dhcpd sending on the same IP it receives on

Jared Gillis jared at sonic.net
Tue Feb 5 21:57:11 UTC 2008


John Wobus wrote:
>>> It would be nice if the DHCP server were to respond to unicast 
>>> requests using the address to which the request was sent, but if I 
>>> recall correctly that's not quite as trivial a code change as one 
>>> might hope.
>>
>> It's sounding like there's no easy fix for this, I'll submit a bug and 
>> maybe it'll be resolved in future releases. Proper TCP/IP behavior is 
>> something that should be aimed for. =)
> 
> Is what you imply truly "Proper TCP/IP behavior"?  Or is it an 
> expectation of IP-stack-DWIM behavior?  The packet that the daemon sends 
> back does have the proper destination IP address.  The stack is 
> configured with your simple routing configuration (a default route) that 
> instructs it what to do with such a packet.
 
If host A sends a packet to host B, it will expect to receive the response from host B's IP address (the IP it sent the packet to).
I'm not saying that the TCP/IP stack on the OS needs to remember this, that's not it's job, but the software handling those requests should.
Responding with a different source address than a request came in on without alerting the far side that you are doing so is bad behavior, and many firewalls will drop that traffic (as they should).
The daemon needs to remember what IP address (or socket) it received a packet in on, and make sure that when it sends the reply back out it uses the same IP (socket).

> To do what you want, somehow the stack is expected to know the IP 
> address of this other (non-default) router that you want to send this 
> particular packet through.   That IP address is not evident from the 
> incoming packet.  It would either have to be preconfigured or you'd have 
> to infer it by scanning your ARP table.
> 
> I occasionally talk to people who want their app to do this sort of 
> thing.  It seems possible with a sufficiently rich OS and networking 
> interface, since you could certainly virtualize, and run two copies of 
> the daemon in two separate operating system instances, each with its own 
> interface, and each with its own (preconfigured) default route.  Someone 
> once suggested to me that some host-based-firewalls can be configured to 
> set up temporary routes to make a server do this sort of thing.  Can 
> anyone here confirm this?  Does anyone do such a thing with the ISC DHCP 
> server?
> 
> John Wobus
> 
> 


-- 
Jared Gillis - jared at corp.sonic.net       Sonic.net, Inc.
Network Operations                        2260 Apollo Way
707.522.1000 (Voice)                      Santa Rosa, CA 95407
707.547.3400 (Support)                    http://www.sonic.net/


More information about the dhcp-users mailing list