[#1584] Suppress v4 NAKs for unknown addresses

kea-dhcp4 no longer NAKs when the client DHCPREQUESTs an address that the server does not know. Added ChangeLog entry src/bin/dhcp4/dhcp4_messages.* DHCP4_UNKNOWN_ADDRESS_REQUESTED - new log message src/bin/dhcp4/dhcp4_srv.cc Dhcpv4Srv::assignLease() - added logic to drop NAKs when the address is not managed the server. src/bin/dhcp4/tests/dora_unittest.cc src/bin/dhcp4/tests/hooks_unittest.cc src/bin/dhcp4/tests/out_of_range_unittest.cc updated tests src/lib/dhcpsrv/alloc_engine.* AllocEngine::ClientContext4 - added unknown_requested_addr_ flag AllocEngine::requestLease4(AllocEngine::ClientContext4& ctx) - sets unknown_requested_addr_ flag
2025-09-05 08:25:16 +00:00 · 2021-10-11 11:35:53 -04:00
parent 643628f1ff
commit 65d31e57b2
10 changed files with 105 additions and 23 deletions
--- a/src/bin/dhcp4/dhcp4_srv.cc
+++ b/src/bin/dhcp4/dhcp4_srv.cc
@@ -2314,6 +2314,7 @@ Dhcpv4Srv::assignLease(Dhcpv4Exchange& ex) {
    // it should include this hint. That will help us during the actual lease
    // allocation.
    bool fake_allocation = (query->getType() == DHCPDISCOVER);
+    Subnet4Ptr original_subnet = subnet;

    // Get client-id. It is not mandatory in DHCPv4.
    ClientIdPtr client_id = ex.getContext()->clientid_;
@@ -2329,7 +2330,7 @@ Dhcpv4Srv::assignLease(Dhcpv4Exchange& ex) {
            .arg(hint.toText());

        Lease4Ptr lease;
-        Subnet4Ptr original_subnet = subnet;
+//        Subnet4Ptr original_subnet = subnet;

        // We used to issue a separate query (two actually: one for client-id
        // and another one for hw-addr for) each subnet in the shared network.
@@ -2573,6 +2574,34 @@ Dhcpv4Srv::assignLease(Dhcpv4Exchange& ex) {
    } else {
        // Allocation engine did not allocate a lease. The engine logged
        // cause of that failure.
+        if ((ctx->unknown_requested_addr_) /*&& !original_subnet->getAuthoritative()*/) {
+            Subnet4Ptr s = original_subnet;
+            // Address might have been rejected via class guard (i.e. not allowed for
+            // this client). We need to determine if we truly do not know about the
+            // address or whether this client just isn't allowed to have that address.
+            // We should only NAK For the latter.
+            while (s) {
+                if (s->inPool(Lease::TYPE_V4, hint)) {
+                    break;
+                }
+
+                s = s->getNextSubnet(original_subnet);
+            }
+
+            // If we didn't find a subnet, it's not an address we know about
+            // so we we drop the NAK.
+            if (!s) {
+                LOG_DEBUG(bad_packet4_logger, DBG_DHCP4_DETAIL,
+                          DHCP4_UNKNOWN_ADDRESS_REQUESTED)
+                          .arg(query->getLabel())
+                          .arg(query->getCiaddr().toText())
+                          .arg(opt_requested_address ?
+                          opt_requested_address->readAddress().toText() : "(no address)");
+                ex.deleteResponse();
+                return;
+            }
+        }
+
        LOG_DEBUG(bad_packet4_logger, DBG_DHCP4_DETAIL, fake_allocation ?
                  DHCP4_PACKET_NAK_0003 : DHCP4_PACKET_NAK_0004)
            .arg(query->getLabel())