Page MenuHomeVyOS Platform
Create Task
Maniphest T1405

dhclient runs before mac overrides are applied
Closed, ResolvedPublic
Actions

Description

It causes me to get an ip from the "unauthorized device" dhcp pool at my isp

May 24 02:46:09 r dhclient: DHCPREQUEST on peth0.2 to 255.255.255.255 port 67
May 24 02:46:09 r sudo:     root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/ip link set peth0.2 address XX:XX:XX:XX:XX:c4
May 24 02:46:09 r sudo:     root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/ip link set bond0 mtu 9000
May 24 02:46:10 r sudo:     root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/ip link set bond0.10 mtu 9000
May 24 02:46:13 r dhclient: DHCPREQUEST on peth0.2 to 255.255.255.255 port 67
May 24 02:46:22 r dhclient: DHCPDISCOVER on peth0.2 to 255.255.255.255 port 67 interval 6
May 24 02:46:28 r dhclient: DHCPDISCOVER on peth0.2 to 255.255.255.255 port 67 interval 13
May 24 02:46:41 r dhclient: DHCPDISCOVER on peth0.2 to 255.255.255.255 port 67 interval 9
May 24 02:46:41 r dhclient: DHCPREQUEST on peth0.2 to 255.255.255.255 port 67
May 24 02:46:41 r dhclient: DHCPOFFER from 10.204.20.3
May 24 02:46:41 r dhclient: DHCPACK from 10.204.20.2
May 24 02:46:42 r dhclient: bound to 10.204.20.59 -- renewal in 1582 seconds.
May 24 03:13:04 r dhclient: DHCPREQUEST on peth0.2 to 83.173.15.21 port 67
May 24 03:14:47 r dhclient: message repeated 9 times: [ DHCPREQUEST on peth0.2 to 83.173.15.21 port 67]
May 24 03:14:59 r dhclient: DHCPREQUEST on peth0.2 to 83.173.15.21 port 67
May 24 03:16:48 r dhclient: message repeated 8 times: [ DHCPREQUEST on peth0.2 to 83.173.15.21 port 67]
May 24 03:17:08 r dhclient: DHCPREQUEST on peth0.2 to 83.173.15.21 port 67
May 24 03:30:53 r dhclient: message repeated 55 times: [ DHCPREQUEST on peth0.2 to 83.173.15.21 port 67]
May 24 03:31:12 r dhclient: DHCPREQUEST on peth0.2 to 83.173.15.21 port 67
May 24 03:39:08 r dhclient: message repeated 34 times: [ DHCPREQUEST on peth0.2 to 83.173.15.21 port 67]
May 24 03:39:20 r dhclient: DHCPREQUEST on peth0.2 to 255.255.255.255 port 67
May 24 03:39:21 r dhclient: DHCPACK from 10.204.20.2
May 24 03:39:21 r dhclient: bound to 10.204.20.59 -- renewal in 1207516 seconds.

manually ran: renew dhcp interface peth0.2

May 24 04:10:44 r dhclient: Killed old client process
May 24 04:10:46 r dhclient: DHCPREQUEST on peth0.2 to 255.255.255.255 port 67
May 24 04:10:46 r dhclient: DHCPNAK from 10.204.20.2
May 24 04:10:46 r dhclient: DHCPDISCOVER on peth0.2 to 255.255.255.255 port 67 interval 3
May 24 04:10:46 r dhclient: DHCPREQUEST on peth0.2 to 255.255.255.255 port 67
May 24 04:10:46 r dhclient: DHCPOFFER from 10.204.20.3
May 24 04:10:46 r dhclient: DHCPACK from 10.204.20.3
May 24 04:10:46 r dhclient: bound to XXX.XXX.XXX.165 -- renewal in 960719 seconds.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

Gunni created this task.May 24 2019, 4:14 AM
Gunni created this object in space S1 VyOS Public.
pasik added a subscriber: pasik.May 24 2019, 6:18 AM
carazzim0 added a subscriber: carazzim0.Nov 19 2020, 8:28 AM

Hi there,

I'm running VyOS as my home router for my FTTH connection which works pretty decent overall.
Unfortunately I am kind of negatively affected by this as well. This does not only affect dhclient but also every other interface reconfiguration (Firewall change, added address dhcpv6 command...)

My problem here is: once I reconfigure my WAN interface, the "commit" command causes the overridden mac to be changed back to its original NIC mac. As soon as the switchport from ISP side sees more than one, or any other configured mac address, the switchport gets disabled.

Configuration for WAN interface:

[email protected]# show interfaces ethernet eth2
 address dhcp
 address dhcpv6
 description "uplink FTTH"
 firewall {
     in {
         ipv6-name WAN_INBOUND_v6
     }
     local {
         ipv6-name WAN_LOCAL_v6
     }
     out {
         ipv6-name WAN_OUTBOUND_v6
     }
 }
 hw-id xx:xx:xx:xx:xx:xx                       # original nic mac address
 ipv6 {
     address {
         autoconf
     }
 }
 mac yy:yy:yy:yy:yy:yy                 # spoofed mac address

If this gets confirmed as a bug I might also work on this problem if neccessary. But I may need help with finding the correct locations in the source code :)

I hope to hear back from you soon.

Thanks
Sebastian

c-po changed the task status from Open to In progress.Nov 19 2020, 9:06 PM
c-po claimed this task.
c-po set Is it a breaking change? to Unspecified (possibly destroys the router).
c-po changed the task status from In progress to Needs testing.Nov 19 2020, 9:09 PM
c-po triaged this task as Normal priority.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.

I have adjust the logic which now sets the interface MAC address before any other parameter. Using the OSI model this makes sense as the MAC layer is below IP.

Please test with tomorrows rolling release!

c-po closed this task as Resolved.Nov 20 2020, 11:58 AM