Skip to content

Host reservation and offer-lifetime option conflicts causing persistent NAKs

name: Bug report
about: Create a report to help us improve

If you believe your bug report is a security issue (e.g. a packet that can kill the server), DO NOT REPORT IT HERE. Please use https://www.isc.org/community/report-bug/ instead or send mail to security-office(at)isc(dot)org.

Describe the bug

When I set up a DHCP host reservation and assign a lease, changing the dhcp_identifier in the host reservation record to any other mac address will cause the original mac address to never get a new lease, which is reflected in the continuous receipt of DHCPNAK responses. By turning off the offer-lifetime configuration, the phenomenon disappears.

To Reproduce Steps to reproduce the behavior:

  1. Run Kea with the following config

    {
    "Dhcp4": {
        "control-socket": {
            "socket-name": "/tmp/kea4-ctrl-socket",
            "socket-type": "unix"
        },
        "expired-leases-processing": {
            "flush-reclaimed-timer-wait-time": 25,
            "hold-reclaimed-time": 259200,
            "reclaim-timer-wait-time": 5,
            "max-reclaim-leases": 0,
            "max-reclaim-time": 1000
        },
        "authoritative": true,
        "interfaces-config": {
            "interfaces": [
                "lo",
                "*"
            ],
            "dhcp-socket-type": "udp"
        },
        "multi-threading": {
            "enable-multi-threading": true,
            "thread-pool-size": 0,
            "packet-queue-size": 1584
        },
        "offer-lifetime": 20, // After the option is turned off, the problem fixes
        "lease-database": {
            "type": "mysql",
            "name": "kea_dhcp",
            "host": "xxx",
            "port": 3306,
            "user": "xxx",
            "password": "xxx",
            "reconnect-wait-time": 3000,
            "max-reconnect-tries": 20,
            "on-fail": "stop-retry-exit",
            "retry-on-startup": true,
            "connect-timeout": 3
        },
        "hosts-databases": [
            {
                "type": "mysql",
                "name": "kea_dhcp",
                "host": "xxx",
                "port": 3306,
                "user": "xxx",
                "password": "xxx",
                "reconnect-wait-time": 3000,
                "max-reconnect-tries": 15,
                "on-fail": "serve-retry-continue",
                "retry-on-startup": true,
                "connect-timeout": 3
            }
        ],
        "hooks-libraries": [
            {
                "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_stat_cmds.so"
            },
            {
                "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_mysql_cb.so"
            },
            {
                "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so",
                "parameters": {}
            }
        ],
        "subnet4": [
            {
                "id": 1,
                "subnet": "10.0.0.0/24",
                "pools": [
                    {
                        "pool": "10.0.0.31 - 10.0.0.254"
                    }
                ],
                "option-data": [
                    {
                        "name": "routers",
                        "data": "10.0.0.1"
                    },
                    {
                        "name": "subnet-mask",
                        "data": "255.255.255.0"
                    }
                ],
                "valid-lifetime": 120,
                "max-valid-lifetime": 36000,
                "user-context":{
                    "comment": "test-test",
                    "site": "test",
                    "description": "test"
                }
            }
        ],
        "loggers": [
            {
                "name": "kea-dhcp4",
                "output-options": [
                    {
                        "output": "/var/log/kea/dhcp4.log",
                        "maxver": 8,
                        "maxsize": 204800000,
                        "flush": false,
                        "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p [%c] %m%n"
                    }
                ],
                "severity": "INFO"
            }
        ]
    }
}

  2. Insert a host to retain the record

    INSERT INTO hosts (dhcp_identifier, dhcp_identifier_type, dhcp4_subnet_id, ipv4_address) 
VALUES 
(UNHEX(REPLACE('01:02:03:04:05:06', ':', '')), 0, 1, INET_ATON('10.0.0.31'));

  3. Let the client get the lease correctly

    2024-08-26 13:32:41.435 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0xe585c105
2024-08-26 13:32:41.435 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0xe585c105: DHCPDISCOVER (type 1) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:32:41.451 INFO  [kea-dhcp4.leases] DHCP4_LEASE_OFFER [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0xe585c105: lease 10.0.0.31 will be offered
2024-08-26 13:32:41.451 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0xe585c105: trying to send packet DHCPOFFER (type 2) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:32:41.555 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0xe585c105
2024-08-26 13:32:41.555 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0xe585c105: DHCPREQUEST (type 3) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:32:41.572 INFO  [kea-dhcp4.leases] DHCP4_LEASE_ALLOC [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0xe585c105: lease 10.0.0.31 has been allocated for 120 seconds
2024-08-26 13:32:41.578 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0xe585c105: trying to send packet DHCPACK (type 5) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo

  4. Update host dhcp_identifier

    UPDATE hosts
SET dhcp_identifier = UNHEX(REPLACE('01:02:03:04:05:07', ':', ''))
WHERE ipv4_address = INET_ATON('10.0.0.31');

  5. See error

    2024-08-26 13:33:39.655 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x4572386c
2024-08-26 13:33:39.655 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x4572386c: DHCPDISCOVER (type 1) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:33:39.677 INFO  [kea-dhcp4.leases] DHCP4_LEASE_OFFER [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x4572386c: lease 10.0.0.32 will be offered
2024-08-26 13:33:39.677 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x4572386c: trying to send packet DHCPOFFER (type 2) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:33:39.815 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x4572386c
2024-08-26 13:33:39.815 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x4572386c: DHCPREQUEST (type 3) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:33:39.832 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x4572386c: trying to send packet DHCPNAK (type 6) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:33:43.185 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x7180c024
2024-08-26 13:33:43.185 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x7180c024: DHCPDISCOVER (type 1) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:33:43.206 INFO  [kea-dhcp4.leases] DHCP4_LEASE_OFFER [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x7180c024: lease 10.0.0.33 will be offered
2024-08-26 13:33:43.206 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x7180c024: trying to send packet DHCPOFFER (type 2) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:33:43.417 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x7180c024
2024-08-26 13:33:43.417 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x7180c024: DHCPREQUEST (type 3) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:33:43.433 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x7180c024: trying to send packet DHCPNAK (type 6) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:33:46.785 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x8c7b9455
2024-08-26 13:33:46.785 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x8c7b9455: DHCPDISCOVER (type 1) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:33:46.806 INFO  [kea-dhcp4.leases] DHCP4_LEASE_OFFER [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x8c7b9455: lease 10.0.0.34 will be offered
2024-08-26 13:33:46.806 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x8c7b9455: trying to send packet DHCPOFFER (type 2) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:33:47.085 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x8c7b9455
2024-08-26 13:33:47.085 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x8c7b9455: DHCPREQUEST (type 3) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:33:47.102 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x8c7b9455: trying to send packet DHCPNAK (type 6) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:33:50.491 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x367cc53c
2024-08-26 13:33:50.491 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x367cc53c: DHCPDISCOVER (type 1) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:33:50.511 INFO  [kea-dhcp4.leases] DHCP4_LEASE_OFFER [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x367cc53c: lease 10.0.0.35 will be offered
2024-08-26 13:33:50.511 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x367cc53c: trying to send packet DHCPOFFER (type 2) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:33:50.685 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x367cc53c
2024-08-26 13:33:50.685 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x367cc53c: DHCPREQUEST (type 3) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:33:50.702 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x367cc53c: trying to send packet DHCPNAK (type 6) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo

  6. Turn off the offer-lifetime option and re-load Kea-DHCP4, repeat the above steps, the problem no longer appears

    2024-08-26 13:34:46.965 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211
2024-08-26 13:34:46.966 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211: DHCPDISCOVER (type 1) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:34:46.989 INFO  [kea-dhcp4.leases] DHCP4_LEASE_OFFER [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211: lease 10.0.0.32 will be offered
2024-08-26 13:34:46.989 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211: trying to send packet DHCPOFFER (type 2) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:34:47.085 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211
2024-08-26 13:34:47.085 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211: DHCPREQUEST (type 3) received from 10.0.0.1 to 192.168.0.100 on interface lo
2024-08-26 13:34:47.108 INFO  [kea-dhcp4.leases] DHCP4_LEASE_ALLOC [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211: lease 10.0.0.32 has been allocated for 120 seconds
2024-08-26 13:34:47.117 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211: trying to send packet DHCPACK (type 5) from 192.168.0.100:67 to 10.0.0.1:67 on interface lo
2024-08-26 13:35:47.558 INFO  [kea-dhcp4.dhcp4] DHCP4_QUERY_LABEL received query: [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211
2024-08-26 13:35:47.558 INFO  [kea-dhcp4.packets] DHCP4_PACKET_RECEIVED [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211: DHCPREQUEST (type 3) received from 10.0.0.32 to 192.168.0.100 on interface lo
2024-08-26 13:35:47.577 INFO  [kea-dhcp4.leases] DHCP4_LEASE_ALLOC [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211: lease 10.0.0.32 has been allocated for 120 seconds
2024-08-26 13:35:47.582 INFO  [kea-dhcp4.packets] DHCP4_PACKET_SEND [hwtype=1 01:02:03:04:05:06], cid=[01:01:02:03:04:05:06], tid=0x2f0ba211: trying to send packet DHCPACK (type 5) from 192.168.0.100:67 to 10.0.0.32:68 on interface lo

Expected behavior

After configuring the offer-lifetime option, the host reservation still works normally.

Environment:

  • Kea version:
# kea-dhcp4 -V
2.6.0 (isc20240525133310 deb)
premium: yes (isc20240525133310 deb)
linked with:
- log4cplus 2.0.5
- OpenSSL 3.0.2 15 Mar 2022
backends:
- MySQL backend 22.0, library 8.0.39
- PostgreSQL backend 22.0, library 140012
- Memfile backend 3.0
  • OS:
# cat /etc/os-release 
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Additional Information Add any other context about the problem here. In particular, feel free to share your config file and logs from around the time error occurred. Don't be shy to send more logs than you think are relevant. It is easy to grep large log files. It is tricky to guess what may have happened without any information.

Make sure you anonymize your config files (at the very lease make sure you obfuscate your database credentials, but you may also replace your actual IP addresses and host names with example.com and 10.0.0.0/8 or 2001:db8::/32).

Contacting you

q981331502@163.com

Edited by a76yyyy
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information