Subject: dnsmasq no longer replies to DHCP requests
Date: Mon, 25 Jul 2011 18:29:59 +0200
Package: dnsmasq
Version: 2.57-1
Severity: grave
Justification: renders package unusable
I am using dnsmasq to answer DHCP requests from virtual machines as they power
up. The requests are sent over an (internal) bridge (called "br0") on the host
machine.
When watching the incoming packets on the internal bridge, I see incoming DHCP
requests but no replies from dnsmasq:
zitpcx6184:~# tcpdump -i br0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:15:32.845676 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:9c:6a:89, length 300
18:15:37.094509 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:9c:6a:89, length 300
18:15:44.094885 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:9c:6a:89, length 300
18:15:54.095058 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:9c:6a:89, length 300
In the file /var/log/daemon.log, I see dnsmasq receiving these DHCP requests.
According to the log file, dnsmasq is replying to the request:
Jul 25 18:15:32 zitpcx6184 dnsmasq-dhcp[1770]: DHCPDISCOVER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:32 zitpcx6184 dnsmasq-dhcp[1770]: DHCPOFFER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:37 zitpcx6184 dnsmasq-dhcp[1770]: DHCPDISCOVER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:37 zitpcx6184 dnsmasq-dhcp[1770]: DHCPOFFER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:44 zitpcx6184 dnsmasq-dhcp[1770]: DHCPDISCOVER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:44 zitpcx6184 dnsmasq-dhcp[1770]: DHCPOFFER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:54 zitpcx6184 dnsmasq-dhcp[1770]: DHCPDISCOVER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:54 zitpcx6184 dnsmasq-dhcp[1770]: DHCPOFFER(br0) 10.0.23.10
08:00:27:9c:6a:89
Yet, despite dnsmasq claiming to send DHCPOFFER on br0, tcpdump sees no such
packet being sent.
Here is the machine's firewall:
zitpcx6184:~# iptables -L -nv
Chain INPUT (policy ACCEPT 3146 packets, 1300K bytes)
pkts bytes target prot opt in out source destination
54423 33M INPUT_UNTRUSTED all -- br1 * 0.0.0.0/0
0.0.0.0/0
23630 5420K REJECT all -- br1 * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 40015 packets, 5154K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT_UNTRUSTED (1 references)
pkts bytes target prot opt in out source destination
30793 27M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,22,443,6081
0 0 ACCEPT tcp -- * * 131.169.0.0/16 0.0.0.0/0
multiport dports 3306,5901
Notice that the OUTPUT chain allows all out-bound traffic. Therefore,
dnsmasq's reply should be seen by tcpdump.
As a shot-in-the-dark, I've checked for dnsmasq reply packets on the other
interfaces (lo, eth0, br1). There's no sign of the reply packets.
This used to work, so it looks like a bug introduced with a recent upgrade of
the dnsmasq package.
Cheers,
Paul.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'oldstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.0.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dnsmasq depends on:
ii adduser 3.113 add and remove users and groups
ii dnsmasq-base 2.57-1 A small caching DNS proxy and DHCP
ii netbase 4.46 Basic TCP/IP networking system
dnsmasq recommends no packages.
Versions of packages dnsmasq suggests:
pn resolvconf <none> (no description available)
-- Configuration Files:
/etc/default/dnsmasq changed:
ENABLED=1
/etc/dnsmasq.conf changed:
conf-file=/etc/dnsmasq.more.conf
-- no debconf information
Acknowledgement sent
to Simon Kelley <[email protected]>:
Extra info received and forwarded to list.
(Mon, 08 Aug 2011 15:51:03 GMT) (full text, mbox, link).
Subject: Re: Bug#635383: dnsmasq no longer replies to DHCP requests
Date: Mon, 08 Aug 2011 16:49:27 +0100
Paul Millar wrote:
> As a shot-in-the-dark, I've checked for dnsmasq reply packets on the other
> interfaces (lo, eth0, br1). There's no sign of the reply packets.
>
> This used to work, so it looks like a bug introduced with a recent upgrade of
> the dnsmasq package.
>
There have been no recent changes to the code-paths involved that I can
point a finger to, and this sort of setup depends on so much setup
external to dnsmasq that I'm inclined to look elsewhere first. Can you
downgrade dnsmasq and point me to a version which works _now_? Also, the
output of strace in the dnsmasq process during the attempted lease
aquisition would be useful.
Cheers,
Simon.
Acknowledgement sent
to Simon Kelley <[email protected]>:
Extra info received and forwarded to list.
(Wed, 31 Aug 2011 20:51:08 GMT) (full text, mbox, link).
Subject: Re: Bug#635383: dnsmasq no longer replies to DHCP requests
Date: Wed, 31 Aug 2011 21:46:24 +0100
I'm not aware of this bug having been manifest anywhere except here and
I can't progress it without further information from the submitter.
Since the package is working fine for almost everyone, I'm downgrading
this to "normal". It's certainly not release critical.
Cheers,
Simon.
Subject: Re: Bug#635383: dnsmasq no longer replies to DHCP requests
Date: Thu, 1 Sep 2011 08:44:26 +0200
Hi Simon,
On Wednesday 31 August 2011 22:46:24 Simon Kelley wrote:
> I'm not aware of this bug having been manifest anywhere except here and
> I can't progress it without further information from the submitter.
> Since the package is working fine for almost everyone, I'm downgrading
> this to "normal". It's certainly not release critical.
Apologies for the delay in replying.
After doing some more testing, I'm now not convinced that the problem is with
dnsmasq. It appears that the problem lies outside, perhaps with the kernel
networking (routing or firewall).
I found, when the IP address is assigned manually, that the machine is still
unable to receive network traffic.
It looks like the problem is likely either VirtualBox's bridge-based network
driver or the kernel; my guess is that the problem lies within the kernel.
If possible, could you reassign this ticket?
Cheers,
Paul.
Source: dnsmasq
Source-Version: 2.58-2
We believe that the bug you reported is fixed in the latest version of
dnsmasq, which is due to be installed in the Debian FTP archive:
dnsmasq-base_2.58-2_i386.deb
to main/d/dnsmasq/dnsmasq-base_2.58-2_i386.deb
dnsmasq-utils_2.58-2_i386.deb
to main/d/dnsmasq/dnsmasq-utils_2.58-2_i386.deb
dnsmasq_2.58-2.diff.gz
to main/d/dnsmasq/dnsmasq_2.58-2.diff.gz
dnsmasq_2.58-2.dsc
to main/d/dnsmasq/dnsmasq_2.58-2.dsc
dnsmasq_2.58-2_all.deb
to main/d/dnsmasq/dnsmasq_2.58-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Kelley <[email protected]> (supplier of updated dnsmasq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 1 Sep 2011 10:05:23 +0000
Source: dnsmasq
Binary: dnsmasq dnsmasq-base dnsmasq-utils
Architecture: source i386 all
Version: 2.58-2
Distribution: unstable
Urgency: low
Maintainer: Simon Kelley <[email protected]>
Changed-By: Simon Kelley <[email protected]>
Description:
dnsmasq - Small caching DNS proxy and DHCP/TFTP server
dnsmasq-base - Small caching DNS proxy and DHCP/TFTP server
dnsmasq-utils - Utilities for manipulating DHCP leases
Closes: 635383
Changes:
dnsmasq (2.58-2) unstable; urgency=low
.
* Fix resolvconf script. (closes: #635383)
Checksums-Sha1:
5746ff0e0f7182f7135b1f66bf6a44c8c2560157 1042 dnsmasq_2.58-2.dsc
905aecf59692455e6418f4c039718c16395a7ca7 18582 dnsmasq_2.58-2.diff.gz
fd86d8bc4b2c21206e48b21115c217bfe538d402 324608 dnsmasq-base_2.58-2_i386.deb
2f223986308e303096779bb6a9af233f9c306875 17562 dnsmasq-utils_2.58-2_i386.deb
9da5386367973735b64312e4b637110342090887 14896 dnsmasq_2.58-2_all.deb
Checksums-Sha256:
d5072e87b5f7a518458874286d63cb4f568fbd3dc007625bf1ac6c12e43375d8 1042 dnsmasq_2.58-2.dsc
7c79a4e0b70d4be922efffae7eb6555104dafcfe22b4527125510c2325f68f86 18582 dnsmasq_2.58-2.diff.gz
7df3f091ebdfb4ea85247cd32e883206e642a24e3b21e11e98a44ac580304161 324608 dnsmasq-base_2.58-2_i386.deb
d92fdc5078ba7d538be62bd2d6215e60b192a220588a176ecdae927750a8a2da 17562 dnsmasq-utils_2.58-2_i386.deb
553bf2d433eb3cbce895076b46eacc769b0183efbb7e327c2dc68410cc8a94e5 14896 dnsmasq_2.58-2_all.deb
Files:
e620944bcf3f250e154469e25cb9b910 1042 net optional dnsmasq_2.58-2.dsc
03b06cd61ac6c60908bd7ced1cbf2412 18582 net optional dnsmasq_2.58-2.diff.gz
a45d84b3380df999464ed5cc8a4b208e 324608 net optional dnsmasq-base_2.58-2_i386.deb
6620744c1b0d4424fb4941c355592eab 17562 net optional dnsmasq-utils_2.58-2_i386.deb
3e05f1d350ccbd532012f476cf755e2e 14896 net optional dnsmasq_2.58-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk5fTA0ACgkQKPyGmiibgrdrLQCdEUOMeSYkxLMKawZeyGrUkpBO
o54Anj6rNvkmtWkwbZsjtnilbA0Ug76L
=eoxl
-----END PGP SIGNATURE-----
Bug No longer marked as fixed in versions dnsmasq/2.58-2 and reopened.
Request was from Debbugs Internal Request <[email protected]>
to [email protected].
(Thu, 01 Sep 2011 10:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Simon Kelley <[email protected]>:
Extra info received and forwarded to list.
(Thu, 01 Sep 2011 10:21:15 GMT) (full text, mbox, link).
Subject: Re: Bug#635383: dnsmasq no longer replies to DHCP requests
Date: Thu, 01 Sep 2011 11:17:33 +0100
Paul Millar wrote:
>
> If possible, could you reassign this ticket?
>
>
Reassigned to virtualbox, after a small false start where it got
accidentally closed.
Cheers,
Simon.
Hello Simon,
I can't see in which way #635383 is related to changes in the resolvconf
script. Is this bug report number correct? Or should it have been
#627789?
dnsmasq (2.58-2) unstable; urgency=low
* Fix resolvconf script. (closes: #635383)
Why not set no-poll and send SIGHUP to tell dnsmasq about changes?
Bye, Jörg.
--
Es liegt in der Natur des Menschen, vernünftig zu denken und
unlogisch zu handeln! Das Gesagte ist nicht das Gemeinte und das Gehörte
nicht das Verstandene!
Acknowledgement sent
to Simon Kelley <[email protected]>:
Extra info received and forwarded to list. Copy sent to Debian Virtualbox Team <[email protected]>.
(Sat, 03 Sep 2011 20:57:03 GMT) (full text, mbox, link).
Subject: Re: Does dnsmasq 2.58-2 really fix #635383?
Date: Sat, 03 Sep 2011 21:55:08 +0100
On 03/09/11 10:16, Jörg Sommer wrote:
> Hello Simon,
>
> I can't see in which way #635383 is related to changes in the resolvconf
> script. Is this bug report number correct? Or should it have been
> #627789?
>
> dnsmasq (2.58-2) unstable; urgency=low
>
> * Fix resolvconf script. (closes: #635383)
The bug number is wrong, as you surmise, I was having a bad day. I've
reopened 635383 and reassigned it to virtualbox. The bug that should
have been closed is 639963, and I've closed that by hand. I've fixed the
changelog for the next upload.
>
> Why not set no-poll and send SIGHUP to tell dnsmasq about changes?
The only reason not to is that writes to /etc/resolv.conf other than
from resolvconf would no longer be picked up in a timely manner.
Cheers,
Simon.
>
> Bye, Jörg.
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.