Opened 4 years ago

Last modified 15 months ago

#3009 new defect

kea6 does not drop relay-forward with forbidden options

Reported by: wlodekwencel Owned by:
Priority: medium Milestone: Outstanding Tasks
Component: dhcp6 Version:
Keywords: relay-forward Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 0 Internal?: no

Description (last modified by tomek)

Tests performed on GIT version of Bind downloaded 9.06.2013

DHCPv6 server accept as a valid message Relay-forward message with included not permitted options for Relay-Forward as:
-clientID
-serverID
-rapidcommit
-preference

To reproduce this bug plz use Forge project and use test with "realy_invalid" tag or build Relay Forward msg with Scapy
e.g.
IPv6(dst = address)/UDP(sport=546, dport=547)/DHCP6_RelayForward(linkaddr="3000::ffff", peeraddr=SRV_IPV6_ADDR, hopcount = level)/DHCP6OptIfaceId(ifaceid = "15")/DHCP6OptClientId()/DHCP6OptRelayMsg()/DHCP6_Solicit()

attached wireshark capture.

Subtickets

Attachments (2)

realy-wrong-option (117.1 KB) - added by wlodekwencel 4 years ago.
relay_forw_invalid_option (143.0 KB) - added by wlodekwencel 4 years ago.

Download all attachments as: .zip

Change History (8)

Changed 4 years ago by wlodekwencel

comment:1 Changed 4 years ago by shane

  • Milestone changed from New Tasks to DHCP Outstanding Tasks

Changed 4 years ago by wlodekwencel

comment:2 Changed 4 years ago by wlodekwencel

Relay-Forward message tested with the rest of not allowed options in message:
client ID
server ID
preference
time
option-request
status-codes
rapid-commit
reconfigure
reconfigure-accept

RFC 3315, table A "Appearance of Options in Message Types"

According to RFC 3315 section 15, those messages should be discarded, or in some cases replayed with statuscode UnSpecFail?.

It looks like Kea6 doesn't checking messages for not allowed options.

To repeat all those cases plz use Forge project and run all test tagged with 'relay_invalid', also I attached wireshark capture for all those tests.

comment:3 Changed 4 years ago by tomek

  • Milestone changed from DHCP Outstanding Tasks to DHCP-QA Defects

comment:4 Changed 2 years ago by tomek

  • Milestone changed from DHCP-QA Defects to DHCP Outstanding Tasks

comment:5 Changed 2 years ago by tomek

  • Milestone changed from DHCP Outstanding Tasks to Outstanding Tasks

Milestone renamed

comment:6 Changed 15 months ago by tomek

  • Description modified (diff)
  • Summary changed from kea6 relay-forward bug to kea6 does not drop relay-forward with forbidden options
Note: See TracTickets for help on using tickets.