Reproducing the bug
root@j-dnsmasq-2042587:~# apt-cache policy dnsmasq
dnsmasq:
Installed: 2.86-1.1ubuntu0.4
Candidate: 2.86-1.1ubuntu0.4
Version table:
*** 2.86-1.1ubuntu0.4 500
500 http://br.archive.ubuntu.com/ubuntu jammy-updates/universe amd64
Packages
100 /var/lib/dpkg/status
2.86-1.1ubuntu0.3 500
500 http://br.archive.ubuntu.com/ubuntu jammy-security/universe amd64
Packages
2.86-1.1 500
500 http://br.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
Running the setup script:
# ./setup-and-server.sh
Cleaning up
Setting things up...
Commands to run in another terminal:
No DHCP relay:
ip netns exec client dhclient -d -v p2
With DHCP relay set to 192.168.47.9, IP should NOT be that address:
ip netns exec client dhclient -d -v p2 -g 192.168.47.9
Starting server, observe output and run the test commands above.
Press ctrl-c when done.
dnsmasq: started, version 2.86 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP
DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC loop-detect inotify
dumpfile
dnsmasq-dhcp: DHCP, IP range 192.168.47.10 -- 192.168.47.250, lease time 12h
dnsmasq-dhcp: DHCP, sockets bound exclusively to interface p1
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 127.0.0.53#53
dnsmasq: read /etc/hosts - 7 addresses
For the "no DHCP relay" case:
# ip netns exec client dhclient -d -v p2
(...)
bound to 192.168.47.209 -- renewal in 21350 seconds.
And the server logs:
dnsmasq-dhcp: DHCPDISCOVER(p1) ee:a3:dd:58:d8:35
dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.209 ee:a3:dd:58:d8:35
dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.209 ee:a3:dd:58:d8:35
dnsmasq-dhcp: DHCPACK(p1) 192.168.47.209 ee:a3:dd:58:d8:35 j-dnsmasq-2042587
###########################
IP = 192.168.47.209
###########################
That's the correct IP we want to see. Now, on to the bug, which is WITH a DHCP
relay.
We run this on the client:
# ip netns exec client dhclient -d -v p2 -g 192.168.47.9
(...)
DHCPREQUEST for 192.168.47.209 on p2 to 255.255.255.255 port 67 (xid=0x7f70085a)
And the server logs the incorrect iP:
dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.209 ee:a3:dd:58:d8:35
dnsmasq-dhcp: DHCPACK(p1) 192.168.47.209 ee:a3:dd:58:d8:35 j-dnsmasq-2042587
###########################
IP = 192.168.47.9
TEST FAILED
###########################
Now let's use the package from proposed:
root@j-dnsmasq-2042587:~# apt-cache policy dnsmasq
dnsmasq:
Installed: 2.86-1.1ubuntu0.5
Candidate: 2.86-1.1ubuntu0.5
Version table:
*** 2.86-1.1ubuntu0.5 500
500 http://br.archive.ubuntu.com/ubuntu jammy-proposed/universe amd64
Packages
100 /var/lib/dpkg/status
2.86-1.1ubuntu0.4 500
500 http://br.archive.ubuntu.com/ubuntu jammy-updates/universe amd64
Packages
2.86-1.1ubuntu0.3 500
500 http://br.archive.ubuntu.com/ubuntu jammy-security/universe amd64
Packages
2.86-1.1 500
500 http://br.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
We run the server script again:
The no-relay case:
# ip netns exec client dhclient -d -v p2
(...)
bound to 192.168.47.155 -- renewal in 19424 seconds.
Where the server logs:
(...)
dnsmasq-dhcp: DHCPACK(p1) 192.168.47.155 e2:c1:8c:88:0d:94 j-dnsmasq-2042587
###########################
IP = 192.168.47.155
###########################
Which was already working before, but now let's try the relay case, which was
broken before:
# ip netns exec client dhclient -d -v p2 -g 192.168.47.9
(...)
DHCPREQUEST for 192.168.47.155 on p2 to 255.255.255.255 port 67 (xid=0x292ace5c)
Now the server logs the correct IP:
dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.155 e2:c1:8c:88:0d:94
dnsmasq-dhcp: DHCPACK(p1) 192.168.47.155 e2:c1:8c:88:0d:94 j-dnsmasq-2042587
###########################
IP = 192.168.47.155
###########################
Jammy verification succeeded.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dnsmasq in Ubuntu.
https://bugs.launchpad.net/bugs/2042587
Title:
jammy's version breaks existing dhcp scripts with relay
Status in dnsmasq package in Ubuntu:
Fix Released
Status in dnsmasq source package in Jammy:
Fix Committed
Bug description:
[ Impact ]
When upgrading from focal to jammy, existing dnsmasq dhcp-scripts
stopped working in an environment where a DHCP relay is in use.
Instead of the expected client IP address, the script gets the _relay_
IP address as an argument.
This was fixed in 2.87, therefore making only jammy carry an affected
package.
[ Test Plan ]
To easily test this on a single machine, a test script is being
provided to setup networking and dnsmasq configuration.
# Launch a jammy VM
lxc launch ubuntu-daily:jammy j-dnsmasq-2042587 --vm
# open a root shell in that VM. All subsequent commands must be
executed as root in that VM
lxc shell j-dnsmasq-2042587
# download test script
wget
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+attachment/5738174/+files/setup-
and-server.sh
# make it executable
chmod +x setup-and-server.sh
# install dnsmasq. Ignore the postinst error (because systemd-resolved
is also running and there is a port conflict)
apt update && apt install dnsmasq -y
# run the setup script. It will configure things and start dnsmasq
ready to be tested
./setup-and-server.sh
# in another root session inside the vm (so run "lxc shell
j-dnsmasq-2042587" in another terminal), run the proposed commands
from the setup script (and press ctrl-c after the result is shown):
No DHCP relay:
ip netns exec client dhclient -d -v p2
The setup script should log an IP that is not a relay. For example:
dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6
dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6
dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6
dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587
###########################
IP = 192.168.47.150
###########################
With DHCP relay set to 192.168.47.9, IP should NOT be that address:
ip netns exec client dhclient -d -v p2 -g 192.168.47.9
With the affected dnsmasq package, we will see an error:
dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6
dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587
###########################
IP = 192.168.47.9
TEST FAILED
###########################
The error is that the obtained IP is that of the dhcp relay (provided
via the -g option).
With the fixed dnsmasq package, "TEST FAILED" must not appear, and the
IP should not be that of the provided dhcp relay.
[ Where problems could occur ]
If the fix is incorrect, it would mean the dhcp-script would get an incorrect
IP again, or perhaps we could have crashes in dnsmasq when dealing with buffers
and pointers if the dhcp-script option is in use.
This fix was committed upstream a few months after the bug was introduced, so
it took a while to be noticed.
[ Other Info ]
Not at this time.
[ Original description ]
When upgrading from focal to jammy, existing dnsmasq dhcp-scripts
stopped working in an environment where a DHCP relay is in use.
Instead of the expected client IP address, the script gets the _relay_
IP address as an argument. From dnsmasq documentation for --dhcp-
script:
> The arguments to the process are "add", "old" or "del", the MAC
address of the host (or DUID for IPv6) , the IP address, and the
hostname, if known.
I believe the change has been inadverently made in upstream commit
527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692
(https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blobdiff;f=src/helper.c;h=02340a01c00031db0cc682c8a4a279cfc1db574e;hp=d81de9622e6d484a264496b2cd3638b4e15e9677;hb=527c3c7d0d3bb4bf5fad699f10cf0d1a45a54692;hpb=fcb4dcaf7cc8a86ac2533b933161b6455f75bf8f)
as the commit message only speaks about inet_ntoa replacement and not
the behavioral change it also introduces (previously the relay address
was only set to the environment variable, now it effectively overrides
the prevoiusly set client's IP address).
dnsmasq 2.86-1.1ubuntu0.3 / Ubuntu 22.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/2042587/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
