Skip to content

DHCPv4: bad option 81 data (invalid FQDN) causes halt in further processing of packet

A packet with option 81 attached with an empty label causes further processing of the client's DHCPv4 packet to cease and the packet to be dropped.

This is very simple to reproduce with the following

Simple configuration 
{
    "Dhcp4": {
        "interfaces-config": {
            "interfaces": [
                "ens256"
            ]
        },
        "lease-database": {
            "type": "memfile",
            "persist": false
        },
        "calculate-tee-times": true,
        "option-data": [
            {
                "name": "domain-name-servers",
                "data": "10.0.0.1"
            }
        ],
        "subnet4": [
            {
                "subnet": "10.1.2.0/24",
                "id": 1,
                "option-data": [
                    {
                        "name": "routers",
                        "data": "10.1.2.1"
                    }
                ],
                "pools": [
                    {
                        "pool": "10.1.2.100-10.1.2.200"
                    }
                ]
            }
        ],
        "loggers": [
            {
                "name": "kea-dhcp4",
                "severity": "DEBUG",
                "debuglevel": 99,
                "output_options": [
                    {
                        "output": "stdout"
                    }
                ]
            }
        ]
    }
}

and sending packets with malformed FQDN using perfdhcp:

perfdhcp -4 -r 1 -p 10 -l ens256 -R 1 -o 81,0100002E656D7074792E6C6162656C2E6578616D706C652E636F6D
Messages like this are logged 
2024-03-13 11:21:28.124 DEBUG [kea-dhcp4.packets/52340.281473684041744] DHCP4_BUFFER_RECEIVED received buffer from 10.1.2.6:67 to 255.255.255.255:67 over interface ens256
2024-03-13 11:21:28.124 DEBUG [kea-dhcp4.options/52340.281473642041216] DHCP4_BUFFER_UNPACK parsing buffer received from 10.1.2.6 to 255.255.255.255 over interface ens256
2024-03-13 11:21:28.124 DEBUG [kea-dhcp4.bad-packets/52340.281473642041216] DHCP4_PACKET_DROP_0001 failed to parse packet from 10.1.2.6 to 255.255.255.255, received over interface ens256, reason: failed to parse the domain-name in DHCPv4 Client FQDN Option: non terminating empty label in .empty.label.example.com, hwaddr=00:0c:01:02:03:04

Clients with such incorrect FQDNs in option 81 are not able to get an IP address. Option 81 content from such clients is probably not useable and should perhaps be ignored but the client should still get an IP address possibly? This type of error in option 81 was allowed in ISC DHCP and so this is a problem for those migrating to Kea from ISC DHCP.

Attached a pcap of the DHCP packets generated by perfdhcp: fqdn-test.pcap

SF1790

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information