[Kea-users] DHCP discover packet dropped (parse failed)

Iztok Gregori iztok.gregori at elettra.eu
Fri Sep 30 08:23:58 UTC 2022 

Hi!

We are experiencing some problems on KEA 2.2, a particular class of 
clients (Gridconnect Ethernet/rs232 adapter) cannot get a IP address. On 
further investigations we found that KEA is dropping the DHCP discover 
packet:

2022-09-30 08:44:11.194 DEBUG 
[kea-dhcp4.ha-hooks/2570868.139813038319360] 
HA_BUFFER4_RECEIVE_UNPACK_FAILED failed to parse query from 192.168.0.1 
to 10.10.10.11, received over interface eth1, reason: failed to parse 
the domain-name in DHCPv4 Client FQDN Option: unknown label character: 67
2022-09-30 08:44:11.194 DEBUG [kea-dhcp4.hooks/2570868.139813038319360] 
DHCP4_HOOK_BUFFER_RCVD_DROP received buffer from 192.168.0.1 to 
10.10.10.11 over interface eth1 was dropped because a callout set the 
drop flag

(and subsequently increasing the "pkt4-parse-failed" and 
"pkt4-receive-drop" stats).

The dropped packet look like

08:44:14.193351 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto 
UDP (17), length 328)
     192.168.0.1.67 > 10.10.10.11: [udp sum ok] BOOTP/DHCP, Request from 
00:20:4a:a7:7d:ff, length 300, hops 1, xid 0x106ac4d0, secs 62, Flags 
[none] (0x0000)
	  Gateway-IP 10.10.5.1
	  Client-Ethernet-Address 00:20:4a:a7:7d:ff
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Discover
	    Parameter-Request Option 55, length 3:
	      Subnet-Mask, Default-Gateway, Domain-Name-Server
	    NOAUTO Option 116, length 1: Y
	    FQDN Option 81, length 10: [SE] "CA77DFF"
	    Client-ID Option 61, length 7: ether 00:20:4a:a7:7d:ff
	    END Option 255, length 0
	    PAD Option 0, length 0, occurs 27

When I parse the pcap file with Wireshark it says that is malformed 
(exception occurred). The device is old and probably is generating non 
"standard" packets. The same device works fine with ISC dhcpd (v4.3).

As I understand KEA cannot parse the "option 81" (FQDN) which sets the 
"E" bit flag (https://www.rfc-editor.org/rfc/rfc4702.html#section-2.1) 
with, I suspect, a "...now-deprecated ASCII encoding...".

Is this a known issue and exists some workaround or I stumbled across a 
niche case that nobody experience before?

If it's needed I can provide more informations.

Thank you in advance!
Iztok Gregori

-- 
Iztok Gregori
ICT Systems and Services
Elettra - Sincrotrone Trieste S.C.p.A.
Telephone: +39 040 3758948
http://www.elettra.eu

More information about the Kea-users mailing list