Most active commenters
  • saurik(9)
  • jarek(5)
  • Locke1689(4)
  • bradleyland(4)
  • shinratdr(4)
  • hristov(4)
  • tzs(3)

←back to thread

Rapid DHCP: Or, how do Macs get on the network so fast?

(cafbit.com)
354 points timdoug | 74 comments | 12 Jul 11 17:04 UTC | HN request time: 0.858s | source | bottom
1. saurik ◴[12 Jul 11 17:52 UTC] No.2755677[source]
> This network recognition technique allows the Mac to very rapidly discover if it is connected to a known network. If the network is recognized (and presumably if the Mac knows that the DHCP lease is still active), it immediately and presumptuously configures its IP interface with the address it knows is good for this network.

Ok, seriously? That isn't a bug in an implementation somewhere, but in fact a feature that Apple actually is proud of? Am I the only one who finds that if you get a room full of people sitting around with Macs at least one person gets their IP address stolen by someone else?

(edit: I just got downvoted, and then asked the people in the room with me, and they seemed to agree with my perceived correlation regarding the "another computer is using 192.1.0.1" issue... instead of just downvoting, maybe reply? It is actually quite common that DHCP leases on a network get reset for various reasons, and if you just jump on the network without revalidating your lease, you are actually quite likely to just "presumptuously" steal someone else's IP address.)

replies(11): >>2755698 #>>2755761 #>>2755851 #>>2756177 #>>2756303 #>>2756333 #>>2756755 #>>2757385 #>>2758088 #>>2758576 #>>2758677 #
2. kelnos ◴[12 Jul 11 17:56 UTC] No.2755698[source]
Why would that be the case? Assuming it only does this if it knows its previous DHCP lease hasn't run out, it's very likely (unless the DHCP server has been rebooted or has otherwise lost its lease table) that no other device is using that IP.

And even if it screws this up, it looks like it does a proper DHCP request about a second after the interface comes up, so the problem will be fixed quickly.

Do you have any evidence that Macs in practice tend to inadvertently boot people off the network when they join?

replies(1): >>2755728 #
3. saurik ◴[12 Jul 11 18:05 UTC] No.2755728[source]
By the time the problem is "fixed" the other computer on the network has already detected that its IP address is in conflict by ARP, telling the user what happened (interrupting them) and has shifted to a new IP address (losing all of its active connections in the process).

(and yes: some routers hold on to only a certain number of inactive leases, and routers actually do get rebooted in home, office, and hotel environments quite often, crossing the boundary of the 1-2 day leases that are often given to clients.)

replies(4): >>2756052 #>>2756322 #>>2756356 #>>2757534 #
4. mike-cardwell ◴[12 Jul 11 18:12 UTC] No.2755761[source]
I've experienced a few cases where I've joined somebody elses network with my Macbook and it's stolen an IP address that someone else was using.
5. jsz0 ◴[12 Jul 11 18:29 UTC] No.2755851[source]
If your DHCP server is handing out leased addresses to other clients you might have bigger problems to worry about. For example if you expect a lot of churn on the network you should be using much shorter leases times.
replies(2): >>2755876 #>>2756163 #
6. Groxx ◴[12 Jul 11 18:36 UTC] No.2755876[source]
Correct, but Coffee House X, Y, and Z don't realize this. Which makes it the computer-owner's problem too.
7. Locke1689 ◴[12 Jul 11 19:12 UTC] No.2756052{3}[source]
Once again, this is almost always a router misconfiguration problem. If you don't want this to happen configure your router correctly. Apple isn't to blame for other people's incompetence.

Plus, this seems to produce tangibly better results in the majority of cases. It perfectly fits Apple's style of optimizing for the common use case, even if the rarer gets worse.

8. windsurfer ◴[12 Jul 11 19:36 UTC] No.2756163[source]
How is this the DHCP server's fault? DHCP is designed to reassign unused leases to new clients if the subnet is all leased out.
replies(1): >>2756250 #
9. bonch ◴[12 Jul 11 19:39 UTC] No.2756177[source]
Sorry, but nobody cares what the people in your room think.
replies(1): >>2756191 #
10. burgerbrain ◴[12 Jul 11 19:42 UTC] No.2756191[source]
Wrong, I care. I don't have any way of confirming it myself so his double-checking was appreciated.
11. tomlogic ◴[12 Jul 11 19:56 UTC] No.2756250{3}[source]
How can a lease be "unused" if it hasn't expired and the client that requested it never released it? Are you saying that the DHCP server pings (ICMP or ARP) each address and re-leases the ones that don't get a response?
replies(2): >>2756299 #>>2756310 #
12. brk ◴[12 Jul 11 20:06 UTC] No.2756299{4}[source]
Are you saying that the DHCP server pings (ICMP or ARP) each address and re-leases the ones that don't get a response?

The DHCP will ping an address before leasing it, and if it gets a response then it will not lease that address.

replies(1): >>2758379 #
13. brk ◴[12 Jul 11 20:08 UTC] No.2756303[source]
Am I the only one who finds that if you get a room full of people sitting around with Macs at least one person gets their IP address stolen by someone else?

In 4 or 5 years of using OS X laptops in multiple locations (eg: private office, large corporate office with shared wifi, more hotels and airports and coffee shops than I can remember) I can't ever recall having this happen to me.

14. windsurfer ◴[12 Jul 11 20:09 UTC] No.2756310{4}[source]
Well actually the result of "running out" of addresses is undefined and up to the individual hardware manufacturer, so theoretically they could do whatever they want. A high-traffic WAP might want to simply boot the oldest lease if they can't assign more than a certain number of addresses.

Keep in mind if aa client wants an IP, it is supposed to do DHCP discovery every time it connects to the network, even if it's lease isn't up. See http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Prot...

15. kelnos ◴[12 Jul 11 20:12 UTC] No.2756322{3}[source]
I ask again: do you have any evidence that this is a problem in practice? I feel like this is something we would have heard about before, via some outraged blog post followed by Apple discussion board postings that get deleted by Apple.

How often do computers send out ARP requests to check on the uniqueness of their IP address? If it's less often than once per second or so (and I really hope it is), I could see how you could get away with having two devices with the same IP for a second here or there with no one the wiser.

replies(2): >>2756952 #>>2757021 #
16. bradleyland ◴[12 Jul 11 20:15 UTC] No.2756333[source]
The DHCP stack in iOS does some profiling that should reliably detect whether it is, in fact, on the network that it expects. The most significant of which is the verification of the DHCP server's Ethernet address as correlated to IP.

If you are on a known network, your DHCP lease is still active, and network equipment is working as expected, all of these assumptions are safe. The most common failure scenario is where the DHCP server has lost its DHCP lease table. For many consumer routers, this will occur when the router is rebooted. If you have to reboot your router frequently, you should replace it. Even if you do encounter a failure mode, the error will clear a second or two later when a new address is negotiated via DHCP and the subsequent ARP update.

This is very clearly a trade-off. Devices like the iPhone and iPad are switched on and off very frequently. The difference between 10s to network ready and 0.3s to network ready is more than significant; it's monumental. This is especially true for devices whose use-pattern will involve frequent on-off usage.

If you're uncomfortable with this trade off, you should stay away from Apple devices. Personally, I'll take the 10s.

replies(2): >>2756511 #>>2756642 #
17. Terretta ◴[12 Jul 11 20:21 UTC] No.2756356{3}[source]
If you're having to reboot the router more often than DHCP leases expire, you may want to look into a new router.
replies(1): >>2756713 #
18. saurik ◴[12 Jul 11 20:52 UTC] No.2756511[source]
Down-thread of this comment, people have already discussed numerous issues with the assumption that DHCP leases are stable when not in use (such as that servers often choose to allocate out of an artificially small pool of addresses, and ping old addresses to determine if they are in use before simply reclaiming and reassigning them).
replies(2): >>2756557 #>>2757434 #
19. bradleyland ◴[12 Jul 11 21:01 UTC] No.2756557{3}[source]
Like I said, if you're uncomfortable with the trade-off, avoid Apple devices. Personally, I only see the number of devices like the iPad/iPhone increasing, and I'm relatively confident that your normal user doesn't give a damn about any of this. They want the device to work when they turn it on.

I'd also argue that any DHCP server that applies that policy of artificially limiting the IP pool by re-issuing non-expired leases is an asinine implementation.

replies(3): >>2756653 #>>2756675 #>>2756909 #
20. pyre ◴[12 Jul 11 21:20 UTC] No.2756642[source]

  > If you have to reboot your router frequently, you
  > should replace it
You are assuming that people will only ever use these devices on networks that they control.
21. pyre ◴[12 Jul 11 21:23 UTC] No.2756653{4}[source]

  > They want the device to work when they turn it on.
If there is a collision, then this doesn't 'just work' when the user turns it on. Just sayin'. From the user's perspective the device should never fail, in any situation, for any reason... ever. Users don't care about trade-offs because they don't want to trade anything off, they want it all, 5 minutes ago.
replies(2): >>2756800 #>>2756920 #
22. jarek ◴[12 Jul 11 21:28 UTC] No.2756675{4}[source]
Well, sure, but the problem is that the Apple device user doesn't suffer from the negative consequences of the non-standard action. Other users do.

Of course people are going to like devices that allow them to cut in line if there is a little bit of space.

replies(1): >>2759193 #
23. jarek ◴[12 Jul 11 21:37 UTC] No.2756713{4}[source]
Ah yes, the Apple solution: just buy a new one. Because that's always an option for everyone, on every network they use.
24. sedev ◴[12 Jul 11 21:48 UTC] No.2756755[source]
I think that you're wrong because, basically, if that 'steal an IP address' scenario happens, it means that the DHCP server has in some way broken its promises. That _happens_ in production environments, but I'd much rather clients use behavior like this, that assumes that a DHCP server will keep its promises about things like lease length, than assume the worst about the DHCP server. The clients should first assume that the server will keep its promises, and only on evidence that it hasn't, seek alternatives.
replies(2): >>2756799 #>>2757700 #
25. jarek ◴[12 Jul 11 21:59 UTC] No.2756799[source]
So here's my understanding of the situation: when a DHCP server runs out of leases to assign, it will kill the oldest (in terms of use) lease. If the device that held the lease is not on, for relevant values of "on", at the time, it will not be notified about this.

The usual (perhaps standard, I'm not sure) process has the device confirming its DHCP lease when coming back on, and in this situation the device would be notified that it can't have the old lease as it's been repurposed, and the server will provide another lease (perhaps after killing some yet another lease).

If this is an Apple device and it behaves in the manner described, after coming back "on" it will not consult DHCP, but rather it will reuse the lease it held previously. If the server has given that lease to another device, the Apple device will butt in, causing an IP conflict. Perversely, the Apple device will shortly discover this, actually do a DHCP request, and switch over with no indication to the user, leaving the other device to wonder why it had an IP conflict and how to handle it.

Is this incorrect in any way?

replies(3): >>2756984 #>>2757020 #>>2757447 #
26. Locke1689 ◴[12 Jul 11 21:59 UTC] No.2756800{5}[source]
This implementation will always work for the Apple device that's connecting.
27. shinratdr ◴[12 Jul 11 22:27 UTC] No.2756909{4}[source]
> Like I said, if you're uncomfortable with the trade-off, avoid Apple devices.

Something tells me Saurik is a tad more invested at this point, it's not really as simple as "avoiding Apple devices" when you are the dev of Cydia.

replies(1): >>2760716 #
28. shinratdr ◴[12 Jul 11 22:30 UTC] No.2756920{5}[source]
> If there is a collision, then this doesn't 'just work' when the user turns it on.

No, it just potentially kicks off another user. I've never been unable to acquire an IP because of this practice, I've just seen other people's wireless mysteriously give up the ghost when I connect with my iPhone or Mac. I would prefer to have the aggressive device, personally.

replies(2): >>2758372 #>>2758849 #
29. to3m ◴[12 Jul 11 22:44 UTC] No.2756952{4}[source]
Where I used to work actually had lots of problems with this. I vaguely recall it coming to a head a while after the iPhone 3G came out and/or about the time various staff members got macs, but I could be wrong. Anyway, it sprang immediately to mind when reading this thread.

It doesn't sound like it would be a big deal, but Windows (and Mac OS X, I've since discovered, mid-7 minute `svn commit'...) just drop the connection if there's an IP conflict. That's actually quite annoying, at the very least. You have to resubmit commits, restart getting latests, your FTP craps out halfway through, file copies go wrong, you lose your remote desktop connection, the code finishes compiling before your web page loads, etc. With any luck, you won't lose any work.

If you don't run your code on the same computer you write it on, you might be less lucky. The debugger craps out and you lose your place, or the file server goes wrong and your code gets an error and stops or whatever while you were in the middle of waiting for it to get somewhere specific. And if you use any home-written tools, they're probably going to be even less resistant to network failures of this nature than the stuff you paid for - which doesn't do a fantastic job in the first place. It all adds up.

Fortunately for me, I wasn't using Remote Desktop all that much, and the device I was working with attached via USB. And I didn't lose any work when the source control just stopped mid-operation. And I could just put headphones on, and block out my colleagues' cries of pain. So maybe that's OK then, and it's no big deal?

I'd like to be able to say what the eventual solution to the problem was, but I don't remember.

30. tzs ◴[12 Jul 11 22:55 UTC] No.2756984{3}[source]
As far as I can see from the RFC and from Googling, there is no mechanism for a DHCP server to take back an IP address before the lease has expired, unless the client explicitly initiates relinquishing the lease.

Once the address is given out, it is the client's for the term of the lease.

replies(2): >>2757027 #>>2757219 #
31. deskamess ◴[12 Jul 11 23:05 UTC] No.2757020{3}[source]
I think your description is correct.

The problem is the impact of the false "ip conflict" that is caused by this optimization. A device that detects an ip conflict should not have to guess whether it is an ip conflict caused by an optimization on another device. As pointed out in other comments an ip conflict can cause other systems to drop existing connections.

No one likes ip conflict notifications, or to have their connections dropped. Play nice. That's all.

replies(2): >>2757170 #>>2757512 #
32. nitrogen ◴[12 Jul 11 23:05 UTC] No.2757021{4}[source]
...do you have any evidence that this is a problem in practice?

When iPhone OS first came out, there was a bit of an uproar on many university campus networks that they were seriously screwing up the behavior of DHCP on networks with a very large number of transient clients.

replies(1): >>2757158 #
33. saurik ◴[12 Jul 11 23:07 UTC] No.2757027{4}[source]
Given that most routers are managing a class C network, and even then have allocated the first 100 addresses for internal use (starting the DHCP pool at .100), this would mean that it would be trivial to DoS any DHCP server in seconds by simply cycling MAC addresses and leasing all of their addresses.

Obviously, this is not realistic, and no one would ever implement a DHCP server that allowed this to happen: it is going to keep track of some fixed number of leases (probably/hopefully as many IP addresses as it is managing) and, when it runs out, it will be forced to reclaim an address from another user.

If anything, the fact that such a mechanism is not specified is simply going to make this "worse", as the specific implementation of how and when the reclamation happens is going to end up as "whatever makes sense to the guy working on that specific DHCP server implementation", and may constitute seemingly random behavior.

replies(2): >>2757164 #>>2757217 #
34. Steko ◴[12 Jul 11 23:54 UTC] No.2757158{5}[source]
http://www.net.princeton.edu/apple-ios/ios41-allows-lease-to...

http://www.net.princeton.edu/apple-ios/ios41-allows-lease-to...

35. brigade ◴[12 Jul 11 23:56 UTC] No.2757164{5}[source]
You don't even need to cycle MAC addresses; just send DHCPDECLINE messages for any address the server gives. DHCP requires that any address that elicits that response from a client MUST be marked unavailable, and provides no provision for it ever becoming available again.

Ignoring the client is the only automatic mechanism DHCP provides for countering this.

You have to remember that DHCP was written back when it was assumed that a competent systems administrator managed the server and could manually respond to running out of available addresses (which was considered a likely sign of misconfiguration), and didn't attempt to specify what to do in the case where it happens.

Not giving out an address and notifying the systems administrator is what the DHCP spec recommends in this case. In fact, section 2.2 claims "The allocation mechanism (the collection of DHCP servers) guarantees not to reallocate that address within the requested time" so any reclamation of IP address on the part of the server is technically in violation of RFC 2131.

replies(1): >>2757260 #
36. rlpb ◴[13 Jul 11 00:00 UTC] No.2757170{4}[source]
The problem is that the DHCP server re-issued a valid lease to a second computer. Surely this is an issue with the DHCP server not playing nice, rather than Apple?
replies(2): >>2757230 #>>2757709 #
37. Locke1689 ◴[13 Jul 11 00:14 UTC] No.2757217{5}[source]
It's trivial to DoS any layer 2 network. This is trivial netsec.
replies(1): >>2757271 #
38. sedev ◴[13 Jul 11 00:15 UTC] No.2757219{4}[source]
That's where I'm at with this. What Jarek describes can happen, but that's a failure case, not the normal-operation case. And as portrayed in the article, the engineers at Apple have accounted for the failure case, so all's well. They simply have made the very reasonable assumption that the DHCP server will normally be operational, not in a crisis state, and that it will honor its contracts as specified in the RFC. How hard is this?
replies(1): >>2757305 #
39. jarek ◴[13 Jul 11 00:20 UTC] No.2757230{5}[source]
Do you feel there is a better, more tolerant, and less error prone course of action the DHCP server could take if it runs out of leases?
replies(1): >>2757499 #
40. saurik ◴[13 Jul 11 00:34 UTC] No.2757260{6}[source]
I'm confused... are you therefore suggesting that this is how people like Linksys should handle this problem? I fully realize that the spec was written in another time, but I don't think tzs did: he is actually citing the spec as a reason why these leases should stay around. When you go to a coffee shop, the router does not and probably should not play a chime when it has run out of DHCP leases, causing the barista to go around the room finding laptops that have been setup incorrectly... the router should, and almost certainly does, just "figure something out", likely by reclaiming addresses.
replies(1): >>2757875 #
41. saurik ◴[13 Jul 11 00:36 UTC] No.2757271{6}[source]
There is a fundamental difference between sitting on the network flooding it (an activity that requires you to actually be connected to the network, although this could of course be a small and difficult to detect device), and sending 256 packets and walking away, content in the knowledge that for the next 24 hours no one will be able to use the network because you own all of the DHCP leases. "This is trivial netsec."
replies(1): >>2757284 #
42. Locke1689 ◴[13 Jul 11 00:41 UTC] No.2757284{7}[source]
I never said flood, I said DoS. I don't think this is on-topic so I'm not going to go in to detail but you should Google ARP spoofing. These tactics are quite trivial and I'm teaching undergrads to do it next year.
replies(1): >>2757298 #
43. saurik ◴[13 Jul 11 00:46 UTC] No.2757298{8}[source]
I was, and continue to be, under the impression that this kind of attack is not possible when an access point has node isolation (a very common feature that even my MiFi router supports, despite it often being turned off in home and even office environments), yet the aforementioned protocol-level DHCP DoS I described would work on any device that implemented the DHCP specification. I therefore fail to see how ARP spoofing is relevant. Remember: we are discussing whether it is a fair belief that any reasonable implementation of DHCP would have implemented the spec as stated.
44. jarek ◴[13 Jul 11 00:48 UTC] No.2757305{5}[source]
There is that principle of "conservative in what you send, liberal in what you accept" on which UNIX and half of the internet was built.
45. rektide ◴[13 Jul 11 01:19 UTC] No.2757385[source]
The Mac's DHCP client is using the router's mac addresses to verify it's on the right network, and it already knows it still holds the lease. What the fuck more do you want? What are you afraid of?

The only conceivable grief you can put forward is that the ARP check isn't good enough. The client already owns the lease. If there's IP contention, it's because either a) it's not on the right network after all (arp check) or b) the server's fucked up and it's the servers fault (dhcp server allocated an IP twice).

Ok, so assuming the DHCP server isn't faulty may be a bit of a stretch. But coding your client to assume the server can do it's job does not deserve an "Ok, seriously?" hurf-burf post.

replies(1): >>2757415 #
46. saurik ◴[13 Jul 11 01:31 UTC] No.2757415[source]
I take it you have not read any of the rest of this thread?... all of the comments about how DHCP in the wild doesn't work that perfectly, or people saying "this happens all the time with my / my wife/friend/boss's Mac"?
47. ◴[13 Jul 11 01:37 UTC] No.2757434{3}[source]
48. rektide ◴[13 Jul 11 01:41 UTC] No.2757447{3}[source]
Please name one or more DHCP server which will knowingly violate a lease it has granted, via "kill the oldest" or any other means.
49. rlpb ◴[13 Jul 11 02:09 UTC] No.2757499{6}[source]
If we are able to modify the DHCP server to do something sensible, why not modify default router settings to issue /16 addresses instead of /24? Or even 10/8? There's plenty of RFC1918 space to not run out.

NAT state tables won't have to stretch that far as they can time out unused connections just like they do already.

Would there be any unintended side-effects with doing this?

If you don't like the NAT, go ahead and issue IPv6 :-)

50. tzs ◴[13 Jul 11 02:14 UTC] No.2757512{4}[source]
This optimization does not cause IP address conflicts. If a DHCP server is not correctly keeping track of lease times and ensuring that addresses already assigned are not reused while the client still has a valid lease, you can get IP conflicts regardless of whether or not their are any Apple devices on the network.
51. tzs ◴[13 Jul 11 02:26 UTC] No.2757534{3}[source]
I don't see how this has anything to do with what Apple is doing. If you reboot the router and it starts issuing addresses from the beginning of its range, it is likely to issue addresses that conflict with the existing leases on the non-Apple computers.

If a DHCP server gives out an address, and then gives it out again before the least has expired or the first client has relinquished it, it is going to cause a conflict no matter who made the clients.

replies(1): >>2757574 #
52. saurik ◴[13 Jul 11 02:43 UTC] No.2757574{4}[source]
Before assigning an address to a client, a DHCP server will ping the address first to make certain someone isn't already using it (this behavior is even documented in the manual page of ISC dhcpd); therefore, it is only clients that join the network and assume their old lease is still valid (sniping it from one of the new clients that accidentally ended up with the IP address that used to be leased) that will cause this behavior.
53. hristov ◴[13 Jul 11 03:49 UTC] No.2757700[source]
Being a dork and a lawyer, I actually looked up the DHCP protocol. This is the relevant part:

"3.7 When clients should use DHCP

   A client SHOULD use DHCP to reacquire or verify its IP address and
   network parameters whenever the local network parameters may have
   changed; e.g., at system boot time or after a disconnection from the
   local network, as the local network configuration may change without
   the client's or user's knowledge.

   If a client has knowledge of a previous network address and is unable
   to contact a local DHCP server, the client may continue to use the
   previous network address until the lease for that address expires.
   If the lease expires before the client can contact a DHCP server, the
   client must immediately discontinue use of the previous network
   address and may inform local users of the problem."
So no there is no indication in the protocol that the clients should assume that the DHCP server will keep its promises after a disconnection from the network. Furthermore, if you use common sense there is no reason to make this assumption in most real life situations. In a coffee house somebody can always trip over the router's cable, for example.
replies(2): >>2757723 #>>2757771 #
54. hristov ◴[13 Jul 11 03:53 UTC] No.2757709{5}[source]
Not really. The DHCP server may have many valid reasons for reissuing a technically valid lease, such as it being restarted and losing its table of valid leases. As I pointed out in a response above, the DHCP protocol makes it clear that devices should re-verify their addresses after waking up.
55. pacala ◴[13 Jul 11 04:01 UTC] No.2757723{3}[source]
The small print in paragraph 2 explicitly allows reusing the previous address until the lease expires.
replies(1): >>2757740 #
56. hristov ◴[13 Jul 11 04:09 UTC] No.2757740{4}[source]
Paragraph 2 only allows this "If a client ... is unable to contact a local DHCP server." Note that in the present example, the client started using its old address before even trying to contact the DHCP server and eventually was able to contact the DHCP server.
replies(1): >>2757894 #
57. rhubarbquid ◴[13 Jul 11 04:25 UTC] No.2757771{3}[source]
It says "SHOULD" not "MUST", so the client can assume the server will keep its promises, it's just not recommended.

    "SHOULD   This word, or the adjective "RECOMMENDED", mean that there
    may exist valid reasons in particular circumstances to ignore a
    particular item, but the full implications must be understood and
    carefully weighed before choosing a different course."
http://www.ietf.org/rfc/rfc2119.txt
replies(1): >>2757785 #
58. hristov ◴[13 Jul 11 04:36 UTC] No.2757785{4}[source]
Yes, I am aware the RFC used should and not must, but nevertheless their recommendation is clear.

And of course if that item is to be ignored "the full implications must be understood and carefully weighed before choosing a different course." Here the implications are that the device may cause other devices to drop their connections, which is a pretty severe implication, imo.

replies(1): >>2757829 #
59. caf ◴[13 Jul 11 05:03 UTC] No.2757829{5}[source]
Note that it doesn't say that such verification has to be done prior to recommencing use of the leased address - just that it should be done. Arguably then the described implementation follows the letter of the recommendation. Your witness, counsel.
60. caf ◴[13 Jul 11 05:27 UTC] No.2757875{7}[source]
There are sensible options available other than violating the leases.

For example, for a highly-used access point, it would make sense to give out only very short leases - say, 10 minutes. That'd support a churn of 25 clients per minute if you're giving out addresses from a /24 (and there's no reason why you couldn't use a smaller netmask, down to /8). It'd also be sensible to ignore a single MAC address once it had more than a handful of outstanding leases.

It doesn't help with a malicious client - but then neither does breaking leases. The malicious client can cause enough address flapping to make the network completely unuseable. You really can't protect a wifi network against a malicious client trying to DoS it - there's a myriad ways to do that apart from DHCP.

61. wnoise ◴[13 Jul 11 05:35 UTC] No.2757894{5}[source]
This could alternately be described as "a client used its old address until it could contact the DHCP server".
62. smutticus ◴[13 Jul 11 06:52 UTC] No.2758088[source]
Both Mac and Windows perform gratuitous iparp before configuring an IP address to ensure no one else is using that IP. This is common really and not that big of a deal.
63. derleth ◴[13 Jul 11 09:31 UTC] No.2758372{6}[source]
> I would prefer to have the aggressive device, personally.

So, by basic game theory, everyone implements 'asshole mode' in their devices. What happens on a technical level when every device behaves like that?

replies(2): >>2758601 #>>2760266 #
64. m_eiman ◴[13 Jul 11 09:33 UTC] No.2758379{5}[source]
I don't think this is true at our office (running a Cisco DHCP server). We get conflicts when putting a device with a static IP in the dhcp range, and I'm almost sure that they respond to ping.
65. zb ◴[13 Jul 11 11:24 UTC] No.2758576[source]
> Ok, seriously? That isn't a bug in an implementation somewhere,

No.

> but in fact a feature that Apple actually is proud of?

Not just Apple, but I imagine also Microsoft and Sun. They were so proud of it that they wrote a standards-track RFC for it: http://www.ietf.org/rfc/rfc4436.txt

And yes, they were aware of this issue:

   One case where DNAv4 does increase the likelihood of an address
   conflict is when:

      o  a DHCP server hands out an address lease,

      o  the host with that lease leaves the network,

      o  the DHCP server is power-cycled or crashes and is rebooted,

      o  the DHCP server, having failed to save leases to stable
         storage, assigns that same address to another host, and

      o  the first host returns and, having a still-valid lease with
         time remaining, proceeds to use its assigned address,
         conflicting with the new host that is now using that same
         address.

   While Section 4 of the DHCP specification [RFC2131] assumes that DHCP
   servers save their leases in persistent storage, almost no consumer-
   grade NAT gateway does so.  Short DHCP lease lifetimes can mitigate
   this risk, though this also limits the operable candidate
   configurations available for DNAv4 to try.
But evidently they thought it was a good trade-off, and I am inclined to agree.
replies(1): >>2760730 #
66. nicolasp ◴[13 Jul 11 11:36 UTC] No.2758601{7}[source]
Router vendors start saving DHCP lease tables to stable storage and the issue is fixed?
67. lucian1900 ◴[13 Jul 11 12:12 UTC] No.2758677[source]
This "feature" has fucked me over so many times! If the DHCP server is configured to be strict, or even a little paranoid, every now and then my macbook would just refuse to connect. I'd have to clear DHCP caches, settings and restart.
68. bradleyland ◴[13 Jul 11 13:21 UTC] No.2758849{6}[source]
You're falsely attributing this behavior to your iPhone/Mac. Keep a couple of things in mind:

* If you have a valid lease, there should be no conflicting IP addresses on the network

* Even if you do have a conflicting IP address, that conflict only exists until the DHCP server issues you a new one (iOS immediately performs the DHCP request after sniffing)

IP conflicts are not voodoo magic. Once the conflicting machine gets a new IP address, everything returns to normal. The network events shown in the article show that this occurs in about 1s; between the time that the interface comes up, 0.3s, and the time the interface is active, 1.3s. If this were a full negotiation, it would take around 5s.

The key thing to remember is that this shouldn't happen at all on healthy networks. So, if anyone chooses to remain opposed to this, they're saying that waiting 10s every time you wake a portable device from sleep and want to use the network connection is a worthwhile tradeoff to accommodate DHCP servers that don't respect leases and switches that can't adequately resolve an ARP entry conflict in a timely manner.

I've said it about ten times in this discussion already, but I'll keep the ten seconds (times 15-20 sleep/wake events per day) and buy decent network equipment.

69. bronson ◴[13 Jul 11 15:12 UTC] No.2759193{5}[source]
Non-standard action? It's standardized by RFC 4436!
replies(1): >>2765597 #
70. shinratdr ◴[13 Jul 11 19:31 UTC] No.2760266{7}[source]
> What happens on a technical level when every device behaves like that?

We start putting battery backup in routers so they won't drop their DHCP tables? This isn't asshole mode, it's "assume the network is functioning properly and hasn't been reset" mode. In the world of portable devices, it's important to look at where we waste time and compensating for errors is a frequent culprit.

71. bradleyland ◴[13 Jul 11 21:14 UTC] No.2760716{5}[source]
I know next to nothing about iOS as it relates to Darwin, but if the DHCP stack is part of Darwin, it'll be OSS, which means someone could patch the DHCP client to not exhibit this behavior.

How many people do you think would install that patch?

* Resolves potential IP conflicts when recovering from sleep

* Adds 10s to network availability in most situations

replies(1): >>2764914 #
72. ◴[13 Jul 11 21:18 UTC] No.2760730[source]
73. shinratdr ◴[14 Jul 11 20:24 UTC] No.2764914{6}[source]
Nobody. For the record I agree with you, I wasn't defending saurik just pointing out that your resolution was inadequate as he is overly invested at this point.
74. philjr ◴[14 Jul 11 23:17 UTC] No.2765597{6}[source]
Not all RFCs are standards. See http://tools.ietf.org/html/rfc1796 entitled "Not all RFCs are standards" :)