| View previous topic :: View next topic |
| Author |
Message |
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
 Posted: Sat May 18, 2013 6:50 am Post subject: WTF is udhcpc and why did it run? |
 |
|
After experiencing days of absolutely horrible network performance, an investigation revealed that /etc/resolv.conf had been wiped out (not even backed up) and replaced with:
| Code: |
# Generated by udhcpc for eth0
search localdomain.loc
nameserver 1.2.3.4
nameserver 1.2.3.5
|
I am not using dhcp. My /etc/conf.d/net have the same two lines as always, and I still have the same static address as always.
| Code: |
config_eth0='192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0'
routes_eth0='default via 192.168.0.1'
|
What can trigger this, and (more important) how can I keep this from EVER running again? |
|
| Back to top |
|
 |
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Sat May 18, 2013 7:11 am Post subject: Re: WTF is udhcpc and why did it run? |
|
|
| curmudgeon wrote: |
What can trigger this, and (more important) how can I keep this from EVER running again? |
To make story short, udev was update, a note has been put udev change network device name, so your config targetting eth0 is targetting a non existing device now, and the new device name (a stupid mqlkdafjqsdmlfksdj like name) now have no rules and so openrc trigger dhcp to get an ip.
If it's that, it's because you didn't read the note, so the answer to "What can trigger this" must be "udev stupid names" & "you". |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Sat May 18, 2013 10:42 am Post subject: Re: WTF is udhcpc and why did it run? |
|
|
| krinn wrote: | | If it's that, it's because you didn't read the note, so the answer to "What can trigger this" must be "udev stupid names" & "you". |
I did read that note (especially the part about configuring rules to keep eth0 :) ).
I am still (very much) interested in the idea of some way to completely disable any possibility of a dhcp client automatically running if something fails (that is a very bad idea in my opinion). |
|
| Back to top |
|
|
Maitreya
Guru
Joined: 11 Jan 2006
Posts: 441
|
| Posted: Sat May 18, 2013 11:32 am Post subject: Re: WTF is udhcpc and why did it run? |
|
|
| curmudgeon wrote: | | krinn wrote: | | If it's that, it's because you didn't read the note, so the answer to "What can trigger this" must be "udev stupid names" & "you". |
I did read that note (especially the part about configuring rules to keep eth0  ).
I am still (very much) interested in the idea of some way to completely disable any possibility of a dhcp client automatically running if something fails (that is a very bad idea in my opinion). |
Well in this particular case it is probably handy to have it try dhcp. Not everyone reads the notes carefully. So if someone rebooted after the udev update they could still reach it remotely. Also it fires only when it gets a network device, so why not probe for a automatic adres? |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Sat May 18, 2013 1:11 pm Post subject: Re: WTF is udhcpc and why did it run? |
|
|
curmudgeon ...
simply provide the nameserver, like so:
| Code: | config_eth0="192.168.0.2/24"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="192.168.0.1" |
I suspect some hotplugging here as I've not seen udhcpc run when a static address is asigned (though I would generally always provide a nameserver in such cases). Anyhow, none of this should result in "horrible network performance" so the actual issue may be elsewhere.
best ... khay |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Sun May 19, 2013 2:14 am Post subject: Re: WTF is udhcpc and why did it run? |
|
|
| khayyam wrote: | | Anyhow, none of this should result in "horrible network performance" so the actual issue may be elsewhere. |
It blew up /etc/resolv.conf (without backing it up, which is doubly annoying). The DNS servers that udhcpc picked up were horrible (minimum fifteen seconds to return anything), and on top of that, I run dnsmasq (which any decent dhcp client would have incorporated into a modified resolv.conf, but udhcpc didn't).
Beyond that, there are security implications involved in running a dhcp client when one is not desired.
Since my question has not been answered yet, I will repeat it - how do I block udhcpc from ever running under any circumstances? |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Sun May 19, 2013 1:41 pm Post subject: Re: WTF is udhcpc and why did it run? |
|
|
| curmudgeon wrote: | | khayyam wrote: | | Anyhow, none of this should result in "horrible network performance" so the actual issue may be elsewhere. |
It blew up /etc/resolv.conf (without backing it up, which is doubly annoying). The DNS servers that udhcpc picked up were horrible (minimum fifteen seconds to return anything), and on top of that, I run dnsmasq (which any decent dhcp client would have incorporated into a modified resolv.conf, but udhcpc didn't). |
curmudgeon ... none of which are directly related to the quote above. It "blows up" resolv.conf because dhcp clients do this *unless* they are told not to request DNS (using the "nodns" switch in dhcp_${IFACE}), the dns servers "picked up" are provided by whatever is serving dhcp on the network, and if you want resolv.conf to be handled by multiple sources, or be static, then you need to figure out why udhcpc is started in the first place. As I said, the issue seems to be elsewhere as having a static address defined should be sufficent for the interface to be brought up, and no dhcp client should be called. So, something else is no doubt causing udhcpc to be started, what I can't tell, as there is too little information to go on.
| curmudgeon wrote: | | Beyond that, there are security implications involved in running a dhcp client when one is not desired. |
There are security implication to any number of things, but it is by understanding the cause behind an event that allows for its mitigation. So, sure, we can state "that shouldn't happen" but that is in the realm of the obvious, and provides no clue as to the why.
| curmudgeon wrote: | | Since my question has not been answered yet, I will repeat it - how do I block udhcpc from ever running under any circumstances? |
As I stated above with a staticly defined address it shouldn't, so you need to look for the root cause and/or provide some clue as to why it might. Generally, to get your question answered its best to present the question in a way in which others can help, your "question has not been answered yet" because, quite frankly, no one has any idea what might be at work here, all we have is two lines from your /etc/conf.d/net ... and lots of huffing and puffing.
best ... khay |
|
| Back to top |
|
|
nix213
n00b
Joined: 08 Feb 2013
Posts: 23
Location: Illinois
|
| Posted: Sun May 19, 2013 5:42 pm Post subject: |
|
|
There's a net.example file in /usr/share/doc/openrc*/ that might be of help to you.
You could, for example, install net-misc/dhcp then add stuff like this to /etc/conf.d/net:
config_eth0="dhcp"
modules_eth0="dhcpd !udhcp"
dhcp_eth0="release nodns"
dns_servers_eth0="8.26.56.26 198.153.192.40"
just a few ideas 
_________________
"Wherever you go, go with all your heart." -Confucius |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Wed May 22, 2013 9:39 am Post subject: Re: WTF is udhcpc and why did it run? |
|
|
| khayyam wrote: | | none of which are directly related to the quote above. It "blows up" resolv.conf because dhcp clients do this *unless* they are told not to request DNS (using the "nodns" switch in dhcp_${IFACE}), |
Well-behaved dhcp clients will back up the original, and restore it when shutting down.
| khayyam wrote: | | the dns servers "picked up" are provided by whatever is serving dhcp on the network, and if you want resolv.conf to be handled by multiple sources, or be static, then you need to figure out why udhcpc is started in the first place. |
In looking at the time stamp on the altered resolv.conf, it appears that it happened several cycles (boots) ago. I have never watched for that before, and it has not happened since (and I have been paying VERY close attention to it. The log files (/var/log/messages*) contain no information about it.
| khayyam wrote: | | There are security implication to any number of things, but it is by understanding the cause behind an event that allows for its mitigation. So, sure, we can state "that shouldn't happen" but that is in the realm of the obvious, and provides no clue as to the why. |
This is why running a dhcp client on a machine that is NEVER supposed to use dhcp is so pernicious. If the machine finds a rogue dhcp server on the network, it is easy to end up with hijacked dns servers, and it doesn't take much imagination to see the types of problems that can cause.
| khayyam wrote: | | curmudgeon wrote: | | Since my question has not been answered yet, I will repeat it - how do I block udhcpc from ever running under any circumstances? |
As I stated above with a staticly defined address it shouldn't, so you need to look for the root cause and/or provide some clue as to why it might. |
As I stated above, it has a static address, and should always use it. I want to protect against the "known unknown" of activating a dhcp client that should never be activated under any circumstances.
I don't believe it should be that difficult (in fact, it should be trivial) to disable a program that should never be run.
| nix213 wrote: | There's a net.example file in /usr/share/doc/openrc*/ that might be of help to you.
You could, for example, install net-misc/dhcp then add stuff like this to /etc/conf.d/net:
config_eth0="dhcp"
modules_eth0="dhcpd !udhcp"
dhcp_eth0="release nodns"
dns_servers_eth0="8.26.56.26 198.153.192.40" |
I absolutely do not want ANOTHER dhcp client on the machine, and I don't want to EVER use ANY dhcp client.
Would this work in isolation (or in combination with something else)?
modules_eth0="!udhcp"
I doubt it, but it will probably be the next thing I test? |
|
| Back to top |
|
|
Jaglover
Watchman
Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana
|
|
| Back to top |
|
|
Gusar
Advocate
Joined: 09 Apr 2005
Posts: 2665
Location: Slovenia
|
| Posted: Wed May 22, 2013 10:42 am Post subject: |
|
|
| Jaglover wrote: | | Why is this udhcpc present in your box? |
Every gentoo user has it, it's part of busybox. |
|
| Back to top |
|
|
Jaglover
Watchman
Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana
|
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Thu May 23, 2013 2:13 am Post subject: |
|
|
| Jaglover wrote: | | Well, you can set immutable flag on resolv.conf, but this is hardly an elegant soulution. |
Still wouldn't solve the problem of a rogue dhcp server setting a malicious router.
| Jaglover wrote: | | I use static conf and there is no DHCP client in the system. |
I use a static ip address, and I didn't think there was any dhcp client either.
In a way this reminds me of the stupid programming in browsers now. If something doesn't work, it is automatically "searched for" instead of displaying the proper messages.
What I want is that if, for any reason (such as whatever happened that one time a few boots ago), the static address assignation fails, there should be a CLEAR AND UNAMBIGUOUS ERROR, because something is obviously wrong. |
|
| Back to top |
|
|
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Thu May 23, 2013 3:15 am Post subject: |
|
|
then how about just
| Code: | | echo 'INSTALL_MASK="${INSTALL_MASK} /usr/share/udhcpc"' >> /etc/portage/make.conf |
|
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Thu May 23, 2013 3:28 am Post subject: |
|
|
| krinn wrote: | then how about just
| Code: | | echo 'INSTALL_MASK="${INSTALL_MASK} /usr/share/udhcpc"' >> /etc/portage/make.conf |
|
krinn ... udhcpc is a component of /bin/busybox, busybox doesn't install anything to /usr/share/udhcpc. Anyhow, the problem isn't with udhcpc, thats meerly the effect.
best ... khay |
|
| Back to top |
|
|
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Thu May 23, 2013 3:50 am Post subject: |
|
|
damnit this thing is a virus
maybe change /etc/udhcpcd.conf
| Code: | | interface anonexistantname |
|
|
| Back to top |
|
|
The Doctor
Moderator
Joined: 27 Jul 2010
Posts: 2678
|
| Posted: Thu May 23, 2013 4:20 am Post subject: |
|
|
If you just want to kill it, then why not configure busybox not to build it. Build busybox with USE="savedconfig" and edit the file. I think the file should be located at /etc/portage/savedconfig/sys-apps/busybox-1.21.0
You probably want to be careful not to rip too much out.
_________________
First things first, but not necessarily in that order.
Apologies if I take a while to respond. I'm currently working on the dematerialization circuit for my blue box. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Thu May 23, 2013 9:36 am Post subject: |
|
|
| nix213 wrote: | There's a net.example file in /usr/share/doc/openrc*/ that might be of help to you.
You could, for example, install net-misc/dhcp then add stuff like this to /etc/conf.d/net:
config_eth0="dhcp"
modules_eth0="dhcpd !udhcp"
dhcp_eth0="release nodns"
dns_servers_eth0="8.26.56.26 198.153.192.40"
just a few ideas |
Better yet disable dhcp globally
modules="!dhcp"
may work, if that fails specify each dhcp module
modules="!dhcpcd !udhcpc"
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool |
|
| Back to top |
|
|
|
Networking & Security
