To: dhcp-confidential@isc.org In-Reply-To: From: "Rob Riepel" X-RT-Incoming-Encryption: Not encrypted Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id E5645D78A85 for ; Wed, 28 Jun 2017 22:11:39 +0000 (UTC) Received: from mx0a-00000d04.pphosted.com (mx0a-00000d04.pphosted.com [148.163.149.245]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 1C0E03493BB for ; Wed, 28 Jun 2017 22:11:37 +0000 (UTC) Received: from pps.filterd (m0102890.ppops.net [127.0.0.1]) by mx0a-00000d04.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5SM8gBD022900 for ; Wed, 28 Jun 2017 15:11:33 -0700 Received: from mx0b-00000d03.pphosted.com (mx0b-00000d03.pphosted.com [148.163.153.234]) by mx0a-00000d04.pphosted.com with ESMTP id 2bbxf1m7n0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 28 Jun 2017 15:11:32 -0700 Received: from pps.filterd (m0102882.ppops.net [127.0.0.1]) by mx0a-00000d03.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v5SMAHjJ010206 for ; Wed, 28 Jun 2017 15:11:32 -0700 Received: from codegreen6.stanford.edu (codegreen6.stanford.edu [171.67.224.8]) by mx0a-00000d03.pphosted.com with ESMTP id 2bck0fhpsh-1 (version=TLSv1 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 28 Jun 2017 15:11:31 -0700 Received: from codegreen6.stanford.edu (localhost.localdomain [127.0.0.1]) by codegreen6.stanford.edu (Postfix) with ESMTP id 14E2B43 for ; Wed, 28 Jun 2017 15:11:31 -0700 (PDT) Received: from smtp.stanford.edu (smtp1.stanford.edu [171.67.219.81]) by codegreen6.stanford.edu (Postfix) with ESMTP id 0677F43 for ; Wed, 28 Jun 2017 15:11:31 -0700 (PDT) Received: from noxzema.stanford.edu (noxzema.stanford.edu [171.64.20.42]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: riepel) by smtp.stanford.edu (Postfix) with ESMTPSA id D370C6660D for ; Wed, 28 Jun 2017 15:11:30 -0700 (PDT) Message-ID: X-RT-Interface: Email Date: Wed, 28 Jun 2017 15:11:30 -0700 MIME-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) content-type: text/plain; charset="utf-8" X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706280355 X-Mailer: Apple Mail (2.3124) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org X-Original-To: dhcp-confidential@bugs.isc.org References: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham autolearn_force=no version=3.4.0 From riepel@stanford.edu Wed Jun 28 22:11:40 2017 Content-Transfer-Encoding: quoted-printable X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-06-28_13:,, signatures=0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-06-28_13:,, signatures=0 Return-Path: Subject: Re: [ISC-Bugs #45451] [confidential] DHCPv6 client class matching bug in DHCP server 4.3.5 X-RT-Original-Encoding: utf-8 Delivered-To: dhcp-confidential@bugs.isc.org RT-Message-ID: Content-Length: 1906 Thank you. FWIW, our config is virtually the same for our DHCPv4 service (except we use "match hardware," as mentioned in my original message), and class matching works as expected. (I tested it after encountering the v6 problems to make sure I understood what I was doing.) > On Jun 28, 2017, at 3:47 AM, Thomas Markwalder via RT wrote: > > Hello Rob: > > We have pulled the files down, thank you. The full config file is quite large which may have something to do with it. My testing here was done based on the snippet you included before. > > I will keep you updated with our findings but it may be a bit before we can spend much time on it. > > Regards, > > Thomas Markwalder > ISC Software Engineering > > On Tue Jun 27 23:40:44 2017, riepel@stanford.edu wrote: >> On Jun 27, 2017, at 10:41 AM, Thomas Markwalder via RT > confidential@isc.org> wrote: >> >> >>> This is an intriguing problem. Thus far, using your configuration we >>> have not been able to produce a mismatch. We are winding up work on >>> our next releases, 4.3.6/4.1-ESV-R15, which are due out 7/31/17, so >>> our resources are somewhat limited. >>> >>> Could you supply us with pcaps of the traffic that causes the >>> mismatch? >> >> As you can see from the files, I restart the server, started tcpdump >> (dst port 547 or dst port 546), and then told the "vile" client (same >> one as before) to configure IPv6 automatically. It matched "roaming" >> right off. The subsequent client, ac:bc:32:d3:2a:f1, which is a valid >> "roaming" client didn't explicitly match "roaming," but it didn't get >> an address either. About 15 seconds later it matched "roaming" and got >> an address. >> >> I've put the full config, log, and pcap files up at >> http://web.stanford.edu/~riepel/dhcpv6/ >> >> Let me know when you've got them so I remove them. Thanks. >> >> -- >> Rob Riepel