Ubuntu
isc-dhcp package

  1. Bug #1670303
  2. Comment #2

Comment 2 for bug 1670303

Revision history for this message
Brian Candler (b-candler) wrote :

strace shows that dhcpd is binding to explicit ports which it has chosen itself:

setsockopt(20, SOL_SOCKET, SO_TIMESTAMP, [1], 4) = 0
setsockopt(20, SOL_IP, IP_MTU_DISCOVER, [0], 4) = 0
getsockopt(20, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
setsockopt(20, SOL_IP, IP_RECVTOS, [1], 4) = 0
bind(20, {sa_family=AF_INET, sin_port=htons(15101), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
socket(PF_INET6, SOCK_DGRAM, IPPROTO_UDP) = 5
fcntl(5, F_DUPFD, 20) = 21
close(5) = 0
fcntl(21, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(21, F_SETFL, O_RDWR|O_NONBLOCK) = 0
setsockopt(21, SOL_IPV6, IPV6_MTU, [1280], 4) = 0
setsockopt(21, SOL_SOCKET, SO_TIMESTAMP, [1], 4) = 0
setsockopt(21, SOL_IPV6, IPV6_RECVPKTINFO, [1], 4) = 0
setsockopt(21, SOL_IPV6, IPV6_MTU_DISCOVER, [0], 4) = 0
getsockopt(21, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
setsockopt(21, SOL_IPV6, IPV6_RECVTCLASS, [1], 4) = 0
setsockopt(21, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0
bind(21, {sa_family=AF_INET6, sin6_port=htons(11709), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0

Aha - from man dhcpd:

When DDNS is enabled at compile time (see includes/site.h)
the server will open both a v4 and a v6 UDP socket on
random ports. These ports are opened even if DDNS is disabled
in the configuration file.

In the source code, the README says:

A fully-featured implementation of dynamic DNS updates is included in
this release. It uses libraries from BIND and, to avoid issues with
different versions, includes the necessary BIND version. The appropriate
BIND libraries will be compiled and installed in the bind subdirectory
as part of the make step.

However, debian/patches/system-bind.patch causes it to link against the system bind library; this seems to be -ldns-export from package libdns-export162

apt-get source libdns-export162 pulls in bind9. The CHANGES file says:

4109. [port] linux: support reading the local port range from
                        net.ipv4.ip_local_port_range. [RT # 39379]

However, the strace output from dhcpd shows no attempt to read ip_local_port_range.

I see the bind code includes these fallback values:

#define ISC_NET_PORTRANGELOW 1024
#define ISC_NET_PORTRANGEHIGH 65535

ISTM that a safer bound would be 49152-65535 (IANA dynamic port range), or at least the linux default of "32768 60999"

But the fundamental problem here is that for some reason, when dhcpd links into this code, it isn't making use of the detection of available Linux port range.