Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bug Forces Android Devices Off Princeton Campus Network

Posted by Soulskill on from the your-computer-is-broadcasting-an-ip-address dept.

pmdubs writes "A major bug in the Android DHCP implementation has forced network administrators to (effectively) ban the use of such devices on the Princeton campus. In the last few months, Princeton has had to kick more than 400 Android devices off the campus network for using IP addresses well beyond the allotted DHCP lease (to the detriment of other users), sending invalid DHCPREQUEST messages after lease expiration, and a variety of other wacky behaviors. The link provides a clearly documented explanation of the buggy behavior, as does this largely neglected bug report. Without doubt, this buggy behavior is affecting other, less vigilant networks, and disrupting Wi-Fi traffic for Android and non-Android devices alike."

41 of 309 comments (clear)

  1. WTF? by killmenow · · Score: 5, Insightful

    Why in the name of all that is GNU would Android re-implement a DHCP client when every Linux system since forever has had good DHCP client support already there?

    Did Google decide to implement their own IP layer entirely?

    1. Re:WTF? by klingens · · Score: 4, Interesting

      If they didn't, It'd be harder to pull stunts like closing the Honeycomb source.

      Android uses the Linux kernel, nothing more that is GPLed. Even their libc is developed inhouse. Tho, dhcp-client by ISC has a very permissive license. Little bit of advertising, that's all. Closing the source is allowed.

    2. Re:WTF? by teh31337one · · Score: 3, Interesting

      If they didn't, It'd be harder to pull stunts like closing the Honeycomb source.

      They haven't closed the source, they're delaying the source because they're worried about the user experience when it inevitably gets ported to a phone. At the moment, honeycomb is designed to work on 1280x800 screen res devices, and that's it. They''ll release the source when it's ready.

    3. Re:WTF? by Swampash · · Score: 3, Insightful

      They haven't closed the source, they're delaying the source because they're worried about the user experience when it inevitably gets ported to a phone.

      So they've closed the source then?

      When it has been released THEN it will be open. Until then it's closed.

    4. Re:WTF? by Anonymous Coward · · Score: 2, Informative

      They've closed the source of Honeycomb (I think this is where the GP misread him) but to date not Android. Remember that Honeycomb is a tablet-only fork. Real Android devices haven't been affected by the closure... and hopefully will stay that way (2.4 at least should be open).

    5. Re:WTF? by xouumalperxe · · Score: 2

      They haven't closed the source though. They just haven't opened it up yet (which is completely different)

    6. Re:WTF? by Speare · · Score: 2

      If users have the hardware (Xoom, et al), they're using the software; if the software is GPL'd, the users have the right to the source code. Whether it's Google or Motorola, the case is the same: they're in violation of the license if they haven't made source available for GPL'd software that users are using.

      --
      [ .sig file not found ]
    7. Re:WTF? by NilesDonegan · · Score: 2

      From the same:

      "On July 15 2010, Apple released iOS 3.2.1 (build 7B405) for iPad (first generation). We verified that iOS 3.2.1 does not exhibit this bug."

    8. Re:WTF? by Wrath0fb0b · · Score: 2

      Why in the name of all that is GNU would Android re-implement a DHCP client when every Linux system since forever has had good DHCP client support already there?

      It's not clear that the Linux DHCP client would play nice with the power-management shininess that Google bolted on to Android (and were never accepted into the kernel mainline). This is bolstered by the fact that the steps for reproducing the issue involved connecting to wifi, letting the device lock/sleep and observing wonkiness when it wakes up (search for 'STEPS TO REPRODUCE THE BEHAVIOR' in the OP, I don't want to copypasta too much).

      My guess is that the lion's share of the issues have to do with timers that are not sleep-safe or other subtle timing issues and not with the DHCP client logic itself. Soft-realtime plus sleepy CPUs often means screwups of this sort.

    9. Re:WTF? by Tharsman · · Score: 3, Informative

      Someone needs to read the links they post. Your linked article clearly states it was promptly fixed.

    10. Re:WTF? by inode_buddha · · Score: 3, Informative

      False. Torvalds himself has clarified this many times. "Mere aggregation" as defined in the GPL is explicitly allowed, and your user-space closed source binary can make use of public kernel syscalls all day.

      --
      C|N>K
    11. Re:WTF? by macslas'hole · · Score: 2

      Not at all accurate. Nothing requires changes to BSD licensed code to be also BSD licensed. Moreover, you, as the licensee, have no ability to close the original. Also, your use of Apple as an example fails to support your claim, see http://www.opensource.apple.com/.

      --
      Life's a tale told by an idiot, full of sound and fury, signifying nothing.
    12. Re:WTF? by inode_buddha · · Score: 3, Insightful

      I *know* that. Linus himself consulted with the FSF's lawyers on the matter. And no, the kernel is not a fundamental piece of the whole as long as it isn't directly linked into the resulting binary.

      If what you were saying was true then linux distros such as Red Hat would not be legally possible, let alone SuSE. Otherwise how do you think they manage to legally include all those closed-source drivers?

      What about running a closed-source Adobe reader on that kernel? Does the reader now need to be open?

      And excuse me but I've damn near memorized the GPL. I've been in this game since like 1996, including reading every single work on Groklaw. Literally.

      --
      C|N>K
    13. Re:WTF? by asdfghjklqwertyuiop · · Score: 2

      I know. It's not as if they built android on a heap of other people's open source work or anything, right?

    14. Re:WTF? by Tharsman · · Score: 2

      OK since you want to pretend you are reading, yet not even clicking in the link that notes it, the link you post clearly states this:

      Princeton University reported the bug to Apple, and worked with Apple to resolve the issue. Apple fixed this bug as of iOS 3.2.1 on the Apple iPad® (first generation). (Note that Apple's fix introduced a new bug, described in iOS 3.2.1 - 4.0.2 Requests a DHCP Lease Too Often.)

      If you bother following the link:

      Princeton University has reported the bug to Apple, and is working with Apple to resolve the issue.

      We have not yet tested iOS 4.3.2 for this bug.

      Right now, there is no note if it's still happening in the last build, but even if it is, the writer of that post is the some one that not only did tell apple about it (as you suggested someone should) but also actively worked with Apple to get both bugs fixed. More that can be told about a forgotten bug report in Google's database that wont get addressed unless it starts getting bad press.

    15. Re:WTF? by mdielmann · · Score: 2

      Technically, under any GPL license, if you haven't released the product, then you don't have to release the source. Depending on the wording of their contracts when they released test versions, the whole thing could be GPL (any version) and still be compliant.

      Another way to say it is: They will (or may) release the source when they release the binaries.

      And for the car analogy. This is akin to getting angry at Ford for not selling 2013 cars in South America. They aren't selling them anywhere! Which, yes, includes South America.

      --
      Sure I'm paranoid, but am I paranoid enough?
  2. Funny link! by Tsingi · · Score: 2
    The first link in this article causes NoScript to complain about a script attempting to access local LAN resources.

    # Prevent Internet sites from requesting LAN resources. Site LOCAL Accept from LOCAL Deny

    Anyone care to comment on what that is all about?

    1. Re:Funny link! by DrgnDancer · · Score: 4, Interesting

      iPrism (my company's nanny of choice), blocks the site as an annonymiser. And what the hell kinda URL *is* net.princeton.edu.nyud.net anyway?

      Here's the link to Princeton's web site: http://www.net.princeton.edu/android/android-stops-renewing-lease-keeps-using-IP-address-11236.html

      And it appears the iPad has a similar problem: http://www.lockergnome.com/blade/2010/04/16/princeton-explains-network-issues-for-ipad-users-and-has-banned-the-devices/

      Odd that they're both doing something so similar. Wonder if they use the same base DHCP code.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    2. Re:Funny link! by dirtyhippie · · Score: 2

      iPrism (my company's nanny of choice), blocks the site as an annonymiser. And what the hell kinda URL *is* net.princeton.edu.nyud.net anyway?

      It's a cache. See http://en.wikipedia.org/wiki/Coral_Content_Distribution_Network

    3. Re:Funny link! by DrgnDancer · · Score: 2

      Yeah I realized after I posted that the iPad thing was a year old, but once again inability to edit Slashdot posts left me with slightly incorrect information in a post. I'd be perfectly OK, with editing clearing positive moderation for the ability to make changes to reflect new information.

      --
      I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
    4. Re:Funny link! by richlv · · Score: 2

      that's coral cache - in case the site would get slashdotted, or just to be nice to site owners, story submitter (or editor) used cache links instead

      --
      Rich
  3. Interesting problem by erroneus · · Score: 2

    From the description in the bug report, it sounds like certain services (dhcp client I should think) are halted or disabled. It seems to restart when web browsing activity is initiated. This seems to indicate that it was halted when the machine was initially locked -- my guess would be to save battery. After all, DHCPing all the time would burn battery.

    I wonder what the best solution would be? When locking to release the DHCP lease before suspending the DHCP client? I wonder if my Vibrant has the same issue?

    1. Re:Interesting problem by Overzeetop · · Score: 3, Interesting

      No, the restart sequence should check a timer to determine if the initial lease has expired, and renegotiate a new IP from the server if necessary. Assuming that when you wake up that the lease still exists without checking would certainly cause problems. It's not a case that would normally get tested as it requires a large down time to accomplish, and yuo won't encounter that with normal sleep-to-wake test cycles.

      --
      Is it just my observation, or are there way too many stupid people in the world?
    2. Re:Interesting problem by Wannabe+Code+Monkey · · Score: 4, Informative

      From the description in the bug report, it sounds like certain services (dhcp client I should think) are halted or disabled. It seems to restart when web browsing activity is initiated. This seems to indicate that it was halted when the machine was initially locked -- my guess would be to save battery. After all, DHCPing all the time would burn battery.

      I wonder what the best solution would be? When locking to release the DHCP lease before suspending the DHCP client? I wonder if my Vibrant has the same issue?

      Actually, the report specifically states that this bug should not be classified as a problem with DHCP when sleeping. The Princeton guy did extensive testing and found that even with active use, the device fails to renew the lease and continues using the IP after the lease has expired.

      --
      We always knew Comcast was corrupt, here's the proof: http://tech.slashdot.org/comments.pl?sid=1909890&cid=34545432
    3. Re:Interesting problem by CharlyFoxtrot · · Score: 2

      Funny, seems like the same group reported that iOS has had the same problem: http://www.net.princeton.edu/announcements/ipad-iphoneos32-stops-renewing-lease-keeps-using-IP-address.html

      Wonder why only Android was mentioned for this story?

      Because the iOS DHCP issue was fixed in August 2010 when iOS 4.1 came out probably. Maybe your question should be why Android fell into the same trap when iOS' problem was well publicized ?

      --
      If all else fails, immortality can always be assured by spectacular error.
  4. and it will never be fixed by Anonymous Coward · · Score: 5, Interesting

    oh, google will fix it. But there will be carriers who will never roll those fixes out to their users.

    1. Re:and it will never be fixed by pauljlucas · · Score: 2

      And this is, IMHO, one huge benefit to owning an iPhone instead: you get your updates directly from Apple, bypassing the carriers.

      --
      If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
    2. Re:and it will never be fixed by molo · · Score: 3, Informative

      Only if you use iTunes, which doesn't run on any libre OS.

      -molo

      --
      Using your sig line to advertise for friends is lame.
    3. Re:and it will never be fixed by ArsonSmith · · Score: 3, Funny

      That was why I went from Linux->OSX->now Windows 7. OSX is a joke. All the freedom of windows and all the off the shelf software of Linux.

      --
      Paying taxes to buy civilization is like paying a hooker to buy love.
  5. causing Wifi router issues at home too? by Maow · · Score: 2

    I've had to reboot my WBR-2310 fairly often as my Android phone loses ability to see the router to connect to it.

    I moved the DHCP server to my Linux box and it seemed to help, but have since had to reboot router occasionally.

    I wonder if it's related.

    Also, good work Princeton, this impressed me, from TFA:

    Why Haven't Other Sites Reported This Particular Issue?

    Some may wonder why only Princeton has reported this problem. Some may believe that because other sites are not reporting it, the problem must be due to a problem with Princeton's network.

    Princeton detected this issue because we take a very pro-active stance to monitor for certain kinds of common network problems, including this one. Our network monitoring includes comparing actual IP address usage to DHCP server lease assignments on a daily basis. This allows us to detect some devices using IP addresses not assigned for their use. This is a degree of monitoring that many sites do not perform. We also monitor our DHCP servers very closely for any problems they detect, including when they see DHCP-leased IP addresses in-use when they should not be, or when a client tries to SELECT an offer that was not made to it, or when a client tries to renew or rebind an IP address after the client's lease on that IP address has already expired.

    --
    Salon Kill File: required for reading Salon.com Letters section:
    http://salon.maow.net/

  6. Re:Hurray OpenSource! by Karlt1 · · Score: 2

    Yeah because we all know how good that Android OEMs are about releasing timely updates.

  7. Re:Hoax? by Chaos+Incarnate · · Score: 2

    The link is Coral Cached, presumably in an attempt to prevent a slashdotting.

    --
    Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
  8. Re:Hoax? by DavidRawling · · Score: 3, Insightful

    They do own princeton.edu. You'd expect someone with a 5-digit /. ID to know that. And to be able to figure out from the hundreds of similar past links in articles, that nyud.net is a distributed caching service.

  9. Re:Nice flamebait article by Florian+Weimer · · Score: 4, Interesting

    Apple had a similar issue:

    http://www.net.princeton.edu/announcements/ipad-iphoneos32-stops-renewing-lease-keeps-using-IP-address.html

    At this point, one has to wonder what Princeton is doing on their network that they keep uncovering such bugs.

  10. OIT sucks by Anonymous Coward · · Score: 3, Informative

    Princeton may well be one of the leading academic institutions in the country, but I've taken it as axiomatic that the more prestigious an institution is the more backward its technology is going to be. For instance, at Firestone Library, the chief repository for literature-related material on campus, there is no electronic gate for entry and exit -- a desk guard checks your ID when you go in and searches your bag when you go out. Many projectors on campus max out at an anemic 800x600 resolution, a fact that has caused problems for me at two different presentations. Site licensing policy is weird and inconsistent (there are no fewer than three different kinds of Windows licenses you can get from the software repository).

    I don't know if it's the archaic technology they're responsible for maintaining or some other cause, but the Office of Information Technology is full of power-hungry knee-biters who have made it their life's mission to sniff out every errant packet, every mistimed request, every misconfigured network adapter, and God help the poor sap whose device is unwittingly responsible for one of these infractions. The banhammer's wrath is terrible, its retribution swift. You never see it coming because OIT bans first and sends nastygrams later, or not at all, and when you call them to inquire why your Internet connection is suddenly nonexistent they give you this explanation of their rationale that somehow always ends up sounding like the narrative of a Carmen Sandiego investigation. Oh, and you play the part of the VILE agent. You're always knowingly guilty. Yeah, my wife installed VMware Fusion on her Mac to cause trouble for the netizens of Princeton. She was totally aware that VMnet was slightly misconfigured and was occasionally sending invalid packets to her subnet. It was all part of her nefarious plan to shut down the university network for some inadequately explored reason.

    I'm posting this anonymously because for all I know some overzealous git at OIT (which is Princetonese for KGB) reads Slashdot and Lord knows their admins are happy to ban you from the network for any reason they can conjure up out of thin air. Better yet, if you get banned from the network enough times for seemingly innocuous misbehavior by your gadgets they can cite you for academic misconduct. Plagiarism? Bought an Android phone? Same difference.

    It is possible to describe OIT's hypomanic "kill all DHCP miscreants" approach as "vigilant." It is also possible to describe it as "total overkill." I haven't yet heard of any major university or corporate network being blown up by sleeper cells (har har) of terroristic smartphones.

    In short, Princeton OIT is like the Civil Protection of information technology outfits: they protect the network from its users. Small wonder that I sometimes feel like picking up a crowbar and causing some anarchy for them...

  11. Re:Hurray OpenSource! by e70838 · · Score: 2

    The last time I have reported a Google bug on slashdot, it has been corrected very quickly.
    This may be the new procedure: report a bug to google and if it is not corrected quickly enough, advertise on slashdot.

  12. Re:Wut? by Rich0 · · Score: 2

    Agreed. I wonder how many serious security bugs users of the original direct-from-Google ADP are exposed to, because Google refuses to release updates for a phone they sold retail not much more than a year ago (right up until the release of the N1 I believe, which is only a little over a year old).

    People bash other vendors for not supporting android hardware but tend to favor Google since they have supported the N1 with all of their updates quickly, but they forget that the N1 is not first android phone that Google sold. Google stopped releasing security updates for the ADP as soon as they released the N1 - the last update of any kind for the ADP was Android 1.6, which came out the summer before they stopped selling the phone.

    I'll take android over Apple any day - but only if I can root the phone, and use a mostly-open-source distribution. For all of its issues at least Apple supports their hardware, and even they pale in comparison to Microsoft which still provides security updates Windows XP.

    Not releasing security patches for an always-connected device for at least the full 2-3 year upgrade cycle after the last unit is sold is just irresponsible behavior. They don't need to release the latest and greatest features necessarily, but they should at least back-port serious bugfixes. If they are concerned about supporting all those sub-versions of android then they can either do releases more slowly, or at least migrate all phones to LTS releases of some kind.

  13. Re:Nice flamebait article by paulej72 · · Score: 4, Interesting

    At this point, one has to wonder what Princeton is doing on their network that they keep uncovering such bugs.

    Princeton's network was for the longest time very old. We had shared 10mb over cat3 cable to most of the campus. To keep things working, the network was heavily monitored and anything that did not belong was promptly disconnected.

    Fast forward to now. We have a modern network that can handle some problems, but the motioning form the dark days still continues. Because of this heavy monitoring IT can see problems with devices that probably no one on earth sees.

    Yes the iPhone and iPod both had the same issues, but Apple fix them eventually. I hope the Google will do the same.

  14. Re:A plea from a user to all you developers. by jeffmeden · · Score: 2

    You paid google with your eyeballs (every time you use Google search or one of their other clever resources that builds their gold mine of user data and helps them shovel ads.) You also paid your carrier to pay google (every year google makes $10 per active handset from the carrier.)

    So yeah, google kind of does get paid, by ME, for the privilege of using Android.

  15. Because there's a workaround for iOS by Fencepost · · Score: 2

    Android is singled out over Apple devices because there's a workaround on iOS but not on Android. The workaround involves disabling a variety of things that many iPhone & iPad users may not want disabled, but it is available.

    And I don't consider a single mention of an "Allshare workaround" that involves waiting for a particular app to connect, then crash to be a workaround.

    --
    fencepost
    just a little off
  16. Re:Haven't we seen this before? by stepdown · · Score: 2
    From the article...

    Some may wonder why only Princeton has reported this problem. Some may believe that because other sites are not reporting it, the problem must be due to a problem with Princeton's network.

    Princeton detected this issue because we take a very pro-active stance to monitor for certain kinds of common network problems, including this one. Our network monitoring includes comparing actual IP address usage to DHCP server lease assignments on a daily basis. This allows us to detect some devices using IP addresses not assigned for their use. This is a degree of monitoring that many sites do not perform. We also monitor our DHCP servers very closely for any problems they detect, including when they see DHCP-leased IP addresses in-use when they should not be, or when a client tries to SELECT an offer that was not made to it, or when a client tries to renew or rebind an IP address after the client's lease on that IP address has already expired.

    As a result, Princeton tends to learn about some kinds of bugs in DHCP client implementations sooner and more often than do many other sites.