Microsoft KB Archive/324862

= Network Traffic Is Routed Incorrectly After a DHCP Address Is Declined =

Article ID: 324862

Article Last Modified on 2/2/2006

-

APPLIES TO


 * Microsoft Windows CE .NET 4.0

-



This article was previously published under Q324862



SYMPTOMS
If an Internet Protocol (IP) address that is offered by the DHCP service is rejected because of an IP conflict, network traffic through a switch may be sent to the wrong port of the switch.



CAUSE
The Windows CE DHCP client checks for IP address conflicts with the IP address that the DHCP server offers by issuing an Address Resolution Protocol (ARP) broadcast that includes the offered address. If an existing computer responds, the DHCP client rejects the offered IP address and sends another ARP broadcast, this time using the media access control (MAC) address of the existing computer. The ARP caches that are held by other computers on the network do not map the rejected IP address to the new computer. Instead, the ARP caches match the IP address to the MAC address of the existing computer. When a network switch exists between the new computer and the existing computer, this ARP that has the spoofed MAC address may cause the switch to route future Ethernet traffic to the network segment of the new client instead of the network segment of the existing computer.



RESOLUTION
A supported fix is now available from Microsoft as Windows CE 4.0 Core OS QFE Q324862. To resolve this problem immediately, search for the keyword &quot;QFE&quot; on the following Microsoft Web site:

http://www.microsoft.com/downloads/

The English version of this package should have the following file attributes or later:   Size         File name -  1,301,088    020904_Armv4i_wce40-q324862.exe 1,296,992   020904_Armv4t_wce40-q324862.exe 1,296,992   020904_Armv4_wce40-q324862.exe 1,309,280   020904_Mips16_wce40-q324862.exe 1,342,048   020904_Mipsii_fp_wce40-q324862.exe 1,342,048   020904_Mipsii_wce40-q324862.exe 1,383,008   020904_Mipsiv_fp_wce40-q324862.exe 1,378,912   020904_Mipsiv_wce40-q324862.exe 1,243,744   020904_Sh3_wce40-q324862.exe 1,243,744   020904_Sh4_wce40-q324862.exe 1,149,536   020904_X86_wce40-q324862.exe The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date        Time     Size       File name  Platform -  29-Jul-2002  10:25  1,735,970    Ip.lib    Armv4\Debug 29-Jul-2002 10:25    143,360    Ip.pdb    Armv4\Debug 29-Jul-2002 10:14  1,244,092    Ip.lib    Armv4\Retail 29-Jul-2002 10:14    143,360    Ip.pdb    Armv4\Retail 29-Jul-2002 11:05  1,738,460    Ip.lib    Armv4i\Debug 29-Jul-2002 11:05    143,360    Ip.pdb    Armv4i\Debug 29-Jul-2002 10:55  1,246,324    Ip.lib    Armv4i\Retail 29-Jul-2002 10:55    143,360    Ip.pdb    Armv4i\Retail 29-Jul-2002 10:45  1,605,994    Ip.lib    Armv4t\Debug 29-Jul-2002 10:45    143,360    Ip.pdb    Armv4t\Debug 29-Jul-2002 10:35  1,222,664    Ip.lib    Armv4t\Retail 29-Jul-2002 10:35    143,360    Ip.pdb    Armv4t\Retail 29-Jul-2002 12:06  1,758,188    Ip.lib    Mips16\Debug 29-Jul-2002 12:06    143,360    Ip.pdb    Mips16\Debug 29-Jul-2002 11:56  1,132,836    Ip.lib    Mips16\Retail 29-Jul-2002 11:56    143,360    Ip.pdb    Mips16\Retail 29-Jul-2002 11:25  1,758,188    Ip.lib    Mipsii\Debug 29-Jul-2002 11:25    143,360    Ip.pdb    Mipsii\Debug 29-Jul-2002 11:15  1,244,632    Ip.lib    Mipsii\Retail 29-Jul-2002 11:15    143,360    Ip.pdb    Mipsii\Retail 29-Jul-2002 12:26  1,758,428    Ip.lib    Mipsii_fp\Debug 29-Jul-2002 12:26    143,360    Ip.pdb    Mipsii_fp\Debug 29-Jul-2002 12:16  1,244,882    Ip.lib    Mipsii_fp\Retail 29-Jul-2002 12:16    143,360    Ip.pdb    Mipsii_fp\Retail 29-Jul-2002 11:46  1,811,174    Ip.lib    Mipsiv\Debug 29-Jul-2002 11:46    143,360    Ip.pdb    Mipsiv\Debug 29-Jul-2002 11:36  1,286,842    Ip.lib    Mipsiv\Retail 29-Jul-2002 11:36    143,360    Ip.pdb    Mipsiv\Retail 29-Jul-2002 12:47  1,811,416    Ip.lib    Mipsiv_fp\Debug 29-Jul-2002 12:47    143,360    Ip.pdb    Mipsiv_fp\Debug 29-Jul-2002 12:36  1,287,092    Ip.lib    Mipsiv_fp\Retail 29-Jul-2002 12:36    143,360    Ip.pdb    Mipsiv_fp\Retail 29-Jul-2002 09:44  1,483,832    Ip.lib    Sh3\Debug 29-Jul-2002 09:44    143,360    Ip.pdb    Sh3\Debug 29-Jul-2002 09:33  1,101,526    Ip.lib    Sh3\Retail 29-Jul-2002 09:33    143,360    Ip.pdb    Sh3\Retail 29-Jul-2002 10:04  1,483,238    Ip.lib    Sh4\Debug 29-Jul-2002 10:04    143,360    Ip.pdb    Sh4\Debug 29-Jul-2002 09:54  1,097,910    Ip.lib    Sh4\Retail 29-Jul-2002 09:54    143,360    Ip.pdb    Sh4\Retail 29-Jul-2002 09:23  1,446,074    Ip.lib    X86\Debug 29-Jul-2002 09:23    143,360    Ip.pdb    X86\Debug 29-Jul-2002 09:13  1,023,780    Ip.lib    X86\Retail 29-Jul-2002 09:13    143,360    Ip.pdb    X86\Retail



MORE INFORMATION
Assume a scenario in which you have a network layout that includes three computers (Computer A, Computer B, and Computer C), a DHCP server, and a network switch. All four computers are connected to separated ports of the switch. The following sequence of events describes the conditions for this problem to occur:
 * 1) Computer B is assigned a static IP address that is also in the pool of addresses that the DHCP server can issue, for example, 172.100.1.10.
 * 2) Computer A requests a DHCP address from the DHCP server. It is offered 172.100.1.10.

Computer A issues an ARP broadcast (a gratuitous ARP) for the address 172.100.1.10 using its own MAC address (aaaa). Computer C may see this ARP and cache the address 172.100.1.10 as belonging to MAC address aaaa.
 * 1) Computer B responds to the ARP. This reply is done with a unicast, so that only Computer A receives it.
 * 2) When Computer A receives the ARP reply, it declines the DHCP server's offer of the IP address 172.100.1.10.

To correct the ARP cache that Computer C has, Computer A issues an ARP with 172.100.1.10, but uses the MAC address of Computer B (bbbb). Computer C sees this ARP and caches the address 172.100.1.10 as belonging to MAC address bbbb.
 * 1) When the switch sees the MAC address bbbb come in from the network segment in which Computer A is located, it updates its tables to route Ethernet packets that are destined for bbbb to the network segment of Computer A.

This behavior continues until Computer B sends an Ethernet packet that causes the switch to correct its tables.

The update that is included in this QFE package changes the behavior of the Windows CE network client so that the client that has the existing IP address (Computer B) responds to the ARP with a broadcast. Also, Computer A does not send the spoofed ARP when it gets a broadcast ARP reply. Computer C sees the broadcast from Computer B and its cache is updated, and the switch never receives a packet with Computer B's MAC address from the Computer A network segment.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kbbug kbfix kbqfe KB324862

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.