DHCPv6 lease length logging
name: DHCPv6 - on commit {} - preferred lifetime / valid lifetime incorrect values available
Describe the bug When logging preferred and valid lifetime using on commit {} client requested values are recorded instead of server provided values.
To Reproduce Use a MacOS DHCPv6 client. Add this bit to the dhcp config:
on commit {
if exists dhcp6.ia-na {
log(debug,
concat( "PREFERREDLIFETIME: ",binary-to-ascii(10, 32, "", substring(option dhcp6.ia-na,32,4)),",",
"VALIDLIFETIME: ",binary-to-ascii(10, 32, "", substring(option dhcp6.ia-na,36,4))
)
);
}
}
which prints a log line like this:
Sep 15 18:53:49 dhcp-server-1 dhcpd: PREFERREDLIFETIME: 0,VALIDLIFETIME: 0
Expected behavior Should print a log line with the server provided preferred and valid lifetimes (ie: the values being sent back to the client. In my test case was 375 and 600)
Environment:
- ISC DHCP version: 4.4.1
- OS: Linux (custom)
- Which features were compiled in
./configure --prefix=/usr \
--sysconfdir=/etc \
--enable-secs-byteorder \
--localstatedir=/var/state/dhcp \
--with-srv-lease-file=/var/state/dhcp/dhcpd.leases \
--with-srv6-lease-file=/var/state/dhcp/dhcpd6.leases \
--with-srv-pid-file=/var/run/dhcpd.pid \
--with-srv6-pid-file=/var/run/dhcpd6.pid;
Additional Information when committing a lease to an Apple Mac mini (el Capitan) which generates a conventional log line like this:
Sep 15 18:53:48 dhcp-server-1 dhcpd: Relay-forward message from 2001:DB8:2e50:e8::1 port 547, link address 2001:DB8:2e50:e8::1, peer address fe80::225:4bff:fea0:6fe8
Sep 15 18:53:48 dhcp-server-1 dhcpd: Advertise NA: address 2001:DB8:2e50:e8:7fff:ffff:ffff:fffe to client with duid 00:01:00:01:20:e5:6e:2d:00:25:4b:a0:6f:e8 iaid = 0 valid for 600 seconds
Sep 15 18:53:48 dhcp-server-1 dhcpd: Sending Relay-reply to 2001:DB8:2e50:e8::1 port 547
Sep 15 18:53:49 dhcp-server-1 dhcpd: Relay-forward message from 2001:DB8:2e50:e8::1 port 547, link address 2001:DB8:2e50:e8::1, peer address fe80::225:4bff:fea0:6fe8
Sep 15 18:53:49 dhcp-server-1 dhcpd: Reply NA: address 2001:DB8:2e50:e8:7fff:ffff:ffff:fffe to client with duid 00:01:00:01:20:e5:6e:2d:00:25:4b:a0:6f:e8 iaid = 0 valid for 600 seconds
Sep 15 18:53:49 dhcp-server-1 dhcpd: Sending Relay-reply to 2001:DB8:2e50:e8::1 port 547
Using tcpdump, I can see that the client request had preferred and valid lifetimes of 0 but the reply from the server had preferred lifetime of 375 and valid lifetime of 600.
1505501629.303271 IP6 (class 0xe0, hlim 255, next-header UDP (17) payload length: 197) 2001:DB8:2e50:e8::1.547 > 2001:DB8:2e50:e4::226.547: [udp sum ok] dhcp6 relay-fwd (linkaddr=2001:DB8:2e50:e8::1 peeraddr=fe80::225:4bff:fea0:6fe8 (relay-message (dhcp6 request (xid=450fb (client-ID hwaddr/time type 1 time 551906861 00254ba06fe8) (option-request DNS-server DNS-search-list) (elapsed-time 0) (server-ID hwaddr/time type 1 time 542736789 00259061f77a) (IA_NA IAID:0 T1:0 T2:0 (IA_ADDR 2001:DB8:2e50:e8:7fff:ffff:ffff:fffe pltime:0 vltime:0)))) (opt_79) (interface-ID 4769302f302f312e3234...) (Remote-ID 9 0200010000f0000a0003...))
1505501629.303633 IP6 (hlim 64, next-header UDP (17) payload length: 181) 2001:DB8:2e50:e4::226.547 > 2001:DB8:2e50:e8::1.547: [udp sum ok] dhcp6 relay-reply (linkaddr=2001:DB8:2e50:e8::1 peeraddr=fe80::225:4bff:fea0:6fe8 (interface-ID 4769302f302f312e3234...) (relay-message (dhcp6 reply (xid=450fb (IA_NA IAID:0 T1:0 T2:0 (IA_ADDR 2001:DB8:2e50:e8:7fff:ffff:ffff:fffe pltime:375 vltime:600)) (client-ID hwaddr/time type 1 time 551906861 00254ba06fe8) (server-ID hwaddr/time type 1 time 542736789 00259061f77a) (DNS-server 2001:DB8:2e50:a::10 2001:DB8:2e50:a::74))))
It seems that option dhcp6.ia-na during the on commit {} may contain data from the client request packet instead of the server reply packet.
This seems to me like it should be considered a bug since it makes it impossible to get the lease time during on commit {}.
Describe alternatives you've considered Presently I'm running tshark to extract the lease length and log it that way. This is not an ideal solution.
Contacting you please contact me if you need to: perl-list at network1.net