jammy's version breaks existing dhcp scripts with relay
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dnsmasq (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack | ||
Jammy |
Fix Released
|
Undecided
|
Andreas Hasenack |
Bug Description
[ Impact ]
When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument.
This was fixed in 2.87, therefore making only jammy carry an affected package.
[ Test Plan ]
To easily test this on a single machine, a test script is being provided to setup networking and dnsmasq configuration.
# Launch a jammy VM
lxc launch ubuntu-daily:jammy j-dnsmasq-2042587 --vm
# open a root shell in that VM. All subsequent commands must be executed as root in that VM
lxc shell j-dnsmasq-2042587
# download test script
# make it executable
chmod +x setup-and-server.sh
# install dnsmasq. Ignore the postinst error (because systemd-resolved is also running and there is a port conflict)
apt update && apt install dnsmasq -y
# run the setup script. It will configure things and start dnsmasq ready to be tested
./setup-
# in another root session inside the vm (so run "lxc shell j-dnsmasq-2042587" in another terminal), run the proposed commands from the setup script (and press ctrl-c after the result is shown):
No DHCP relay:
ip netns exec client dhclient -d -v p2
The setup script should log an IP that is not a relay. For example:
dnsmasq-dhcp: DHCPDISCOVER(p1) aa:a0:9d:00:5b:d6
dnsmasq-dhcp: DHCPOFFER(p1) 192.168.47.150 aa:a0:9d:00:5b:d6
dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6
dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587
#######
IP = 192.168.47.150
#######
With DHCP relay set to 192.168.47.9, IP should NOT be that address:
ip netns exec client dhclient -d -v p2 -g 192.168.47.9
With the affected dnsmasq package, we will see an error:
dnsmasq-dhcp: DHCPREQUEST(p1) 192.168.47.150 aa:a0:9d:00:5b:d6
dnsmasq-dhcp: DHCPACK(p1) 192.168.47.150 aa:a0:9d:00:5b:d6 j-dnsmasq-2042587
#######
IP = 192.168.47.9
TEST FAILED
#######
The error is that the obtained IP is that of the dhcp relay (provided via the -g option).
With the fixed dnsmasq package, "TEST FAILED" must not appear, and the IP should not be that of the provided dhcp relay.
[ Where problems could occur ]
If the fix is incorrect, it would mean the dhcp-script would get an incorrect IP again, or perhaps we could have crashes in dnsmasq when dealing with buffers and pointers if the dhcp-script option is in use.
This fix was committed upstream a few months after the bug was introduced, so it took a while to be noticed.
[ Other Info ]
Not at this time.
[ Original description ]
When upgrading from focal to jammy, existing dnsmasq dhcp-scripts stopped working in an environment where a DHCP relay is in use. Instead of the expected client IP address, the script gets the _relay_ IP address as an argument. From dnsmasq documentation for --dhcp-script:
> The arguments to the process are "add", "old" or "del", the MAC address of the host (or DUID for IPv6) , the IP address, and the hostname, if known.
I believe the change has been inadverently made in upstream commit 527c3c7d0d3bb4b
dnsmasq 2.86-1.1ubuntu0.3 / Ubuntu 22.04
Related branches
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 56 lines (+17/-3)3 files modifieddebian/changelog (+9/-0)
src/dnsmasq.c (+5/-0)
src/helper.c (+3/-3)
tags: | added: server-todo |
Changed in dnsmasq (Ubuntu Jammy): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in dnsmasq (Ubuntu): | |
assignee: | nobody → Andreas Hasenack (ahasenack) |
description: | updated |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Thanks for taking the time to report this bug Timo!
Do you have steps for how you setup dnsmasq so it can be more easy to reproduce your issue?