BIND 10 master, updated. 86b12667ad5a7512e6428ba8f44db1d7e8c86a47 ChangeLog entry for #2892
BIND 10 source code commits
bind10-changes at lists.isc.org
Mon Jan 27 15:59:24 UTC 2014
The branch, master has been updated
via 86b12667ad5a7512e6428ba8f44db1d7e8c86a47 (commit)
via 3bd69e9b4ab9be231f7c966fd62b95a4e1595901 (commit)
via 3a21271bd5b69fd828de3dd3691cc3628c54ae45 (commit)
via e0f5b885fc17cd10f6c5bc83f3bd81e500b5e039 (commit)
via ffdb4e63350c3e15a8a2193c178df11825912c77 (commit)
via ca04edb6565ec41f7549bef921c8fc2b4b78119f (commit)
via ffbbf037b83bef4ed8da16396f65caedd6df6379 (commit)
via dbf249256db006eef0111cff5dec4e644706ce54 (commit)
via c1b0ce8c0ac8b79a8d7663d52b5fd553ed828dce (commit)
via caf297138dfa09a73d9311d77ec6298a64152fdc (commit)
via 05265d4e8d24f358f7f55d62430f3592c3573b93 (commit)
via a5664487fa055249bf7afbe413be6a330e6e6b1c (commit)
via 3a932918fc3013f92db4b41fab03b359c20c8611 (commit)
via ec47fdb14d1fd03d386147c1c6cf4afdd118c75f (commit)
via f95358d6ac95166841774c4ee48a060a40d363bb (commit)
via bb339dd52f357cf97a3bfc15d68650d9fe2b577d (commit)
via fbc7aeaac7211076d70aae031b7b464280dedc72 (commit)
via 908182ebe5cf3a7d0f627cc4d83dcd2e38713acc (commit)
via 9fd55d4b5446d0c3d678b96ceea9750d2fc04ca5 (commit)
from bf772193aa23203d663612f65ffd0173bfff20f4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 86b12667ad5a7512e6428ba8f44db1d7e8c86a47
Author: Wlodek Wencel <wlodek at isc.org>
Date: Mon Jan 27 16:59:14 2014 +0100
ChangeLog entry for #2892
commit 3bd69e9b4ab9be231f7c966fd62b95a4e1595901
Merge: bf77219 3a21271
Author: Wlodek Wencel <wlodek at isc.org>
Date: Mon Jan 27 16:49:25 2014 +0100
[2892] Merge branch 'trac2892'
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 9 ++++++-
src/bin/dhcp6/dhcp6_messages.mes | 6 ++++-
src/bin/dhcp6/dhcp6_srv.cc | 33 +++++++++++++++++++++++++
src/bin/dhcp6/dhcp6_srv.h | 10 ++++++++
src/bin/dhcp6/tests/dhcp6_srv_unittest.cc | 38 ++++++++++++++++++++++++++++-
src/bin/dhcp6/tests/dhcp6_test_utils.h | 3 ++-
6 files changed, 95 insertions(+), 4 deletions(-)
-----------------------------------------------------------------------
diff --git a/ChangeLog b/ChangeLog
index 5383b0a..31390ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,13 @@
+736. [bug] wlodek
+ b10-dhcp6 is now capable to determine if a received
+ message is addressed to it, using server identifier option.
+ The messages with non-matching server identifier are dropped.
+ (Trac #2892, git 3bd69e9b4ab9be231f7c966fd62b95a4e1595901)
+
+
735. [doc] stephen
Expanded Developer's Guide to include chapter on logging.
- (Trac #2566, git a08d702839d9df6cddefeccab1e7e657377145de(
+ (Trac #2566, git a08d702839d9df6cddefeccab1e7e657377145de)
734. [bug] marcin
libdhcp++: fixed a bug which caused an error when setting boolean
diff --git a/src/bin/dhcp6/dhcp6_messages.mes b/src/bin/dhcp6/dhcp6_messages.mes
index 46449d8..70473ff 100644
--- a/src/bin/dhcp6/dhcp6_messages.mes
+++ b/src/bin/dhcp6/dhcp6_messages.mes
@@ -1,4 +1,4 @@
-# Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -272,6 +272,10 @@ of packet. Note that a packet marked as UNKNOWN may well be a valid
DHCP packet, just a type not expected by the server (e.g. it will report
a received OFFER packet as UNKNOWN).
+% DHCP6_PACKET_MISMATCH_SERVERID_DROP dropping packet %1 (transid=%2, interface=%3) having mismatched server identifier
+A debug message noting that server has received message with server identifier
+option that not matching server identifier that server is using.
+
% DHCP6_PACKET_RECEIVE_FAIL error on attempt to receive packet: %1
The IPv6 DHCP server tried to receive a packet but an error
occurred during this attempt. The reason for the error is included in
diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc
index 3dffa37..16e44ac 100644
--- a/src/bin/dhcp6/dhcp6_srv.cc
+++ b/src/bin/dhcp6/dhcp6_srv.cc
@@ -211,6 +211,33 @@ void Dhcpv6Srv::sendPacket(const Pkt6Ptr& packet) {
IfaceMgr::instance().send(packet);
}
+bool
+Dhcpv6Srv::testServerID(const Pkt6Ptr& pkt){
+ /// @todo Currently we always check server identifier regardless if
+ /// it is allowed in the received message or not (per RFC3315).
+ /// If the server identifier is not allowed in the message, the
+ /// sanityCheck function should deal with it. We may rethink this
+ /// design if we decide that it is appropriate to check at this stage
+ /// of message processing that the server identifier must or must not
+ /// be present. In such case however, the logic checking server id
+ /// will have to be removed from sanityCheck and placed here instead,
+ /// to avoid duplicate checks.
+ OptionPtr server_id = pkt->getOption(D6O_SERVERID);
+ if (server_id){
+ // Let us test received ServerID if it is same as ServerID
+ // which is beeing used by server
+ if (getServerID()->getData() != server_id->getData()){
+ LOG_DEBUG(dhcp6_logger, DBG_DHCP6_DETAIL_DATA, DHCP6_PACKET_MISMATCH_SERVERID_DROP)
+ .arg(pkt->getName())
+ .arg(pkt->getTransid())
+ .arg(pkt->getIface());
+ return (false);
+ }
+ }
+ // retun True if: no serverid received or ServerIDs matching
+ return (true);
+}
+
bool Dhcpv6Srv::run() {
while (!shutdown_) {
/// @todo Calculate actual timeout to the next event (e.g. lease
@@ -283,6 +310,12 @@ bool Dhcpv6Srv::run() {
continue;
}
}
+ // Check if received query carries server identifier matching
+ // server identifier being used by the server.
+ if (!testServerID(query)){
+ continue;
+ }
+
LOG_DEBUG(dhcp6_logger, DBG_DHCP6_DETAIL, DHCP6_PACKET_RECEIVED)
.arg(query->getName());
LOG_DEBUG(dhcp6_logger, DBG_DHCP6_DETAIL_DATA, DHCP6_QUERY_DATA)
diff --git a/src/bin/dhcp6/dhcp6_srv.h b/src/bin/dhcp6/dhcp6_srv.h
index 594d833..b1a9bfe 100644
--- a/src/bin/dhcp6/dhcp6_srv.h
+++ b/src/bin/dhcp6/dhcp6_srv.h
@@ -119,6 +119,16 @@ public:
protected:
+ /// @brief Compare received server id with our server id
+ ///
+ /// Checks if the server id carried in a query from a client matches
+ /// server identifier being used by the server.
+ ///
+ /// @param pkt DHCPv6 packet carrying server identifier to be checked.
+ /// @return true if server id carried in the query matches server id
+ /// used by the server; false otherwise.
+ bool testServerID(const Pkt6Ptr& pkt);
+
/// @brief verifies if specified packet meets RFC requirements
///
/// Checks if mandatory option is really there, that forbidden option
diff --git a/src/bin/dhcp6/tests/dhcp6_srv_unittest.cc b/src/bin/dhcp6/tests/dhcp6_srv_unittest.cc
index e8f5e79..b26a7a3 100644
--- a/src/bin/dhcp6/tests/dhcp6_srv_unittest.cc
+++ b/src/bin/dhcp6/tests/dhcp6_srv_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (C) 2011-2013 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2011-2014 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
@@ -1073,6 +1073,42 @@ TEST_F(Dhcpv6SrvTest, sanityCheck) {
EXPECT_THROW(srv.sanityCheck(pkt, Dhcpv6Srv::MANDATORY, Dhcpv6Srv::MANDATORY),
RFCViolation);
}
+// Check that the server is testing if server identifier received in the
+// query, matches server identifier used by the server.
+TEST_F(Dhcpv6SrvTest, testServerID) {
+ NakedDhcpv6Srv srv(0);
+
+ Pkt6Ptr req = Pkt6Ptr(new Pkt6(DHCPV6_REQUEST, 1234));
+ std::vector<uint8_t> bin;
+
+ // diud_llt constructed with: time = 0, macaddress = 00:00:00:00:00:00
+ // it's necessary to generate server identifier option
+ isc::util::encode::decodeHex("0001000100000000000000000000", bin);
+ // Now create server identifier option
+ OptionPtr serverid = OptionPtr(new Option(Option::V6, D6O_SERVERID, bin));
+
+ // Server identifier option is MANDATORY in Request message.
+ // Add server identifier option with different value from one that
+ // server is using.
+ req->addOption(serverid);
+
+ // Message shoud be dropped
+ EXPECT_FALSE(srv.testServerID(req));
+
+ // Delete server identifier option and add new one, with same value as
+ // server's server identifier.
+ req->delOption(D6O_SERVERID);
+ req->addOption(srv.getServerID());
+
+ // With proper server identifier we expect true
+ EXPECT_TRUE(srv.testServerID(req));
+
+ // server-id MUST NOT appear in Solicit, so check if server is
+ // not dropping a message without server id.
+ Pkt6Ptr pkt = Pkt6Ptr(new Pkt6(DHCPV6_SOLICIT, 1234));
+
+ EXPECT_TRUE(srv.testServerID(req));
+}
// This test verifies if selectSubnet() selects proper subnet for a given
// source address.
diff --git a/src/bin/dhcp6/tests/dhcp6_test_utils.h b/src/bin/dhcp6/tests/dhcp6_test_utils.h
index 82ff984..17cd9e8 100644
--- a/src/bin/dhcp6/tests/dhcp6_test_utils.h
+++ b/src/bin/dhcp6/tests/dhcp6_test_utils.h
@@ -1,4 +1,4 @@
-// Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
+// Copyright (C) 2013-2014 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
@@ -111,6 +111,7 @@ public:
using Dhcpv6Srv::createRemovalNameChangeRequest;
using Dhcpv6Srv::createStatusCode;
using Dhcpv6Srv::selectSubnet;
+ using Dhcpv6Srv::testServerID;
using Dhcpv6Srv::sanityCheck;
using Dhcpv6Srv::classifyPacket;
using Dhcpv6Srv::loadServerID;
More information about the bind10-changes
mailing list