why is my pi IP spoofing?

[danmcb]

hello,

This may not be strictly a pi-specific issue, but it is happening on my rpi, so here goes. I am fairly new to pi-land but have played around with embedded stuff and networking and so on before.

When I first booted this pi it was on DHCP and grabbed address 192.168.1.3. The I changed it to 192.168.1.212 using /boot/cmdline.txt

I wanted to play around with UDP message sending between it and a linus box I use as a file server. So I ran a couple of perl scripts, one on the pi to send a msg and await a response, and one on the server that sits in a loop waiting for messages, printing them out to console, and replying. (Actually I copied code from here : http://www.perlmonks.org/?node_id=129553 ).

Everything works fine, no probs - except the server reports the pi's ip as 192.168.1.3

Which it isn't, as confirmed by ifconfig.

Somewhat confused, I tried editing /etc/network/interfaces ... same thing. Then I wrote a script on the pi to send the message using python. Same deal.

So why? Why is the old ip address being used to construct the udp packet, not the correct one? What gives?

[danmcb]

I wondered if in fact the problem was at the server, maybe with outdated arp cache or something - but no, I checked with tshark, and the pi really *is* sending that old address. I just don't know why ...

[danmcb]

I guess this is something to do with it ... :

pi@raspberrypi ~/perl/udp $ ip route show table main
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 metric 202


old routing table is supplying source ip address? but why and how to clear it?

[danmcb]

and flushing the routing table did not clear it - the old IP address came right back ...

[RaTTuS]

...
When I first booted this pi it was on DHCP and grabbed address 192.168.1.3. The I changed it to 192.168.1.212 using /boot/cmdline.txt...

don't ?
if you want to fix your IP then the best place to do it is
on the box that supplies the DHCP i.e. your router

[danmcb]

you may be right (though I have been assigning static IPs to linux boxes by editing their config files, usually /etc/networking/interfaces ) without any issue for years, along with millions of others.

But even if you are, that doesn't explain why the pi insists on hanging to an IP address which does not belong to any of its interfaces. Is this a bug in linux itself?

[danmcb]

I guess this could *just* be a bug in the linux kernel? or something to do with the way the code is implemented on RPi?

i really don't have any idea how to find out which, and would appreciate some help in how to find out which. It clearly IS a bug somewhere - there is no way the routing table should contain a source address which does not belong to ANY interface on the machine, right? and this is not a complex example of routing, by any means.

[rpdom]

you may be right (though I have been assigning static IPs to linux boxes by editing their config files, usually /etc/networking/interfaces ) without any issue for years, along with millions of others.

It seems that the interfaces file is no longer the way networks are configured in Linux...

But even if you are, that doesn't explain why the pi insists on hanging to an IP address which does not belong to any of its interfaces. Is this a bug in linux itself?

Unless you haven't disabled dhcp...

[danmcb]

pi@raspberrypi ~ $ cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.212
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
network 192.168.1.0

#auto wlan0
#allow-hotplug wlan0
#iface wlan0 inet manual
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

#auto wlan1
#allow-hotplug wlan1
#iface wlan1 inet manual
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

[danmcb]

"It seems that the interfaces file is no longer the way networks are configured in Linux..."

source? and, then, what *should* the file contain, and where *should* the static entry be defined?

and even so, this *still* does not explain:

pi@raspberrypi ~ $ ip route
default via 192.168.1.1 dev eth0 metric 202
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.3 metric 202

(which has survived "sudo ip route flush ..." and a reboot).

[rpdom]

/etc/network/interfaces

Code: Select all

auto lo
iface lo inet loopback

auto eth0
allow-hotplug eth0
iface eth0 inet manual

/etc/dhcpcd.conf

Code: Select all

(lots of existing stuff)

interface eth0
static ip_address=192.168.1.212/24
static routers=192.168.1.1

[hippy]

you may be right (though I have been assigning static IPs to linux boxes by editing their config files, usually /etc/networking/interfaces ) without any issue for years, along with millions of others.

A typical Pi these days doesn't only get its IP address through /etc/networking/interfaces and it is possible to end up with multiple IP addresses, DHCP and static. I would guess this is what is happening here.

If you simply change /etc/networking/interfaces to give a static IP then dhcpcd will probably still get a DHCP assigned address as well.

[rpdom]

And for what it's worth, I'm not too keen on the switch either. Things "just worked" the old way. I could put post/pre-up/down hooks into things and script all sorts of stuff which depended on which network I was connected to (if any).

[danmcb]

Thank you! That did do it.

interfaces - that's how it was before I changed it, trying to fix this.

I had to *add* the entry you suggested at the end of the dhcp config file, which had no reference to eth0 at all.

The issue didn't clear with restarting networking, but it did after a re-boot.

Any which way, this is a bug - it is simply illogical for a box to end up in a state where src ip's are in the system which do not belong to any interface - that's just inconsistent. And the issue actually arose after I set the static ip by editing *only* /boot/cmdline.txt - which seems to be the generally accepted way of doing things.

Why the hell people mess with things that work and screw them up instead of improving them ... but never mind, at least it is now fixed. Thanks again!

[Aydan]

And the issue actually arose after I set the static ip by editing *only* /boot/cmdline.txt - which seems to be the generally accepted way of doing things.

That's where you are wrong.
cmdline.txt is only used so you can do a headless setup with a known IP. Afterwards you should use /etc/network/interfaces for wheezy (sysvinit) and /etc/dhcpd.conf for jessie (systemd)

Regards
Aydan

[danmcb]

OK, thanks.

I'd like to say that that makes things more clear, but ... well ...

In the end who really cares which file you edit, so long as it is logical, consistent, and only done in one place? Oh well ...

Anyway I see that this has been discussed before plenty of times. Is this actually a Debian issue or a Pi issue? because at some time I guess I will be updating other Linux boxes I have - it's good to know.

[danmcb]

referring to rhdom's sample code above - the following addition to /etc/dhcpcd.conf seems a little bit simpler and also stops the issue (for the benefit of future finders of this thread):

denyinterfaces eth0

thanks!

EDIT! NO, this is wrong, and rhdom is right. When you do things this way you want to specify the gateway in dhspcd.conf as suggested. You may also want to add dns servers in here like this:
interface eth0
static ip_address=192.168.1.212/24
static routers=192.168.1.1
static domain_name_servers=8.8.8.8 8.8.8.4

[hippy]

Afterwards you should use /etc/network/interfaces for wheezy (sysvinit) and /etc/dhcpd.conf for jessie (systemd)

This issue applies to both Wheezy and Jessie if dhcpcd is being used. It is not a systemd issue.

[Aydan]

Afterwards you should use /etc/network/interfaces for wheezy (sysvinit) and /etc/dhcpd.conf for jessie (systemd)

This issue applies to both Wheezy and Jessie if dhcpcd is being used. It is not a systemd issue.

Actually if I remember correctly it's a NetworkManager issue.

Regards
Aydan