Opened 2 years ago

Closed 2 years ago

#5387 closed defect (fixed)

kea sends IA_NA option with the same address twice

Reported by: wlodekwencel Owned by: marcin
Priority: low Milestone: Kea1.3-final
Component: Unclassified Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description

Scenario:

  1. Server is configured with available two addresses:

3000::1
3000::2
with short lifetime.

  1. Two different clients (client A and B) request and got assigned addresses - pool is now empty.
  2. Server is reconfigured with the same pool but with address 3000::2 reserved for client C (different then before)
  3. All addresses are now expired but Client B try to renew it's address 3000::2, since it's reserved for someone else kea adds to respond option:
    |###[ DHCP6 IA Address Option (IA_TA or IA_NA suboption) ]###
    |     optcode   = IAADDR
    |     optlen    = 24
    |     address   = 3000::2
    |     preflft   = 0
    |     validlft  = 0
    |     iaaddropts= ''
    

which is correct, and now it suppose to assign new address for that client, since client A lease for 3000::1 is expired, kea adds that to message:

|###[ DHCP6 IA Address Option (IA_TA or IA_NA suboption) ]###
|     optcode   = IAADDR
|     optlen    = 24
|     address   = 3000::1
|     preflft   = 7
|     validlft  = 8
|     iaaddropts= ''

which is correct, but at the end kea adds also:

|###[ DHCP6 IA Address Option (IA_TA or IA_NA suboption) ]###
|     optcode   = IAADDR
|     optlen    = 24
|     address   = 3000::1
|     preflft   = 0
|     validlft  = 0
|     iaaddropts= ''

And that makes address 3000::1 valid and invalid.

Logs for point 4:

2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.packets/24729] DHCP6_PACKET_RECEIVED duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: RENEW (type 5) received from fe80::800:27ff:fe00:1 to ff02::1:2 on interface eth2
2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.packets/24729] DHCP6_QUERY_DATA duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e, packet details: localAddr=[ff02::1:2]:0 remoteAddr=[fe80::800:27ff:fe00:1]:546
msgtype=5(RENEW), transid=0x362c3e
type=00001, len=00010: 00:03:00:01:66:55:44:33:22:22
type=00002, len=00014: 00:01:00:01:20:7e:60:5c:08:00:27:19:b8:2a
type=00003(IA_NA), len=00040: iaid=6662, t1=5, t2=6,
options:
  type=00005(IAADDR), len=00024: address=3000::2, preferred-lft=7, valid-lft=8
No relays traversed.

2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.dhcpsrv/24729] DHCPSRV_CFGMGR_SUBNET6_IFACE selected subnet 3000::/30 for packet received over interface eth2
2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.packets/24729] DHCP6_SUBNET_SELECTED duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: the subnet with ID 1 was selected for client assignments
2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.packets/24729] DHCP6_SUBNET_DATA duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: the selected subnet details: 3000::/30
2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 1, identified by hwaddr=665544332222
2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: hwaddr=665544332222
2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=665544332222, found 0 host(s)
2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier hwaddr=665544332222
2017-10-12 16:14:02.671 DEBUG [kea-dhcp6.hosts/24729] HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 1, identified by hwaddr=665544332222
2017-10-12 16:14:02.672 DEBUG [kea-dhcp6.hosts/24729] HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier hwaddr=665544332222
2017-10-12 16:14:02.672 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 1, identified by duid=00030001665544332222
2017-10-12 16:14:02.672 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: duid=00030001665544332222
2017-10-12 16:14:02.673 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier duid=00030001665544332222, found 0 host(s)
2017-10-12 16:14:02.673 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier duid=00030001665544332222
2017-10-12 16:14:02.673 DEBUG [kea-dhcp6.hosts/24729] HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_IDENTIFIER get one host with IPv6 reservation for subnet id 1, identified by duid=00030001665544332222
2017-10-12 16:14:02.673 DEBUG [kea-dhcp6.hosts/24729] HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier duid=00030001665544332222
2017-10-12 16:14:02.673 DEBUG [kea-dhcp6.leases/24729] DHCP6_PROCESS_IA_NA_EXTEND duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: extending lease lifetime for IA_NA option with iaid=6662
2017-10-12 16:14:02.673 DEBUG [kea-dhcp6.dhcpsrv/24729] DHCPSRV_MEMFILE_GET_IAID_SUBID_DUID obtaining IPv6 leases for IAID 6662, Subnet ID 1, DUID 00:03:00:01:66:55:44:33:22:22 and lease type IA_NA
2017-10-12 16:14:02.674 DEBUG [kea-dhcp6.alloc-engine/24729] ALLOC_ENGINE_V6_RENEW_REMOVE_RESERVED duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: checking if existing client's leases are reserved for another client
2017-10-12 16:14:02.674 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS6 get one host with reservation for subnet id 1 and including IPv6 address 3000::2
2017-10-12 16:14:02.674 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS6 get all hosts with reservations for subnet id 1 and IPv6 address 3000::2
2017-10-12 16:14:02.674 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS6_COUNT using subnet id 1 and address 3000::2, found 0 host(s)
2017-10-12 16:14:02.674 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS6_NULL host not found using subnet id 1 and address 3000::2
2017-10-12 16:14:02.674 DEBUG [kea-dhcp6.hosts/24729] HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_ADDRESS6 trying alternate source for host using subnet id 1 and IPv6 address 3000::2
2017-10-12 16:14:02.676 INFO  [kea-dhcp6.alloc-engine/24729] ALLOC_ENGINE_V6_REVOKED_ADDR_LEASE address 3000::2 was revoked from client 00:03:00:01:66:55:44:33:22:22 as it is reserved for client duid=00030001F6F5F4F3F201
2017-10-12 16:14:02.676 DEBUG [kea-dhcp6.dhcpsrv/24729] DHCPSRV_MEMFILE_DELETE_ADDR deleting lease for address 3000::2
2017-10-12 16:14:02.676 DEBUG [kea-dhcp6.dhcpsrv/24729] DHCPSRV_QUEUE_NCR_SKIP duid=[00:03:00:01:66:55:44:33:22:22], [hwtype=1 66:55:44:33:22:22]: skip queuing name change request for lease: 3000::2
2017-10-12 16:14:02.676 DEBUG [kea-dhcp6.alloc-engine/24729] ALLOC_ENGINE_V6_EXTEND_ALLOC_UNRESERVED allocate new (unreserved) leases for the renewing client duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e
2017-10-12 16:14:02.676 DEBUG [kea-dhcp6.dhcpsrv/24729] DHCPSRV_MEMFILE_GET_ADDR6 obtaining IPv6 lease for address 3000::2 and lease type IA_NA
2017-10-12 16:14:02.676 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS6 get one host with reservation for subnet id 1 and including IPv6 address 3000::2
2017-10-12 16:14:02.676 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS6 get all hosts with reservations for subnet id 1 and IPv6 address 3000::2
2017-10-12 16:14:02.676 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS6_COUNT using subnet id 1 and address 3000::2, found 0 host(s)
2017-10-12 16:14:02.676 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS6_NULL host not found using subnet id 1 and address 3000::2
2017-10-12 16:14:02.676 DEBUG [kea-dhcp6.hosts/24729] HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_ADDRESS6 trying alternate source for host using subnet id 1 and IPv6 address 3000::2
2017-10-12 16:14:02.678 DEBUG [kea-dhcp6.alloc-engine/24729] ALLOC_ENGINE_V6_HINT_RESERVED duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: lease for the client's hint 3000::2 is reserved for another client
2017-10-12 16:14:02.678 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS6 get one host with reservation for subnet id 1 and including IPv6 address 3000::1
2017-10-12 16:14:02.679 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS6 get all hosts with reservations for subnet id 1 and IPv6 address 3000::1
2017-10-12 16:14:02.679 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ALL_SUBNET_ID_ADDRESS6_COUNT using subnet id 1 and address 3000::1, found 0 host(s)
2017-10-12 16:14:02.679 DEBUG [kea-dhcp6.hosts/24729] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS6_NULL host not found using subnet id 1 and address 3000::1
2017-10-12 16:14:02.679 DEBUG [kea-dhcp6.hosts/24729] HOSTS_MGR_ALTERNATE_GET6_SUBNET_ID_ADDRESS6 trying alternate source for host using subnet id 1 and IPv6 address 3000::1
2017-10-12 16:14:02.680 DEBUG [kea-dhcp6.dhcpsrv/24729] DHCPSRV_MEMFILE_GET_ADDR6 obtaining IPv6 lease for address 3000::1 and lease type IA_NA
2017-10-12 16:14:02.680 DEBUG [kea-dhcp6.alloc-engine/24729] ALLOC_ENGINE_V6_REUSE_EXPIRED_LEASE_DATA duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: reusing expired lease, updated lease information: Type:          IA_NA(0)
Address:       3000::1
Prefix length: 128
IAID:          6662
Pref life:     7
Valid life:    8
Cltt:          1507817642
DUID:          00:03:00:01:66:55:44:33:22:22
Hardware addr: 66:55:44:33:22:11
Subnet ID:     1
State:         default

2017-10-12 16:14:02.680 DEBUG [kea-dhcp6.dhcpsrv/24729] DHCPSRV_MEMFILE_UPDATE_ADDR6 updating IPv6 lease for address 3000::1
2017-10-12 16:14:02.680 DEBUG [kea-dhcp6.alloc-engine/24729] ALLOC_ENGINE_V6_EXTEND_LEASE duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: extending lifetime of the lease type IA_NA, address 3000::1
2017-10-12 16:14:02.680 DEBUG [kea-dhcp6.alloc-engine/24729] ALLOC_ENGINE_V6_EXTEND_LEASE_DATA duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: detailed information about the lease being extended: Type:          IA_NA(0)
Address:       3000::1
Prefix length: 128
IAID:          6662
Pref life:     7
Valid life:    8
Cltt:          1507817642
DUID:          00:03:00:01:66:55:44:33:22:22
Hardware addr: 66:55:44:33:22:11
Subnet ID:     1
State:         default

2017-10-12 16:14:02.680 DEBUG [kea-dhcp6.alloc-engine/24729] ALLOC_ENGINE_V6_EXTEND_NEW_LEASE_DATA duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: new lease information for the lease being extended: Type:          IA_NA(0)
Address:       3000::1
Prefix length: 128
IAID:          6662
Pref life:     7
Valid life:    8
Cltt:          1507817642
DUID:          00:03:00:01:66:55:44:33:22:22
Hardware addr: 66:55:44:33:22:22
Subnet ID:     1
State:         default

2017-10-12 16:14:02.680 DEBUG [kea-dhcp6.dhcpsrv/24729] DHCPSRV_MEMFILE_UPDATE_ADDR6 updating IPv6 lease for address 3000::1
2017-10-12 16:14:02.680 INFO  [kea-dhcp6.leases/24729] DHCP6_LEASE_RENEW duid=[00:03:00:01:66:55:44:33:22:22], tid=0x362c3e: lease for address 3000::1 and iaid=6662 has been allocated
2017-10-12 16:14:02.680 DEBUG [kea-dhcp6.packets/24729] DHCP6_RESPONSE_DATA responding with packet type 7 data is localAddr=[ff02::1:2]:547 remoteAddr=[fe80::800:27ff:fe00:1]:546
msgtype=7(REPLY), transid=0x362c3e
type=00001, len=00010: 00:03:00:01:66:55:44:33:22:22
type=00002, len=00014: 00:01:00:01:20:7e:60:5c:08:00:27:19:b8:2a
type=00003(IA_NA), len=00096: iaid=6662, t1=5, t2=6,
options:
  type=00005(IAADDR), len=00024: address=3000::1, preferred-lft=7, valid-lft=8
  type=00005(IAADDR), len=00024: address=3000::2, preferred-lft=0, valid-lft=0
  type=00005(IAADDR), len=00024: address=3000::1, preferred-lft=0, valid-lft=0

situation can be observed only if reserved address was before in use, addresses previously assigned are expired.

Subtickets

Attachments (2)

capture.pcap (4.9 KB) - added by wlodekwencel 2 years ago.
kea.log (50.6 KB) - added by wlodekwencel 2 years ago.

Download all attachments as: .zip

Change History (13)

Changed 2 years ago by wlodekwencel

Changed 2 years ago by wlodekwencel

comment:1 Changed 2 years ago by marcin

From the code examination it looks like a bug in Kea. Suggest we add it to 1.3 final for fixing.

comment:2 Changed 2 years ago by marcin

  • Milestone changed from Kea-proposed to Kea1.3-final

Moving to 1.3 as a stretch goal as agreed on the Kea call on Oct 19th, 2017.

comment:3 Changed 2 years ago by marcin

  • Priority changed from medium to low

comment:4 Changed 2 years ago by marcin

  • Owner set to marcin
  • Status changed from new to accepted

comment:5 Changed 2 years ago by marcin

  • Owner changed from marcin to UnAssigned
  • Status changed from accepted to reviewing

I implemented a test that replicates behavior described in the ticket. The server now always checks if the lease with zero lifetimes should be included in the response by verifying that this lease belonged to the current client.

Proposed ChangeLog entry:

13XX.	[bug]		marcin
	Fixed a bug in the DHCPv6 server whereby a lease with zero
	lifetimes could be mistakenly included in the server's
	response.
	(Trac #5387, git cafe)

comment:6 Changed 2 years ago by tmark

  • Owner changed from UnAssigned to tmark

comment:7 follow-up: Changed 2 years ago by tmark

  • Owner changed from tmark to marcin

The changes look fine but I have one question. I wondered if we might have the same bug in PD handling, however when I look at Dhcp6Srv::extendIA_PD() I find this comment:

    /// @todo: Maybe we should iterate over ctx.old_leases_, i.e. the leases
    /// that used to be valid, but they are not anymore.

So clearly we don't have the same bug but do we have the opposite problem. Are we neglecting to send
entries for leases which expired and are no longer valid? In other words, they expired and were given
to someone else. The client needs to know this via lifetimes 0 right?

I realize that is not the bug reported. It builds and unit tests pass under MacOS.

comment:8 in reply to: ↑ 7 Changed 2 years ago by marcin

  • Owner changed from marcin to tmark

Replying to tmark:

The changes look fine but I have one question. I wondered if we might have the same bug in PD handling, however when I look at Dhcp6Srv::extendIA_PD() I find this comment:

    /// @todo: Maybe we should iterate over ctx.old_leases_, i.e. the leases
    /// that used to be valid, but they are not anymore.

So clearly we don't have the same bug but do we have the opposite problem. Are we neglecting to send
entries for leases which expired and are no longer valid? In other words, they expired and were given
to someone else. The client needs to know this via lifetimes 0 right?

I realize that is not the bug reported. It builds and unit tests pass under MacOS.

I saw that todo in the code and I decided to not add this within this ticket, provided it is so late before the release. I am afraid to introduce new issues. Or, I should rather say it would require writing quite a few unit tests to make sure that the change is good. So, I suggest we just do it in another ticket. Meanwhile, the test I wrote covers both IA_NA and IA_PD case, as you have probably seen.

BTW, I believe that the major motivation behind actually implementing this for IA_NA was that for each old address lease the server may need to send NCR, which is not the case for prefix delegation. This is not to say that we shouldn't do it for prefix delegation. it is just my guess why it is implemented here but not there.

comment:9 Changed 2 years ago by marcin

comment:10 Changed 2 years ago by tmark

  • Owner changed from tmark to marcin

Explanation and new ticket are acceptable. Go ahead and merge.

comment:11 Changed 2 years ago by marcin

  • Resolution set to fixed
  • Status changed from reviewing to closed

Merged with commit 140e7239096c0d5b9fc82b2c9c461476bf9d5729

Note: See TracTickets for help on using tickets.