Suspected disable_dgaf bug in hostapd 2.6 (corrupting UDP checksums for broadcast packets)

Brian Demsky bdemsky at gmail.com
Tue Apr 18 13:45:40 PDT 2017


So we managed to get this working on our side.  There are two bugs in hostapd for disable_dgaf:

(1) Multicast UDP packets that are converted to unicast have the wrong UDP checksum.  We are working around this problem using iptables:
iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill

(2) The handle_dhcp function in dhcp_snoop.c does not properly convert to unicast all DHCPACK messages.  If any of the return conditions are hit in the if statement, the code for converting broadcast packets to unicast is not executed.  The client then fails to receive a DHCPACK, and depending on the client may fail the DHCP negotiation.  We worked around this by moving the code for converting broadcast messages to unicast above the if statement for DHCPACK.

Brian


> On Apr 15, 2017, at 11:21 PM, Brian Demsky <bdemsky at gmail.com> wrote:
> 
> When we enable disable_dgaf, our DHCP server stops working with
> certain devices.
> 
> When we use tcpdump to monitor the traffic, we see the following:
> 
> First we see the initial broadcasted DHCP server response.
> 
> 05:10:24.975465 74:da:38:68:72:84 (oui Unknown) > Broadcast, ethertype IPv4 (0x0
> 800), length 342: (tos 0xc0, ttl 64, id 33762, offset 0, flags [none], proto UDP
> (17), length 328)
> 192.168.2.1.67 > 255.255.255.255.68: [udp sum ok] BOOTP/DHCP, Reply, length
> 300, xid 0xb901c70e, Flags [Broadcast] (0x8000)
>       Your-IP 192.168.2.232
>       Server-IP 192.168.2.1
>       Client-Ethernet-Address d0:73:d5:02:41:da (oui Unknown)
>       Vendor-rfc1048 Extensions
>         Magic Cookie 0x63825363
>         DHCP-Message Option 53, length 1: Offer
>         Server-ID Option 54, length 4: 192.168.2.1
>         Lease-Time Option 51, length 4: 172800
>         RN Option 58, length 4: 86400
>         RB Option 59, length 4: 151200
>         Subnet-Mask Option 1, length 4: 255.255.255.0
>         BR Option 28, length 4: 192.168.2.255
>         Default-Gateway Option 3, length 4: 192.168.2.1
>         Domain-Name-Server Option 6, length 4: 192.168.2.1
>         END Option 255, length 0
>         PAD Option 0, length 0, occurs 8
> 
> 
> Next we see the conversion to unicast that is done in the hostapd
> driver.  The interesting thing is that the UDP checksum is now
> invalid.  It has been changed to c3ee.
> 
> 05:10:24.975564 74:da:38:68:72:84 (oui Unknown) > d0:73:d5:02:41:da (oui Unknown
> ), ethertype IPv4 (0x0800), length 342: (tos 0xc0, ttl 64, id 33762, offset 0, f
> lags [none], proto UDP (17), length 328)
> 192.168.2.1.67 > 255.255.255.255.68: [bad udp cksum 0xc3ee -> 0xe880!] BOOTP
> /DHCP, Reply, length 300, xid 0xb901c70e, Flags [Broadcast] (0x8000)
>       Your-IP 192.168.2.232
>       Server-IP 192.168.2.1
>       Client-Ethernet-Address d0:73:d5:02:41:da (oui Unknown)
>       Vendor-rfc1048 Extensions
>         Magic Cookie 0x63825363
>         DHCP-Message Option 53, length 1: Offer
>         Server-ID Option 54, length 4: 192.168.2.1
>         Lease-Time Option 51, length 4: 172800
>         RN Option 58, length 4: 86400
>         RB Option 59, length 4: 151200
>         Subnet-Mask Option 1, length 4: 255.255.255.0
>         BR Option 28, length 4: 192.168.2.255
>         Default-Gateway Option 3, length 4: 192.168.2.1
>         Domain-Name-Server Option 6, length 4: 192.168.2.1
>         END Option 255, length 0
>         PAD Option 0, length 0, occurs 8
> 
> 
> Any suggestions on fixing this?
> 
> Thanks,
> Brian




More information about the Hostap mailing list