Network Traffic Is Routed Incorrectly After a DHCP Address Is Declined (324862)


The information in this article applies to:

  • Microsoft Windows CE .NET 4.0
This article was previously published under Q324862

SYMPTOMS

If an Internet Protocol (IP) address that is offered by the DHCP service is rejected because of an IP conflict, network traffic through a switch may be sent to the wrong port of the switch.

CAUSE

The Windows CE DHCP client checks for IP address conflicts with the IP address that the DHCP server offers by issuing an Address Resolution Protocol (ARP) broadcast that includes the offered address. If an existing computer responds, the DHCP client rejects the offered IP address and sends another ARP broadcast, this time using the media access control (MAC) address of the existing computer. The ARP caches that are held by other computers on the network do not map the rejected IP address to the new computer. Instead, the ARP caches match the IP address to the MAC address of the existing computer. When a network switch exists between the new computer and the existing computer, this ARP that has the spoofed MAC address may cause the switch to route future Ethernet traffic to the network segment of the new client instead of the network segment of the existing computer.

RESOLUTION

A supported fix is now available from Microsoft as Windows CE 4.0 Core OS QFE Q324862. To resolve this problem immediately, search for the keyword "QFE" on the following Microsoft Web site:

http://www.microsoft.com/downloads/

The English version of this package should have the following file attributes or later: 
   Size         File name
   -------------------------------------
   1,301,088    020904_Armv4i_wce40-q324862.exe    
   1,296,992    020904_Armv4t_wce40-q324862.exe    
   1,296,992    020904_Armv4_wce40-q324862.exe    
   1,309,280    020904_Mips16_wce40-q324862.exe    
   1,342,048    020904_Mipsii_fp_wce40-q324862.exe    
   1,342,048    020904_Mipsii_wce40-q324862.exe    
   1,383,008    020904_Mipsiv_fp_wce40-q324862.exe    
   1,378,912    020904_Mipsiv_wce40-q324862.exe    
   1,243,744    020904_Sh3_wce40-q324862.exe    
   1,243,744    020904_Sh4_wce40-q324862.exe    
   1,149,536    020904_X86_wce40-q324862.exe
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date        Time     Size       File name  Platform
   -------------------------------------------------------------
   29-Jul-2002  10:25  1,735,970    Ip.lib    Armv4\Debug
   29-Jul-2002  10:25    143,360    Ip.pdb    Armv4\Debug
   29-Jul-2002  10:14  1,244,092    Ip.lib    Armv4\Retail
   29-Jul-2002  10:14    143,360    Ip.pdb    Armv4\Retail
   29-Jul-2002  11:05  1,738,460    Ip.lib    Armv4i\Debug
   29-Jul-2002  11:05    143,360    Ip.pdb    Armv4i\Debug
   29-Jul-2002  10:55  1,246,324    Ip.lib    Armv4i\Retail
   29-Jul-2002  10:55    143,360    Ip.pdb    Armv4i\Retail
   29-Jul-2002  10:45  1,605,994    Ip.lib    Armv4t\Debug
   29-Jul-2002  10:45    143,360    Ip.pdb    Armv4t\Debug
   29-Jul-2002  10:35  1,222,664    Ip.lib    Armv4t\Retail
   29-Jul-2002  10:35    143,360    Ip.pdb    Armv4t\Retail
   29-Jul-2002  12:06  1,758,188    Ip.lib    Mips16\Debug
   29-Jul-2002  12:06    143,360    Ip.pdb    Mips16\Debug
   29-Jul-2002  11:56  1,132,836    Ip.lib    Mips16\Retail
   29-Jul-2002  11:56    143,360    Ip.pdb    Mips16\Retail
   29-Jul-2002  11:25  1,758,188    Ip.lib    Mipsii\Debug
   29-Jul-2002  11:25    143,360    Ip.pdb    Mipsii\Debug
   29-Jul-2002  11:15  1,244,632    Ip.lib    Mipsii\Retail
   29-Jul-2002  11:15    143,360    Ip.pdb    Mipsii\Retail
   29-Jul-2002  12:26  1,758,428    Ip.lib    Mipsii_fp\Debug
   29-Jul-2002  12:26    143,360    Ip.pdb    Mipsii_fp\Debug
   29-Jul-2002  12:16  1,244,882    Ip.lib    Mipsii_fp\Retail
   29-Jul-2002  12:16    143,360    Ip.pdb    Mipsii_fp\Retail
   29-Jul-2002  11:46  1,811,174    Ip.lib    Mipsiv\Debug
   29-Jul-2002  11:46    143,360    Ip.pdb    Mipsiv\Debug
   29-Jul-2002  11:36  1,286,842    Ip.lib    Mipsiv\Retail
   29-Jul-2002  11:36    143,360    Ip.pdb    Mipsiv\Retail
   29-Jul-2002  12:47  1,811,416    Ip.lib    Mipsiv_fp\Debug
   29-Jul-2002  12:47    143,360    Ip.pdb    Mipsiv_fp\Debug
   29-Jul-2002  12:36  1,287,092    Ip.lib    Mipsiv_fp\Retail
   29-Jul-2002  12:36    143,360    Ip.pdb    Mipsiv_fp\Retail
   29-Jul-2002  09:44  1,483,832    Ip.lib    Sh3\Debug
   29-Jul-2002  09:44    143,360    Ip.pdb    Sh3\Debug
   29-Jul-2002  09:33  1,101,526    Ip.lib    Sh3\Retail
   29-Jul-2002  09:33    143,360    Ip.pdb    Sh3\Retail
   29-Jul-2002  10:04  1,483,238    Ip.lib    Sh4\Debug
   29-Jul-2002  10:04    143,360    Ip.pdb    Sh4\Debug
   29-Jul-2002  09:54  1,097,910    Ip.lib    Sh4\Retail
   29-Jul-2002  09:54    143,360    Ip.pdb    Sh4\Retail
   29-Jul-2002  09:23  1,446,074    Ip.lib    X86\Debug
   29-Jul-2002  09:23    143,360    Ip.pdb    X86\Debug
   29-Jul-2002  09:13  1,023,780    Ip.lib    X86\Retail
   29-Jul-2002  09:13    143,360    Ip.pdb    X86\Retail

MORE INFORMATION

Assume a scenario in which you have a network layout that includes three computers (Computer A, Computer B, and Computer C), a DHCP server, and a network switch. All four computers are connected to separated ports of the switch. The following sequence of events describes the conditions for this problem to occur:
  1. Computer B is assigned a static IP address that is also in the pool of addresses that the DHCP server can issue, for example, 172.100.1.10.
  2. Computer A requests a DHCP address from the DHCP server. It is offered 172.100.1.10.

    Computer A issues an ARP broadcast (a gratuitous ARP) for the address 172.100.1.10 using its own MAC address (aaaa). Computer C may see this ARP and cache the address 172.100.1.10 as belonging to MAC address aaaa.
  3. Computer B responds to the ARP. This reply is done with a unicast, so that only Computer A receives it.
  4. When Computer A receives the ARP reply, it declines the DHCP server's offer of the IP address 172.100.1.10.

    To correct the ARP cache that Computer C has, Computer A issues an ARP with 172.100.1.10, but uses the MAC address of Computer B (bbbb). Computer C sees this ARP and caches the address 172.100.1.10 as belonging to MAC address bbbb.
  5. When the switch sees the MAC address bbbb come in from the network segment in which Computer A is located, it updates its tables to route Ethernet packets that are destined for bbbb to the network segment of Computer A.

    This behavior continues until Computer B sends an Ethernet packet that causes the switch to correct its tables.
The update that is included in this QFE package changes the behavior of the Windows CE network client so that the client that has the existing IP address (Computer B) responds to the ARP with a broadcast. Also, Computer A does not send the spoofed ARP when it gets a broadcast ARP reply. Computer C sees the broadcast from Computer B and its cache is updated, and the switch never receives a packet with Computer B's MAC address from the Computer A network segment.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Modification Type:MinorLast Reviewed:2/2/2006
Keywords:kbbug kbfix kbQFE KB324862
©2004 Microsoft Corporation. All rights reserved.