From Mark.Nejedlo@tdstelecom.com Mon Jun 12 16:54:11 2017 MIME-Version: 1.0 In-Reply-To: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-Ironport-Anti-Spam-Result: A2DFAAB7xj5ZkGgE9sxcGgEBAQECAQEBAQgBAQEBhCqBHQeDbYsLkHyWA4IRgm6DNgIagxkWAQIBAQEBAQEBEwEBAQEUESgkC4UYAQEBAQMjESsUEgQCAQgRBAEBAwIGGQQDAgICMBQBCAgCBBMIiiQFsBGCJiaLJAEBAQEBAQEBAQEBAQEBAQEBAQEfgQuFV4FegXOBLoE9gwkOGBUPgmwwgjEFkDWOBAYClU2FQ4NihluUbCYKJoELdIVpEAwZgU1ANocfgTKBDQEBAQ X-RT-Interface: API References: <79aa9f84c6cf3945bc2f8fe580781595@www.isc.org> Content-Language: en-US X-Ironport-Anti-Spam-Filtered: true Message-ID: content-type: text/plain; charset="utf-8" X-MS-Tnef-Correlator: X-RT-Original-Encoding: utf-8 X-Ironport-Av: E=Sophos;i="5.39,334,1493701200"; d="scan'208";a="2718376" X-Ironport-Av: E=Sophos;i="5.39,334,1493701200"; d="scan'208";a="1418274" Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by bugs.isc.org (Postfix) with ESMTP id 09CA471B5A8 for ; Mon, 12 Jun 2017 16:54:11 +0000 (UTC) Received: from extsmtp01.tdsinc.com (esabastion.teldta.com [216.170.201.44]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id A1FB134930F for ; Mon, 12 Jun 2017 16:54:08 +0000 (UTC) Received: from ifwc-eidmz-nat.teldta.com (HELO intsmtp01.tds.local) ([204.246.4.104]) by extsmtp01.tdsinc.com with ESMTP/TLS/RC4-SHA; 12 Jun 2017 11:54:07 -0500 Received: from unknown (HELO CMAILHUB1.corp.tds.local) ([10.144.142.95]) by intsmtp01.tds.local with ESMTP/TLS/AES256-SHA; 12 Jun 2017 11:54:07 -0500 Received: from CMAILBOX5.corp.tds.local ([10.144.89.10]) by cmailhub1 ([10.144.89.16]) with mapi id 14.03.0319.002; Mon, 12 Jun 2017 11:54:06 -0500 Delivered-To: dhcp-review@bugs.isc.org Subject: RE: [ISC-Bugs #35378] Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths [protocol] [dhcpv6] [server] Return-Path: Thread-Index: AQHS45XLu6WrbP6TBEGgW13f4r1+UKIhccmg X-Original-To: dhcp-review@bugs.isc.org Date: Mon, 12 Jun 2017 16:54:06 +0000 Thread-Topic: [ISC-Bugs #35378] Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths [protocol] [dhcpv6] [server] X-MS-Has-Attach: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org X-Cfilter-Loop: Reflected X-Originating-Ip: [10.144.116.25] To: "dhcp-review@isc.org" X-Ipas-Result: A2DFAAB7xj5ZkGgE9sxcGgEBAQECAQEBAQgBAQEBhCqBHQeDbYsLkHyWA4IRgm6DNgIagxkWAQIBAQEBAQEBEwEBAQEUESgkC4UYAQEBAQMjESsUEgQCAQgRBAEBAwIGGQQDAgICMBQBCAgCBBMIiiQFsBGCJiaLJAEBAQEBAQEBAQEBAQEBAQEBAQEfgQuFV4FegXOBLoE9gwkOGBUPgmwwgjEFkDWOBAYClU2FQ4NihluUbCYKJoELdIVpEAwZgU1ANocfgTKBDQEBAQ Accept-Language: en-US Content-Transfer-Encoding: base64 From: "Nejedlo, Mark" RT-Message-ID: Content-Length: 1940 Mark Nejedlo at TDS Telecom Thanks, Mark -----Original Message----- From: Thomas Markwalder via RT [mailto:dhcp-review@isc.org] Sent: Monday, June 12, 2017 11:05 AM To: Nejedlo, Mark Subject: [ISC-Bugs #35378] Version dhcpd 4.2.5 - Error handling overlapping prefix6 leases with different mask lengths [protocol] [dhcpv6] [server] Hello Mark: You'll be pleased to learn that we've corrected your issue in our upcoming releases 4.4.0 (date is TBD) and 4.3.6/4.1-ESV-R15 due out July 31st, 2017. Sorry it took us awhile but our resources are limited and we work on what we can as we can. The were two issues. The first was in lease file parsing, which did not check for matching prefix lengths between pools and leases. This meant that a lease was considered valid so long as its address could be matched to pool. Now the server requires that the prefix lengths of the lease and pool be equal, otherwise it will log the issue and discard the lease. The second issue was in processing prefix delegations received from the client via IA_PD suboptions. While we were enforcing the requested length and pool length match, we were internally treating mismatches as an error rather than as an "out-of-range" condition and not taking the appropriate action. The server will now treat these as it would out-of-range hints from the client for address leases (IA_NA or IA_TA). In the case of SOLICITs and REQUESTs it will attempt to offer what it can based on configuration (basically it will ignore the hint). For RENEWs it will return a status of No Binding, and for REBINDS it will return the lease with lifetimes set to zero. We'd like to thank you for your submission by citing you in our release notes. If you'd like to recognized in this manner please respond with how you wish to be identified. Typically it is by name and/or organization. Sincerely, Thomas Markwalder ISC Software Engineering