General Questions

Hi,

Recently I've been expriencing slow internet connection and when I've been looking at the logs in m0n0wall, I see a lot of these logged (dhclient: bogus UDP packet length) in the System log and dhcpd: DHCPOFFER on 192.168.0.250 to 00:20:18:d7:8b:8c (Veritech-Vista) via xl0 and dhcpd: DHCPDISCOVER from 00:20:18:d7:8b:8c via xl0 in the DHCP log.  Any ideas what's causing this?

At first I thought a virus, but I have 2 OSes on the same machine (Vista and XP) one of them hasn't been used in months, back when the connection was fine.

Is your WAN DHCP?

I'm connected via Cabel modem so yes I'd say it using DHCP. However the log entries in the DHCP log are on the LAN side (the mac address and machine name are that of my system)

The "dhclient: bogus UDP packet length" does not come from the LAN side, dhclient is the DHCP client, which only runs on the WAN. Not sure what causes that, Google isn't much help there so it's uncommon.

The other messages come from the DHCP server from the LAN side.

this:

Code:

dhcpd: DHCPOFFER on 192.168.0.250 to 00:20:18:d7:8b:8c (Veritech-Vista) via xl0
dhcpd: DHCPDISCOVER from 00:20:18:d7:8b:8c via xl0

Which is in reverse time order, DHCPDISCOVER comes before DHCPOFFER, appears to be your machine. The machine's hostname is Veritech-Vista, probably your Vista install, and the NIC manufacturer (from the MAC address) is Cis Technology Inc.

Does your traffic graph show a lot of activity?

OK the reverse order is normal, I copied from the log so the las entries are first.
On my other install (XP) the DHCP logs are the follwing :

Apr 4 20:23:58    dhcpd: DHCPACK to 192.168.0.100 (<no client hardware address>) via xl0
Apr 4 20:23:58    dhcpd: DHCPINFORM from 192.168.0.100 via xl0

They are different because on this install, I need a static IP

Traffic graphs don't show a lot of load, except a UDP packet ponce in a while that looks like the bogus one I see in the logs...

Hope it helps

Hi,

I have been seeing the same thing (not on a m0n0wall), but periodically...

This might be the answer we are looking for:

http://www.archivesat.com/dhcp-server.isc.org/thread237578.htm

Hope that helps...

ciao

PS. Just in case the link above ever dies...

On Sun, Mar 05, 2006 at 10:15:29PM -0800, squid wrote:
> Mar  5 21:44:54 jimbo dhcpd: DHCPACK to 10.9.165.92 (<no client hardware address>) via eth2.302
>
> ideas why its saying theres no mac address?

Because the client did not supply one.

I bet if you look, this is in response to a DHCPINFORM.

This is a bug fixed in 3.0.4b3 (previous to 3.0.4b3, it would log the mac address incorrectly as "00:00:00:00:00:00" when in fact the client supplied a zero htype, zero hlen, and all-zero chaddr).

There's a factual difference between hlen = 0 and hlen = 6, chaddr = 00:00:00:00:00:00, so this is a logging bug that was fixed in a round of related changes.

> whats weird too is when i look in the leases file I have a lease for that ip with a mac address

The kinds of software that are producing these packets (no chaddr, often no ciaddr either (on INFORM this is a protocol violation, see rfc2131)) are generally software that runs on Windows machines in "user" space (think macromedia flash) and are attempting to do their own DHCP in order to obtain options that way (I guess they can't get it from Windows' DHCP client).

So it wouldn't be unusual that you have a lease entry.  What you're looking at is the output of two completely different software packages.

--
David W. Hankins      "If you don't do it right the first time,
Software Engineer         you'll just have to do it again."
Internet Systems Consortium, Inc.      -- Jack T. Hankins

I finally found my issue, I reset the cable modem and voila!

strange, never happenmned like this before