Hi Jan,
You may want to investigate your assumption that option 79 is included.
>From what you've shown here, it seems likely that it was not included. You
can do this with `tcpdump -i <interface> -w dhcp6.pcap port 547` The
resulting dhcp6.pcap can be opened in Wireshark for inspection. I think
you might find that option 79 is not included.
Thank you,
Darren Ankney
On Tue, Apr 8, 2025 at 12:06 PM Jan Rovner via Kea-users <
kea-users@lists.isc.org> wrote:
> Hello,
>
> I am running dhcp6 server with strict policy that KEA talks only to
> clients with known MACs (Reservations) and provides only a static config
> for them. All clients are operating via DHCPv6 relay and the relay should
> pass client's MAC option 79 RFC 6939 for KEA to be used via
> client-link-addr-option.
>
> This is a working except from my kea-dhcp6.conf. All it works fine, if
> client uses DUID-LLT or DUID-LL, where MAC address can be determined from
> DUID.
>
> ...
> "client-classes": [
> {
> "name": "DROP",
> "test": "not member('KNOWN')"
> }
>
> ...
>
> "host-reservation-identifiers": [ "hw-address", "duid" ],
> "mac-sources": [ "client-link-addr-option", "remote-id", "subscriber-id",
> "ipv6-link-local", "duid" ],
>
> ...
>
> "subnet6": [
> {
> "reservations": [
> {
> "hw-address": "xx:xx:xx:xx:xx:xx",
> "ip-addresses": [ "xxxx:xxxx:xxxx:1::2" ],
> etc.
> ...
>
> However, if client uses another DUID type, this happens - "Expression DROP
> is evaluated to true" and the request is dropped.
>
> INFO DHCP6_QUERY_LABEL received query:
> duid=[00:02:00:00:d2:6d:8e:83:64:d4:6c:e7:26:8e], [no hwaddr info],
> tid=0x2621c
>
> INFO EVAL_RESULT duid=[00:02:00:00:d2:6d:8e:83:64:d4:6c:e7:26:8e], [no
> hwaddr info], tid=0x2621c: Expression DROP evaluated to true
>
> DEBUG DHCP6_PACKET_DROP_DROP_CLASS2 dropped as member of the special class
> 'DROP' after host reservation lookup:
> duid=[00:02:00:00:d2:6d:8e:83:64:d4:6c:e7:26:8e], [no hwaddr info]
> local_address=[xxxx:xxxx:xxxx:x::x]:0,
> remote_address=[xxxx:xxxx:xxxx:xxxx::1]:547, msg_type=SOLICIT (1),
>
> It looks like that host reservation lookup was probably not performed with
> correct MAC (that was told to the KEA via option 79).
>
> Any ideas to fix it?
>
> Thank you very much.
>
> Sincerely,
> Jan Rovner
>
>
>
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
--
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users
