dhcpd problem on virtual machines

Alex Zeffertt alex.zeffertt at eu.citrix.com
Thu Apr 15 13:04:40 UTC 2010


All,

I've discovered an issue with running dhcpd in one virtual machine and dhclient 
in another virtual machine on the same physical host.  I saw this problem on a 
Xen host with paravirtualised linux guests.  The problem is that the REQUEST 
sent by the client when half the lease has expired is ignored by the server.


I'll describe what happens step by step:

  1.  dhclient sends a DISCOVER over an AF_PACKET socket and gets an OFFER back
  2.  dhclient sends a REQUEST over the AF_PACKET socket and gets an ACK back
  3.  half the lease period passes
  4.  dhclient sends a REQUEST over an *AF_INET* socket
  5.  The sending network device advertises checksum offload so linux only 
checksums the UDP pseudo header before passing the packet to the driver.
  6.  The receiving network device sets the packet's ip_summed flag to 
CHECKSUM_PARTIAL.  This tells linux that there is no need to verify the UDP 
checksum before passing to userspace, but that it must be completed by hardware 
or software if the packet is forwarded.
  7.  dhcpd receives the packet over an AF_PACKET socket, finds the checksum is 
invalid, and silently discards it.


There are several possible solutions to this, and I'm keen to find out which of 
these - if any - seems the best to you:

  i)   Always use AF_PACKET in dhclient
  ii)  Use AF_INET in dhcpd for receiving packets instead of AF_PACKET (*)
  iii) Don't verify the checksum in dhcpd if the hardware supports checksum offload


(*) Actually dhcpd has two sockets open, one AF_INET and one AF_PACKET. 
However, the packets received over the AF_INET socket are silently dropped, 
whilst the copies received over the AF_PACKET socket get used.


Regards, TIA, &c.,

Alex Zeffertt



More information about the dhcp-hackers mailing list