Weird problem of multiple dhcp processes running in parallel!

karteek.challa at wipro.com karteek.challa at wipro.com
Wed Nov 16 05:49:26 UTC 2016


Hi Glenn,


Thanks for your reply.


To continue my work, I've killed one of the process.

So, I've reproduced the issue freshly.


linux-01:~ # ps -ef | grep dhcpd
dhcpd    28406     1  0 05:57 ?        00:00:04 /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
dhcpd    29803     1  0 06:21 ?        00:00:01 /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0

linux-01:~ # ls -ld /proc/28406
dr-xr-xr-x 8 dhcpd nogroup 0 Nov 16 05:57 /proc/28406
linux-01:~ # ls -ld /proc/29803
dr-xr-xr-x 8 dhcpd nogroup 0 Nov 16 06:21 /proc/29803

linux-01:~ # netstat -puntl | grep dhcpd
udp        0      0 0.0.0.0:39394           0.0.0.0:*                           28406/dhcpd
udp        0      0 0.0.0.0:67              0.0.0.0:*                           29803/dhcpd
udp        0      0 0.0.0.0:67              0.0.0.0:*                           28406/dhcpd
udp        0      0 0.0.0.0:43699           0.0.0.0:*                           29803/dhcpd
udp        0      0 :::64466                :::*                                29803/dhcpd
udp        0      0 :::46109                :::*                                28406/dhcpd

Both these processes have their own dhcpd.id file in their chrooted directory.
But the value in dhcpd.id is the same new process ID.
Logs as below:


linux-01:/proc/28406/root # cat var/run/dhcpd.pid
29803
linux-01:/proc/28406/root # cd ../../29803/root
linux-01:/proc/29803/root # cat var/run/dhcpd.pid
29803

linux-01:~ # ls -ltr /var/run/dhcpd.pid
lrwxrwxrwx 1 root root 31 Nov 16 06:21 /var/run/dhcpd.pid -> /var/lib/dhcp/var/run/dhcpd.pid
linux-01:~ # cat /var/run/dhcpd.pid
29803
linux-01:~ #


Best Regards,
Karteek

________________________________
From: dhcp-users <dhcp-users-bounces at lists.isc.org> on behalf of Glenn Satchell <glenn.satchell at uniq.com.au>
Sent: 16 November 2016 02:41:05
To: Users of ISC DHCP
Subject: Re: Weird problem of multiple dhcp processes running in parallel!

** This mail has been sent from an external source **

Do each of the chrooted dhcpd processes have their own /var/run/dhcpd.pid
file in the chroot directory, eg /var/lib/dhcp/var/run/dhcpd.pid? Is there
a /var/run/dhcpd.pid as well? Which process id is in those file(s), and
what is the ownership and permissions?

I would have thought normal behaviour would be to check if the pid file
existed, and complain if it did.

regards,
-glenn

On Wed, November 16, 2016 5:32 am, karteek.challa at wipro.com wrote:
> Hi,
>
>
> Thanks for your reply!
>
>
> The DHCP daemon is started in a chroot environment for security reasons
> and is normal way of doing so.
>
> By doing this, the configuration files will be then copied to the chrooted
> directory and so the daemon can find them.
>
> If the DHCP server should ever be compromised by an outside attack, the
> attacker will still be behind bars in the chroot jail, which prevents him
> from touching the rest of the system.
>
>
> I found same UDP port number 67 for both dhcpd processes.
>
>
> # netstat -tulpn | grep dhcpd
> udp        0      0 0.0.0.0:67              0.0.0.0:*
>      18976/dhcpd
> udp        0      0 0.0.0.0:67              0.0.0.0:*
>      18978/dhcpd
> udp        0      0 0.0.0.0:57676           0.0.0.0:*
>      18978/dhcpd
> udp        0      0 0.0.0.0:30634           0.0.0.0:*
>      18976/dhcpd
> udp        0      0 :::26560                :::*
>      18976/dhcpd
> udp        0      0 :::34621                :::*
>      18978/dhcpd
>
>
> Best Regards,
>
> Karteek
>
> ________________________________
> From: dhcp-users <dhcp-users-bounces at lists.isc.org> on behalf of perl-list
> <perl-list at network1.net>
> Sent: 15 November 2016 22:55:11
> To: Users of ISC DHCP
> Subject: Re: Weird problem of multiple dhcp processes running in parallel!
>
>
> ** This mail has been sent from an external source **
>
> it shouldn't be able to do that because port 67 would already be in use...
>  The kernel should prevent it.  But I see you are using chroot and so on
> that I am not familiar with and how that would affect things.
>
> ________________________________
> From: "karteek challa" <karteek.challa at wipro.com>
> To: dhcp-users at lists.isc.org
> Cc: dhcp-users at lists.isc.org
> Sent: Tuesday, November 15, 2016 12:00:29 PM
> Subject: Re: Weird problem of multiple dhcp processes running in parallel!
>
>
> Hi,
>
> I've reproduced the issue by restarting the dhcpd service exactly at the
> same time from 2 different hosts which had resulted in 2 dhcp processes
> listening on eth0 interface.
>
> # ps -ef | grep dhcp
> root      1284     1  0 Oct23 ?        02:01:27 /sbin/syslog-ng -a
> /var/lib/dhcp/dev/log -a /var/lib/dhcp6/dev/log -a /var/lib/named/dev/log
> dhcpd    18976     1  0 14:01 ?        00:00:00 /usr/sbin/dhcpd -4 -cf
> /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf
> /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    18978     1  0 14:01 ?        00:00:00 /usr/sbin/dhcpd -4 -cf
> /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf
> /db/dhcpd.leases -user dhcpd -group nogroup eth0
> root     29484 26297  0 14:02 pts/2    00:00:00 grep dhcp
>
> Is this a bug?
>
> Best Regards,
> Karteek
>
> ________________________________
> From: Karteek Challa (Communications-Telecom Equipment)
> Sent: 11 November 2016 04:01
> To: dhcp-users at lists.isc.org
> Subject: Weird problem of multiple dhcp processes running in parallel!
>
>
> Hi Friends,
>
>
> I am facing a weird problem with the multiple dhcp process running in
> parallel.
>
>
> My dhcp server was configured to listen on only one eth0  and there used
> to be only one process running always.
>
> But because of some inconsistent behaviour in hosts not getting IPs, when
> observed the linux machine with the dhcp server installed, I observed 5
> dhcp process running in parallel.
>
> DHCPv4 server running in my linux machine.
>
>
> dhcpd     1934  1.2  0.2  34844  8744 ?        Ss   16:25   4:59
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    19095  1.2  0.2  34972  8756 ?        Ss   Nov09  26:12
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    19349  1.2  0.2  34840  8728 ?        Ss   Nov09  26:01
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    20649  1.1  0.2  34840  8728 ?        Ss   Nov09  24:41
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd    21533  1.1  0.2  34840  8736 ?        Ss   Nov09  24:07
> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
>
> May I know in what scenario multiple dhcp processes will be created?
>
>
> Best Regards,
>
> Karteek
>
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you
> are not the intended recipient, you should not disseminate, distribute or
> copy this e-mail. Please notify the sender immediately and destroy all
> copies of this message and any attachments. WARNING: Computer viruses can
> be transmitted via email. The recipient should check this email and any
> attachments for the presence of viruses. The company accepts no liability
> for any damage caused by any virus transmitted by this email.
> www.wipro.com<http://www.wipro.com>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you
> are not the intended recipient, you should not disseminate, distribute or
> copy this e-mail. Please notify the sender immediately and destroy all
> copies of this message and any attachments. WARNING: Computer viruses can
> be transmitted via email. The recipient should check this email and any
> attachments for the presence of viruses. The company accepts no liability
> for any damage caused by any virus transmitted by this email.
> www.wipro.com<http://www.wipro.com>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users


_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20161116/992e66ea/attachment-0001.html>


More information about the dhcp-users mailing list