update checks for Server-Id

As per RFC 9915 the server MUST discard any Solicit, Confirm,
or Rebind messages that include a Server Identifier option.

Signed-off-by: ethan-thompson <ethan.thompson@networkradius.com>

diff --git a/src/protocols/dhcpv6/base.c b/src/protocols/dhcpv6/base.c
index 454f916a13f218a2543dbefba003e696be79544d..1d5a58b67e0b4e5b288596357a9b25dddb635998 100644 (file)
--- a/src/protocols/dhcpv6/base.c
+++ b/src/protocols/dhcpv6/base.c
@@ -453,9 +453,8 @@ static bool verify_from_client(uint8_t const *packet, size_t packet_len, fr_dhcp
                        return false;
                }
 
-               if (!fr_dhcpv6_option_find(options, end, FR_SERVER_ID)) {
-               fail_sid:
-                       fr_strerror_const("Packet does not contain a Server-Id option");
+               if (fr_dhcpv6_option_find(options, end, FR_SERVER_ID)) {
+                       fr_strerror_const("Packet contains a Server-Id option");
                        return false;
                }
                break;
@@ -467,7 +466,10 @@ static bool verify_from_client(uint8_t const *packet, size_t packet_len, fr_dhcp
                if (!fr_dhcpv6_option_find(options, end, FR_CLIENT_ID)) goto fail_cid;
 
                option = fr_dhcpv6_option_find(options, end, FR_SERVER_ID);
-               if (!option) goto fail_sid;
+               if (!option) {
+                       fr_strerror_const("Packet does not contain a Server-Id option");
+                       return false;
+               }
 
                if (!duid_match(option, packet_ctx)) {
                fail_match: