[Kea-users] Option-18 flex-id not matching incoming values
Darren Ankney
darren.ankney at gmail.com
Fri Mar 8 10:58:48 UTC 2024
Hi Andy,
I'm not sure how much explanation you require / experience you have so I'll
give an overview. DHCPv6 allows relaying of packets by multiple relays.
Each relay will encapsulate layer 7 of the packet in a new relay layer.
This is the nesting that is referred to here. So there could be multiple
layers of nesting. This all becomes easier to understand if you look at a
.pcap file. Obtain one from the DHCP server like so:
tcpdump -i <interface where the DHCP packets land> -w dhcp6.pcap port 547
copy the resulting dhcp6.pcap file to a system that has wireshark (
https://www.wireshark.org) installed. Open the file, expand the layer 7
section of the packet and you'll quickly see the nesting. Option 18 should
be in the relay message portion not the dhcpv6 message portion. Here is an
example from my test lab. Notice how option option 18 "Interface-Id" is
outside of the DHCPv6 Solicit message:
[image: Screenshot 2024-03-08 at 5.54.01 AM.png]
Thank you,
Darren Ankney
On Fri, Mar 8, 2024 at 5:13 AM Andrew Mulheirn via Kea-users <
kea-users at lists.isc.org> wrote:
> I'm still struggling with this one unfortunately.
>
>
>
> Can anyone explain this paragraph in the client classification
> documentation for me?
>
>
>
>
>
> · relay6[nest] allows access to the encapsulations used by any DHCPv6
> relays that forwarded the packet. The nest level specifies the relay from
> which to extract the information, with a value of 0 indicating the relay
> closest to the DHCPv6 server. Negative values allow relays to be specified
> counting from the DHCPv6 client, with -1 indicating the relay closest to
> the client. If the requested encapsulation does not exist, an empty string
> "" is returned. This expression is allowed in DHCPv6 only.
>
>
>
> I feel this is what could be happening, because my debug shows:
>
> *DEBUG FLEX_ID_EXPRESSION_EVALUATED Expression evaluated for packet to ""
> (size: 0)*
>
>
>
>
>
>
>
> However, I don't understand the phrase "allows access to the
> encapsulations used by any DHCPv6 relays that forwarded the packet". I
> have tried nest values of 0 and -1 but that has not made any difference.
>
>
>
> Any help appreciated!
>
> Andy
>
>
>
>
> Andrew Mulheirn
>
> Senior Network Architect
>
> M: +44 (0) 74 3654 8126 <+44%20(0)%2074%203654%208126>
>
> E: andrew.mulheirn at vorboss.com
>
> vorboss.com
>
> Not sure who currently provides your internet?
> Find out here and take our speed test. <https://check.vorboss.com/>
>
> Disclaimer: This message is private and confidential. If you have received
> this message in error, please remove it from your system and notify us at sysadmin at vorboss.net
> or by telephone +44(0)20 3582 8500. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient
> is prohibited. Privacy Note: Vorboss Limited may monitor email traffic
> data and also the content of email for the purposes of security. This email
> does not create or vary any contractual obligations between Vorboss Limited
> and the intended recipient.
>
> Vorboss Limited is a limited company registered in England and Wales.
> Registered number: 05678571. Registered Office: Vorboss Limited, Broadwalk
> House, 5 Appold Street, London, EC2A 2AG, UNITED KINGDOM.
>
> *From:* Kea-users <kea-users-bounces at lists.isc.org> *On Behalf Of *Andrew
> Mulheirn via Kea-users
> *Sent:* Tuesday, March 5, 2024 9:18 AM
> *To:* kea-users at lists.isc.org
> *Cc:* Andrew Mulheirn <andrew.mulheirn at vorboss.com>
> *Subject:* [Kea-users] Option-18 flex-id not matching incoming values
>
>
>
> I hope someone can help me with this issue. I am using Kea 2.4
>
>
>
> I am trying to get option-18 to match a DHCPv6 static reservation, but Kea
> is evaluating the option to "" and no address is being allocated. We have
> purchased the premium hooks package. I have got the same result on two
> different servers in the lab but can't work out what I am doing wrong.
>
>
>
> Here is the configuration in use:
>
> {
>
> "Dhcp6": {
>
> "server-tag": "kea-01",
>
> "config-control": {
>
> "config-databases": [{
>
> "type": "postgresql",
>
> "name": "retaildhcp",
>
> "user": "vorboss",
>
> "password": "vorboss",
>
> "host": "127.0.0.1",
>
> "port": 5432
>
> }],
>
> "config-fetch-wait-time": 20
>
> },
>
> "hooks-libraries": [
>
> {
>
> "library":
> "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_flex_id.so",
>
> "parameters": {
>
> "identifier-expression":
> "substring(relay6[0].option[18].hex,0,all)"
>
> }
>
> },
>
> {
>
> "library":
> "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_pgsql_cb.so"
>
> }
>
> ],
>
> "host-reservation-identifiers": ["flex-id", "duid"],
>
> "interfaces-config": {
>
> "interfaces": [ "eth1/2a00:e340:1100::32"]
>
> },
>
>
>
> "control-socket": {
>
> "socket-type": "unix",
>
> "socket-name": "/tmp/kea6-ctrl-socket"
>
> },
>
>
>
> "lease-database": {
>
> # "type": "memfile",
>
> "lfc-interval": 3600,
>
> "type" : "postgresql",
>
> "name": "retaildhcp" ,
>
> "host": "127.0.0.1" ,
>
> "connect-timeout" : 5,
>
> "user": "vorboss",
>
> "password": "testingonly",
>
> },
>
>
>
> "hosts-database": {
>
> "type": "postgresql",
>
> "name": "retaildhcp",
>
> "user": "vorboss",
>
> "password": "testingonly",
>
> "host": "localhost",
>
> "port": 5432
>
> },
>
> "expired-leases-processing": {
>
> "reclaim-timer-wait-time": 10,
>
> "flush-reclaimed-timer-wait-time": 25,
>
> "hold-reclaimed-time": 3600,
>
> "max-reclaim-leases": 100,
>
> "max-reclaim-time": 250,
>
> "unwarned-reclaim-cycles": 5
>
> },
>
>
>
> "renew-timer": 1000,
>
> "rebind-timer": 2000,
>
> "preferred-lifetime": 3000,
>
> "valid-lifetime": 4000,
>
> "reservations-global": false,
>
> "reservations-in-subnet": true,
>
> "subnet6": [
>
> {
>
> "subnet": "2a00:e300:1102::/64",
>
> "option-data": [
>
> {
>
> "name": "dns-servers",
>
> "data": "2001:db8:2::dead:beef, 2001:db8:2::cafe:babe"
>
> }
>
> ],
>
> "reservations": [
>
> {
>
> "flex-id": "'vlan-100'",
>
> "ip-addresses": [ "2a00:e300:1102::2" ],
>
> "option-data": [
>
> {
>
> "name": "dns-servers",
>
> "data": "3000:1::234"
>
> }
>
> ]
>
> },
>
> {
>
> "flex-id": "'xe-0/0/1:rsw001'",
>
> "ip-addresses": [ "2a00:e300:1102::3" ]
>
> },
>
> {
>
> "flex-id": "'xe-0/0/2:rsw001'",
>
> "ip-addresses": [ "2a00:e300:1102::4" ]
>
> }
>
> ]
>
> }
>
> ],
>
>
>
> "loggers": [
>
> {
>
> "name": "kea-dhcp6",
>
> "output_options": [
>
> {
>
> "output": "/var/log/dhcp6",
>
> "pattern": "%-5p %m\n",
>
> }
>
> ],
>
> "severity": "DEBUG",
>
> "debuglevel": 99
>
> }
>
> ]
>
> }
>
> }
>
>
>
>
>
> I have tried setting flex-id to a double/single quoted string and also to
> a double-quoted hex value but no luck. If you look at the debug below,
> you can see the hex value coming in as a type 18. If you take that value
> and put it into a hex to ascii converter, you get the port number and
> switch name back successfully. But kea thinks option 18 has a value of
> 0x.
>
>
>
>
>
> Here is the debug:
> DEBUG DHCP6_BUFFER_RECEIVED received buffer from 2a00:e340:1100::31:547 to
> 2a00:e340:1100::32:0 over interface eth1
>
> DEBUG DHCP6_BUFFER_UNPACK parsing buffer received from 2a00:e340:1100::31
> to 2a00:e340:1100::32 over interface eth1
>
> DEBUG DHCP6_PACKET_RECEIVED duid=[00:03:00:01:4c:6d:58:7d:33:77],
> tid=0xe8d2ae: REQUEST (type 3) received from 2a00:e340:1100::31 to
> 2a00:e340:1100::32 on interface eth1
>
> DEBUG DHCP6_QUERY_DATA duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae,
> packet details: localAddr=[2a00:e340:1100::32]:0
> remoteAddr=[2a00:e340:1100::31]:547
>
> msgtype=3(REQUEST), transid=0xe8d2ae
>
> type=00001, len=00010: 00:03:00:01:4c:6d:58:7d:33:77
>
> type=00002, len=00014: 00:01:00:01:2c:03:74:26:00:15:5d:2b:85:0c
>
> type=00003(IA_NA), len=00012: iaid=0, t1=4294967295, t2=4294967295
>
> type=00006, len=00008: 17(uint16) 59(uint16) 60(uint16) 56(uint16)
>
> *type=00018, len=00015: 78:65:2d:30:2f:30:2f:31:3a:72:73:77:30:30:31*
>
> 1 relay(s):
>
> relay[0]: msg-type=12(RELAY_FORWARD), hop-count=0,
>
> link-address=2a00:e340:1102::, peer-address=fe80::4e6d:5800:327d:f777, 1
> option(s)
>
> type=00037, len=00014: 6527 (uint32) 000300014C6D587D3377 (binary)
>
>
>
> DEBUG HOOKS_CALLOUTS_BEGIN begin all callouts for hook pkt6_receive
>
> DEBUG HOOKS_CALLOUT_CALLED hooks library with index 1 has called a callout
> on hook pkt6_receive that has address 0x7f85f1572380 (callout duration:
> 0.006 ms)
>
> DEBUG HOOKS_CALLOUTS_COMPLETE completed callouts for hook pkt6_receive
> (total callouts duration: 0.006 ms)
>
> DEBUG DHCPSRV_CFGMGR_SUBNET6 retrieved subnet 2a00:e340:1102::/64 for
> address hint 2a00:e340:1102::
>
> DEBUG DHCP6_SUBNET_SELECTED duid=[00:03:00:01:4c:6d:58:7d:33:77],
> tid=0xe8d2ae: the subnet with ID 1 was selected for client assignments
>
> DEBUG DHCP6_SUBNET_DATA duid=[00:03:00:01:4c:6d:58:7d:33:77],
> tid=0xe8d2ae: the selected subnet details: 2a00:e340:1102::/64
>
> DEBUG HOOKS_CALLOUTS_BEGIN begin all callouts for hook host6_identifier
>
> DEBUG EVAL_DEBUG_OPTION * Pushing option 18 with value 0x*
>
> DEBUG EVAL_DEBUG_STRING Pushing text string '0'
>
> DEBUG EVAL_DEBUG_STRING Pushing text string 'all'
>
> DEBUG EVAL_DEBUG_SUBSTRING_EMPTY Popping length all, start 0, string 0x
> pushing result 0x
>
> *DEBUG FLEX_ID_EXPRESSION_EVALUATED Expression evaluated for packet to ""
> (size: 0)*
>
> DEBUG HOOKS_CALLOUT_CALLED hooks library with index 1 has called a callout
> on hook host6_identifier that has address 0x7f85f15719c0 (callout duration:
> 0.038 ms)
>
> DEBUG HOOKS_CALLOUTS_COMPLETE completed callouts for hook host6_identifier
> (total callouts duration: 0.038 ms)
>
> DEBUG HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv6
> reservation for subnet id 1, identified by duid=000300014C6D587D3377
>
> DEBUG HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using
> identifier: duid=000300014C6D587D3377
>
> DEBUG HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier
> duid=000300014C6D587D3377, found 0 host(s)
>
> DEBUG HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using
> subnet id 1 and identifier duid=000300014C6D587D3377
>
> DEBUG HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_IDENTIFIER get one host with IPv6
> reservation for subnet id 1, identified by duid=000300014C6D587D3377
>
> DEBUG HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_IDENTIFIER_NULL host not found
> using subnet id 1 and identifier duid=000300014C6D587D3377
>
> DEBUG DHCP6_CLASS_ASSIGNED duid=[00:03:00:01:4c:6d:58:7d:33:77],
> tid=0xe8d2ae: client packet has been assigned to the following class(es):
> UNKNOWN
>
> DEBUG DHCP6_CLASS_ASSIGNED duid=[00:03:00:01:4c:6d:58:7d:33:77],
> tid=0xe8d2ae: client packet has been assigned to the following class(es):
> ALL, UNKNOWN
>
> DEBUG DHCP6_PROCESS_IA_NA_REQUEST duid=[00:03:00:01:4c:6d:58:7d:33:77],
> tid=0xe8d2ae: server is processing IA_NA option with iaid=0 and hint=(no
> hint)
>
> DEBUG DHCPSRV_PGSQL_GET_IAID_DUID obtaining IPv4 leases for IAID 0 and
> DUID 00:03:00:01:4c:6d:58:7d:33:77, lease type 0
>
> DEBUG ALLOC_ENGINE_V6_ALLOC_UNRESERVED no static reservations available -
> trying to dynamically allocate leases for client
> duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae
>
> WARN ALLOC_ENGINE_V6_ALLOC_FAIL_SUBNET
> duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: failed to allocate an
> IPv6 lease in the subnet 2a00:e340:1102::/64, subnet-id 1, shared network
> (none)
>
> WARN ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS
> duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: no pools were available
> for the lease allocation
>
> WARN ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES
> duid=[00:03:00:01:4c:6d:58:7d:33:77], tid=0xe8d2ae: Failed to allocate an
> IPv6 address for client with classes: ALL, UNKNOWN
>
> DEBUG DHCP6_LEASE_ALLOC_FAIL duid=[00:03:00:01:4c:6d:58:7d:33:77],
> tid=0xe8d2ae: failed to grant an address lease for iaid=0
>
> DEBUG DHCP6_ADD_STATUS_CODE_FOR_IA duid=[00:03:00:01:4c:6d:58:7d:33:77],
> tid=0xe8d2ae: adding Status Code to IA with iaid=0: NoAddrsAvail(2) "Sorry,
> no address could be allocated."
>
> DEBUG HOOKS_CALLOUTS_BEGIN begin all callouts for hook pkt6_send
>
> DEBUG HOOKS_CALLOUT_CALLED hooks library with index 1 has called a callout
> on hook pkt6_send that has address 0x7f85f156fbe0 (callout duration: 0.006
> ms)
>
> DEBUG HOOKS_CALLOUTS_COMPLETE completed callouts for hook pkt6_send (total
> callouts duration: 0.006 ms)
>
> DEBUG DHCP6_PACKET_SEND duid=[00:03:00:01:4c:6d:58:7d:33:77],
> tid=0xe8d2ae: trying to send packet REPLY (type 7) from
> [2a00:e340:1100::32]:547 to [2a00:e340:1100::31]:547 on interface eth1
>
> DEBUG DHCP6_RESPONSE_DATA responding with packet type 7 data is
> localAddr=[2a00:e340:1100::32]:547 remoteAddr=[2a00:e340:1100::31]:547
>
> msgtype=7(REPLY), transid=0xe8d2ae
>
> type=00001, len=00010: 00:03:00:01:4c:6d:58:7d:33:77
>
> type=00002, len=00014: 00:01:00:01:2c:03:74:26:00:15:5d:2b:85:0c
>
> type=00003(IA_NA), len=00055: iaid=0, t1=0, t2=0,
>
> options:
>
> * type=00013, len=00039: NoAddrsAvail(2) "Sorry, no address could be
> allocated."*
>
> 1 relay(s):
>
> relay[0]: msg-type=13(RELAY_REPLY), hop-count=0,
>
> link-address=2a00:e340:1102::, peer-address=fe80::4e6d:5800:327d:f777, 0
> option(s)
>
>
>
>
>
>
> Any help appreciated!
>
> Kind regards,
>
> Andy
>
>
>
>
> * Andrew Mulheirn *
>
> Senior Network Architect
>
> M: +44 (0) 74 3654 8126 <+44%20(0)%2074%203654%208126>
>
> E: andrew.mulheirn at vorboss.com
>
> vorboss.com
>
>
>
> Not sure who currently provides your internet?
> Find out here and take our speed test. <https://check.vorboss.com/>
>
>
>
> Disclaimer: This message is private and confidential. If you have received
> this message in error, please remove it from your system and notify us at sysadmin at vorboss.net
> or by telephone +44(0)20 3582 8500. Any review, retransmission,
> dissemination or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient
> is prohibited. Privacy Note: Vorboss Limited may monitor email traffic
> data and also the content of email for the purposes of security. This email
> does not create or vary any contractual obligations between Vorboss Limited
> and the intended recipient.
>
> Vorboss Limited is a limited company registered in England and Wales.
> Registered number: 05678571. Registered Office: Vorboss Limited, Broadwalk
> House, 5 Appold Street, London, EC2A 2AG, UNITED KINGDOM.
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240308/9911502c/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot 2024-03-08 at 5.54.01?AM.png
Type: image/png
Size: 159367 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20240308/9911502c/attachment-0001.png>
More information about the Kea-users
mailing list