Re: [Kea-users] KEA handling malformed packets
Francis, I did experiment loaded bootp hook and it worked with following DEBUG message: kea4 | DEBUG BOOTP_PACKET_OPTIONS_SKIPPED an error unpacking an option, caused subsequent options to be skipped: Option parse failed. Tried to parse 161 bytes from 158-byte long buffer. However rest of processing was succeded and device became online. Is this something stable, that can be trusted to work with on some production environment ? Thanks! pon., 1 gru 2025 o 16:44 Francis Dupont napisaĆ(a): > Something which perhaps works: load the other standard hook which unpacks/ > parses incoming packets and handles lenient pasrsing: the bootp hook. > It will throw on malformed packets: not a very good thing as hooks are not > supposed to throw but the exception is caught and processing continues with > the partially parsed packet. BTW I am interested by this experiment so > if it works or not can you answer to this message? > > Thanks > > Francis Dupont > > PS: the bootp hook must be loaded before the lease query hook: they are > called > in the order they are configured / loaded. > -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. [email protected]
Re: [Kea-users] KEA handling malformed packets
Something which perhaps works: load the other standard hook which unpacks/ parses incoming packets and handles lenient pasrsing: the bootp hook. It will throw on malformed packets: not a very good thing as hooks are not supposed to throw but the exception is caught and processing continues with the partially parsed packet. BTW I am interested by this experiment so if it works or not can you answer to this message? Thanks Francis Dupont PS: the bootp hook must be loaded before the lease query hook: they are called in the order they are configured / loaded. -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. [email protected]
Re: [Kea-users] KEA handling malformed packets
Marcin Jurczuk writes: > I have lab system with isc-dhcp-server and kea installed. > I stuck on issue of handling malformed packets. > ISC-DHCP handles them flawlesly yet kea throws weird error: > DEBUG DHCP4_LEASE_QUERY_PACKET_UNPACK_FAILED failed to parse query from > 10.0.0.1 to 172.16.0.10, received over interface ens18, reason: Option > parse failed. Tried to parse 161 bytes from 158-byte long buffer. > > This is not LEASE QUERY packet at all. => when you load the lease query hook the unpack/parsing is performed by the hook because it is the right place to intercept lease query messages. Outside the log which is a bit different the lease query hook does not apply lenient parsing even when enabled: this is a known defect described in the #4105 ticket which is currently in backlog (i.e. waiting for someone to request it to be fixed). > pcap shows this is malformed packet > where option125 length reported by CableModem is just wrong. > Below is wireshark text about exactly that packet that causes problem - it > was captured on dhcpd server. => so Kea is right in complaining about the packet to be malformed > To emphasise - turning off kea, starting isc-dhcp - and modem gets IP, > turning off isc-dhcp enabling kea - I'm getting this error and modem is not > getting IP. => you have at least 4 solutions: - to get client fixed (I am afraid this can't be done...) - fix packets on the flight (not so easy) - move the lease query service to another box and enable linient parsing: if it is not critical to not step parsing at the malformed option this should fix your problem - make #4105 to be addresseed (unfortunately could take time as the next release is scheduled for next year...). Thanks Francis Dupont -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. [email protected]
[Kea-users] KEA handling malformed packets
Hi, Kea migration story continues :) I have lab system with isc-dhcp-server and kea installed. I stuck on issue of handling malformed packets. ISC-DHCP handles them flawlesly yet kea throws weird error: DEBUG DHCP4_LEASE_QUERY_PACKET_UNPACK_FAILED failed to parse query from 10.0.0.1 to 172.16.0.10, received over interface ens18, reason: Option parse failed. Tried to parse 161 bytes from 158-byte long buffer. This is not LEASE QUERY packet at all. pcap shows this is malformed packet where option125 length reported by CableModem is just wrong. Below is wireshark text about exactly that packet that causes problem - it was captured on dhcpd server. To emphasise - turning off kea, starting isc-dhcp - and modem gets IP, turning off isc-dhcp enabling kea - I'm getting this error and modem is not getting IP. --- Dynamic Host Configuration Protocol (Discover) Message type: Boot Request (1) Hardware type: Ethernet (0x01) Hardware address length: 6 Hops: 1 Transaction ID: 0x7f9762fa Seconds elapsed: 0 Bootp flags: 0x (Unicast) Client IP address: 0.0.0.0 Your (client) IP address: 0.0.0.0 Next server IP address: 0.0.0.0 Relay agent IP address: 10.0.0.1 Client MAC address: CompalBroadb_de:de:58 (90:5c:44:de:de:58) Client hardware address padding: Server host name not given Boot file name not given Magic cookie: DHCP Option: (53) DHCP Message Type (Discover) Length: 1 DHCP: Discover (1) Option: (60) Vendor class identifier Option: (0) Padding Option: (61) Client identifier Length: 15 IAID: 44dede58 DUID Type: link-layer address (3) Hardware type: Ethernet (1) Link layer address: 90:5c:44:de:de:58 Link layer address (Ethernet): CompalBroadb_de:de:58 (90:5c:44:de:de:58) Option: (125) V-I Vendor-specific Information Length: 162 Enterprise: Cable Television Laboratories, Inc. (4491) Length: 157 Option 125 Suboption: (124) Unknown Option 125 Suboption: (1) Option Request Option 125 Suboption: (5) Modem Capabilities Length: 150 [Malformed Packet: DHCP/BOOTP: length of contained item exceeds length of containing item] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] Thanks in advance -- ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users. [email protected]
