DHCP Issue
Okay, well, I can now reproduce the issue I’m having with my firewall. Here’s how:
1) Reboot Firewall.
2) Log in as root.
3) Kill the dhclient process.
4) Execute ‘dhclient xl0’ to start the DHCP client again.
5) Repeat steps 3 and 4 two more times. (3x total)
6) Network connection goes poof.
I’m not sure if this is an issue with OpenBSD’s dhclient or what yet, although I see no reason why a DHCP server should be able to cause a client to go wacky. If I get a chance, I’ll try it tomorrow on a test machine at work. I’m very curious what will happen if I do this with a non-Comcast DHCP server.
If you’re interested, there are two network captures of the DHCP requests going back and forth at http://www.nuxx.net/files/dhcp_issue.tar.gz. Interestingly, the next packet after the server sending a DHCP ACK is my firewall ARPing for itself. (???)
Hmm, it seems that there is an OpenBSD Patch for arp which patches part of if_ether.c. I wonder if this patch would take care of my troubles…? I think I’ll try to grab the kernel source tonight while sleeping, then give it a try after work tomorrow.
I think I’m at least making headway… I hope?
those two .cap files are teh suck yo! my hex editor dont make it out
for shit, nor does anything else…
http://www.whatis.com/ – every file format in the world choices are:
CAP Ventura Publisher Caption
CAP Compressed music file
CAP Telix Session Capture file
i’m assuming its from a telix session capture, but i really dont wanna
download and install that just to read a friggin logfile, can’t u save
this in plain text format? thanx
Uhm, everyone else has been able to open them. What sort of packet sniffer are you using? Grab, and fire up, ethereal, which I captured them with. They are absolutely standard, openable by every-single-industry-standard-packet-sniffer libpcap capture files. This is what tcpdump writes.
i use: Sniffem_v1.1
i guess i gotta load the sucker up and see if it’ll import your
capture file…
Use Etheral, if nothing else. If Sniffem won’t open it, then it’s even crappier than it’s website makes it look.
*Everything* reads tcpdump files.