DHCP is a protocol of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite, and is designed by the Internet Engineering Task Force (IETF) for implementing the automatic configuration of a network client. DHCP includes DHCPv4 and DHCPv6 from the perspective of IP versions. This application relates to DHCPv6. DHCPv6 includes 13 message types: SOLICIT, ADVERTISE, REQUEST, CONFIRM, RENEW, REBIND, REPLY, RELEASE, DECLINE, RECONFIGURE, INFORMATION-REQUEST, RELAY-FORWARD, and RELAY-REPLY. For ease of description, all the foregoing messages are collectively called DHCP messages. An interaction process, in which the automatic configuration of the network client is implemented through the DHCP messages communicated between a DHCP server and the network client, is described in DHCPv6. For example, an IP address, a Domain Name System (DNS) server address, and other additional configuration information are automatically assigned to the network client through the DHCP messages communicated between the DHCP server and the network client.
The DHCP server and the network client usually communicate with each other in two modes: two-message mode and four-message mode. In two-message mode, the DHCP server does not need to assign an IP address to the network client. Specifically, the network client first sends a REQUEST message to the link-local multicast address, requesting configuration information; the DHCP server receives the message, and sends a REPLY message carrying the requested configuration information to the network client. In four-message mode, the DHCP server needs to assign an IP address to the network client. Specifically, the network client sends a SOLICIT message to the local link multicast address to discover valid DHCP servers; all the DHCP servers meeting the requirement of the network client return an ADVERTISE message, indicating the DHCP server can provide addresse and configuration information; the network client selects a DHCP server from the DHCP servers that return the ADVERTISE message, and sends a REQUEST message to the selected DHCP server, requesting the selected DHCP server to assign an IP address and/or configuration information; the DHCP server that receives the REQUEST message sends a REPLY message carrying the requested IP address and/or configuration information to the network client.
In the foregoing solution, the DHCP message is initiated by the network client. In actual application scenarios, the DHCP server may also initiate a DHCP message, for example, initiate a RECONFIGURE message to the network client, thus triggering the network client to update the previous configuration.
During the research on DHCPv6, the inventor discovers the following problems: Because both the unicast address used by the network client and the unicast address used by the DHCP server are spoofed easily, the security mechanism of the DHCP message cannot be ensured. For example, after the unicast address used by the DHCP server is spoofed, an attacker will perform malicious configuration on the network client.