dhcrelay and interfaces
Shawn Routhier
sar at isc.org
Mon Aug 1 20:06:25 UTC 2016
We have received some tickets about the handling of
interfaces in dhcrelay (41547 & 42849). These deal with
the need to have the relay listen for responses from
the server via the -i <interface> option and the possibility
of packets being duplicated. (This can also be found at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648401 <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648401>)
There is a patch (with some variations) that uses -i for
interfaces that would lead to the client (downstream)
and that auto-discovers the rest of the interfaces and
uses them to receive responses from any servers.
This patch has been in debian for some time and we
are investigating adding it to the main code. However
there is one issue we are considering. If the admin
sets up their interfaces with -i they can limit the interfaces
the relay will accept “responses” from. With the debian
patch it appears that the relay will accept responses from
all interfaces.
In theory I can see this as a possible problem for somebody.
In practice I’m not sure that it is an issue. While we are
considering addressing the underlying issues in other ways
I wanted to check with the community and see if anybody
actually has had a problem in practice (or equally decided
not to use the patch due to this issue).
regards,
Shawn Routhier
ISC DHCP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20160801/bef26d79/attachment.html>
More information about the dhcp-users
mailing list