[pkg-dhcp-devel] Bug#648401: isc-dhcp-relay: dhcrelay(8) doesn't mention need for -i on server facing interface

Steinar H. Gunderson sgunderson at bigfoot.com
Wed Feb 20 18:25:28 UTC 2013

tags 648401 + patch

On Tue, Feb 19, 2013 at 11:59:05PM +0100, Steinar H. Gunderson wrote:
> I'd say this means dhcrelay itself is pretty much completely broken, and I'm
> upgrading severity accordingly. It shouldn't subject the BOOTREPLY packets to
> interface checking, or it should have a separate list of interfaces from
> which it can come; I think this actually works for DHCPv6, where you have
> separate “lower” and “upper” interface options, but I haven't tested it.

Here's a patch that fixes the problem for us. It makes dhcrelay listen on all
interfaces and relay BOOTREPLY packets from them, but still only rely
BOOTREQUEST packets from requested interfaces (those with -i).

What it _doesn't_ fix, is that dhcrelay should only relay broadcast packets
(e.g. DHCPDISCOVER); the unicast packets (e.g. DHCPREQUEST) can already find
their way through, so you end up with duplicates. Those are largely harmless,
though, so I consider fixing that out-of-scope for the wheezy freeze; this is
the minimal patch that I could find.

/* Steinar */
Homepage: http://www.sesse.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhcrelay-listen-fix.diff
Type: text/x-diff
Size: 1080 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20130220/751cec1f/attachment.diff>

More information about the pkg-dhcp-devel mailing list