Hi,

I just installed OpenWRT. Works great, but I am not sure of the best way to get dhcpd running on it. I installed the florian dhcpd package, but the daemon gives me the ol' "protocol not available" message. It needs certain kernel options (CONFIG_PACKET and CONFIG_FILTER). Is there a way to cross compile a custom kernel?

-matthew

*cough* dnsmasq
*cough* already installed.
*cough* look at /etc/dnsmasq.conf

Well heck, they don't have to hide it like that! :-)

Out of curiosity though, if I had wanted to run ISC dhcpd (which I don't now since dnsmasq provides all the functionalty that i need), how would I go about doing that? If noting else, perhaps this thread could serve as a reference for someone.

-matthew

For reference:

There's a broken isc dhcpd package somewhere. It's broken, don't use it. There is also a broken udhcpd package somewhere. Dnsmasq will suit most people. If like me, the dnsmasq dns doesn't suit you, set the dnsmasq dns server to run on port 5353.

By the way: on my Experimental system (release of March 28), dnsmasq (both the original version 2.20 and its update 2.22) seems to malfunction unless it's run as root. e.g., by passing it the "-u root" parameter or the "-d" option. In particular:

- /etc/ethers seems to be ignored
- dns forwarding doesn't work

The permissions seems to be all OK (besides, I assume that the configuration files are read, and the dhcp.leases file created, before dropping root privilege):

root@OpenWrt:~# ls -l /etc/dnsmasq.conf
-rw-r--r--    1 root     root          652 Jun  1 17:17 /etc/dnsmasq.conf
root@OpenWrt:~# ls -l /etc/ethers
-rw-r--r--    1 nobody   root           63 Jun  1 16:41 /etc/ethers

Has anyone noticed similar problems?

Enzo

I certainly get a read-ethers problem, & so does Horst

http://openwrt.org/forum/viewtopic.php?id=1640

Try appending "-u root" to the command line in /etc/init.d/S50dnsmasq:

#!/bin/sh
/usr/sbin/dnsmasq -u root

Then do a "killall dnsmasq" and "/etc/init.d/S50dnsmasq". It fixed it to me (why it did, is another story...)

Enzo

Hi,

can anyone tell me a way to actually activate CONFIG_PACKET and CONFIG_FILTER? I found the options in linux.config and set them, but my changes seem to get overwritten during build process.

Any hints?

Are there any notable security concerns running dnsmasq as root?

Generally speaking, any daemon running as root represents a chance for an attacker to exploit some still unknown security hole (typically, a chance for a buffer overflow somewhere) in order to run malicious code with superuser privilege, and take over the machine. But the real question is: why does dnsmasq malfunction if it is not run as root, despite the fact that the resources it needs (like the /etc/ethers file) are world-readable? And, as I said in another thread, starting from early June I began to see the same syndrome also with Asterisk, for which I had written a startup file to run it as user "asterisk" rather than "root". Weird...

One day or another I'll have to overcome my laziness and build a non-stripped binary of dnsmasq, and then debug it remotely with gdbserver on the OpenWRT and gdb on a Linux host... It is likely that some open() or read() fail, and the returned error code should shed some light on what's actually going on.

Enzo