From: Tomek Mrugalski Date: Thu, 23 May 2019 14:52:09 +0000 (+0200) Subject: [#606, !335] Dropping packets in DROP class implemented. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e78df49b4a39c0513c07d58b6ea9cddcc339c7d7;p=thirdparty%2Fkea.git [#606, !335] Dropping packets in DROP class implemented. --- diff --git a/src/bin/dhcp4/dhcp4_messages.mes b/src/bin/dhcp4/dhcp4_messages.mes index 40f1167566..7df5a33224 100644 --- a/src/bin/dhcp4/dhcp4_messages.mes +++ b/src/bin/dhcp4/dhcp4_messages.mes @@ -508,6 +508,12 @@ This debug message is issued when a packet is dropped because it did contain option 53 and thus has no DHCP message type. The most likely explanation is that it was BOOTP packet. +% DHCP4_PACKET_DROP_0010 %1: Packet dropped, because it was part of built-in class DROP +This debug message is printed when a packet was classified and the classification +determined that it belong to a built-in class DROP. This class has a special +meaning. It instructs Kea to drop the packet. If you feel that packet should +not been dropped, please look at your client class DROP definition. + % DHCP4_PACKET_NAK_0001 %1: failed to select a subnet for incoming packet, src %2, type %3 This error message is output when a packet was received from a subnet for which the DHCPv4 server has not been configured. The most probable diff --git a/src/bin/dhcp4/dhcp4_srv.cc b/src/bin/dhcp4/dhcp4_srv.cc index a04976c871..957ed30bef 100644 --- a/src/bin/dhcp4/dhcp4_srv.cc +++ b/src/bin/dhcp4/dhcp4_srv.cc @@ -1006,6 +1006,12 @@ Dhcpv4Srv::processPacket(Pkt4Ptr& query, Pkt4Ptr& rsp, bool allow_packet_park) { callout_handle->getArgument("query4", query); } + // If packet belongs to built-in class DROP, let's drop it. + if (query->inClass("DROP")) { + LOG_INFO(bad_packet4_logger, DHCP4_PACKET_DROP_0010).arg(query->getLabel()); + return; + } + AllocEngine::ClientContext4Ptr ctx; try { diff --git a/src/bin/dhcp6/dhcp6_messages.mes b/src/bin/dhcp6/dhcp6_messages.mes index d2c202b787..91fbd09629 100644 --- a/src/bin/dhcp6/dhcp6_messages.mes +++ b/src/bin/dhcp6/dhcp6_messages.mes @@ -519,6 +519,12 @@ because packets of this type must be sent to multicast. The first argument specifies the client and transaction identification information, the second argument specifies packet type. +% DHCP6_PACKET_DROP_CLASS %1: dropping packet, because it belong to class 'DROP' +This info message is printed when a packet was classified and the classification +determined that it belong to a built-in class DROP. This class has a special +meaning. It instructs Kea to drop the packet. If you feel that packet should +not been dropped, please look at your client class DROP definition. + % DHCP6_PACKET_OPTIONS_SKIPPED An error upacking an option, caused subsequent options to be skipped: %1 A debug message issued when an option failed to unpack correctly, making it impossible to unpack the remaining options in the packet. The server will diff --git a/src/bin/dhcp6/dhcp6_srv.cc b/src/bin/dhcp6/dhcp6_srv.cc index 37ad8b9ffa..face572427 100644 --- a/src/bin/dhcp6/dhcp6_srv.cc +++ b/src/bin/dhcp6/dhcp6_srv.cc @@ -700,6 +700,12 @@ Dhcpv6Srv::processPacket(Pkt6Ptr& query, Pkt6Ptr& rsp) { return; } + // If packet belongs to built-in class DROP, let's drop it. + if (query->inClass("DROP")) { + LOG_INFO(bad_packet6_logger, DHCP6_PACKET_DROP_CLASS).arg(query->getLabel()); + return; + } + // Park point here. try {