15. Message Validation

Message Validation

Clients and servers SHOULD discard any messages that contain options that are not allowed to appear in the received message. For example, an IA option is not allowed to appear in an Information-request message. Clients and servers MAY choose to extract information from such a message if the information is of use to the recipient.

A server MUST discard any Solicit, Confirm, Rebind or Information-request messages it receives with a unicast destination address.

Message validation based on DHCP authentication is discussed in section 21.4.2.

If a server receives a message that contains options it should not contain (such as an Information-request message with an IA option), is missing options that it should contain, or is otherwise not valid, it MAY send a Reply (or Advertise as appropriate) with a Server Identifier option, a Client Identifier option if one was included in the message and a Status Code option with status UnSpecFail.

15.1. Use of Transaction IDs

The "transaction-id" field holds a value used by clients and servers to synchronize server responses to client messages. A client SHOULD generate a random number that cannot easily be guessed or predicted to use as the transaction ID for each new message it sends. Note that if a client generates easily predictable transaction identifiers, it may become more vulnerable to certain kinds of attacks from off-path intruders. A client MUST leave the transaction ID unchanged in retransmissions of a message.

15.2. Solicit Message

Clients MUST discard any received Solicit messages.

Servers MUST discard any Solicit messages that do not include a Client Identifier option or that do include a Server Identifier option.

15.3. Advertise Message

Clients MUST discard any received Advertise messages that meet any of the following conditions:

the message does not include a Server Identifier option.
the message does not include a Client Identifier option.
the contents of the Client Identifier option does not match the client's DUID.
the "transaction-id" field value does not match the value the client used in its Solicit message.

Servers and relay agents MUST discard any received Advertise messages.

15.4. Request Message

Clients MUST discard any received Request messages.

Servers MUST discard any received Request message that meet any of the following conditions:

the message does not include a Server Identifier option.
the contents of the Server Identifier option do not match the server's DUID.
the message does not include a Client Identifier option.

15.5. Confirm Message

Clients MUST discard any received Confirm messages.

Servers MUST discard any received Confirm messages that do not include a Client Identifier option or that do include a Server Identifier option.

15.6. Renew Message

Clients MUST discard any received Renew messages.

Servers MUST discard any received Renew message that meets any of the following conditions:

the message does not include a Server Identifier option.
the contents of the Server Identifier option does not match the server's identifier.
the message does not include a Client Identifier option.

15.7. Rebind Message

Clients MUST discard any received Rebind messages.

Servers MUST discard any received Rebind messages that do not include a Client Identifier option or that do include a Server Identifier option.

15.8. Decline Messages

Clients MUST discard any received Decline messages.

Servers MUST discard any received Decline message that meets any of the following conditions:

the message does not include a Server Identifier option.
the contents of the Server Identifier option does not match the server's identifier.
the message does not include a Client Identifier option.

15.9. Release Message

Clients MUST discard any received Release messages.

Servers MUST discard any received Release message that meets any of the following conditions:

the message does not include a Server Identifier option.
the contents of the Server Identifier option does not match the server's identifier.
the message does not include a Client Identifier option.

15.10. Reply Message

Clients MUST discard any received Reply message that meets any of the following conditions:

the message does not include a Server Identifier option.
the "transaction-id" field in the message does not match the value used in the original message.

If the client included a Client Identifier option in the original message, the Reply message MUST include a Client Identifier option and the contents of the Client Identifier option MUST match the DUID of the client; OR, if the client did not include a Client Identifier option in the original message, the Reply message MUST NOT include a Client Identifier option.

Servers and relay agents MUST discard any received Reply messages.

15.11. Reconfigure Message

Servers and relay agents MUST discard any received Reconfigure messages.

Clients MUST discard any Reconfigure messages that meets any of the following conditions:

the message was not unicast to the client.
the message does not include a Server Identifier option.
the message does not include a Client Identifier option that contains the client's DUID.
the message does not contain a Reconfigure Message option and the msg-type must be a valid value.
the message includes any IA options and the msg-type in the Reconfigure Message option is INFORMATION-REQUEST.
the message does not include DHCP authentication:
- the message does not contain an authentication option.
- the message does not pass the authentication validation performed by the client.

15.12. Information-request Message

Clients MUST discard any received Information-request messages.

Servers MUST discard any received Information-request message that meets any of the following conditions:

The message includes a Server Identifier option and the DUID in the option does not match the server's DUID.
The message includes an IA option.

15.13. Relay-forward Message

Clients MUST discard any received Relay-forward messages.

15.14. Relay-reply Message

Clients and servers MUST discard any received Relay-reply messages.