[unisog] Bonjour Sleep Proxy Server issues

Irwin Tillman irwin at princeton.edu
Wed Sep 16 22:30:18 GMT 2009


Paul FM <paulfm at me.umn.edu> wrote:

>I note that I can find no other posts to this list (in the last 30 days) that 
>report any similar problem (nor have I seen it on any internal lists where I 
>work).  

I became aware of the behavior because every ten minutes I take a snapshot of the IP ARP cache from 
the IP router.  After the day is over, I compare that to that day's log from the DHCP servers.

If you aren't actually checking the router ARP caches to verify
that the devices using IP addresses on your network are using the addresses they've 
been assigned to use (and I gather that almost no one does), you probably won't realize this is going on.



>So I suspect it is something about the way your Mac 10.6 machines are 
>set up.   Perhaps you have a person that everyone of the victims goes to, 
>giving incorrect advice. Or, maybe there is a Trojan (or even some cute 
>little free P2P program) going around that turns sleep proxy on.
>
>Did the victim machines have the mac firewall turned on?
>The firewall might block enough of the negotiation to prevent this behavior 
>(if it is a default behavior).
>
>Have you checked the configuration of the victim machines?
>Did someone turn on the sleep proxy service, or was it even configured?


As far as the victims are concerned, there's no mystery.
If a Mac OS X 10.6 workstation is configured to "Wake on Demand"
(names for the setting vary depending on the particular's model's support for this on each of its
Ethernet and its Wireless interfaces), and it can find a Sleep Proxy Server on the network,
the device will act as a Sleep Proxy Client.

As far as I can see, Mac OS X 10.6.1 has no UI for turning on or off
the Sleep Proxy Server.  

In the bug report I've filed with Apple, I have provided them with 
the "System Profiler" output from one of the Mac OS X 10.6 workstations
that is acting as a Sleep Proxy Server.  

I suspect that Apple either
intended to not allow the Mac OS X 10.6 devices to act as Sleep Proxy Servers
but accidentally left the functionality enabled, or they did intend
the functionality to be there, but their KB article doesn't say so. 



>Is there perhaps a parameter being sent by your DHCP server that turns it on?

No; our DHCP parameters are pretty vanilla....
here are your DNS servers, your NTP servers, etc.

I don't see anything in Apple's document 
http://files.multicastdns.org/draft-cheshire-dnsext-multicastdns.txt
that indicates the Sleep Proxy Server behavior can be controlled by
the DHCP server, although of course, it could something not yet documented.



>Is there another service turned on that causes sleep proxy to be set up (like 
>file or print sharing - or media sharing)?

Looking at the source Apple has published for the mDNSResponder (which is
where the Sleep Proxy Server is implemented), I can see that it
looks at a number of factors in deciding whether the device
should act as a Sleep Proxy Server.

So it is certainly possible that one of the "unrelated" settings a user might
enable (e.g. "Internet Sharing") might influence whether the 
device chooses to become a Sleep Proxy Server.


>You should also get the word out to your users how to make sure their devices 
>never are victims nor perpetrators (and you may want to block the mac 
>addresses of devices that are either so they have an incentive to set apple 
>equipment up correctly).


Blocking victims of a Sleep Proxy Server doesn't feel right to me.

We did indeed block devices acting as Sleep Proxy Servers during the first
few weeks, but have stopped doing so.  

Since there doesn't *appear* to be anything the user can do to make the device
stop acting as a Sleep Proxy Server, blocking the device to give the owner
incentive to reconfigure the device is a non-starter.  That could change
in the future, if Apple provides an on/off switch for the Sleep Proxy Server.



More information about the unisog mailing list