Project

General

Profile

Actions

Bug #14397

open

DHCPv4 client (dhclient) does not use 802.1p Priority tagging on DHCP RENEW - Only on Discover and release

Added by Tue Madsen over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Very High
Category:
DHCP (IPv4)
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All

Description

Some ISPs using VLANs for service, require DHCPv4/v6 Frames to be 802.1p priority tagged.
pfSense has the option to do this by either:
- Setting VLAN priority tagging in the Interface DHCP options (if you are not using Advanced configuration or a predefined configuration file)
- If using advanced configuration: By adding “vlan-pcp x” in the advanced modifier options.

BUG:
This priority setting in only used in DISCOVER and RELEASE frames sent by dhclient - NOT in RENEW or REBIND.

This is now causing major problems in France where Orange (Major ISP) has upgraded to also requiring the RENEW frames to be properly VLAN Priority tagged.
This causes the uplink to stop working when a renew is due. (About once a day)

I don’t know if the issue is the same in DHCPv6

The issue was patched in OPNsense about a month ago, and they decided to drop the advanced options overwrite of the VLAN priority setting in interface DHCP options.
Instead they let the user choose if VLAN priority should be used via the interface DHCP VLAN Priority setting already available.
If selected it would - apart from adding “vlan-pcp x” to the dhclient config - also set the priority tag in the builtin pffilter rule that passes Interface DHCP client traffic. This adds the tag to RENEW and REBIND frames.

The issue occurs because dhclient uses a bfg interface for DISCOVER and RELEASE - thus respecting the vlan-pcp settings. But for RENEW it uses a simple socket, and that causes it not to be tagged correctly. In pfSense you cannot create a floating match rule to manually tag the traffic that has higher priority than the builtin pass quick rule for the interface DHCP client.

Actions

Also available in: Atom PDF