dhclient-script flushes & re-adds an alias IP every time a lease is renewed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
isc-dhcp (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
The dhclient-script flushes & re-adds an alias IP every time a lease is renewed.
Why?
The alias IP in configured in dhclient.conf, which is read on startup.
Even if the configuration was altered some time after an initial BOUND|REBOOT state/event dhclient would not know about it at RENEW time.
So as far as I can tell "$alias_ip_address" is guaranteed to never change after the initial BOUND|REBOOT event/state therefore making it pointless to reconfigure it at every RENEW.
Now, the superfluous reconfiguration might appear to be harmless at first, but if the primary leased address is used to masquerade(
This is because when the secondary IP address is removed all connection tracking entries for the entire interface are flushed which can cause existing connections to be dropped/terminated.
Which is how I found out and am reporting this issue.... :(
Although I think I'm of the opinion that this iptables/conntrack behaviour is probably also sub-optimal (to say the least), this should not be used as an excuse to perform any unnecessary actions of which the side-effects (now or in the future) are unknown and possibly undesired.
If my reasoning is correct the following barely tested patch seems to work for m:
--- dhclient-
+++ dhclient-script 2013-05-24 12:13:36.966021941 +0200
@@ -235,7 +235,8 @@
fi
- if [ -n "$old_ip_address" ] && [ -n "$alias_ip_address" ] &&
+ if { [ "$reason" = "BOUND" ] || [ "$reason" = "REBOOT" ] ;} &&
+ [ -n "$old_ip_address" ] && [ -n "$alias_ip_address" ] &&
[ "$alias_ip_address" != "$old_ip_address" ]; then
# alias IP may have changed => flush it
ip -4 addr flush dev ${interface} label ${interface}:0
@@ -271,7 +272,8 @@
done
fi
- if [ -n "$alias_ip_address" ] &&
+ if { [ "$reason" = "BOUND" ] || [ "$reason" = "REBOOT" ] ;} &&
+ [ -n "$alias_ip_address" ] &&
[ "$new_ip_address" != "$alias_ip_address" ]; then
# separate alias IP given, which may have changed
# => flush it, set it & add host route to it
Regards,
Mark.
Apparently the same problem was found and fixed in OpenSUSE in 2011: /bugzilla. novell. com/show_ bug.cgi? id=700771
https:/