After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 705137 - dhclient can DOS the local router (DHCP server) when NetworkManager fails
dhclient can DOS the local router (DHCP server) when NetworkManager fails
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: IP and DNS config
git master
Other Linux
: Normal normal
: ---
Assigned To: Pavel Simerda
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2013-07-30 12:13 UTC by Pavel Simerda
Modified: 2013-08-13 20:55 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Kill dhclient on fatal errors. (2.02 KB, patch)
2013-07-30 13:31 UTC, Pavel Simerda 		none Details | Review

Description Pavel Simerda 2013-07-30 12:13:43 UTC 
It happened to me with a bug in 'pavlix/runtime'. NetworkManager crashed or otherwise failed at the beginning of DHCP process. The helper script returns 1 on error (it couldn't connect to NetworkManager dbus service for some reason) and dhclient reacts by immediately contacting the DHCP server and running the script again.

This results in a loop that overhauls the DHCP server. In a typical setup where DHCP server is being run by a SOHO router, this can render the whole network unresponsive.
Comment 1 Pavel Simerda 2013-07-30 13:31:42 UTC 
Created attachment 250469 [details] [review]
Kill dhclient on fatal errors.
Comment 2 Dan Williams 2013-07-30 16:07:22 UTC 
Could we just make the script always return success?
Comment 3 Pavel Simerda 2013-07-30 16:33:41 UTC 
(In reply to comment #2)
> Could we just make the script always return success?

But then you're leaving dhclient running even if it can't work. I think the best think you can do on a fatal error is just exit. If we can tell dhclient to exit, even better, but I asked jpopelka and he didn't know about other exit codes and the documentation doesn't mention any.
Comment 4 Dan Williams 2013-07-30 16:37:24 UTC 
If, however, we make the script only exit on certain events, then we can continue to let dhclient renew the lease and keep things working for a while at least.  I'm just somewhat concerned that if this behavior is changed to the suggested patch, that if a user stops NetworkManager, then soon after (if their lease is almost up) dhclient will die, and the address will still be valid on the interface without anything left there to continue to renew it.
Comment 5 Pavel Simerda 2013-07-30 17:20:04 UTC 
(In reply to comment #4)
> If, however, we make the script only exit on certain events,

Not sure what you mean.

> then we can
> continue to let dhclient renew the lease and keep things working for a while at
> least.

We're talking about fatal errors, here. Lease renewal doesn't help us as the kernel will remove the address anyway when dhclient's information doesn't get to NetworkManager.

> I'm just somewhat concerned that if this behavior is changed to the
> suggested patch, that if a user stops NetworkManager, then soon after (if their
> lease is almost up) dhclient will die,

NetworkManager should always kill its subdaemons to avoid unexpected problems e.g. after [security] updates.

> and the address will still be valid on
> the interface without anything left there to continue to renew it.

Actually the current git master already sets the kernel address lifetime.
Comment 6 Pavel Simerda 2013-08-13 07:44:41 UTC 
Once again DOSed by this bug with a crashed long-running NetworkManager. An updated patch in pavlix/master uses SIGTERM instead of SIGKILL as suggested by Thomas Haller.
Comment 7 Pavel Simerda 2013-08-13 07:45:33 UTC 
^^ the branch name is pavlix/runtime ^^
Comment 8 Dan Williams 2013-08-13 20:55:47 UTC 
The specific patch from pavlix/runtime was merged.