Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

dhclient UDP ports

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
cchip
Posts: 61
Joined: 2011-02-12 05:24

dhclient UDP ports

#1 Post by cchip »

On wheezy, netstat output includes:

Code: Select all

udp        0      0 0.0.0.0:21117           0.0.0.0:*                           2659/dhclient   
udp        0      0 0.0.0.0:68              0.0.0.0:*                           2659/dhclient   
udp6       0      0 :::45664                :::*                                2659/dhclient
I understand port 68, but what are the other ports for?

rbeede
Posts: 2
Joined: 2013-05-02 21:12

Re: dhclient UDP ports

#2 Post by rbeede »

I have the same strange behavior on Ubuntu 13.04 (64-bit) Server. I installed my system using VMWare, but I don't think it makes a difference.

isc-dhcp-4.2.4 is what came with my distro. I also tested the latest version (isc-dhclient-4.2.5-P1) with the same result.

What is odd is that even though I specify the -4 option to ensure I'm enfocing IPv4 it is listening on random ports for both IPv4 and IPv6.

I read through the dhclient.c source code, but I couldn't see an obvious socket and bind. I thought perhaps it was related to omapi so I added "omapi port 9999" to my /etc/dhcp/dhclient.conf which did add a forth port that was being listened on so that doesn't seem the reason.

From the source code I suspect these random ports may be coming from interface discovery which creates some sockets (although it didn't seem like they performed binds) to probe various interfaces.


I'd like to know what these ports are for as well so I can be sure they don't cause a security issue. I sent a bug report to dhcp-bugs @@ isc.org asking about this behavior.

cchip
Posts: 61
Joined: 2011-02-12 05:24

Re: dhclient UDP ports

#3 Post by cchip »

I think they're used for dynamic DNS. I don't need that functionality, but it cannot be disabled with any config-file options, so have to recompile the package:

Code: Select all

--- isc-dhcp-4.2.2.dfsg.1.orig/debian/rules     2012-10-14 23:12:29.000000000 +0300
+++ isc-dhcp-4.2.2.dfsg.1/debian/rules  2013-02-03 10:28:57.673776041 +0200
@@ -41,6 +41,8 @@
        ./configure \
                --prefix=/usr \
                --sysconfdir=/etc/dhcp \
+               --disable-tracing \
+               --disable-failover \
                --with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
                --with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \
                --with-cli-lease-file=/var/lib/dhcp/dhclient.leases \
@@ -69,6 +71,8 @@
        ./configure \
                --prefix=/usr \
                --sysconfdir=/etc/dhcp \
+               --disable-tracing \
+               --disable-failover \
                --with-srv-lease-file=/var/lib/dhcp/dhcpd.leases \
                --with-srv6-lease-file=/var/lib/dhcp/dhcpd6.leases \
                --with-cli-lease-file=/var/lib/dhcp/dhclient.leases \
diff -Nur isc-dhcp-4.2.2.dfsg.1.orig/includes/site.h isc-dhcp-4.2.2.dfsg.1/includes/site.h
--- isc-dhcp-4.2.2.dfsg.1.orig/includes/site.h  2011-07-09 01:56:27.000000000 +0300
+++ isc-dhcp-4.2.2.dfsg.1/includes/site.h       2013-02-03 10:28:22.909517930 +0200
@@ -115,7 +115,7 @@
 
 /* Define this if you want DNS update functionality to be available. */
 
-#define NSUPDATE
+/* #define NSUPDATE */
 
 /* Define this if you want the dhcpd.pid file to go somewhere other than
    the default (which varies from system to system, but is usually either

rbeede
Posts: 2
Joined: 2013-05-02 21:12

Re: dhclient UDP ports

#4 Post by rbeede »

You were correct! Making those three modifications removed the extra listening ports! I'll update my bug report to isc so they can fix their documentation and ideally add a configuration option to disable that behavior.

kellt
Posts: 9
Joined: 2015-03-05 06:32

Re: dhclient UDP ports

#5 Post by kellt »

Wow. Four years later and still dhclient is exhibiting the same idiotic, unconfigurable behaviour. I think it's ridiculous and burdensome to recompile something like dhclient. What the hell is ISC thinking???!?

Post Reply