Re: NM 1.20.4 on port 68

From: Louis Garcia <louisgtwo gmail com>
Cc: networkmanager-list gnome org
Subject: Re: NM 1.20.4 on port 68
Date: Mon, 28 Oct 2019 12:21:22 -0400

enp1s0 is my wan interface. I do not want to introduce a point of attack. I do have a firewall in place. Why is NM listening at all? It just needs to ask the dhcp server for an address.

-Thanks

On Mon, Oct 28, 2019 at 11:46 AM Thomas Haller <thaller redhat com> wrote:

On Mon, 2019-10-28 at 10:53 -0400, Louis Garcia via networkmanager-list
wrote:
> Just upgraded to NM 1.20 and notice NM is listening on port 68.
>
> $ ss -tulpn
> udp UNCONN 0 0 0.0.0.0:67
> 0.0.0.0:* users: "dhcpd",pid=608,fd=11))
> udp UNCONN 0 0 165.270.73.136%enp1s0:68
> 0.0.0.0:* users:(("NetworkManager",pid=490,fd=20))
>
> enp1s0 is set to automatic (DHCP) addresses only. NM 1.18 had the
> same setup and did not show up on netstat. Is this new?
>
> Thanks.

This is DHCP.

If you use main.dhcp=dhclient, then DHCP will be done by a different
process, and NM won't listen this socket. Maybe you had that in 1.18?

Also, AFAIK dhclient doesn't use a UDP socket, instead it always uses a
raw socket. NetworkManager's DHCP library (which is taken from systemd-
networkd) uses a UDP socket when possible.

best,
Thomas

References:
- NM 1.20.4 on port 68
  - From: Louis Garcia
- Re: NM 1.20.4 on port 68
  - From: Thomas Haller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]