Weird problem of multiple dhcp processes running in parallel!
Glenn Satchell
glenn.satchell at uniq.com.au
Wed Nov 16 06:24:49 UTC 2016
I'd say it's a bug in the startup script provided by the distribution.
It's probably not checking for a pid file in the chrooted directory but
rather only looking in /var/run.
What linux distro are you running, and can you look at the startup script
to see which directory it looks in for the pid file?
regards,
-glenn
On Wed, November 16, 2016 4:49 pm, karteek.challa at wipro.com wrote:
> Hi Glenn,
>
>
> Thanks for your reply.
>
>
> To continue my work, I've killed one of the process.
>
> So, I've reproduced the issue freshly.
>
>
> linux-01:~ # ps -ef | grep dhcpd
> dhcpd 28406 1 0 05:57 ? 00:00:04 /usr/sbin/dhcpd -4 -cf
> /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf
> /db/dhcpd.leases -user dhcpd -group nogroup eth0
> dhcpd 29803 1 0 06:21 ? 00:00:01 /usr/sbin/dhcpd -4 -cf
> /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf
> /db/dhcpd.leases -user dhcpd -group nogroup eth0
>
> linux-01:~ # ls -ld /proc/28406
> dr-xr-xr-x 8 dhcpd nogroup 0 Nov 16 05:57 /proc/28406
> linux-01:~ # ls -ld /proc/29803
> dr-xr-xr-x 8 dhcpd nogroup 0 Nov 16 06:21 /proc/29803
>
> linux-01:~ # netstat -puntl | grep dhcpd
> udp 0 0 0.0.0.0:39394 0.0.0.0:*
> 28406/dhcpd
> udp 0 0 0.0.0.0:67 0.0.0.0:*
> 29803/dhcpd
> udp 0 0 0.0.0.0:67 0.0.0.0:*
> 28406/dhcpd
> udp 0 0 0.0.0.0:43699 0.0.0.0:*
> 29803/dhcpd
> udp 0 0 :::64466 :::*
> 29803/dhcpd
> udp 0 0 :::46109 :::*
> 28406/dhcpd
>
> Both these processes have their own dhcpd.id file in their chrooted
> directory.
> But the value in dhcpd.id is the same new process ID.
> Logs as below:
>
>
> linux-01:/proc/28406/root # cat var/run/dhcpd.pid
> 29803
> linux-01:/proc/28406/root # cd ../../29803/root
> linux-01:/proc/29803/root # cat var/run/dhcpd.pid
> 29803
>
> linux-01:~ # ls -ltr /var/run/dhcpd.pid
> lrwxrwxrwx 1 root root 31 Nov 16 06:21 /var/run/dhcpd.pid ->
> /var/lib/dhcp/var/run/dhcpd.pid
> linux-01:~ # cat /var/run/dhcpd.pid
> 29803
> linux-01:~ #
>
>
> Best Regards,
> Karteek
>
> ________________________________
> From: dhcp-users <dhcp-users-bounces at lists.isc.org> on behalf of Glenn
> Satchell <glenn.satchell at uniq.com.au>
> Sent: 16 November 2016 02:41:05
> To: Users of ISC DHCP
> Subject: Re: Weird problem of multiple dhcp processes running in parallel!
>
> ** This mail has been sent from an external source **
>
> Do each of the chrooted dhcpd processes have their own /var/run/dhcpd.pid
> file in the chroot directory, eg /var/lib/dhcp/var/run/dhcpd.pid? Is there
> a /var/run/dhcpd.pid as well? Which process id is in those file(s), and
> what is the ownership and permissions?
>
> I would have thought normal behaviour would be to check if the pid file
> existed, and complain if it did.
>
> regards,
> -glenn
>
> On Wed, November 16, 2016 5:32 am, karteek.challa at wipro.com wrote:
>> Hi,
>>
>>
>> Thanks for your reply!
>>
>>
>> The DHCP daemon is started in a chroot environment for security reasons
>> and is normal way of doing so.
>>
>> By doing this, the configuration files will be then copied to the
>> chrooted
>> directory and so the daemon can find them.
>>
>> If the DHCP server should ever be compromised by an outside attack, the
>> attacker will still be behind bars in the chroot jail, which prevents
>> him
>> from touching the rest of the system.
>>
>>
>> I found same UDP port number 67 for both dhcpd processes.
>>
>>
>> # netstat -tulpn | grep dhcpd
>> udp 0 0 0.0.0.0:67 0.0.0.0:*
>> 18976/dhcpd
>> udp 0 0 0.0.0.0:67 0.0.0.0:*
>> 18978/dhcpd
>> udp 0 0 0.0.0.0:57676 0.0.0.0:*
>> 18978/dhcpd
>> udp 0 0 0.0.0.0:30634 0.0.0.0:*
>> 18976/dhcpd
>> udp 0 0 :::26560 :::*
>> 18976/dhcpd
>> udp 0 0 :::34621 :::*
>> 18978/dhcpd
>>
>>
>> Best Regards,
>>
>> Karteek
>>
>> ________________________________
>> From: dhcp-users <dhcp-users-bounces at lists.isc.org> on behalf of
>> perl-list
>> <perl-list at network1.net>
>> Sent: 15 November 2016 22:55:11
>> To: Users of ISC DHCP
>> Subject: Re: Weird problem of multiple dhcp processes running in
>> parallel!
>>
>>
>> ** This mail has been sent from an external source **
>>
>> it shouldn't be able to do that because port 67 would already be in
>> use...
>> The kernel should prevent it. But I see you are using chroot and so on
>> that I am not familiar with and how that would affect things.
>>
>> ________________________________
>> From: "karteek challa" <karteek.challa at wipro.com>
>> To: dhcp-users at lists.isc.org
>> Cc: dhcp-users at lists.isc.org
>> Sent: Tuesday, November 15, 2016 12:00:29 PM
>> Subject: Re: Weird problem of multiple dhcp processes running in
>> parallel!
>>
>>
>> Hi,
>>
>> I've reproduced the issue by restarting the dhcpd service exactly at the
>> same time from 2 different hosts which had resulted in 2 dhcp processes
>> listening on eth0 interface.
>>
>> # ps -ef | grep dhcp
>> root 1284 1 0 Oct23 ? 02:01:27 /sbin/syslog-ng -a
>> /var/lib/dhcp/dev/log -a /var/lib/dhcp6/dev/log -a
>> /var/lib/named/dev/log
>> dhcpd 18976 1 0 14:01 ? 00:00:00 /usr/sbin/dhcpd -4 -cf
>> /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf
>> /db/dhcpd.leases -user dhcpd -group nogroup eth0
>> dhcpd 18978 1 0 14:01 ? 00:00:00 /usr/sbin/dhcpd -4 -cf
>> /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot /var/lib/dhcp -lf
>> /db/dhcpd.leases -user dhcpd -group nogroup eth0
>> root 29484 26297 0 14:02 pts/2 00:00:00 grep dhcp
>>
>> Is this a bug?
>>
>> Best Regards,
>> Karteek
>>
>> ________________________________
>> From: Karteek Challa (Communications-Telecom Equipment)
>> Sent: 11 November 2016 04:01
>> To: dhcp-users at lists.isc.org
>> Subject: Weird problem of multiple dhcp processes running in parallel!
>>
>>
>> Hi Friends,
>>
>>
>> I am facing a weird problem with the multiple dhcp process running in
>> parallel.
>>
>>
>> My dhcp server was configured to listen on only one eth0 and there used
>> to be only one process running always.
>>
>> But because of some inconsistent behaviour in hosts not getting IPs,
>> when
>> observed the linux machine with the dhcp server installed, I observed 5
>> dhcp process running in parallel.
>>
>> DHCPv4 server running in my linux machine.
>>
>>
>> dhcpd 1934 1.2 0.2 34844 8744 ? Ss 16:25 4:59
>> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
>> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
>> dhcpd 19095 1.2 0.2 34972 8756 ? Ss Nov09 26:12
>> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
>> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
>> dhcpd 19349 1.2 0.2 34840 8728 ? Ss Nov09 26:01
>> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
>> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
>> dhcpd 20649 1.1 0.2 34840 8728 ? Ss Nov09 24:41
>> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
>> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
>> dhcpd 21533 1.1 0.2 34840 8736 ? Ss Nov09 24:07
>> /usr/sbin/dhcpd -4 -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid -chroot
>> /var/lib/dhcp -lf /db/dhcpd.leases -user dhcpd -group nogroup eth0
>>
>> May I know in what scenario multiple dhcp processes will be created?
>>
>>
>> Best Regards,
>>
>> Karteek
>>
>>
>> The information contained in this electronic message and any attachments
>> to this message are intended for the exclusive use of the addressee(s)
>> and
>> may contain proprietary, confidential or privileged information. If you
>> are not the intended recipient, you should not disseminate, distribute
>> or
>> copy this e-mail. Please notify the sender immediately and destroy all
>> copies of this message and any attachments. WARNING: Computer viruses
>> can
>> be transmitted via email. The recipient should check this email and any
>> attachments for the presence of viruses. The company accepts no
>> liability
>> for any damage caused by any virus transmitted by this email.
>> www.wipro.com<http://www.wipro.com>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> The information contained in this electronic message and any attachments
>> to this message are intended for the exclusive use of the addressee(s)
>> and
>> may contain proprietary, confidential or privileged information. If you
>> are not the intended recipient, you should not disseminate, distribute
>> or
>> copy this e-mail. Please notify the sender immediately and destroy all
>> copies of this message and any attachments. WARNING: Computer viruses
>> can
>> be transmitted via email. The recipient should check this email and any
>> attachments for the presence of viruses. The company accepts no
>> liability
>> for any damage caused by any virus transmitted by this email.
>> www.wipro.com<http://www.wipro.com>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you
> are not the intended recipient, you should not disseminate, distribute or
> copy this e-mail. Please notify the sender immediately and destroy all
> copies of this message and any attachments. WARNING: Computer viruses can
> be transmitted via email. The recipient should check this email and any
> attachments for the presence of viruses. The company accepts no liability
> for any damage caused by any virus transmitted by this email.
> www.wipro.com
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
More information about the dhcp-users
mailing list