plugins/server_id: Extend ServerID rejection tests

The RFC is a bit more verbose than "reject when DUIDs mismatch".
This patch adds these conditions as expressed in the various
subsections of RFC8416 section 16

Signed-off-by: Anatole Denis <anatole@unverle.fr>

plugins/server_id/plugin.go

@@ -32,11 +32,29 @@ func Handler6(req, resp dhcpv6.DHCPv6) (dhcpv6.DHCPv6, bool) {
 		return resp, false
 	}
 	if opt := req.GetOneOption(dhcpv6.OptionServerID); opt != nil {
+		// RFC8415 §16.{2,5,7}
+		// These message types MUST be discarded if they contain *any* ServerID option
+		if req.Type() == dhcpv6.MessageTypeSolicit ||
+			req.Type() == dhcpv6.MessageTypeConfirm ||
+			req.Type() == dhcpv6.MessageTypeRebind {
+			return nil, true
+		}
+
+		// Approximately all others MUST be discarded if the ServerID doesn't match
 		sid := opt.(*dhcpv6.OptServerId)
 		if !sid.Sid.Equal(*v6ServerID) {
 			log.Infof("requested server ID does not match this server's ID. Got %v, want %v", sid.Sid, *v6ServerID)
 			return nil, true
 		}
+	} else {
+		// RFC8415 §16.{6,8,10,11}
+		// These message types MUST be discarded if they *don't* contain a ServerID option
+		if req.Type() == dhcpv6.MessageTypeRequest ||
+			req.Type() == dhcpv6.MessageTypeRenew ||
+			req.Type() == dhcpv6.MessageTypeDecline ||
+			req.Type() == dhcpv6.MessageTypeRelease {
+			return nil, true
+		}
 	}
 	dhcpv6.WithServerID(*v6ServerID)(resp)
 	return resp, false

plugins/server_id/plugin_test.go

@@ -20,7 +20,7 @@ func TestRejectBadServerIDV6(t *testing.T) {
 	}
 	v6ServerID = makeTestDUID("0000000000000000")
 
-	req.MessageType = dhcpv6.MessageTypeRebind
+	req.MessageType = dhcpv6.MessageTypeRenew
 	dhcpv6.WithClientID(*makeTestDUID("1000000000000000"))(req)
 	dhcpv6.WithServerID(*makeTestDUID("0000000000000001"))(req)
 
@@ -38,6 +38,31 @@ func TestRejectBadServerIDV6(t *testing.T) {
 	}
 }
 
+func TestRejectUnexpectedServerIDV6(t *testing.T) {
+	req, err := dhcpv6.NewMessage()
+	if err != nil {
+		t.Fatal(err)
+	}
+	v6ServerID = makeTestDUID("0000000000000000")
+
+	req.MessageType = dhcpv6.MessageTypeSolicit
+	dhcpv6.WithClientID(*makeTestDUID("1000000000000000"))(req)
+	dhcpv6.WithServerID(*makeTestDUID("0000000000000000"))(req)
+
+	stub, err := dhcpv6.NewAdvertiseFromSolicit(req)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resp, stop := Handler6(req, stub)
+	if resp != nil {
+		t.Error("server_id is sending a response message to a solicit with a ServerID")
+	}
+	if !stop {
+		t.Error("server_id did not interrupt processing on a solicit with a ServerID")
+	}
+}
+
 func TestAddServerIDV6(t *testing.T) {
 	req, err := dhcpv6.NewMessage()
 	if err != nil {