Fedora: How to interpret dhclient behaviour and how to configure it
by Shaggy1 from LinuxQuestions.org on (#5D7DV)
Systen info
$ uname -a
Code:Linux localhost.cable.virginm.net 4.8.13-100.fc23.x86_64 #1 SMP Fri Dec 9 14:51:40 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxCode:$cat /etc/redhat-release
Fedora release 23 (Twenty Three)Code:$ dhclient --version
isc-dhclient-4.3.3-P1----------------------
Using tcpdump to dump the dhcp messages what I see is a Request message from the client using option 50 to request the ip address.
When I remove the contents of var/lib/dhclient, stop the network and run dhclient manually I see something more like what I was expecting, but it loops showing 'bad udp checksum' on the Request message (and the offer from the router is the wrong address - but that's another issue):
Code:# tcpdump -i enp0s10 port 67 or port 68 -e -n -vv
tcpdump: listening on enp0s10, link-type EN10MB (Ethernet), capture size 262144 bytes
16:02:32.589688 00:01:6c:6c:c3:35 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x288d4220, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:35.597288 78:d2:94:b5:c6:48 > 00:01:6c:6c:c3:35, ethertype IPv4 (0x0800), length 353: (tos 0xc0, ttl 64, id 36697, offset 0, flags [none], proto UDP (17), length 339)
10.45.76.1.bootps > 10.45.76.118.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 311, xid 0x288d4220, Flags [none] (0x0000)
Your-IP 10.45.76.118
Server-IP 10.45.76.1
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 10.45.76.1
Lease-Time Option 51, length 4: 86400
RN Option 58, length 4: 43200
RB Option 59, length 4: 75600
Subnet-Mask Option 1, length 4: 255.255.255.0
BR Option 28, length 4: 10.45.76.255
Domain-Name-Server Option 6, length 4: 10.45.76.1
Domain-Name Option 15, length 17: "cable.virginm.net"
Default-Gateway Option 3, length 4: 10.45.76.1
16:02:35.598168 00:01:6c:6c:c3:35 > 78:d2:94:b5:c6:48, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 7702, offset 0, flags [DF], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [bad udp cksum 0x5773 -> 0x8f48!] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x288d4220, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Server-ID Option 54, length 4: 10.45.76.1
Requested-IP Option 50, length 4: 10.45.76.118
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:41.544780 00:01:6c:6c:c3:35 > 78:d2:94:b5:c6:48, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 10105, offset 0, flags [DF], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [bad udp cksum 0x5773 -> 0x8f48!] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x288d4220, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Server-ID Option 54, length 4: 10.45.76.1
Requested-IP Option 50, length 4: 10.45.76.118
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:48.357793 00:01:6c:6c:c3:35 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x150d4258, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:48.358513 78:d2:94:b5:c6:48 > 00:01:6c:6c:c3:35, ethertype IPv4 (0x0800), length 353: (tos 0xc0, ttl 64, id 37274, offset 0, flags [none], proto UDP (17), length 339)
10.45.76.1.bootps > 10.45.76.118.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 311, xid 0x150d4258, Flags [none] (0x0000)
Your-IP 10.45.76.118
Server-IP 10.45.76.1
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 10.45.76.1
Lease-Time Option 51, length 4: 86400
RN Option 58, length 4: 43200
RB Option 59, length 4: 75600
Subnet-Mask Option 1, length 4: 255.255.255.0
BR Option 28, length 4: 10.45.76.255
Domain-Name-Server Option 6, length 4: 10.45.76.1
Domain-Name Option 15, length 17: "cable.virginm.net"
Default-Gateway Option 3, length 4: 10.45.76.1
16:02:48.360443 00:01:6c:6c:c3:35 > 78:d2:94:b5:c6:48, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 13952, offset 0, flags [DF], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [bad udp cksum 0x5773 -> 0xa290!] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x150d4258, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Server-ID Option 54, length 4: 10.45.76.1
Requested-IP Option 50, length 4: 10.45.76.118
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:53.700332 00:01:6c:6c:c3:35 > 78:d2:94:b5:c6:48, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 15857, offset 0, flags [DF], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [bad udp cksum 0x5773 -> 0xa290!] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x150d4258, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Server-ID Option 54, length 4: 10.45.76.1
Requested-IP Option 50, length 4: 10.45.76.118
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
In addition if I try to run :
systemctl start network
When
/var/lib/dhclient
is empty, I see alot of error messages in the syatem logs related not being able to create files in /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease and SELinux is preventing dhclient from write access:
Code:Jan 23 16:27:28 localhost.cable.virginm.net polkitd[885]: Registered Authentication Agent for unix-process:4196:51409456 (system bus name :1.17697 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8)
Jan 23 16:27:28 localhost.cable.virginm.net systemd[1]: Starting LSB: Bring up/down networking...
Jan 23 16:27:29 localhost.cable.virginm.net network[4203]: Bringing up loopback interface: [ OK ]
Jan 23 16:27:30 localhost.cable.virginm.net network[4203]: Bringing up interface enp0s10:
Jan 23 16:27:30 localhost.cable.virginm.net audit[4370]: AVC avc: denied { write } for pid=4370 comm="dhclient" name="dhclient" dev="dm-1" ino=2795319 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0
Jan 23 16:27:30 localhost.cable.virginm.net dhclient[4370]: can't create /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease: Permission denied
Jan 23 16:27:30 localhost.cable.virginm.net dhclient[4370]: Created duid \000\001\000\001'\237\012\362\000\001ll\3035.
Jan 23 16:27:30 localhost.cable.virginm.net dhclient[4370]: can't create /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease: Permission denied
Jan 23 16:27:30 localhost.cable.virginm.net audit[4370]: AVC avc: denied { write } for pid=4370 comm="dhclient" name="dhclient" dev="dm-1" ino=2795319 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0
Jan 23 16:27:30 localhost.cable.virginm.net dhclient[4370]: DHCPDISCOVER on enp0s10 to 255.255.255.255 port 67 interval 4 (xid=0x24f09629)
Jan 23 16:27:33 localhost.cable.virginm.net dbus[800]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jan 23 16:27:33 localhost.cable.virginm.net dhclient[4370]: DHCPREQUEST on enp0s10 to 255.255.255.255 port 67 (xid=0x24f09629)
Jan 23 16:27:33 localhost.cable.virginm.net dhclient[4370]: DHCPOFFER from 10.45.76.1
Jan 23 16:27:33 localhost.cable.virginm.net dhclient[4370]: DHCPACK from 10.45.76.1 (xid=0x24f09629)
Jan 23 16:27:35 localhost.cable.virginm.net dbus[800]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jan 23 16:27:35 localhost.cable.virginm.net avahi-daemon[817]: Joining mDNS multicast group on interface enp0s10.IPv4 with address 10.45.76.118.
Jan 23 16:27:35 localhost.cable.virginm.net avahi-daemon[817]: New relevant interface enp0s10.IPv4 for mDNS.
Jan 23 16:27:35 localhost.cable.virginm.net avahi-daemon[817]: Registering new address record for 10.45.76.118 on enp0s10.IPv4.
Jan 23 16:27:35 localhost.cable.virginm.net NET[4401]: /usr/sbin/dhclient-script : updated /etc/resolv.conf
Jan 23 16:27:35 localhost.cable.virginm.net dhclient[4370]: can't create /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease: Permission denied
Jan 23 16:27:35 localhost.cable.virginm.net audit[4370]: AVC avc: denied { write } for pid=4370 comm="dhclient" name="dhclient" dev="dm-1" ino=2795319 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0
Jan 23 16:27:35 localhost.cable.virginm.net dhclient[4370]: bound to 10.45.76.118 -- renewal in 35996 seconds.
Jan 23 16:27:35 localhost.cable.virginm.net network[4203]: Determining IP information for enp0s10... done.
Jan 23 16:27:40 localhost.cable.virginm.net setroubleshoot[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient. For complete SELinux messages. run sealert -l 46e2549f-9d4e-4e30-994d-560e6a0f26c7
Jan 23 16:27:40 localhost.cable.virginm.net python3[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient.
***** Plugin restorecon (94.8 confidence) suggests ************************
If you want to fix the label.
/var/lib/dhclient default label should be dhcpc_state_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/lib/dhclient
***** Plugin catchall_labels (5.21 confidence) suggests *******************
If you want to allow dhclient to have write access on the dhclient directory
Then you need to change the label on /var/lib/dhclient
Do
# semanage fcontext -a -t FILE_TYPE '/var/lib/dhclient'
where FILE_TYPE is one of the following: NetworkManager_var_lib_t, dhcp_state_t, dhcpc_state_t, dhcpc_tmp_t, dhcpc_var_run_t, etc_t, net_conf_t, systemd_passwd_var_run_t, tmp_t, var_run_t, virt_lxc_var_run_t, virt_var_run_t.
Then execute:
restorecon -v '/var/lib/dhclient'
***** Plugin catchall (1.44 confidence) suggests **************************
If you believe that dhclient should be allowed write access on the dhclient directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'dhclient' --raw | audit2allow -M my-dhclient
# semodule -X 300 -i my-dhclient.pp
Jan 23 16:27:41 localhost.cable.virginm.net setroubleshoot[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient. For complete SELinux messages. run sealert -l 46e2549f-9d4e-4e30-994d-560e6a0f26c7
Jan 23 16:27:41 localhost.cable.virginm.net python3[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient.
***** Plugin restorecon (94.8 confidence) suggests ************************
If you want to fix the label.
/var/lib/dhclient default label should be dhcpc_state_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/lib/dhclient
***** Plugin catchall_labels (5.21 confidence) suggests *******************
If you want to allow dhclient to have write access on the dhclient directory
Then you need to change the label on /var/lib/dhclient
Do
# semanage fcontext -a -t FILE_TYPE '/var/lib/dhclient'
where FILE_TYPE is one of the following: NetworkManager_var_lib_t, dhcp_state_t, dhcpc_state_t, dhcpc_tmp_t, dhcpc_var_run_t, etc_t, net_conf_t, systemd_passwd_var_run_t, tmp_t, var_run_t, virt_lxc_var_run_t, virt_var_run_t.
Then execute:
restorecon -v '/var/lib/dhclient'
***** Plugin catchall (1.44 confidence) suggests **************************
If you believe that dhclient should be allowed write access on the dhclient directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'dhclient' --raw | audit2allow -M my-dhclient
# semodule -X 300 -i my-dhclient.pp
Jan 23 16:27:44 localhost.cable.virginm.net network[4203]: [ OK ]
Jan 23 16:27:44 localhost.cable.virginm.net systemd[1]: Started LSB: Bring up/down networking.
Jan 23 16:27:44 localhost.cable.virginm.net polkitd[885]: Unregistered Authentication Agent for unix-process:4196:51409456 (system bus name :1.17697, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8) (disconnected from bus)
Jan 23 16:27:44 localhost.cable.virginm.net audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 23 16:27:44 localhost.cable.virginm.net setroubleshoot[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient. For complete SELinux messages. run sealert -l 46e2549f-9d4e-4e30-994d-560e6a0f26c7
Jan 23 16:27:44 localhost.cable.virginm.net python3[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient.
***** Plugin restorecon (94.8 confidence) suggests ************************
If you want to fix the label.
/var/lib/dhclient default label should be dhcpc_state_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/lib/dhclient
***** Plugin catchall_labels (5.21 confidence) suggests *******************
If you want to allow dhclient to have write access on the dhclient directory
Then you need to change the label on /var/lib/dhclient
Do
# semanage fcontext -a -t FILE_TYPE '/var/lib/dhclient'
where FILE_TYPE is one of the following: NetworkManager_var_lib_t, dhcp_state_t, dhcpc_state_t, dhcpc_tmp_t, dhcpc_var_run_t, etc_t, net_conf_t, systemd_passwd_var_run_t, tmp_t, var_run_t, virt_lxc_var_run_t, virt_var_run_t.
Then execute:
restorecon -v '/var/lib/dhclient'
***** Plugin catchall (1.44 confidence) suggests **************************
If you believe that dhclient should be allowed write access on the dhclient directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'dhclient' --raw | audit2allow -M my-dhclient
# semodule -X 300 -i my-dhclient.pp
Does anyone know what it is that causes network deamon to always run dhclient such that it request the ip address in /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease ? and how to configure it such that it does not do so ?
How can I configure the network service to simply always get the ip address from the router ?
Does anyone know why the SELinux and access errors occur when /var/lib/dhclient is empty ?
Anyone any idea what the cause of '[bad udp cksum 0x5773 -> 0x8f48!]' error in the request message might be ?
$ uname -a
Code:Linux localhost.cable.virginm.net 4.8.13-100.fc23.x86_64 #1 SMP Fri Dec 9 14:51:40 UTC 2016 x86_64 x86_64 x86_64 GNU/LinuxCode:$cat /etc/redhat-release
Fedora release 23 (Twenty Three)Code:$ dhclient --version
isc-dhclient-4.3.3-P1----------------------
Using tcpdump to dump the dhcp messages what I see is a Request message from the client using option 50 to request the ip address.
When I remove the contents of var/lib/dhclient, stop the network and run dhclient manually I see something more like what I was expecting, but it loops showing 'bad udp checksum' on the Request message (and the offer from the router is the wrong address - but that's another issue):
Code:# tcpdump -i enp0s10 port 67 or port 68 -e -n -vv
tcpdump: listening on enp0s10, link-type EN10MB (Ethernet), capture size 262144 bytes
16:02:32.589688 00:01:6c:6c:c3:35 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x288d4220, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:35.597288 78:d2:94:b5:c6:48 > 00:01:6c:6c:c3:35, ethertype IPv4 (0x0800), length 353: (tos 0xc0, ttl 64, id 36697, offset 0, flags [none], proto UDP (17), length 339)
10.45.76.1.bootps > 10.45.76.118.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 311, xid 0x288d4220, Flags [none] (0x0000)
Your-IP 10.45.76.118
Server-IP 10.45.76.1
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 10.45.76.1
Lease-Time Option 51, length 4: 86400
RN Option 58, length 4: 43200
RB Option 59, length 4: 75600
Subnet-Mask Option 1, length 4: 255.255.255.0
BR Option 28, length 4: 10.45.76.255
Domain-Name-Server Option 6, length 4: 10.45.76.1
Domain-Name Option 15, length 17: "cable.virginm.net"
Default-Gateway Option 3, length 4: 10.45.76.1
16:02:35.598168 00:01:6c:6c:c3:35 > 78:d2:94:b5:c6:48, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 7702, offset 0, flags [DF], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [bad udp cksum 0x5773 -> 0x8f48!] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x288d4220, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Server-ID Option 54, length 4: 10.45.76.1
Requested-IP Option 50, length 4: 10.45.76.118
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:41.544780 00:01:6c:6c:c3:35 > 78:d2:94:b5:c6:48, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 10105, offset 0, flags [DF], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [bad udp cksum 0x5773 -> 0x8f48!] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x288d4220, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Server-ID Option 54, length 4: 10.45.76.1
Requested-IP Option 50, length 4: 10.45.76.118
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:48.357793 00:01:6c:6c:c3:35 > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [udp sum ok] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x150d4258, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:48.358513 78:d2:94:b5:c6:48 > 00:01:6c:6c:c3:35, ethertype IPv4 (0x0800), length 353: (tos 0xc0, ttl 64, id 37274, offset 0, flags [none], proto UDP (17), length 339)
10.45.76.1.bootps > 10.45.76.118.bootpc: [udp sum ok] BOOTP/DHCP, Reply, length 311, xid 0x150d4258, Flags [none] (0x0000)
Your-IP 10.45.76.118
Server-IP 10.45.76.1
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 10.45.76.1
Lease-Time Option 51, length 4: 86400
RN Option 58, length 4: 43200
RB Option 59, length 4: 75600
Subnet-Mask Option 1, length 4: 255.255.255.0
BR Option 28, length 4: 10.45.76.255
Domain-Name-Server Option 6, length 4: 10.45.76.1
Domain-Name Option 15, length 17: "cable.virginm.net"
Default-Gateway Option 3, length 4: 10.45.76.1
16:02:48.360443 00:01:6c:6c:c3:35 > 78:d2:94:b5:c6:48, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 13952, offset 0, flags [DF], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [bad udp cksum 0x5773 -> 0xa290!] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x150d4258, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Server-ID Option 54, length 4: 10.45.76.1
Requested-IP Option 50, length 4: 10.45.76.118
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
16:02:53.700332 00:01:6c:6c:c3:35 > 78:d2:94:b5:c6:48, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 15857, offset 0, flags [DF], proto UDP (17), length 328)
0.0.0.0.bootpc > 10.45.76.1.bootps: [bad udp cksum 0x5773 -> 0xa290!] BOOTP/DHCP, Request from 00:01:6c:6c:c3:35, length 300, xid 0x150d4258, Flags [none] (0x0000)
Client-Ethernet-Address 00:01:6c:6c:c3:35
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Server-ID Option 54, length 4: 10.45.76.1
Requested-IP Option 50, length 4: 10.45.76.118
Parameter-Request Option 55, length 13:
Subnet-Mask, BR, Time-Zone, Classless-Static-Route
Domain-Name, Domain-Name-Server, Hostname, YD
YS, NTP, MTU, Option 119
Default-Gateway
Client-ID Option 61, length 19: hardware-type 255, 6c:6c:c3:35:00:01:00:01:27:9f:05:18:00:01:6c:6c:c3:35
In addition if I try to run :
systemctl start network
When
/var/lib/dhclient
is empty, I see alot of error messages in the syatem logs related not being able to create files in /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease and SELinux is preventing dhclient from write access:
Code:Jan 23 16:27:28 localhost.cable.virginm.net polkitd[885]: Registered Authentication Agent for unix-process:4196:51409456 (system bus name :1.17697 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8)
Jan 23 16:27:28 localhost.cable.virginm.net systemd[1]: Starting LSB: Bring up/down networking...
Jan 23 16:27:29 localhost.cable.virginm.net network[4203]: Bringing up loopback interface: [ OK ]
Jan 23 16:27:30 localhost.cable.virginm.net network[4203]: Bringing up interface enp0s10:
Jan 23 16:27:30 localhost.cable.virginm.net audit[4370]: AVC avc: denied { write } for pid=4370 comm="dhclient" name="dhclient" dev="dm-1" ino=2795319 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0
Jan 23 16:27:30 localhost.cable.virginm.net dhclient[4370]: can't create /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease: Permission denied
Jan 23 16:27:30 localhost.cable.virginm.net dhclient[4370]: Created duid \000\001\000\001'\237\012\362\000\001ll\3035.
Jan 23 16:27:30 localhost.cable.virginm.net dhclient[4370]: can't create /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease: Permission denied
Jan 23 16:27:30 localhost.cable.virginm.net audit[4370]: AVC avc: denied { write } for pid=4370 comm="dhclient" name="dhclient" dev="dm-1" ino=2795319 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0
Jan 23 16:27:30 localhost.cable.virginm.net dhclient[4370]: DHCPDISCOVER on enp0s10 to 255.255.255.255 port 67 interval 4 (xid=0x24f09629)
Jan 23 16:27:33 localhost.cable.virginm.net dbus[800]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jan 23 16:27:33 localhost.cable.virginm.net dhclient[4370]: DHCPREQUEST on enp0s10 to 255.255.255.255 port 67 (xid=0x24f09629)
Jan 23 16:27:33 localhost.cable.virginm.net dhclient[4370]: DHCPOFFER from 10.45.76.1
Jan 23 16:27:33 localhost.cable.virginm.net dhclient[4370]: DHCPACK from 10.45.76.1 (xid=0x24f09629)
Jan 23 16:27:35 localhost.cable.virginm.net dbus[800]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Jan 23 16:27:35 localhost.cable.virginm.net avahi-daemon[817]: Joining mDNS multicast group on interface enp0s10.IPv4 with address 10.45.76.118.
Jan 23 16:27:35 localhost.cable.virginm.net avahi-daemon[817]: New relevant interface enp0s10.IPv4 for mDNS.
Jan 23 16:27:35 localhost.cable.virginm.net avahi-daemon[817]: Registering new address record for 10.45.76.118 on enp0s10.IPv4.
Jan 23 16:27:35 localhost.cable.virginm.net NET[4401]: /usr/sbin/dhclient-script : updated /etc/resolv.conf
Jan 23 16:27:35 localhost.cable.virginm.net dhclient[4370]: can't create /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease: Permission denied
Jan 23 16:27:35 localhost.cable.virginm.net audit[4370]: AVC avc: denied { write } for pid=4370 comm="dhclient" name="dhclient" dev="dm-1" ino=2795319 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=dir permissive=0
Jan 23 16:27:35 localhost.cable.virginm.net dhclient[4370]: bound to 10.45.76.118 -- renewal in 35996 seconds.
Jan 23 16:27:35 localhost.cable.virginm.net network[4203]: Determining IP information for enp0s10... done.
Jan 23 16:27:40 localhost.cable.virginm.net setroubleshoot[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient. For complete SELinux messages. run sealert -l 46e2549f-9d4e-4e30-994d-560e6a0f26c7
Jan 23 16:27:40 localhost.cable.virginm.net python3[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient.
***** Plugin restorecon (94.8 confidence) suggests ************************
If you want to fix the label.
/var/lib/dhclient default label should be dhcpc_state_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/lib/dhclient
***** Plugin catchall_labels (5.21 confidence) suggests *******************
If you want to allow dhclient to have write access on the dhclient directory
Then you need to change the label on /var/lib/dhclient
Do
# semanage fcontext -a -t FILE_TYPE '/var/lib/dhclient'
where FILE_TYPE is one of the following: NetworkManager_var_lib_t, dhcp_state_t, dhcpc_state_t, dhcpc_tmp_t, dhcpc_var_run_t, etc_t, net_conf_t, systemd_passwd_var_run_t, tmp_t, var_run_t, virt_lxc_var_run_t, virt_var_run_t.
Then execute:
restorecon -v '/var/lib/dhclient'
***** Plugin catchall (1.44 confidence) suggests **************************
If you believe that dhclient should be allowed write access on the dhclient directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'dhclient' --raw | audit2allow -M my-dhclient
# semodule -X 300 -i my-dhclient.pp
Jan 23 16:27:41 localhost.cable.virginm.net setroubleshoot[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient. For complete SELinux messages. run sealert -l 46e2549f-9d4e-4e30-994d-560e6a0f26c7
Jan 23 16:27:41 localhost.cable.virginm.net python3[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient.
***** Plugin restorecon (94.8 confidence) suggests ************************
If you want to fix the label.
/var/lib/dhclient default label should be dhcpc_state_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/lib/dhclient
***** Plugin catchall_labels (5.21 confidence) suggests *******************
If you want to allow dhclient to have write access on the dhclient directory
Then you need to change the label on /var/lib/dhclient
Do
# semanage fcontext -a -t FILE_TYPE '/var/lib/dhclient'
where FILE_TYPE is one of the following: NetworkManager_var_lib_t, dhcp_state_t, dhcpc_state_t, dhcpc_tmp_t, dhcpc_var_run_t, etc_t, net_conf_t, systemd_passwd_var_run_t, tmp_t, var_run_t, virt_lxc_var_run_t, virt_var_run_t.
Then execute:
restorecon -v '/var/lib/dhclient'
***** Plugin catchall (1.44 confidence) suggests **************************
If you believe that dhclient should be allowed write access on the dhclient directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'dhclient' --raw | audit2allow -M my-dhclient
# semodule -X 300 -i my-dhclient.pp
Jan 23 16:27:44 localhost.cable.virginm.net network[4203]: [ OK ]
Jan 23 16:27:44 localhost.cable.virginm.net systemd[1]: Started LSB: Bring up/down networking.
Jan 23 16:27:44 localhost.cable.virginm.net polkitd[885]: Unregistered Authentication Agent for unix-process:4196:51409456 (system bus name :1.17697, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8) (disconnected from bus)
Jan 23 16:27:44 localhost.cable.virginm.net audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=network comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Jan 23 16:27:44 localhost.cable.virginm.net setroubleshoot[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient. For complete SELinux messages. run sealert -l 46e2549f-9d4e-4e30-994d-560e6a0f26c7
Jan 23 16:27:44 localhost.cable.virginm.net python3[4377]: SELinux is preventing dhclient from write access on the directory /var/lib/dhclient.
***** Plugin restorecon (94.8 confidence) suggests ************************
If you want to fix the label.
/var/lib/dhclient default label should be dhcpc_state_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/lib/dhclient
***** Plugin catchall_labels (5.21 confidence) suggests *******************
If you want to allow dhclient to have write access on the dhclient directory
Then you need to change the label on /var/lib/dhclient
Do
# semanage fcontext -a -t FILE_TYPE '/var/lib/dhclient'
where FILE_TYPE is one of the following: NetworkManager_var_lib_t, dhcp_state_t, dhcpc_state_t, dhcpc_tmp_t, dhcpc_var_run_t, etc_t, net_conf_t, systemd_passwd_var_run_t, tmp_t, var_run_t, virt_lxc_var_run_t, virt_var_run_t.
Then execute:
restorecon -v '/var/lib/dhclient'
***** Plugin catchall (1.44 confidence) suggests **************************
If you believe that dhclient should be allowed write access on the dhclient directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'dhclient' --raw | audit2allow -M my-dhclient
# semodule -X 300 -i my-dhclient.pp
Does anyone know what it is that causes network deamon to always run dhclient such that it request the ip address in /var/lib/dhclient/dhclient-38a4a9f5-87b5-2aec-a00c-ca0f62e0dea9-enp0s10.lease ? and how to configure it such that it does not do so ?
How can I configure the network service to simply always get the ip address from the router ?
Does anyone know why the SELinux and access errors occur when /var/lib/dhclient is empty ?
Anyone any idea what the cause of '[bad udp cksum 0x5773 -> 0x8f48!]' error in the request message might be ?