|
|
# kea-dhcp4 Client Host Name Sanitizer Requirements
|
|
|
|
|
|
This page documents requirements for client host name sanitizer, a new Kea 1.5
|
|
|
feature that will allow kea-dhcp4 and kea-dhcp6 to be configured to sanitize values
|
|
|
received from DHCPv4 clients via Host Name or FQDN (codes 12 and 81 respectively),
|
|
|
or DHCPv6 clients via the FQDN option (option code 39).
|
|
|
|
|
|
Kea 1.4.0, the servers provide the ability to use these values, to construct the
|
|
|
FQDN used for that client in DNS entries. Some DHCP clients may provide values
|
|
|
that contain undesirable characters. It is should be possible to configure
|
|
|
kea-dhcp4 and kea-dhcp6 to sanitize these values. The most typical use case would be
|
|
|
ensuring that only characters that are permitted by RFC 953 be included:
|
|
|
A-Z,a-z,0-9, and '-'.
|
|
|
|
|
|
The following requirements apply to both kea-dhcp4 and kea-dhcp6:
|
|
|
|
|
|
S1. Client host name sanitation MUST be configurable.
|
|
|
|
|
|
S2. A mode where client host name sanitation is disabled MUST be supported.
|
|
|
|
|
|
S3. The client host name sanitation MUST be disabled by default.
|
|
|
|
|
|
S4. The set of invalid characters to be replaced MUST be configurable.
|
|
|
S4.1. Specifying an empty expression, "", MUST disable client host name
|
|
|
sanitation.
|
|
|
S4.2 Specifying the set of invalid characters via configuration file
|
|
|
MUST be supported.
|
|
|
S4.3 Specifying the set of invalid characters as a regular expression
|
|
|
MUST be supported.
|
|
|
S4.4 An invalid regular expression MUST be detected during configuration
|
|
|
processing and MUST cause a configuration error.
|
|
|
|
|
|
S5. Specifying a single replacement string, to be used for all invalid
|
|
|
characters, MUST be supported.
|
|
|
S5.1 Specifying the replacement string via configuration file MUST be
|
|
|
supported.
|
|
|
S5.2 Specifying an empty replacement string SHOULD cause invalid characters
|
|
|
to be dropped
|
|
|
S5.3 Specifying a replacement string of more than one character should
|
|
|
cause each invalid character to be replaced by the entire replacement
|
|
|
string.
|
|
|
|
|
|
In the following requirements "name option" refers to any of the three
|
|
|
prescribed options: v4 Host Name, v4 FQDN, or v6 FQDN
|
|
|
|
|
|
S6. When client host name sanitation is disabled, and the client sends a
|
|
|
name option, and all other related rules lead to the use of the
|
|
|
that option value in forming the FQDN name, that value MUST be used
|
|
|
as received when constructing the FQDN.
|
|
|
|
|
|
S7. When client host name sanitation is enabled, and the client sends a
|
|
|
name option, and all other related rules lead to the use of the
|
|
|
that option value in forming the FQDN name, that value MUST first be
|
|
|
sanitized as follows, before constructing the FQDN:
|
|
|
|
|
|
S7.1 Each character in the original value MUST be evaluated, in order
|
|
|
from the beginning of the value to the end, for membership in the
|
|
|
invalid set of characters
|
|
|
|
|
|
S7.2 Each character in the original value, that does not match the set
|
|
|
of invalid characters, MUST be retained in the resultant sanitized value.
|
|
|
|
|
|
S7.3 Each character in the original value, that does match the set of
|
|
|
invalid characters, MUST be replaced by the entire replacement string
|
|
|
in the resultant sanitized value.
|
|
|
|
|
|
S8. When sanitizing FQDN option values (either v4 or v6), the delimiting dots
|
|
|
that separate domain labels, in the original value will be preserved. |