[Kea-users] ignoring DHCP-Requests which have set the BROADCAST flag

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kea-users] ignoring DHCP-Requests which have set the BROADCAST flag

Stefan Berger
Hi all,

is it possible to drop or ignore DHCP-Requests from clients which have set the
BROADCAST-Flag? (0x8000)

For Example
-----------------
ethertype 802.1Q, vlan 101, p 0, ethertype IPv4, (tos 0xc0, ttl 64, id 49089, offset 0, flags [none], proto UDP (17), length 338)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP,
Request from b8:be:f4:05:59:2e (oui Unknown), length 310, hops 1, xid 0x11380590, secs 21911, Flags [Broadcast] (0x8000)

BR
Stefan




_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] ignoring DHCP-Requests which have set the BROADCAST flag

Francis Dupont
Stefan Berger writes:
> is it possible to drop or ignore DHCP-Requests from clients which have set th
> e BROADCAST-Flag? (0x8000)

=> I can see at least two easy ways: use a firewall (the flag is at a fixed
offset so trivial to find) or write a hook for Kea (install it at the
pkt4_receive callout point and return DROP when the query4->getFlags()
has FLAG_BROADCAST_MASK set). As the broadcast flag has a function
in the protocol perhaps it is possible to tweak the configuration
so they failed to be served (e.g. responses do not reach them) but
a direct way is more reliable.

Regards

Francis Dupont <[hidden email]>
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] ignoring DHCP-Requests which have set the BROADCAST flag

Stefan Berger
>I can see at least two easy ways: use a firewall (the flag is at a fixed offset so trivial to find)
>or write a hook for Kea (install it at the pkt4_receive callout point and return DROP when the query4->getFlags() has FLAG_BROADCAST_MASK set).
>As the broadcast flag has a function in the protocol perhaps it is possible to tweak the configuration
>so they failed to be served (e.g. responses do not reach them) but a direct way is more reliable.


Hi Francis,

thanks for the input - as i'm not a coder i will check the "iptables" way

BR
Stefan
_______________________________________________
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users