Package: dnsmasq
Version: 2.57-1
Severity: grave
Justification: renders package unusable
I am using dnsmasq to answer DHCP requests from virtual machines as they power
up. The requests are sent over an (internal) bridge (called "br0") on the host
machine.
When watching the incoming packets on the internal bridge, I see incoming DHCP
requests but no replies from dnsmasq:
zitpcx6184:~# tcpdump -i br0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:15:32.845676 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:9c:6a:89, length 300
18:15:37.094509 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:9c:6a:89, length 300
18:15:44.094885 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:9c:6a:89, length 300
18:15:54.095058 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
08:00:27:9c:6a:89, length 300
In the file /var/log/daemon.log, I see dnsmasq receiving these DHCP requests.
According to the log file, dnsmasq is replying to the request:
Jul 25 18:15:32 zitpcx6184 dnsmasq-dhcp[1770]: DHCPDISCOVER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:32 zitpcx6184 dnsmasq-dhcp[1770]: DHCPOFFER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:37 zitpcx6184 dnsmasq-dhcp[1770]: DHCPDISCOVER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:37 zitpcx6184 dnsmasq-dhcp[1770]: DHCPOFFER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:44 zitpcx6184 dnsmasq-dhcp[1770]: DHCPDISCOVER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:44 zitpcx6184 dnsmasq-dhcp[1770]: DHCPOFFER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:54 zitpcx6184 dnsmasq-dhcp[1770]: DHCPDISCOVER(br0) 10.0.23.10
08:00:27:9c:6a:89
Jul 25 18:15:54 zitpcx6184 dnsmasq-dhcp[1770]: DHCPOFFER(br0) 10.0.23.10
08:00:27:9c:6a:89
Yet, despite dnsmasq claiming to send DHCPOFFER on br0, tcpdump sees no such
packet being sent.
Here is the machine's firewall:
zitpcx6184:~# iptables -L -nv
Chain INPUT (policy ACCEPT 3146 packets, 1300K bytes)
pkts bytes target prot opt in out source destination
54423 33M INPUT_UNTRUSTED all -- br1 * 0.0.0.0/0
0.0.0.0/0
23630 5420K REJECT all -- br1 * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 40015 packets, 5154K bytes)
pkts bytes target prot opt in out source destination
Chain INPUT_UNTRUSTED (1 references)
pkts bytes target prot opt in out source destination
30793 27M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80,22,443,6081
0 0 ACCEPT tcp -- * * 131.169.0.0/16 0.0.0.0/0
multiport dports 3306,5901
Notice that the OUTPUT chain allows all out-bound traffic. Therefore,
dnsmasq's reply should be seen by tcpdump.
As a shot-in-the-dark, I've checked for dnsmasq reply packets on the other
interfaces (lo, eth0, br1). There's no sign of the reply packets.
This used to work, so it looks like a bug introduced with a recent upgrade of
the dnsmasq package.
Cheers,
Paul.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'oldstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.0.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dnsmasq depends on:
ii adduser 3.113 add and remove users and groups
ii dnsmasq-base 2.57-1 A small caching DNS proxy and DHCP
ii netbase 4.46 Basic TCP/IP networking system
dnsmasq recommends no packages.
Versions of packages dnsmasq suggests:
pn resolvconf <none> (no description available)
-- Configuration Files:
/etc/default/dnsmasq changed:
ENABLED=1
/etc/dnsmasq.conf changed:
conf-file=/etc/dnsmasq.more.conf
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
