[Kea-users] Option-18 flex-id not matching incoming values
Andrew Mulheirn
andrew.mulheirn at vorboss.com
Fri Mar 8 10:13:09 UTC 2024
I'm still struggling with this one unfortunately.
Can anyone explain this paragraph in the client classification documentation for me?
* relay6[nest] allows access to the encapsulations used by any DHCPv6 relays that forwarded the packet. The nest level specifies the relay from which to extract the information, with a value of 0 indicating the relay closest to the DHCPv6 server. Negative values allow relays to be specified counting from the DHCPv6 client, with -1 indicating the relay closest to the client. If the requested encapsulation does not exist, an empty string "" is returned. This expression is allowed in DHCPv6 only.
I feel this is what could be happening, because my debug shows:
DEBUG FLEX_ID_EXPRESSION_EVALUATED Expression evaluated for packet to "" (size: 0)
However, I don't understand the phrase "allows access to the encapsulations used by any DHCPv6 relays that forwarded the packet". I have tried nest values of 0 and -1 but that has not made any difference.
Any help appreciated!
Andy
Andrew Mulheirn
Senior Network Architect
M: +44 (0) 74 3654 8126 <tel:+44%20(0)%2074%203654%208126>
E: andrew.mulheirn at vorboss.com <mailto:andrew.mulheirn at vorboss.com>
vorboss.com <https://vorboss.com>
Not sure who currently provides your internet?
Find out here and take our speed test. <https://check.vorboss.com/>
Disclaimer: This message is private and confidential. If you have received this message in error, please remove it from your system and notify us at sysadmin at vorboss.net <mailto:sysadmin at vorboss.net> or by telephone +44(0)20 3582 8500. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. Privacy Note: Vorboss Limited may monitor email traffic data and also the content of email for the purposes of security. This email does not create or vary any contractual obligations between Vorboss Limited and the intended recipient.
Vorboss Limited is a limited company registered in England and Wales. Registered number: 05678571. Registered Office: Vorboss Limited, Broadwalk House, 5 Appold Street, London, EC2A 2AG, UNITED KINGDOM.
From: Kea-users <kea-users-bounces at lists.isc.org> On Behalf Of Andrew Mulheirn via Kea-users
Sent: Tuesday, March 5, 2024 9:18 AM
To: kea-users at lists.isc.org
Cc: Andrew Mulheirn <andrew.mulheirn at vorboss.com>
Subject: [Kea-users] Option-18 flex-id not matching incoming values
I hope someone can help me with this issue. I am using Kea 2.4
I am trying to get option-18 to match a DHCPv6 static reservation, but Kea is evaluating the option to "" and no address is being allocated. We have purchased the premium hooks package. I have got the same result on two different servers in the lab but can't work out what I am doing wrong.
Here is the configuration in use:
{
"Dhcp6": {
"server-tag": "kea-01",
"config-control": {
"config-databases": [{
"type": "postgresql",
"name": "retaildhcp",
"user": "vorboss",
"password": "vorboss",
"host": "127.0.0.1",
"port": 5432
}],
"config-fetch-wait-time": 20
},
"hooks-libraries": [
{
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_flex_id.so",
"parameters": {
"identifier-expression": "substring(relay6[0].option[18].hex,0,all)"
}
},
{
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_pgsql_cb.so"
}
],
"host-reservation-identifiers": ["flex-id", "duid"],
"interfaces-config": {
"interfaces": [ "eth1/2a00:e340:1100::32"]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/tmp/kea6-ctrl-socket"
},
"lease-database": {
# "type": "memfile",
"lfc-interval": 3600,
"type" : "postgresql",
"name": "retaildhcp" ,
"host": "127.0.0.1" ,
"connect-timeout" : 5,
"user": "vorboss",
"password": "testingonly",
},
"hosts-database": {
"type": "postgresql",
"name": "retaildhcp",
"user": "vorboss",
"password": "testingonly",
"host": "localhost",
"port": 5432
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 1000,
"rebind-timer": 2000,
"preferred-lifetime": 3000,
"valid-lifetime": 4000,
"reservations-global": false,
"reservations-in-subnet": true,
"subnet6": [
{
"subnet": "2a00:e300:1102::/64",
"option-data": [
{
"name": "dns-servers",
"data": "2001:db8:2::dead:beef, 2001:db8:2::cafe:babe"
}
],
"reservations": [
{
"flex-id": "'vlan-100'",
"ip-addresses": [ "2a00:e300:1102::2" ],
"option-data": [
{
"name": "dns-servers",
"data": "3000:1::234"
}
]
},
{
"flex-id": "'xe-0/0/1:rsw001'",
"ip-addresses": [ "2a00:e300:1102::3" ]
},
{
"flex-id": "'xe-0/0/2:rsw001'",
"ip-addresses": [ "2a00:e300:1102::4" ]
}
]
}
],
"loggers": [
{
"name": "kea-dhcp6",
"output_options": [
{
"output": "/var/log/dhcp6",
"pattern": "%-5p %m\n",
}
],
"severity": "DEBUG",
"debuglevel": 99
}
]
}
}
I have tried setting flex-id to a double/single quoted string and also to a double-quoted hex value but no luck. If you look at the debug below, you can see the hex value coming in as a type 18. If you take that value and put it into a hex to ascii converter, you get the port number and switch name back successfully. But kea thinks option 18 has a value of 0x.
Here is the debug:
DEBUG DHCP6_BUFFER_RECEIVED received buffer from 2a00:e340:1100::31:547 to 2a00:e340:1100::32:0 over interface eth1
DEBUG DHCP6_BUFFER_UNPACK parsing buffer received from 2a00:e340:1100::31 to 2a00:e340:1100::32 over interface eth1
DEBUG DHCP6_PACKET_RECEIVED duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: REQUEST (type 3) received from 2a00:e340:1100::31 to 2a00:e340:1100::32 on interface eth1
DEBUG DHCP6_QUERY_DATA duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae, packet details: localAddr=[2a00:e340:1100::32]:0 remoteAddr=[2a00:e340:1100::31]:547
msgtype=3(REQUEST), transid=0xe8d2ae
type=00001, len=00010: 00:03:00:01:4c:6d:58:7d:33:77
type=00002, len=00014: 00:01:00:01:2c:03:74:26:00:15:5d:2b:85:0c
type=00003(IA_NA), len=00012: iaid=0, t1=4294967295, t2=4294967295
type=00006, len=00008: 17(uint16) 59(uint16) 60(uint16) 56(uint16)
type=00018, len=00015: 78:65:2d:30:2f:30:2f:31:3a:72:73:77:30:30:31
1 relay(s):
relay[0]: msg-type=12(RELAY_FORWARD), hop-count=0,
link-address=2a00:e340:1102::, peer-address=fe80::4e6d:5800:327d:f777, 1 option(s)
type=00037, len=00014: 6527 (uint32) 000300014C6D587D3377 (binary)
DEBUG HOOKS_CALLOUTS_BEGIN begin all callouts for hook pkt6_receive
DEBUG HOOKS_CALLOUT_CALLED hooks library with index 1 has called a callout on hook pkt6_receive that has address 0x7f85f1572380 (callout duration: 0.006 ms)
DEBUG HOOKS_CALLOUTS_COMPLETE completed callouts for hook pkt6_receive (total callouts duration: 0.006 ms)
DEBUG DHCPSRV_CFGMGR_SUBNET6 retrieved subnet 2a00:e340:1102::/64 for address hint 2a00:e340:1102::
DEBUG DHCP6_SUBNET_SELECTED duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: the subnet with ID 1 was selected for client assignments
DEBUG DHCP6_SUBNET_DATA duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: the selected subnet details: 2a00:e340:1102::/64
DEBUG HOOKS_CALLOUTS_BEGIN begin all callouts for hook host6_identifier
DEBUG EVAL_DEBUG_OPTION Pushing option 18 with value 0x
DEBUG EVAL_DEBUG_STRING Pushing text string '0'
DEBUG EVAL_DEBUG_STRING Pushing text string 'all'
DEBUG EVAL_DEBUG_SUBSTRING_EMPTY Popping length all, start 0, string 0x pushing result 0x
DEBUG FLEX_ID_EXPRESSION_EVALUATED Expression evaluated for packet to "" (size: 0)
DEBUG HOOKS_CALLOUT_CALLED hooks library with index 1 has called a callout on hook host6_identifier that has address 0x7f85f15719c0 (callout duration: 0.038 ms)
DEBUG HOOKS_CALLOUTS_COMPLETE completed callouts for hook host6_identifier (total callouts duration: 0.038 ms)
DEBUG HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 1, identified by duid=000300014C6D587D3377
DEBUG HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: duid=000300014C6D587D3377
DEBUG HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier duid=000300014C6D587D3377, found 0 host(s)
DEBUG HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier duid=000300014C6D587D3377
DEBUG HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 1, identified by duid=000300014C6D587D3377
DEBUG HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier duid=000300014C6D587D3377
DEBUG DHCP6_CLASS_ASSIGNED duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: client packet has been assigned to the following class(es): UNKNOWN
DEBUG DHCP6_CLASS_ASSIGNED duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: client packet has been assigned to the following class(es): ALL, UNKNOWN
DEBUG DHCP6_PROCESS_IA_NA_REQUEST duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: server is processing IA_NA option with iaid=0 and hint=(no hint)
DEBUG DHCPSRV_PGSQL_GET_IAID_DUID obtaining IPv4 leases for IAID 0 and DUID 00:03:00:01:4c:6d:58:7d:33:77, lease type 0
DEBUG ALLOC_ENGINE_V6_ALLOC_UNRESERVED no static reservations available - trying to dynamically allocate leases for client duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae
WARN ALLOC_ENGINE_V6_ALLOC_FAIL_SUBNET duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: failed to allocate an IPv6 lease in the subnet 2a00:e340:1102::/64, subnet-id 1, shared network (none)
WARN ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: no pools were available for the lease allocation
WARN ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: Failed to allocate an IPv6 address for client with classes: ALL, UNKNOWN
DEBUG DHCP6_LEASE_ALLOC_FAIL duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: failed to grant an address lease for iaid=0
DEBUG DHCP6_ADD_STATUS_CODE_FOR_IA duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: adding Status Code to IA with iaid=0: NoAddrsAvail(2) "Sorry, no address could be allocated."
DEBUG HOOKS_CALLOUTS_BEGIN begin all callouts for hook pkt6_send
DEBUG HOOKS_CALLOUT_CALLED hooks library with index 1 has called a callout on hook pkt6_send that has address 0x7f85f156fbe0 (callout duration: 0.006 ms)
DEBUG HOOKS_CALLOUTS_COMPLETE completed callouts for hook pkt6_send (total callouts duration: 0.006 ms)
DEBUG DHCP6_PACKET_SEND duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: trying to send packet REPLY (type 7) from [2a00:e340:1100::32]:547 to [2a00:e340:1100::31]:547 on interface eth1
DEBUG DHCP6_RESPONSE_DATA responding with packet type 7 data is localAddr=[2a00:e340:1100::32]:547 remoteAddr=[2a00:e340:1100::31]:547
msgtype=7(REPLY), transid=0xe8d2ae
type=00001, len=00010: 00:03:00:01:4c:6d:58:7d:33:77
type=00002, len=00014: 00:01:00:01:2c:03:74:26:00:15:5d:2b:85:0c
type=00003(IA_NA), len=00055: iaid=0, t1=0, t2=0,
options:
type=00013, len=00039: NoAddrsAvail(2) "Sorry, no address could be allocated."
1 relay(s):
relay[0]: msg-type=13(RELAY_REPLY), hop-count=0,
link-address=2a00:e340:1102::, peer-address=fe80::4e6d:5800:327d:f777, 0 option(s)
Any help appreciated!
Kind regards,
Andy
Andrew Mulheirn
Senior Network Architect
M: +44 (0) 74 3654 8126 <tel:+44%20(0)%2074%203654%208126>
E: andrew.mulheirn at vorboss.com <mailto:andrew.mulheirn at vorboss.com>
vorboss.com <https://vorboss.com>
Not sure who currently provides your internet?
Find out here and take our speed test. <https://check.vorboss.com/>
Disclaimer: This message is private and confidential. If you have received this message in error, please remove it from your system and notify us at sysadmin at vorboss.net <mailto:sysadmin at vorboss.net> or by telephone +44(0)20 3582 8500. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. Privacy Note: Vorboss Limited may monitor email traffic data and also the content of email for the purposes of security. This email does not create or vary any contractual obligations between Vorboss Limited and the intended recipient.
Vorboss Limited is a limited company registered in England and Wales. Registered number: 05678571. Registered Office: Vorboss Limited, Broadwalk House, 5 Appold Street, London, EC2A 2AG, UNITED KINGDOM.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240308/e6e66752/attachment-0001.htm>
More information about the Kea-users
mailing list