Opened 14 years ago
Last modified 13 years ago
#6495 new defect
VBox DHCP Server does not respect client identifier
| Reported by: | lmanman2 | Owned by: | |
|---|---|---|---|
| Component: | network | Version: | VirtualBox 3.1.6 |
| Keywords: | DHCP | Cc: | |
| Guest type: | other | Host type: | other |
Description
VBox's build-in DHCP server does not respect the DHCP 'client identifier' option. Only the DHCP 'chaddr' field (typically the MAC address) is respected.
Problem is that this is a violation of the DHCP protocol. (RFC 2131). Below is an extract from the RFC where I've highlighted in bold what I think VBox does not implement:
"A DHCP server needs to use some unique identifier to associate a client with its lease. The client MAY choose to explicitly provide the identifier through the 'client identifier' option. If the client supplies a 'client identifier', the client MUST use the same 'client identifier' in all subsequent messages, and the server MUST use that identifier to identify the client. If the client does not provide a 'client identifier' option, the server MUST use the contents of the 'chaddr' field to identify the client. It is crucial for a DHCP client to use an identifier unique within the subnet to which the client is attached in the 'client identifier' option. Use of 'chaddr' as the client's unique identifier may cause unexpected results, as that identifier may be associated with a hardware interface that could be moved to a new client. Some sites may choose to use a manufacturer's serial number as the 'client identifier', to avoid unexpected changes in a clients network address due to transfer of hardware interfaces among computers. Sites may also choose to use a DNS name as the 'client identifier', causing address leases to be associated with the DNS name rather than a specific hardware box."
The current functionality of VBox's DHCP server creates problems for DHCP clients that for one reason or another sends a 'client identifier' as part of the DHCP negotiation and expects it to be respected over the 'chaddr' field.
My suspicion: VBox's DHCP server in its use of data structures seems to implement the BOOTP protocol rather than the DHCP protocol. (DHCP was invented as a successor to BOOTP in 1993).
How to implement:
Internally the DHCP Server should work with a unique lease identifier defined as follows (pseudo code):
If (! IsNull(DHCP-ClientIdentifier) ) DhcpUniqueLeaseId = DHCP-ClientIdentifier Else DhcpUniqueLeaseId = DHCP-chaddr
Change History (4)
follow-ups: 2 3 comment:1 by , 14 years ago
comment:2 by , 14 years ago
Replying to Hachiman:
Could you please provide (link or guest) to the dhcp client which experiencing problems with lack of supporting client identifier by chaddr?
Sorry about the long reply time on this one. I've been offline. I'm not sure I understand the sentence. It is not chaddr I have problems with. I have problems with DHCP clients that will use client identifier (as opposed to chaddr) as the unique identifier.
One such example is Solaris 10. (I don't have to provide a link, do I?, :-) ). In a Solaris instance it is possible to have several logical virtual interfaces. This is often used together with Solaris Zones but is not as such related. In this situation it can become necessary to instruct the Solaris DHCP client to use an alternative unique identifier when requesting a lease. If not Solaris will by default (as any other OS) use the chaddr field which it derives from the MAC address and this will obviously lead to clashes.
This is how to replicate:
On a Solaris guest with bridged networking create virtual network interfaces inside the guest as follows:
ifconfig e1000g0:1 plumb ifconfig e1000g0:2 plumb ifconfig e1000g0:3 plumb ifconfig e1000g0:4 plumb
(In Solaris the DHCP client is called dhcpagent. See man dhcpagent for information.) Make sure /etc/default/dhcpagent files contains lines like this
e1000g0:1.CLIENT_ID="unique-ident-1" e1000g0:2.CLIENT_ID="unique-ident-2" e1000g0:3.CLIENT_ID="unique-ident-3" e1000g0:4.CLIENT_ID="unique-ident-4"
This instructs the Solaris DHCP client (aka dhcpagent) to use the above identifiers as DHCP client identifier in the lease request rather than not setting this field in the lease request which would be the default.
Restart the DHCP agent (it will automatically restart itself later when required)
pkill -x dhcpagent
This is just to make sure that the changes to the /etc/default/dhcpagent file takes effect.
Configure our new virtual interfaces to use DHCP:
ifconfig e1000g0:1 dhcp start ifconfig e1000g0:2 dhcp start ifconfig e1000g0:3 dhcp start ifconfig e1000g0:4 dhcp start
Solaris will now automatically restart the dhcpagent. However: It will not be able to assign IP address for the four interfaces because VBox DHCP Server will only use the chaddr field and therefore think they are all the same and therefore respond with the same IP address for all four interfaces.
If you debug the VBox DHCP server you will see that the DHCP messages from the client indeed now contains a client identifier field... but it is unfortunately ignored by the VBox DHCP Server.
follow-up: 4 comment:3 by , 14 years ago
Replying to Hachiman:
Note: that we've met several real case exceptions which we'd to add special support for them e.g. for DSL distribution the client MUST use the same 'client identifier' in all subsequent messages isn't true.
Not sure I understand. Currently VBox DHCP Server completely ignores the DHCP client identifier and only uses the DHCP chaddr so how can you have had problems with this ?? Do you mean that you have seen cases where a DHCP client would change the value used in the chaddr field between messages ?
Anyway what you describe (whether on the client identifier field or chaddr field) would be a clear violation of the DHCP protocol (RFC 2131). The correct thing to do would be to tell the manufacturer of the DHCP client that his software is in violation of RFC 2131 rather than create a workaround for it in VBox DHCP Server. I wouldn't exactly say the RFC is unclear in this respect so there is no excuse. Ok, I may be too idealistic in my view on the world here. :-)
comment:4 by , 13 years ago
Any news on this one?
Without the VBox DHCP Server becoming RFC compliant in the described respect it is difficult to use Solaris zone virtualization within single guest instance.
Could you please provide (link or guest) to the dhcp client which experiencing problems with lack of supporting client identifier by chaddr? Note: that we've meet several real case exceptions which we'd to add special support for them e.g. for DSL distribution the client MUST use the same 'client identifier' in all subsequent messages isn't true. So having another good test will be useful for testing both servers in VBox tree.