dhcrelay: PXE DHCP Offer Discarded with Invalid Size Error

[aque]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

I am attempting a DHCP Relay to our Microsoft SCCM PXE server. I see the device DHCP Discover relayed correctly but dhcrelay logs a Discarding packet with invalid size. error on its DHCP Offer. Wireshark shows the UDP payload = 292 bytes with Agent Information Option enabled and 280 bytes without it. From what I am able to determine BOOTP_MIN_LEN is set to 300 bytes.

Expected behavior

Expected dhcrelay to relay the PXE DHCP Offer packet.

Describe alternatives you considered

None found. I have no control over the server configuration.

Screenshots

Frame 5: 332 bytes on wire (2656 bits), 332 bytes captured (2656 bits)
Enc IPv4, SPI 0xc9a2a446
Internet Protocol Version 4, Src: 10.xxx.xxx.xxx, Dst: 10.xxx.xxx.xxx
User Datagram Protocol, Src Port: 67, Dst Port: 67
    Source Port: 67
    Destination Port: 67
    Length: 300
    Checksum: 0xceab [unverified]
    [Checksum Status: Unverified]
    [Stream index: 0]
    [Timestamps]
    UDP payload (292 bytes)
Dynamic Host Configuration Protocol (Offer)
    Message type: Boot Reply (2)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 1
    Transaction ID: 0x6a930db8
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 10.xxx.xxx.xxx
    Relay agent IP address: 10.xxx.xxx.xxx
    Client MAC address: Dell_81:43:28 (xx:xx:xx:81:43:28)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Offer)
        Length: 1
        DHCP: Offer (2)
    Option: (54) DHCP Server Identifier (10.xxx.xxx.xxx)
        Length: 4
        DHCP Server Identifier: 10.xxx.xxx.xxx
    Option: (97) UUID/GUID-based Client Identifier
        Length: 17
        Client Identifier (UUID): xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    Option: (60) Vendor class identifier
        Length: 9
        Vendor class identifier: PXEClient
    Option: (82) Agent Information Option
        Length: 10
        Option 82 Suboption: (1) Agent Circuit ID
            Length: 2
            Agent Circuit ID: 0000
        Option 82 Suboption: (2) Agent Remote ID
            Length: 4
            Agent Remote ID: 00000000
    Option: (255) End
        Option End: 255

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.7_9-amd64
Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz (2 cores, 4 threads)
Intel igb network driver

[fichtner]

The check was added in 2004 via openbsd/src@c3d07ec0a33a but it's not in ISC's dhcp that includes dhcrelay binaries.

Also I don't see that dhclient ever (even dhcpleased for OpenBSD) checks the BOOTP_MIN_LEN to discard a received packet afterwards...

We have two options here. Either we remove the check and hope integrity is adhered to within the bounds of the DHCP packet structure or we pad out the buffer like some ISC variants are doing, but that's more related to sending packets along.

And then I found this equivalent: https://github.com/isc-projects/dhcp/blob/572032cb0e514606559de3784e3f7ca8e1539d17/common/discover.c#L1119-L1129

DHCP_FIXED_NON_UDP is 236 so it should do what we want... related to commit isc-projects/dhcp@8bd96ccb

[fichtner]

To be frank I'll just shortcut this into 24.7.1 and you let me know if it works. This just changes 300 into 236 all things considered.

[aque]

Updated and it works! Thanks @fichtner ! 🙌

[fichtner]

Great, thanks for the report! 😊