Bug #9466
closed
DHCP (IPv4) relay mistakenly listening on upstream interface
100%
Description
Hello!
Not sure if this is dhcrelay's intended behaviour, but it is listening on the upstream interface when it's not asked to, and thus duplicates packets coming from inside the upstream network.
My interfaces:
- LAN_TN = lan = vmx0 (192.168.2.1/24)
- LAN_UN = opt3 = vmx0.10 (192.168.3.1/24)
- LAN_Docker = opt7 = vmx0.20 (192.168.6.1/24)
DHCP relay is configured as shown in the attached relay_config.png. Config.xml looks like this:
<dhcrelay>
<interface>opt7,opt3</interface>
<server>192.168.2.8</server>
<agentoption></agentoption>
<enable></enable>
</dhcrelay>
However it starts up listening on the upstream as well:
/usr/local/sbin/dhcrelay -i vmx0.20 -i vmx0.10 -i vmx0 -a -m replace 192.168.2.8
which causes it to catch the broadcast packets on the upstream network and duplicate those requests, as seen on packets.png. pfSense 2.4.4-p2 running on amd64, ESXi VM.
Not critical im my setup, but might be problematic for those whose upstream DHCP server is located on the WAN, for example.
Files
| packets.png (15.7 KB) packets.png | Duplicated packets as seen from the client | ||
| relay_config.png (30.4 KB) relay_config.png | DHCP relay configuration in web UI |
Updated by Jim Pingle over 5 years ago
- Assignee set to Jim Pingle
- Target version set to 2.5.0
- Affected Version changed from 2.4.4_2 to All
Once upon a time that was necessary to see the return traffic. The most recent version of dhcrelay now supports a concept of separate upstream (-iu) and downstream (-id) interfaces so the syntax should be updated to follow that convention. Hopefully that will take care of this.
Updated by Jim Pingle over 5 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset f427d68dbca5ed9941b3bc01be1c4d81417c134f.
Updated by Jim Pingle over 5 years ago
See also #9669 for another problem that appears to be related, and which also appears to be fixed by this patch.
Updated by Jim Pingle about 5 years ago
- Status changed from Feedback to Resolved
All feedback I have seen thus far has been positive.
Updated by Jim Pingle almost 5 years ago
- Target version changed from 2.5.0 to 2.4.5
Updated by Jim Pingle almost 5 years ago
- Status changed from Resolved to Feedback
Needs checked and/or tested again on 2.4.5 snapshots
Updated by Jim Pingle almost 5 years ago
- Status changed from Feedback to Resolved
Runs as expected with the new correct parameters on 2.4.5.a.20191218.2354