-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Virtual DHCP Server: Correct DHCP Sequence #1989
Conversation
How do you find all those ? Just curious
…On Fri, Apr 26, 2024, 08:40 hiura2023 ***@***.***> wrote:
Changes proposed in this pull request:
- Virtual DHCP does not work.
- Change DHCP sequence like below.
- Actual action
①DHCP DISCOVER
②DHCP NAK
③DHCP DISCOVER
④DHCP NAK
⑤Repeat it (same as ③,④)
- Expected action
①DHCP DISCOVER first
②DHCP DISCOVER second
③DHCP DISCOVER n times
④DHCP OFFER
⑤DHCP REQUEST
⑥DHCP ACK
------------------------------
You can view, comment on, or merge this pull request online at:
#1989
Commit Summary
- 7f074d0
<7f074d0>
Fix Virtual DHCP Server: Correct HDCP Sequence
- 6227919
<6227919>
Merge branch 'SoftEtherVPN:master' into master
File Changes
(1 file <https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1989/files>)
- *M* src/Cedar/Virtual.c
<https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1989/files#diff-1e6764240341846ba3ea52a6a7bf68bf5713dc5818eee5c82479ad4b8bbce879>
(56)
Patch Links:
- https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1989.patch
- https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1989.diff
—
Reply to this email directly, view it on GitHub
<#1989>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQ5KUEXFOHRLVDHBDI25YTY7HZGBAVCNFSM6AAAAABG2GPHYKVHI2DSMVQWIX3LMV43ASLTON2WKOZSGI3DKMBWHA3TINY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
I updated first comment. I think that DHCP_NAK responds to DHCP_REQUEST, not DHCP_DISCOVER. |
I added the test environment and test result later. |
I've some ideas on automated testing. in theory we can try ISC dhclient, which is flexible and allows dhclient-script to handle response instead of applying to system live. but those are ideas for future improvements |
Description of second pull request I added
Ideal action①DHCP DISCOVER Attached A:Lease Limit:40 seconds |
@hiura2023 Excellent work! I've checked the code changes and as much as I understood it's perfect! If this Commit will be applied,
|
thank you for contribution! |
I'm going to make a release today |
Changes proposed in this pull request:
Virtual DHCP sequence is not correct.
Why does DHCP NAK respond to DHCP DISCOVER ?
Change DHCP sequence like below.
Actual action
①DHCP DISCOVER
②DHCP NAK
③DHCP DISCOVER
④DHCP NAK
⑤Sequence ③,④ repeated several times.
⑥DHCP DISCOVER
⑦DHCP OFFER
⑧DHCP REQUEST
⑨DHCP ACK
Attached A and B
Expected action
①DHCP DISCOVER first
②DHCP DISCOVER second
③DHCP DISCOVER repeated several times
④DHCP OFFER
⑤DHCP REQUEST
⑥DHCP ACK
DHCP client resend ②,③ if VPN server is not ready to reply ④ immediately
Refer to RFC2131
Ideal action
①DHCP DISCOVER
②DHCP OFFER
③DHCP REQUEST
④DHCP ACK
Refer to RFC2131:
https://www.rfc-editor.org/rfc/rfc2131#section-4.4
[Page 34]Figure 5: State-transition diagram for DHCP clients
Timeout example:
https://www.cente.jp/files/20100222_TCPIPv4_001-0016.pdf
Attached A:
![DHCP_ACTUAL_20SEC2024-04-29](https://private-user-images.githubusercontent.com/137624316/326313585-dc79a004-357f-43e4-a085-3a271c581981.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjI0MTg5MTYsIm5iZiI6MTcyMjQxODYxNiwicGF0aCI6Ii8xMzc2MjQzMTYvMzI2MzEzNTg1LWRjNzlhMDA0LTM1N2YtNDNlNC1hMDg1LTNhMjcxYzU4MTk4MS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzMxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDczMVQwOTM2NTZaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0yZWZhNGQyMmIzZmY0MjI2NzU4Y2QyMWRhMzk5MjIxOGJkMTU2YjQzMDg4ZWMyMjAwYzA1YjA1MDk2Nzc1MTBjJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.VOAMJSSgs9qmudxQtmB3SPDDfcCDFF6aOakOPDZAWIg)
The time-out period is 20 seconds on "security policy of user" screen.
Attached B:
SEVPN_DHCP_TOO_LATE_REMOTE.txt