[Kea-users] Invalid DHCP Server Identifier: 0.0.0.0

Adam Twardowski atwardowski at choopa.com
Wed Aug 31 14:46:03 UTC 2016 

On 08/31/2016 05:07 AM, Marcin Siodelski wrote:
> On 30.08.2016 17:42, Adam Twardowski wrote:
>> I am running kea on FreeBSD.  I have a cisco router configured as a dhcp
>> relay, forwarding requests to Kea.  Kea receives the requests and sends
>> out a reply, but the reply has option 54 set to 0.0.0.0, which as far as
>> I know doesn't make any sense.  The DHCP client can't continue the
>> transaction because it obviously can't send a packet to 0.0.0.0.  Is
>> there any way I can tell kea to send a valid server identifier?
>>
>>
>> Config:
>>
>> {
>> "Dhcp4":
>> {
>>    "interfaces-config": {
>>      "interfaces": [ "em0" ],
>>      "dhcp-socket-type": "udp"
>>    },
>>    "lease-database": {
>>      "type": "memfile",
>>      "lfc-interval": 1800
>>    },
>>    "expired-leases-processing": {
>>      "reclaim-timer-wait-time": 10,
>>      "flush-reclaimed-timer-wait-time": 25,
>>      "hold-reclaimed-time": 3600,
>>      "max-reclaim-leases": 100,
>>      "max-reclaim-time": 250,
>>      "unwarned-reclaim-cycles": 5
>>    },
>>
>>    "valid-lifetime": 4000,
>>
>>    "subnet4": [
>>    {    "subnet": "10.128.224.0/20",
>>         "pools": [ { "pool": "10.128.239.3 - 10.128.239.254" } ],
>>         "option-data": [
>>              { "name": "routers", "data": "10.128.224.1" },
>>              { "name": "domain-name-servers", "data": "8.8.8.8, 8.8.4.4" },
>>          ]
>>    }
>>    ]
>> },
>>
>>
>>
>> Kea Reply:
>>
>> Bootstrap Protocol (Offer)
>>      Message type: Boot Reply (2)
>>      Hardware type: Ethernet (0x01)
>>      Hardware address length: 6
>>      Hops: 1
>>      Transaction ID: 0xccc20000
>>      Seconds elapsed: 0
>>      Bootp flags: 0x0000 (Unicast)
>>          0... .... .... .... = Broadcast flag: Unicast
>>          .000 0000 0000 0000 = Reserved flags: 0x0000
>>      Client IP address: 0.0.0.0
>>      Your (client) IP address: 10.128.239.4
>>      Next server IP address: 0.0.0.0
>>      Relay agent IP address: 10.128.224.1
>>      Client MAC address: ---------- DELETED -----------
>>      Client hardware address padding: 00000000000000000000
>>      Server host name not given
>>      Boot file name not given
>>      Magic cookie: DHCP
>>      Option: (1) Subnet Mask
>>          Length: 4
>>          Subnet Mask: 255.255.240.0
>>      Option: (3) Router
>>          Length: 4
>>          Router: 10.128.224.1
>>      Option: (6) Domain Name Server
>>          Length: 8
>>          Domain Name Server: 8.8.8.8
>>          Domain Name Server: 8.8.4.4
>>      Option: (51) IP Address Lease Time
>>          Length: 4
>>          IP Address Lease Time: (4000s) 1 hour, 6 minutes, 40 seconds
>>      Option: (53) DHCP Message Type (Offer)
>>          Length: 1
>>          DHCP: Offer (2)
>>      Option: (54) DHCP Server Identifier
>>          Length: 4
>>          DHCP Server Identifier: 0.0.0.0
>>      Option: (255) End
>>          Option End: 255
>>
> Adam,
>
> Would it be possible for you to send us the dump of the DHCPDISCOVER
> which triggers this response, along with the entire Ethernet/IP/UDP stack?
>
> Thanks,
> Marcin Siodelski
> ISC
>

Kea debug log, config, and tcpdump attached.

Kea is running on FreeBSD 10.3-RELEASE-p7, which is a VM running in 
ESXi.  Kea is installed from the ports tree. (I also tested with latest 
git release).  Tcpdump was run on the kea server.  The dhcp client in 
this case is a Tripplite PDU, but I've seen the same issue with 
otherclients .

As I mentioned in the other message, based on the debug output listing 
the destination address of 0.0.0.0, I believe the issue is that FreeBSD 
doesn't support the IP_PKTINFO socket option and uses IP_RECVDSTADDR 
instead for IPv4.

You can see how the PowerDNS project handles this situation at these links:
https://blog.powerdns.com/2012/10/08/on-binding-datagram-udp-sockets-to-the-any-addresses/
https://github.com/PowerDNS/pdns/blob/4f18781a43c3734855a00f5aded03255250ba6d9/pdns/iputils.cc#L146
https://github.com/PowerDNS/pdns/blob/4f18781a43c3734855a00f5aded03255250ba6d9/pdns/iputils.hh#L876

-------------- next part --------------
A non-text attachment was scrubbed...
Name: adam.pcap
Type: application/vnd.tcpdump.pcap
Size: 1796 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20160831/8b23f7df/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kea-dhcp4.log
Type: text/x-log
Size: 4813 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20160831/8b23f7df/attachment-0001.bin>
-------------- next part --------------
# This is a basic configuration for the Kea DHCPv4 and DHCPv6 servers.
# Subnet declarations are commented out and no interfaces are listed.
# Therefore, the servers will not listen or respond to any queries.
# The basic configuration must be extended to specify interfaces on
# which the servers should listen. Also, subnets and options must be
# declared.
{

# DHCPv4 configuration starts here.
"Dhcp4":
{
# Add names of interfaces to listen on.
  "interfaces-config": {
    "interfaces": [ "em0/10.6.10.59" ],
    "dhcp-socket-type": "udp"
  },

# Use Memfile lease database backend to store leases in a CSV file.
  "lease-database": {
    "type": "memfile",
    "lfc-interval": 1800,
    "file": "/var/db/kea/kea-leases4.csv",
    "persist": false
  },

# Setup reclamation of the expired leases and leases affinity.
# Expired leases will be reclaimed every 10 seconds. Every 25
# seconds reclaimed leases, which have expired more than 3600
# seconds ago, will be removed. The limits for leases reclamation
# are 100 leases or 250 ms for a single cycle. A warning message
# will be logged if there are still expired leases in the
# database after 5 consecutive reclamation cycles.
  "expired-leases-processing": {
    "reclaim-timer-wait-time": 10,
    "flush-reclaimed-timer-wait-time": 25,
    "hold-reclaimed-time": 3600,
    "max-reclaim-leases": 100,
    "max-reclaim-time": 250,
    "unwarned-reclaim-cycles": 5
  },

# Global (inherited by all subnets) lease lifetime is mandatory parameter.
  "valid-lifetime": 4000,

# Below an example of the simple subnet declaration. Uncomment to
# enable it. This is a list, denoted with [ ], of structure, denoted
# with { }. Each structure describes a single subnet and may have
# several parameters. One of those parameters is "pools" that is
# also a list of structures.
  "subnet4": [
  {    "subnet": "10.128.224.0/20",
       "pools": [ { "pool": "10.128.239.3 - 10.128.239.254" } ],
       "option-data": [
            { "name": "routers", "data": "10.128.224.1" },
            { "name": "domain-name-servers", "data": "8.8.8.8, 8.8.4.4" },
            { "name": "domain-name", "data": "choopa.net" }
        ]
  }
  ]
},

## DHCPv6 configuration starts here.
#"Dhcp6":
#{
## Add names of interfaces to listen on.
#  "interfaces-config": {
#    "interfaces": [ ]
#  },
#
## Use Memfile lease database backend to store leases in a CSV file.
#  "lease-database": {
#    "type": "memfile"
#  },
#
## Setup reclamation of the expired leases and leases affinity.
## Expired leases will be reclaimed every 10 seconds. Every 25
## seconds reclaimed leases, which have expired more than 3600
## seconds ago, will be removed. The limits for leases reclamation
## are 100 leases or 250 ms for a single cycle. A warning message
## will be logged if there are still expired leases in the
## database after 5 consecutive reclamation cycles.
#  "expired-leases-processing": {
#    "reclaim-timer-wait-time": 10,
#    "flush-reclaimed-timer-wait-time": 25,
#    "hold-reclaimed-time": 3600,
#    "max-reclaim-leases": 100,
#    "max-reclaim-time": 250,
#    "unwarned-reclaim-cycles": 5
#  },
#
## Addresses will be assigned with preferred and valid lifetimes
## being 3000 and 4000, respectively. Client is told to start
## renewing after 1000 seconds. If the server does not respond
## after 2000 seconds since the lease was granted, client is supposed
## to start REBIND procedure (emergency renewal that allows switching
## to a different server).
#  "preferred-lifetime": 3000,
#  "valid-lifetime": 4000,
#  "renew-timer": 1000,
#  "rebind-timer": 2000,
#
## The following list defines subnets. Uncomment to enable them.
#  "subnet6": [
##  {    "subnet": "2001:db8:1::/64",
##       "pools": [ { "pool": "2001:db8:1::/80" } ] },
##  {    "subnet": "2001:db8:2::/64",
##       "pools": [ { "pool": "2001:db8:2::/80" } ] },
##  {    "subnet": "2001:db8:3::/64",
##       "pools": [ { "pool": "2001:db8:3::/80" } ] },
##  {    "subnet": "2001:db8:4::/64",
##       "pools": [ { "pool": "2001:db8:4::/80" } ] }
#   ]
#},

# DHCP DDNS configuration starts here.
"DhcpDdns":
{
  "ip-address": "127.0.0.1",
  "port": 53001,
  "tsig-keys": [],
  "forward-ddns" : {},
  "reverse-ddns" : {}
},

# Logging configuration starts here. It tells Kea servers to store
# all log messages (on severity INFO or more) in a file.
# debuglevel variable is used on DEBUG level only.
"Logging":
{
  "loggers": [
    {
      "name": "kea-dhcp4",
      "output_options": [
          {
            "output": "/var/log/kea-dhcp4.log"
          }
      ],
      "severity": "DEBUG",
      "debuglevel": 99
    },
    {
      "name": "kea-dhcp6",
      "output_options": [
          {
            "output": "/var/log/kea-dhcp6.log"
          }
      ],
      "severity": "INFO",
      "debuglevel": 0
    },
    {
      "name": "kea-dhcp-ddns",
      "output_options": [
          {
            "output": "/var/log/kea-ddns.log"
          }
      ],
      "severity": "INFO",
      "debuglevel": 0
    }
  ]
}

}

More information about the Kea-users mailing list