tcpdump icon indicating copy to clipboard operation
tcpdump copied to clipboard

Published 20 hours ago verified publisher icon the-tcpdump-group

ZTP option (DHCPv6) and SZTP (DHCPv4 and v6) support

Open eamonjd opened this issue 2 years ago • 0 comments

Summary

  • Added ZTP DHCPv6 option BOOTFILE_URL support (previously only equivalent DHCPv4 option was supported) (RFC5970)
  • Added SZTP option support for both DHCPv4 and DHCPv6 requests and responses. (RFC8572)
  • Added DHCPv6 user-class option (RFC8415) As the existing DHCPv4 and DHCPv6 tcpdump output are not consistent with each other, these changes follow this convention and adopts the respective style for DHCPv4 and DHCPv6.

Details

A) Rather than Unknown (143, output now specifies SZTP-Redirect (143) Added support for SZTP-Redirect Option 143 on requests 15:26:16.092235 00:00:44:01:00:00 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:00:44:01:00:00 (oui Unknown), length 300, xid 0xba761038, Flags [none] Client-Ethernet-Address 00:00:44:01:00:00 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Discover Parameter-Request (55), length 10: MTU (26), Subnet-Mask (1), BR (28), Default-Gateway (3) Domain-Name (15), Domain-Name-Server (6), LOG (7), Hostname (12) Unknown (143), Classless-Static-Route (121) Vendor-Class (60), length 6: "Arista" Client-ID (61), length 6: "^@D^A^@^@"

15:25:54.957572 00:00:44:01:00:00 (oui Unknown) > Broadcast, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:00:44:01:00:00 (oui Unknown), length 300, xid 0xd53905c, Flags [none] Client-Ethernet-Address 00:00:44:01:00:00 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Request Server-ID (54), length 4: 10.10.0.2 Requested-IP (50), length 4: 10.10.0.4 Parameter-Request (55), length 10: MTU (26), Subnet-Mask (1), BR (28), Default-Gateway (3) Domain-Name (15), Domain-Name-Server (6), LOG (7), Hostname (12) SZTP-Redirect (143), Classless-Static-Route (121) Vendor-Class (60), length 6: "Arista" Client-ID (61), length 6: "^@D^A^@^@"

B) Previously tcpdump outputted the binary values, it now shows the inidividual values in text format, (T143 Option 143 -> SZTP-Redirect (143)), e.g.

15:26:16.099544 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 412) 10.10.0.2.bootps > 10.10.0.4.bootpc: BOOTP/DHCP, Reply, length 384, xid 0xba761038, Flags [none] Your-IP 10.10.0.4 Client-Ethernet-Address 00:00:44:01:00:00 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: ACK Server-ID Option 54, length 4: 10.10.0.2 Lease-Time Option 51, length 4: 28778 MTU Option 26, length 2: 1500 Subnet-Mask Option 1, length 4: 255.255.0.0 Default-Gateway Option 3, length 4: 10.10.0.1 Domain-Name Option 15, length 18: "aristanetworks.com" Domain-Name-Server Option 6, length 4: 10.10.0.1 T143 Option 143, length 84: 1730676,1953526586,791638906,1953509678,1685026670,1819238756,778268525,1140852,1953526586,791621936,774975534,8083333 12,594048116,1886599727,794505776,808532532,943075386,876099120,976894008,943217978,942684208

15:26:16.099544 4e:ae:9c:94:66:0d (oui Unknown) > 00:00:44:01:00:00 (oui Unknown), ethertype IPv4 (0x0800), length 426: (tos 0x10, ttl 128, id 0, offset 0, fl ags [none], proto UDP (17), length 412) 10.10.0.2.bootps > 10.10.0.4.bootpc: BOOTP/DHCP, Reply, length 384, xid 0xba761038, Flags [none] Your-IP 10.10.0.4 Client-Ethernet-Address 00:00:44:01:00:00 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: ACK Server-ID (54), length 4: 10.10.0.2 Lease-Time (51), length 4: 28778 MTU (26), length 2: 1500 Subnet-Mask (1), length 4: 255.255.0.0 Default-Gateway (3), length 4: 10.10.0.1 Domain-Name (15), length 18: "aristanetworks.com" Domain-Name-Server (6), length 4: 10.10.0.1 SZTP-Redirect (143), length 84: instance#1: "https://sztp1.download.com/", length 26 instance#2: "https://10.10.0.0/", length 17 instance#3: "https://[2001:4860:4860::8888]:8080", length 35

C) In DHCPv6 solicit requests, rather than opt_59, now use Bootfile-URL, e.g. 19:24:08.422125 IP6 (flowlabel 0x1de3e, hlim 1, next-header UDP (17) payload length: 199) fe80::2edd:e9ff:fec9:3288.dhcpv6-client > ff02::1:2.dhcpv6-server:
[udp sum ok] dhcp6 solicit (xid=422a14 (vendor-specific-info) (client-ID hwaddr/time type 1 time 700062283 2cdde9c93288) (option-request opt_59 DNS-search-li
st DNS-server) (elapsed-time 725) (user-class) (IA_NA IAID:3922277000 T1:3600 T2:5400))

19:24:08.422125 2c:dd:e9:c9:32:88 (oui Arista Networks) > 33:33:00:01:00:02 (oui Unknown), ethertype 802.1Q (0x8100), length 257: vlan 2204, p 0, ethertype IP v6 (0x86dd), (flowlabel 0x1de3e, hlim 1, next-header UDP (17) payload length: 199) fe80::2edd:e9ff:fec9:3288.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 so licit (xid=422a14 (vendor-specific-info) (client-ID hwaddr/time type 1 time 700062283 2cdde9c93288) (option-request Bootfile-URL DNS-search-list DNS-server) ( elapsed-time 725) (user-class) (IA_NA IAID:3922277000 T1:3600 T2:5400))

D) In DHCPv6 ZTP responses, rather than (opt_59), now use Bootfile-URL , e.g.

15:15:33.148466 IP6 (flowlabel 0x1570c, hlim 64, next-header UDP (17) payload length: 157) fe80::40d3:61ff:fe62:3810.dhcpv6-server > fe80::200:1ff:fe01:0.dhcpv6-client: [udp sum ok] dhcp6 advertise (xid=654242 (IA_NA IAID:16842752 T1:0 T2:0 (IA_ADDR 1234:5678::4 pltime:18000 vltime:28800)) (client-ID hwaddr/time type 1 time 701792102 000001010000) (server-ID hwaddr/time type 1 time 701792110 42d361623810) (opt_59) (DNS-search-list aristanetworks.com.) (DNS-server 1234:5678::2))

15:15:33.148466 42:d3:61:62:38:10 (oui Unknown) > 00:00:01:01:00:00 (oui Unknown), ethertype IPv6 (0x86dd), length 211: (flowlabel 0x1570c, hlim 64, next-header UDP (17) payload length: 157) fe80::40d3:61ff:fe62:3810.dhcpv6-server > fe80::200:1ff:fe01:0.dhcpv6-client: dhcp6 advertise (xid=654242 (IA_NA IAID:16842752 T1:0 T2:0 (IA_ADDR 1234:5678::4 pltime:18000 vltime:28800)) (client-ID hwaddr/time type 1 time 701792102 000001010000) (server-ID hwaddr/time type 1 time 701792110 42d361623810) (Bootfile-URL my-startup-config) (DNS-search-list aristanetworks.com.) (DNS-server 1234:5678::2))

E) In DHCPv6 SZTP responses, rather than (opt_136), now use (SZTP-redirect *(uri)), e.g. (SZTP-redirect https://sztp1.download.com,https://sztp2.download.com:8080,https://10.10.0.0,https://10.10.0.0:8000,https://[2001:4860:4860::8888]:8080)

14:35:46.638223 IP6 (flowlabel 0xe612c, hlim 64, next-header UDP (17) payload length: 281) fe80::cc0d:b4ff:fe8a:3384.dhcpv6-server > fe80::200:1ff:fe01:0.dhcpv6-client: [udp sum ok] dhcp6 reply (xid=5f98e6 (IA_NA IAID:16842752 T1:0 T2:0 (IA_ADDR 1234:5678::4 pltime:7200 vltime:28800)) (client-ID hwaddr/time type 1 time 701530515 000001010000) (server-ID hwaddr/time type 1 time 701530524 ce0db48a3384) (opt_136) (DNS-search-list aristanetworks.com.) (DNS-server 1234:5678::2))

13:35:46.638223 ce:0d:b4:8a:33:84 (oui Unknown) > 00:00:01:01:00:00 (oui Unknown), ethertype IPv6 (0x86dd), length 335: (flowlabel 0xe612c, hlim 64, next-header UDP (17) payload length: 281) fe80::cc0d:b4ff:fe8a:3384.dhcpv6-server > fe80::200:1ff:fe01:0.dhcpv6-client: dhcp6 reply (xid=5f98e6 (IA_NA IAID:16842752 T1:0 T2:0 (IA_ADDR 1234:5678::4 pltime:7200 vltime:28800)) (client-ID hwaddr/time type 1 time 701530515 000001010000) (server-ID hwaddr/time type 1 time 701530524 ce0db48a3384) (SZTP-redirect https://sztp1.download.com,https://sztp2.download.com:8080,https://10.10.0.0,https://10.10.0.0:8000,https://[2001:4860:4860:
:8888]:8080) (DNS-search-list aristanetworks.com.) (DNS-server 1234:5678::2))

F) Add support for DHCPv6 user-class field as per RFC8415 (https://datatracker.ietf.org/doc/html/rfc8415#section-21.15).)

For example, now include the user-class values in the DHCPv6 output (user-class Arista;Test-Dhcpv6Discover;4.21.XX) Previously: 09:08:32.009292 IP6 (flowlabel 0x09903, hlim 1, next-header UDP (17) payload length: 138) fe80::200:44ff:fe01:0.dhcpv6-client > ff02::1:2.dhcpv6-server: [udp sum ok] dhcp6 inf-req (xid=b5fcf (vendor-specific-info) (client-ID hwaddr type 1 000044010000) (option-request opt_59 DNS-search-list DNS-server) (elapsed-time 331) (user-class)) Updated to: 08:08:32.009292 IP6 (flowlabel 0x09903, hlim 1, next-header UDP (17) payload length: 138) fe80::200:44ff:fe01:0.546 > ff02::1:2.547: [udp sum ok] dhcp6 inf-req (xid=b5fcf (vendor-specific-info) (client-ID hwaddr type 1 000044010000) (option-request Bootfile-URL DNS-search-list DNS-server) (elapsed-time 331) (user-class Arista;Test-Dhcpv6Discover;4.21.XX))

eamonjd avatar Apr 14 '22 08:04 eamonjd