[Kea-users] How is tsid generated
Tomek Mrugalski
tomasz at isc.org
Tue Dec 12 13:23:28 UTC 2017
W dniu 11.12.2017 o 22:38, Munroe Sollog pisze:
> Can someone help me understand how the tsid field is generated? What is
> used to generate that hash? I’m tracking DHCP performance based on the
> tsid and I’m seeing a very small percentage of long transaction time
> that may be explained by colliding tsids.
Are you asking about transaction-id, a 32 (in DHCPv4) or 24 (in DHCPv6)
bit field in the DHCP message or tsig, a signature used to protect DNS
updates? You mentioned a hash, which suggests the latter. Anyway, here
are brief answers to both.
xid, or transaction-id, is not a hash. It is supposed to be set by a
client to a random value, but some clients set it a special value. Kea
doesn't pay much attention to it, except it being echoed back in its
responses. This value is used by clients to match responses to their
outstanding transmissions. For details, see RFC2131, Section 2, page 10.
tsig, or transaction signature is used to sign DNS updates. Kea supports
a number of algorithms (hmac-md5, hmac-sha1 and others, see Section
11.3.2 for details:
http://kea.isc.org/docs/kea-guide.html#d2-tsig-key-list-config). This
mechanism is defined in RFC2845. I haven't looked at the details, but I
presume it protects the whole content of the DNS message, so everything
in the DNS update message, a timestamp and a secret key are used to
generate that digest.
Hope that helps.
Tomek
More information about the Kea-users
mailing list