AlmaLinuxにDHCPサーバを立ててパケットキャプチャしてみた話
はじめに
Almalinux上にDHCPサーバを立ててみました。かつ、パケットキャプチャしてどんな挙動をしているのか見てみました。
DHCPサーバ構築
インストール
yum install -y dhcp-serverセグメントやレンジの設定
設定ファイルを見るとサンプルを見ろと記載有り
[root@localhost ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp-server/dhcpd.conf.example
# see dhcpd.conf(5) man page
#サンプル
[root@localhost ~]# cat /usr/share/doc/dhcp-server/dhcpd.conf.example
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
subnet 10.152.187.0 netmask 255.255.255.0 {
}
# This is a very basic subnet declaration.
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.
subnet 10.254.239.32 netmask 255.255.255.224 {
range dynamic-bootp 10.254.239.40 10.254.239.60;
option broadcast-address 10.254.239.31;
option routers rtr-239-32-1.example.org;
}
# A slightly different configuration for an internal subnet.
subnet 10.5.5.0 netmask 255.255.255.224 {
range 10.5.5.26 10.5.5.30;
option domain-name-servers ns1.internal.example.org;
option domain-name "internal.example.org";
option routers 10.5.5.1;
option broadcast-address 10.5.5.31;
default-lease-time 600;
max-lease-time 7200;
}
# Hosts which require special configuration options can be listed in
# host statements. If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.
host passacaglia {
hardware ethernet 0:0:c0:5d:bd:95;
filename "vmunix.passacaglia";
server-name "toccata.example.com";
}
# Fixed IP addresses can also be specified for hosts. These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
host fantasia {
hardware ethernet 08:00:07:26:c0:a5;
fixed-address fantasia.example.com;
}
# You can declare a class of clients and then do address allocation
# based on that. The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
}
shared-network 224-29 {
subnet 10.17.224.0 netmask 255.255.255.0 {
option routers rtr-224.example.org;
}
subnet 10.0.29.0 netmask 255.255.255.0 {
option routers rtr-29.example.org;
}
pool {
allow members of "foo";
range 10.17.224.10 10.17.224.250;
}
pool {
deny members of "foo";
range 10.0.29.10 10.0.29.230;
}
}
[root@localhost ~]#今回の設定内容は下記の通り
[root@localhost ~]# vi /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp-server/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
subnet 10.255.255.0 netmask 255.255.255.0 {
range 10.255.255.10 10.255.255.254;
option domain-name-servers 1.1.1.1 8.8.8.8;
option domain-name "dhcp.proxmoxlab";
option routers 10.255.255.1;
option broadcast-address 10.255.255.255;
default-lease-time 600;
max-lease-time 7200;
}DHCPサーバが動作するIFの指定
また、ens18とens19がある中、今回はens19向けにDHCPサーバを立てたい。
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:7d:04:a3 brd ff:ff:ff:ff:ff:ff
altname enp0s18
inet 192.168.11.37/24 brd 192.168.11.255 scope global dynamic noprefixroute ens18
valid_lft 82374sec preferred_lft 82374sec
inet6 fe80::be24:11ff:fe7d:4a3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:70:14:cb brd ff:ff:ff:ff:ff:ff
altname enp0s19"/etc/sysconfig/dhcpd"に設定すると良いという記事を見たので見てみたが、「もうこのファイルは使わないです。dhcpd.confで設定されたセグメント内のアドレスを持つIFのみでlistenされます。どうしてもtextで指定したいなら、exampleにあるようなことをしてね」と書いてある。
vi /etc/sysconfig/dhcpd
# WARNING: This file is NOT used anymore.
# If you are here to restrict what interfaces should dhcpd listen on,
# be aware that dhcpd listens *only* on interfaces for which it finds subnet
# declaration in dhcpd.conf. It means that explicitly enumerating interfaces
# also on command line should not be required in most cases.
# If you still insist on adding some command line options,
# copy dhcpd.service from /lib/systemd/system to /etc/systemd/system and modify
# it there.
# https://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F
# example:
# $ cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/
# $ vi /etc/systemd/system/dhcpd.service
# $ ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid <your_interface_name(s)>
# $ systemctl --system daemon-reload
# $ systemctl restart dhcpd.serviceens19に"10.255.255.0/24"内のアドレスを割り振る。
まずはデバイス名を確認。ens19は'Wired connection 1'となる
[root@localhost ~]# nmcli connection
NAME UUID TYPE DEVICE
ens18 d23e21f5-ef1e-3a6d-9f3d-9a157b2e3421 ethernet ens18
Wired connection 1 fa1d5ea1-8b86-3d6f-bf21-e6ac7e4ec87b ethernet ens19
lo 71a609b3-c46e-4e63-96a2-80aad3b50207 loopback lonmlciで設定
nmcli con mod 'Wired connection 1' ipv4.addresses 10.255.255.1/24
nmcli con mod 'Wired connection 1' ipv4.method manual
nmcli con mod 'Wired connection 1' connection.autoconnect yes
nmcli con mod 'Wired connection 1' ipv6.method ignore
nmcli con down 'Wired connection 1'; nmcli con up 'Wired connection 1';DHCPサーバ起動
ファイアウォールに穴をあけてサービス起動
firewall-cmd --add-service=dhcp
firewall-cmd --runtime-to-permanent
systemctl enable --now dhcpd起動時にエラーが出たら、"journalctl -xeu dhcpd.service"でエラーを確認する。下記はDNSを複数指定する際に正:"1.1.1.1, 8.8.8.8"とするところを誤:"1.1.1.1 8.8.8.8"としたときのエラー。
[root@localhost ~]# systemctl enable --now dhcpd
Job for dhcpd.service failed because the control process exited with error code.
See "systemctl status dhcpd.service" and "journalctl -xeu dhcpd.service" for details.
[root@localhost ~]# journalctl -xeu dhcpd.service
(略)
Dec 28 10:13:01 localhost.localdomain dhcpd[1641]: /etc/dhcp/dhcpd.conf line 9: semicolon expected.
Dec 28 10:13:01 localhost.localdomain dhcpd[1641]: option domain-name-servers 1.1.1.1 8.パケットキャプチャ
キャプチャ設定
動いたのでパケキャプしてみる。Wiresharkでキャプチャしたいのでssh remote caputureをする。
192.168.11.37にsshで接続し、このユーザ/パスワードでログインして、ens19をtcpdumpしてねという設定をする
キャプチャ結果
シーケンスは下記の通り。
DHCP Discover (client → server)
DHCPサーバを探すべく、ブロードキャストを送信する。
マックアドレスとIPアドレスは見ての通り。送信元MACアドレス以外はブロードキャストアドレス等が使われている。
また、Parameter Request Listを見ると、様々なパラメータを教えてほしいとリクエストしていることも分かる。
Frame 1204: 318 bytes on wire (2544 bits), 318 bytes captured (2544 bits) on interface sshdump.exe, id 0
Ethernet II, Src: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x0a2ab323
Seconds elapsed: 1
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Length: 1
DHCP: Discover (1)
Option: (61) Client identifier
Length: 7
Hardware type: Ethernet (0x01)
Client MAC address: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3)
Option: (55) Parameter Request List
Length: 17
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (2) Time Offset
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (12) Host Name
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (26) Interface MTU
Parameter Request List Item: (28) Broadcast Address
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (3) Router
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (40) Network Information Service Domain
Parameter Request List Item: (41) Network Information Service Servers
Parameter Request List Item: (42) Network Time Protocol Servers
Parameter Request List Item: (119) Domain Search
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
Parameter Request List Item: (252) Private/Proxy autodiscovery
Parameter Request List Item: (17) Root Path
Option: (57) Maximum DHCP Message Size
Option: (255) End
DHCP Offer (client ← server)
サーバからクライアントへ提案を実施する。
マックアドレスとIPアドレスは具体的なアドレスを指定して通信されている。(送信先IPアドレスはまだClient側が認識していないが、同セグメント内の通信なので送信先MACアドレスにてClientに着信していると考えられる)
また、Request内容に対して返せるものは返している。(提案段階のため未確定)
Frame 1209: 343 bytes on wire (2744 bits), 343 bytes captured (2744 bits) on interface sshdump.exe, id 0
Ethernet II, Src: ProxmoxServe_70:14:cb (bc:24:11:70:14:cb), Dst: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3)
Internet Protocol Version 4, Src: 10.255.255.1, Dst: 10.255.255.11
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (Offer)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x0a2ab323
Seconds elapsed: 1
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 10.255.255.11
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Offer)
Length: 1
DHCP: Offer (2)
Option: (54) DHCP Server Identifier (10.255.255.1)
Length: 4
DHCP Server Identifier: 10.255.255.1
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: 10 minutes (600)
Option: (1) Subnet Mask (255.255.255.0)
Length: 4
Subnet Mask: 255.255.255.0
Option: (6) Domain Name Server
Length: 8
Domain Name Server: 1.1.1.1
Domain Name Server: 8.8.8.8
Option: (15) Domain Name
Length: 15
Domain Name: dhcp.proxmoxlab
Option: (28) Broadcast Address (10.255.255.255)
Length: 4
Broadcast Address: 10.255.255.255
Option: (3) Router
Length: 4
Router: 10.255.255.1
Option: (255) End
Requestの応答は(6)や(1)といった番号を指定して、返せる番号に返している。2bitで番号指定→2bitでLength指定→指定されたLength内に値を記載→指定されたLengthの終わりの次の2bitで再び番号指定…と処理することで可変長のパケットから値を取得できるようにしているように見える。
DHCP Request (client → server)
提案されたパラメータでサーバへ要求を投げます。
複数のDHCPサーバがあることを想定してブロードキャストで投げるそうです。
また、offerで提案されたパラメータを引き続きリクエストしていることが分かる。
Frame 1210: 330 bytes on wire (2640 bits), 330 bytes captured (2640 bits) on interface sshdump.exe, id 0
Ethernet II, Src: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Dynamic Host Configuration Protocol (Request)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x0a2ab323
Seconds elapsed: 1
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Request)
Option: (61) Client identifier
Length: 7
Hardware type: Ethernet (0x01)
Client MAC address: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3)
Option: (55) Parameter Request List
Length: 17
Parameter Request List Item: (1) Subnet Mask
Parameter Request List Item: (2) Time Offset
Parameter Request List Item: (6) Domain Name Server
Parameter Request List Item: (12) Host Name
Parameter Request List Item: (15) Domain Name
Parameter Request List Item: (26) Interface MTU
Parameter Request List Item: (28) Broadcast Address
Parameter Request List Item: (121) Classless Static Route
Parameter Request List Item: (3) Router
Parameter Request List Item: (33) Static Route
Parameter Request List Item: (40) Network Information Service Domain
Parameter Request List Item: (41) Network Information Service Servers
Parameter Request List Item: (42) Network Time Protocol Servers
Parameter Request List Item: (119) Domain Search
Parameter Request List Item: (249) Private/Classless Static Route (Microsoft)
Parameter Request List Item: (252) Private/Proxy autodiscovery
Parameter Request List Item: (17) Root Path
Option: (57) Maximum DHCP Message Size
Option: (50) Requested IP Address (10.255.255.11)
Option: (54) DHCP Server Identifier (10.255.255.1)
Option: (255) End
DHCP ACK (client ← server)
サーバは、クライアントから提案されたパラメータを承認し、クライアントにACKを投げます。
Frame 1211: 343 bytes on wire (2744 bits), 343 bytes captured (2744 bits) on interface sshdump.exe, id 0
Ethernet II, Src: ProxmoxServe_70:14:cb (bc:24:11:70:14:cb), Dst: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3)
Internet Protocol Version 4, Src: 10.255.255.1, Dst: 10.255.255.11
User Datagram Protocol, Src Port: 67, Dst Port: 68
Dynamic Host Configuration Protocol (ACK)
Message type: Boot Reply (2)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x0a2ab323
Seconds elapsed: 1
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 10.255.255.11
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: ProxmoxServe_1a:99:b3 (bc:24:11:1a:99:b3)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (ACK)
Option: (54) DHCP Server Identifier (10.255.255.1)
Option: (51) IP Address Lease Time
Length: 4
IP Address Lease Time: 10 minutes (600)
Option: (1) Subnet Mask (255.255.255.0)
Option: (6) Domain Name Server
Length: 8
Domain Name Server: 1.1.1.1
Domain Name Server: 8.8.8.8
Option: (15) Domain Name
Length: 15
Domain Name: dhcp.proxmoxlab
Option: (28) Broadcast Address (10.255.255.255)
Option: (3) Router
Length: 4
Router: 10.255.255.1
Option: (255) End
余談
wiresharkで「統計」→「フローグラフ」と選択
シーケンスが出てくる。※第4オクテット10と11の2台がDHCPでアドレスを払い出されている
余談2
dhcpのクライアント側にホスト名を設定する
# hostnamectl set-hostname fumidai.pve.localdhcpのリクエストを見ると、オプション12のホスト名に記載がある
余談3 DHCPのリース状況確認
[root@localhost ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.2b1
# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;
lease 10.255.255.10 {
starts 6 2024/12/28 03:37:30;
ends 6 2024/12/28 03:47:30;
tstp 6 2024/12/28 03:47:30;
cltt 6 2024/12/28 03:37:30;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:23:13:37;
uid "\001\274$\021#\0237";
}
lease 10.255.255.11 {
starts 6 2024/12/28 03:38:49;
ends 6 2024/12/28 03:48:49;
tstp 6 2024/12/28 03:48:49;
cltt 6 2024/12/28 03:38:49;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet bc:24:11:1a:99:b3;
uid "\001\274$\021\032\231\263";
}
server-duid "\000\001\000\001/\002,\346\274$\021p\024\313";余談4
アドレス固定する場合下記設定を入れる
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp-server/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
ddns-updates on;
ddns-update-style interim;
ddns-domainname "ddns.pve.local";
ignore client-updates;
log-facility local7; # set log output
subnet 10.255.255.0 netmask 255.255.255.0 {
range 10.255.255.10 10.255.255.254;
option domain-name "dhcp.pve.local";
option domain-name-servers 10.255.255.3;
option broadcast-address 10.255.255.255;
default-lease-time 600;
max-lease-time 86400;
zone pve.local. {
primary ddns.pve.local;
}
host fumi.pve.local {
hardware ethernet BC:24:11:B4:01:00;
fixed-address 10.255.255.100;
}
host dhcp.pve.local {
hardware ethernet BC:24:11:B4:01:01;
fixed-address 10.255.255.101;
}
host dns.pve.local {
hardware ethernet BC:24:11:B4:01:02;
fixed-address 10.255.255.102;
}
host ddns.pve.local {
hardware ethernet BC:24:11:B4:01:03;
fixed-address 10.255.255.103;
}
host ntp.pve.local {
hardware ethernet BC:24:11:B4:02:01;
fixed-address 10.255.255.201;
}
host radius.pve.local {
hardware ethernet BC:24:11:B4:02:02;
fixed-address 10.255.255.202;
}
host syslog.pve.local {
hardware ethernet BC:24:11:B4:02:03;
fixed-address 10.255.255.203;
}
host snmp.pve.local {
hardware ethernet BC:24:11:B4:02:04;
fixed-address 10.255.255.204;
}
}