I pulled the phone cable out, waited for the modem to notice and try to
reconnect, then plugged it back in again and dhclient now goes through
only *one* DHCPDISCOVER, fails, tries again and now **succeeds** and
gets an IP address back.
It seems like a rather dirty hack (and I suppose there may be other
cases where I need to do this?), but I suppose it is maybe the modem's
DHCP implementation at fault, which I can't do much about? :-(
If anyone has a tidier / better solution, or knows exactly what is going
on, I would really love to hear it.
Mark