severity 648401 grave retitle 648401 DHCP relay agent does not listen properly for return packets thanks
On Fri, Nov 11, 2011 at 04:53:22PM +1100, Geoff Crompton wrote: > The dhcrelay man page doesn't mention that if you use any -i option to > specify interfaces, you need to add an -i option for the interface used to > contact the DHCP server. Otherwise dhcrelay silently drops the packets > (which took me an afternoon to figure out). Actually this is not an acceptable workaround. If you add -i on the interface used to contact the DHCP server, dhcrelay will try to relay the packet _back to the server_, which means that it will get every packet twice, and NAK one of them. This breaks DHCP on the upstream net, unless of course you are in the situation where the DHCP server _only_ sees relayed packets. I'd say this means dhcrelay itself is pretty much completely broken, and I'm upgrading severity accordingly. It shouldn't subject the BOOTREPLY packets to interface checking, or it should have a separate list of interfaces from which it can come; I think this actually works for DHCPv6, where you have separate “lower” and “upper” interface options, but I haven't tested it. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
