>Synopsis: dhcpd syncronization doesn't work, patch supplied
>Category: system
>Environment:
System : OpenBSD 5.2
Details : OpenBSD 5.2 (GENERIC.MP) #368: Wed Aug 1 10:04:49 MDT 2012
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
dhcpd syncronization doesn't work. dhcpd sends DHCP_SYNC_LEASE messages to the
peer server, but the peer seem to ignore them.
In /var/log/daemon one can see lots of "sending DHCP_SYNC_LEASE..." messages,
but no "DHCP_SYNC_LEASE from...".
>How-To-Repeat:
Set up two dhcpd servers with syncronization as specified in the man page.
The server soon get out of sync, no syncronization messages get through.
>Fix:
The problem is caused by the change between sync.c rev 1.3 and 1.4. A padding
was introduced for portability,
but the padding is never added to the message size, so the HMAC digest is
calculated on the whole message including
padding on the sending side, but on the message minus padding on the receiving
side.
>From what I can see, syncronization has been broken since before OPENBSD_4_4,
>is anybody using this feature?
I include a patch that fixes this problem, however, on my test system, the two
dhcpd servers soon get into an infinite loop,
sending updates to each other.
Index: usr.sbin/dhcpd/sync.c
===================================================================
RCS file: /cvs/src/usr.sbin/dhcpd/sync.c,v
retrieving revision 1.10
diff -u -r1.10 sync.c
--- usr.sbin/dhcpd/sync.c 23 Dec 2010 17:38:04 -0000 1.10
+++ usr.sbin/dhcpd/sync.c 9 Apr 2013 11:55:52 -0000
@@ -426,7 +426,7 @@
hdr.sh_version = DHCP_SYNC_VERSION;
hdr.sh_af = AF_INET;
hdr.sh_counter = sync_counter++;
- hdr.sh_length = htons(sizeof(hdr) + sizeof(ld) + sizeof(end));
+ hdr.sh_length = htons(sizeof(hdr) + sizeof(ld) + padlen + sizeof(end));
iov[i].iov_base = &hdr;
iov[i].iov_len = sizeof(hdr);
HMAC_Update(&ctx, iov[i].iov_base, iov[i].iov_len);
