Possible bug in dhcpd-3.0.5

Pär Aronsson par.aronsson at telia.com
Mon Jun 4 07:31:30 UTC 2007 

Hello,

I may have found a bug/regression in ISC dhcpd-3.0.5.

Problem description:
I have run dhcpd-3.0.3 with great success since it's release.
After upgrading to dhcpd-3.0.5 the system locks up after about 20-25 days.
On one occasion I was able to log in and found the system trashing.  
All RAM was used, but only a fraction of the swap space. When shutting  
down all services (but not the whole system) and unloading kernel  
drivers some RAM was freed, but not all. The RAM was reclaimed when  
restarting services and trashing started again.
The system has a lot of free RAM until the problem occurs, then things  
go bad within hours.
I run two failover peers, one primary and one secondary, when the  
lockup occurs it does so on both servers at the same time.

My guess is there is a kernel problem triggered by dhcpd-3.0.5.
When downgrading to dhcpd-3.0.3, but using the same configuration,  
system and environment, the problem no longer occurs!

Environment:
* Operating system: Red Hat 9
* Vanilla ISC dhcpd-3.0.5 compiled with gcc-3.2.2 (on Red Hat 9).  
Patched with paranoia  
(http://www.episec.com/people/edelkind/patches/dhcp/dhcp-3.0+paranoia.patch),  
run in chroot as dhcp:dhcp.
* Linux kernel: 2.4.20-30.9 (from Red Hat 9)
* Libc: glibc-2.3.2-27.9.7 (from Red Hat 9)
* Bonding interface (two physical network interfaces bonded to one  
virtual) with standard Linux bond driver.


The environment I use is obviously old, but the lockup only happens  
when using dhcpd-3.0.5.
I'll keep running dhcpd-3.0.3 until hw and os is upgraded to modern stuff.

Configuration files for primary dhcpd below.

Pär Aronsson




dhcpd.conf begin:
-----------------------------------
# Base conf for dhcpd

# Be authoritative
authoritative;

# Set up omapi so we can use omshell
omapi-port 7911;
omapi-key omapi-key;

# Create key for omapi
key "omapi-key" {
         algorithm hmac-md5;
         secret "abcdefghijklmnopqrstuv==";
}

# Don't allow ddns
ddns-update-style none;
ddns-updates off;
ignore client-updates;

# fail over peer configuration
include "/usr/local/chroot_dhcpd/etc/failover.conf";
# configuration for dhcpd
include "/usr/local/chroot_dhcpd/etc/global.conf";
# subnets
include "/usr/local/chroot_dhcpd/etc/subnet.conf";

# Log option 82.
if exists agent.circuit-id
{
         if substring(option agent.remote-id, 0, 1) = 0
         {
         log(info, concat("DHCPOPT82 ",
         "for client ", binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)),
         " with lease IP ", binary-to-ascii(10, 8, ".", leased-address),
         " from infra node ", binary-to-ascii(16, 8, ":",  
substring(option agent.remote-id, 2, 6)),
         " VLAN ", binary-to-ascii(10, 16, "", substring(option  
agent.circuit-id, 2, 2)),
         " switch port ", binary-to-ascii(10, 8, "/", suffix(option  
agent.circuit-id, 2)) ));
         } else
         {
         log(info, concat("DHCPOPT82 ",
         "for client ", binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)),
         " with lease IP ", binary-to-ascii(10, 8, ".", leased-address),
         " from infra node ", substring(option agent.remote-id, 2, 256),
         " VLAN ", binary-to-ascii(10, 16, "", substring(option  
agent.circuit-id, 2, 2)),
         " switch port ", binary-to-ascii(10, 8, "/", suffix(option  
agent.circuit-id, 2)) ));
         }
}

-----------------------------------
dhcpd.conf end

failover.conf begin:
-----------------------------------
failover peer "failover-peer" {
     primary;
     address 192.168.0.1;
     peer address 192.168.0.2;
     port 647;
     peer port 847;
     mclt 3600;
     max-unacked-updates 10;
     load balance max seconds 3;
     max-response-delay 180;
     split 128;
}
-----------------------------------
failover.conf end

global.conf begin:
-----------------------------------
# do ping check for every request
ping-check true;

# DHCP options
option domain-name-servers  192.168.0.1, 192.168.0.2;
option domain-name  "example.com";
-----------------------------------
global.conf end

subnet.conf begin:
-----------------------------------

subnet 192.168.1.0 netmask 255.255.255.224 {

     option routers  192.168.1.30;
     option subnet-mask 255.255.255.224;
     pool {
         failover peer "failover-peer";
         deny dynamic bootp clients;
         range 192.168.1.1 192.168.1.29;
     }
}
subnet 192.168.1.32 netmask 255.255.255.224 {

     option routers  192.168.1.62;
     option subnet-mask 255.255.255.224;
     pool {
         failover peer "failover-peer";
         deny dynamic bootp clients;
         range 192.168.1.33 192.168.1.61;
     }
}
subnet 192.168.2.0 netmask 255.255.255.224 {

     option routers  192.168.2.30;
     option subnet-mask 255.255.255.224;
     pool {
         failover peer "failover-peer";
         deny dynamic bootp clients;
         range 192.168.2.1 192.168.2.29;
     }
}
subnet 192.168.2.32 netmask 255.255.255.224 {

     option routers  192.168.2.62;
     option subnet-mask 255.255.255.224;
     pool {
         failover peer "failover-peer";
         deny dynamic bootp clients;
         range 192.168.2.33 192.168.2.61;
     }
}
subnet 192.168.2.224 netmask 255.255.255.224 {

     option routers  192.168.2.238;
     option subnet-mask 255.255.255.224;
     host host1 {
         hardware ethernet AA:BB:CC:DD:EE:11;
         fixed-address 192.168.2.225;
     }
     host host2 {
         hardware ethernet AA:BB:CC:DD:EE:22;
         fixed-address 192.168.2.226;
     }
}
subnet 192.168.0.0 netmask 255.255.255.224 {

}
-----------------------------------
subnet.conf end

More information about the dhcp-users mailing list