Possible bug in dhcpd-3.0.5
Pär Aronsson
par.aronsson at telia.com
Mon Jun 4 07:31:30 UTC 2007
Hello,
I may have found a bug/regression in ISC dhcpd-3.0.5.
Problem description:
I have run dhcpd-3.0.3 with great success since it's release.
After upgrading to dhcpd-3.0.5 the system locks up after about 20-25 days.
On one occasion I was able to log in and found the system trashing.
All RAM was used, but only a fraction of the swap space. When shutting
down all services (but not the whole system) and unloading kernel
drivers some RAM was freed, but not all. The RAM was reclaimed when
restarting services and trashing started again.
The system has a lot of free RAM until the problem occurs, then things
go bad within hours.
I run two failover peers, one primary and one secondary, when the
lockup occurs it does so on both servers at the same time.
My guess is there is a kernel problem triggered by dhcpd-3.0.5.
When downgrading to dhcpd-3.0.3, but using the same configuration,
system and environment, the problem no longer occurs!
Environment:
* Operating system: Red Hat 9
* Vanilla ISC dhcpd-3.0.5 compiled with gcc-3.2.2 (on Red Hat 9).
Patched with paranoia
(http://www.episec.com/people/edelkind/patches/dhcp/dhcp-3.0+paranoia.patch),
run in chroot as dhcp:dhcp.
* Linux kernel: 2.4.20-30.9 (from Red Hat 9)
* Libc: glibc-2.3.2-27.9.7 (from Red Hat 9)
* Bonding interface (two physical network interfaces bonded to one
virtual) with standard Linux bond driver.
The environment I use is obviously old, but the lockup only happens
when using dhcpd-3.0.5.
I'll keep running dhcpd-3.0.3 until hw and os is upgraded to modern stuff.
Configuration files for primary dhcpd below.
Pär Aronsson
dhcpd.conf begin:
-----------------------------------
# Base conf for dhcpd
# Be authoritative
authoritative;
# Set up omapi so we can use omshell
omapi-port 7911;
omapi-key omapi-key;
# Create key for omapi
key "omapi-key" {
algorithm hmac-md5;
secret "abcdefghijklmnopqrstuv==";
}
# Don't allow ddns
ddns-update-style none;
ddns-updates off;
ignore client-updates;
# fail over peer configuration
include "/usr/local/chroot_dhcpd/etc/failover.conf";
# configuration for dhcpd
include "/usr/local/chroot_dhcpd/etc/global.conf";
# subnets
include "/usr/local/chroot_dhcpd/etc/subnet.conf";
# Log option 82.
if exists agent.circuit-id
{
if substring(option agent.remote-id, 0, 1) = 0
{
log(info, concat("DHCPOPT82 ",
"for client ", binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)),
" with lease IP ", binary-to-ascii(10, 8, ".", leased-address),
" from infra node ", binary-to-ascii(16, 8, ":",
substring(option agent.remote-id, 2, 6)),
" VLAN ", binary-to-ascii(10, 16, "", substring(option
agent.circuit-id, 2, 2)),
" switch port ", binary-to-ascii(10, 8, "/", suffix(option
agent.circuit-id, 2)) ));
} else
{
log(info, concat("DHCPOPT82 ",
"for client ", binary-to-ascii(16, 8, ":", substring(hardware, 1, 6)),
" with lease IP ", binary-to-ascii(10, 8, ".", leased-address),
" from infra node ", substring(option agent.remote-id, 2, 256),
" VLAN ", binary-to-ascii(10, 16, "", substring(option
agent.circuit-id, 2, 2)),
" switch port ", binary-to-ascii(10, 8, "/", suffix(option
agent.circuit-id, 2)) ));
}
}
-----------------------------------
dhcpd.conf end
failover.conf begin:
-----------------------------------
failover peer "failover-peer" {
primary;
address 192.168.0.1;
peer address 192.168.0.2;
port 647;
peer port 847;
mclt 3600;
max-unacked-updates 10;
load balance max seconds 3;
max-response-delay 180;
split 128;
}
-----------------------------------
failover.conf end
global.conf begin:
-----------------------------------
# do ping check for every request
ping-check true;
# DHCP options
option domain-name-servers 192.168.0.1, 192.168.0.2;
option domain-name "example.com";
-----------------------------------
global.conf end
subnet.conf begin:
-----------------------------------
subnet 192.168.1.0 netmask 255.255.255.224 {
option routers 192.168.1.30;
option subnet-mask 255.255.255.224;
pool {
failover peer "failover-peer";
deny dynamic bootp clients;
range 192.168.1.1 192.168.1.29;
}
}
subnet 192.168.1.32 netmask 255.255.255.224 {
option routers 192.168.1.62;
option subnet-mask 255.255.255.224;
pool {
failover peer "failover-peer";
deny dynamic bootp clients;
range 192.168.1.33 192.168.1.61;
}
}
subnet 192.168.2.0 netmask 255.255.255.224 {
option routers 192.168.2.30;
option subnet-mask 255.255.255.224;
pool {
failover peer "failover-peer";
deny dynamic bootp clients;
range 192.168.2.1 192.168.2.29;
}
}
subnet 192.168.2.32 netmask 255.255.255.224 {
option routers 192.168.2.62;
option subnet-mask 255.255.255.224;
pool {
failover peer "failover-peer";
deny dynamic bootp clients;
range 192.168.2.33 192.168.2.61;
}
}
subnet 192.168.2.224 netmask 255.255.255.224 {
option routers 192.168.2.238;
option subnet-mask 255.255.255.224;
host host1 {
hardware ethernet AA:BB:CC:DD:EE:11;
fixed-address 192.168.2.225;
}
host host2 {
hardware ethernet AA:BB:CC:DD:EE:22;
fixed-address 192.168.2.226;
}
}
subnet 192.168.0.0 netmask 255.255.255.224 {
}
-----------------------------------
subnet.conf end
More information about the dhcp-users
mailing list