PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001151PacketFencedhcppublic2011-01-12 13:332011-12-30 23:38
Reporterobilodeau 
Assigned Toobilodeau 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version3.1.0Fixed in Version3.1.0 
fixed in git revision
fixed in mtn revision6c01f73ad854eeb91e96ccefbf08dc29a2f8f675
Summary0001151: Rogue DHCP detection with IP Helpers
DescriptionCurrent rogue DHCP detection relies on analysis of the DHCP server-initiated packets. In an IP Helper setup we never get these packets.

After reading RFC 2131, I realize that we could detect rogue DHCP servers in this context.

"The client broadcasts a DHCPREQUEST message that MUST include the 'server identifier' option to 
indicate which server it has selected, and that MAY include other options specifying desired configuration 
values."


If the server identifier is not an allowed DHCP server, report as rogue.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2011-01-12 13:33obilodeauNew Issue
2011-03-03 15:16obilodeauTarget Version2.1.0 => +1
2011-03-03 15:18obilodeauTarget Version+1 => +2
2011-11-22 12:13obilodeauStatusnew => assigned
2011-11-22 12:13obilodeauAssigned To => obilodeau
2011-11-25 14:27obilodeauNote Added: 0002465
2011-11-28 13:26obilodeaumtn revision => 6c01f73ad854eeb91e96ccefbf08dc29a2f8f675
2011-11-28 13:26obilodeauNote Added: 0002466
2011-11-28 13:26obilodeauStatusassigned => resolved
2011-11-28 13:26obilodeauFixed in Version => trunk
2011-11-28 13:26obilodeauResolutionopen => fixed
2011-12-30 23:28obilodeauFixed in Versiontrunk => 3.1.0
2011-12-30 23:37obilodeauNote Added: 0002500
2011-12-30 23:37obilodeauStatusresolved => closed
2011-12-30 23:38obilodeauTarget Version+2 => 3.1.0

Notes
(0002465)
obilodeau   
2011-11-25 14:27   
Feature added in revno: 11cda3dfd55678189c879365e26e31d63cf326a1

Right now though if the IP of the rogue DHCP is not known to packetfence, we can do nothing about it except report it. I'll be experimenting with option 82 to see if we can do better in that regard.
(0002466)
obilodeau   
2011-11-28 13:26   
Option 82 didn't help (at least on the 3550).

Every bits are committed as of revno: 6c01f73ad854eeb91e96ccefbf08dc29a2f8f675
(0002500)
obilodeau   
2011-12-30 23:37   
Released in version 3.1.0.