search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
4.42k stars 430 forks source link

[DHCP] Server invalid packets for reserved leases causing invalid packet size errors on relays #1025

Closed BoGs closed 1 month ago

BoGs commented 1 month ago

It seems that the DHCP server is sending invalid packet sizes for DHCP requests from client requests that are part of the Reserved Leases list.

Dynamic leases seem to be working on my machines that do not have reservations.

I am using OPNSense where behind the scenes is BSD with the dhcrelay being (https://github.com/openbsd/src/blob/master/usr.sbin/dhcrelay/dhcrelay.c#L334) 

2024-09-13T10:35:35-04:00   Notice  dhcrelay    Discarding packet with invalid size.    
2024-09-13T10:35:35-04:00   Notice  dhcrelay    forwarded BOOTREQUEST for xx:xx:xx:xx:xx:xx to xxx.xxx.xxx.xxx

Request

ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 64, id 6482, offset 0, flags [none], proto UDP (17), length 328)
    xxx.xxx.xxx.xxx.67 > xxx.xxx.xxx.xxx.67: [udp sum ok] BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx, length 300, hops 1, xid 0xa0550a50, secs 40500, Flags [none] (0x0000)
      Client-IP xx.xx.xx.10
      Gateway-IP xxx.xxx.xxx.1
      Client-Ethernet-Address xx:xx:xx:xx:xx:xx
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Request
        Client-ID Option 61, length 7: ether xx:xx:xx:xx:xx:xx
        MSZ Option 57, length 2: 576
        Parameter-Request Option 55, length 7: 
          Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
          Domain-Name, BR, NTP
        Vendor-Class Option 60, length 12: "udhcp 1.28.4"

Response

ethertype IPv4 (0x0800), length 292: (tos 0x0, ttl 64, id 38534, offset 0, flags [DF], proto UDP (17), length 278)
    xxx.xxx.xxx.xxx.67 > xxx.xxx.xxx.xxx.67: [udp sum ok] BOOTP/DHCP, Reply, length 250, xid 0xa0550a50, secs 40500, Flags [none] (0x0000)
      Client-IP xxx.xxx.xxx.10
      Gateway-IP xxx.xxx.xxx.1
      Client-Ethernet-Address xx:xx:xx:xx:xx:xx
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: NACK
        Server-ID Option 54, length 4: 0.0.0.0

Version 12.2.1

BoGs commented 1 month ago

I forgot to add based on my understanding the packet option needs to be 300 bytes or is invalid but I am unsure based on RFC 2131 - or be padded.

In fact, RFC2131 says, "A DHCP client must be prepared to receive DHCP messages with an 'options' field of at least length 312 octets. This requirement implies that a DHCP client must be prepared to receive a message of up to 576 octets, the minimum IP datagram size an IP host must be prepared to accept [3]. "

BoGs commented 1 month ago

After further testing it seems like only some dhcp requests are running into this. I am not sure how to narrow this down as it seems both reserved and dynamic leases are working.

ShreyasZare commented 1 month ago

Thanks for the feedback. It could be possible that the client is requesting too many options and the response is getting over limit.

It would be great if you can run tcpdump on the server running the DHCP server and try to get a lease from the affected client, and share the captured pcap file to support@technitium.com. This will help understanding the issue much better.