From bafc4d1f7971edbe7cd411fbe2ee6876ded35c6e Mon Sep 17 00:00:00 2001 From: Allain Legacy Date: Thu, 14 Apr 2016 12:04:55 -0400 Subject: [PATCH] CGTS-3416: dhclient: restrict interfaces to those on command line only By default, the dhclient process does not respect the list of interfaces supplied at the command line. It configures any interfaces found to be specified in the config file. Since we customize options for each interface in our config file and run a separate dhclient process for each interface we end up with multiple dhclient processes that each service all interfaces. This is undesirable because it is possible that a request is sent by process A but received by process B. This leads to lease expiry events even though a valid request packet was returned by the server. This change introduces a "--restrict-interfaces" option to the dhclient process to force it to ignore all interfaces in config files other than those specified at the command line. To activate this change our version of ifup/ifdown has been modified to pass the "--restrict-interfaces" to dhclient as well as to request that each process use its own lease file to avoid file corruption. --- sysconfig/network-scripts/ifdown-eth | 2 +- sysconfig/network-scripts/ifup-eth | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sysconfig/network-scripts/ifdown-eth b/sysconfig/network-scripts/ifdown-eth index 7ccbddf..5b75162 100755 --- a/sysconfig/network-scripts/ifdown-eth +++ b/sysconfig/network-scripts/ifdown-eth @@ -92,7 +92,7 @@ for VER in "" 6 ; do dhcpid=$(cat /var/run/dhclient$VER-${DEVICE}.pid) generate_lease_file_name $VER if is_true "$DHCPRELEASE"; then - /sbin/dhclient -r -lf ${LEASEFILE} -pf /var/run/dhclient$VER-${DEVICE}.pid ${DEVICE} >/dev/null 2>&1 + /sbin/dhclient -r -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient$VER-${DEVICE}.pid ${DEVICE} >/dev/null 2>&1 retcode=$? else kill $dhcpid >/dev/null 2>&1 diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup-eth index 3da5c16..9bcf57f 100755 --- a/sysconfig/network-scripts/ifup-eth +++ b/sysconfig/network-scripts/ifup-eth @@ -204,7 +204,7 @@ if [ -n "${DYNCONFIG}" ] && [ -x /sbin/dhclient ]; then generate_lease_file_name # Initialize the dhclient args and obtain the hostname options if needed: - DHCLIENTARGS="${DHCLIENTARGS} ${ONESHOT} -q ${DHCLIENTCONF} -lf ${LEASEFILE} -pf /var/run/dhclient-${DEVICE}.pid" + DHCLIENTARGS="${DHCLIENTARGS} ${ONESHOT} -q ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient-${DEVICE}.pid" set_hostname_options DHCLIENTARGS echo @@ -355,7 +355,7 @@ if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then echo -n $"Determining IPv6 information for ${DEVICE}..." # Initialize the dhclient args for IPv6 and obtain the hostname options if needed: - DHCLIENTARGS="-6 -1 ${DHCPV6C_OPTIONS} ${DHCLIENTCONF} -lf ${LEASEFILE} -pf /var/run/dhclient6-${DEVICE}.pid ${DEVICE}" + DHCLIENTARGS="-6 -1 ${DHCPV6C_OPTIONS} ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient6-${DEVICE}.pid ${DEVICE}" set_hostname_options DHCLIENTARGS if /sbin/dhclient $DHCLIENTARGS; then -- 1.9.1