ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2023-07-18T13:49:35Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/2511fix make distcheck by updating memfile name in examples2023-07-18T13:49:35ZRazvan Becheriufix make distcheck by updating memfile name in examplesdistcheck fails:
```
ERROR: files left in build directory after distclean:
./src/bin/dhcp6/tests/leases6
./src/bin/dhcp4/tests/leases4
make[1]: *** [distcleancheck] Error 1
make: *** [distcheck] Error 1
```
it is caused by:
```
Dhcpv4...distcheck fails:
```
ERROR: files left in build directory after distclean:
./src/bin/dhcp6/tests/leases6
./src/bin/dhcp4/tests/leases4
make[1]: *** [distcleancheck] Error 1
make: *** [distcheck] Error 1
```
it is caused by:
```
Dhcpv4SrvTest.checkConfigFiles
Dhcpv6SrvTest.checkConfigFiles
```
the problem is in the example files:
doc/examples/kea4/dhcpv4-over-dhcpv6.json:
```
"name": "leases4",
```
should be:
```
"name": "/tmp/kea-dhcp4.csv",
```
doc/examples/kea6/dhcpv4-over-dhcpv6.json:
```
"name": "leases6"
```
should be:
```
"name": "/tmp/kea-dhcp6.csv",
```kea2.3.0Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2510hammer.py: export the name of FreeRADIUS client packages used while building ...2023-07-31T09:41:20ZAndrei Pavelandrei@isc.orghammer.py: export the name of FreeRADIUS client packages used while building packagesExporting the name of FreeRADIUS client packages used while building packages would help in automating the upload of FreeRADIUS packages to new Cloudsmith repositories.Exporting the name of FreeRADIUS client packages used while building packages would help in automating the upload of FreeRADIUS packages to new Cloudsmith repositories.kea2.3.0Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/2503Fix Alpine 3.16 package builds and unit tests2023-07-17T13:58:25ZDan TheisenFix Alpine 3.16 package builds and unit testsWork around packaging issues in alpine 3.16 while changes are backported upstream.
Modify the Alpine MariaDB config to allow networking to be enabled.Work around packaging issues in alpine 3.16 while changes are backported upstream.
Modify the Alpine MariaDB config to allow networking to be enabled.kea2.3.0Dan TheisenDan Theisenhttps://gitlab.isc.org/isc-projects/kea/-/issues/2483rbac hook response-filters feature does not work2022-07-22T13:22:50ZWlodzimierz Wencelrbac hook response-filters feature does not workAccording to the documentation adding `"response-filters": [ "list-commands" ]` to a role configuration should result in filtering out all commands from `list-commands` response that are not allowed - but that's not happening.According to the documentation adding `"response-filters": [ "list-commands" ]` to a role configuration should result in filtering out all commands from `list-commands` response that are not allowed - but that's not happening.kea2.3.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2471reservation-get and reservation-get-all do not return subnet-id2023-07-17T13:58:25ZMarcin Godzinareservation-get and reservation-get-all do not return subnet-idAfter implementing isc-projects/kea#2209 we have still 2 commands, that are inconsistent with others and do not return `subnet-id` when it is included in request:
```
Does NOT return `subnet-id` which is mandatory in the request:
reserva...After implementing isc-projects/kea#2209 we have still 2 commands, that are inconsistent with others and do not return `subnet-id` when it is included in request:
```
Does NOT return `subnet-id` which is mandatory in the request:
reservation-get
reservation-get-all
Always returns `subnet-id`:
reservation-get-page
reservation-get-by-hostname
reservation-get-by-id
```kea2.3.0Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/2450small rbac doc clarification2023-07-17T13:58:25ZWlodzimierz Wencelsmall rbac doc clarification1. in [ARM](https://kea.readthedocs.io/en/kea-2.1.6/arm/hooks.html#role-assignment) there is a table of role assignment methods would be cool to add example how to use `remote-address` (ip address has to be configured in `name` parameter...1. in [ARM](https://kea.readthedocs.io/en/kea-2.1.6/arm/hooks.html#role-assignment) there is a table of role assignment methods would be cool to add example how to use `remote-address` (ip address has to be configured in `name` parameter, it wasn't in documentation so I was looking for something like `ip-address` parameter. Also `custom-value for extension` could use some additional statement.
1. Control agent global parameter `cert-required` has to be set to `True` if `assign-role-method` is based on TLS certs, [ARM](https://kea.readthedocs.io/en/kea-2.1.6/arm/hooks.html#sample-configuration). from comment in example I would deduce that it can be False.
Combination of global setting `"cert-required": false,` and hook setting `"require-tls": true,` won't workkea2.3.0Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/2441Basic HA+MT Configuration Template2023-07-17T13:58:25ZPeter DaviesBasic HA+MT Configuration TemplateBasic HA+MT template:
In continuation of the process of providing templates for different Kea
configurations, it would be handy if there were a template for two High
Availability (HA) Kea servers with Multi-threading enabled and ...Basic HA+MT template:
In continuation of the process of providing templates for different Kea
configurations, it would be handy if there were a template for two High
Availability (HA) Kea servers with Multi-threading enabled and employing the
dedicated listener.
The provision of a diagram would help show the difference
between HA+MT and no multithreaded HA and perhaps void the need for a new KB
article. The template configuration could also be added to "doc/examples"kea2.3.0Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2401use a lookup-friendly structure when parsing relay addresses for better perfo...2023-07-17T13:58:25ZAndrei Pavelandrei@isc.orguse a lookup-friendly structure when parsing relay addresses for better performanceFor storing relay IP addresses that look like this:
```
{
"Dhcp4": {
"shared-networks": [
{
// List of IPv4 relay addresses for which this shared
// network is selected.
...For storing relay IP addresses that look like this:
```
{
"Dhcp4": {
"shared-networks": [
{
// List of IPv4 relay addresses for which this shared
// network is selected.
"relay": {
"ip-addresses": [
"192.168.56.1",
"192.168.56.2"
]
}
}
]
}
}
```
, a `typedef std::vector<isc::asiolink::IOAddress> IOAddressList;` is used.
It could be a `std::unordered_set<isc::asiolink::IOAddress>` for better performance. We treat it like a set in every regard. We look up addresses in it. If it contains a duplicate, it throws.
Here's a call graph that shows what percentage `addAddress` and `containsAddress` take out of parsing some shared networks with 114 subnets and 32 relay addresses.
![relay-parser-call-graph](/uploads/ca1466386ffc0a0209096e39effc5a9c/relay-parser-call-graph.png)kea2.3.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2235Protect hook DSOs to be loaded by the wrong server2023-07-17T13:58:25ZFrancis DupontProtect hook DSOs to be loaded by the wrong serverOr just apply #50 solution to all hooks.Or just apply #50 solution to all hooks.kea2.3.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2211Set broadcast mac in dhcpv4 reply packets when dst. ip is broadcast2023-07-17T13:58:25ZSergey FominSet broadcast mac in dhcpv4 reply packets when dst. ip is broadcastWhen a DHCPv4 client sends messages with the broadcast flag enabled, kea-dhcp4 server correctly responds with a packets destined to the broadcast IP (255.255.255.255), however, the dst. mac address is still set as a client's unicast addr...When a DHCPv4 client sends messages with the broadcast flag enabled, kea-dhcp4 server correctly responds with a packets destined to the broadcast IP (255.255.255.255), however, the dst. mac address is still set as a client's unicast address.
According to rfc2131 (section 4.1), broadcast mac should be used instead:
> A server or relay agent sending or relaying a DHCP message directly
> to a DHCP client (i.e., not to a relay agent specified in the
> 'giaddr' field) SHOULD examine the BROADCAST bit in the 'flags'
> field. **If this bit is set to 1, the DHCP message SHOULD be sent as
> an IP broadcast using an IP broadcast address (preferably 0xffffffff)
> as the IP destination address and the link-layer broadcast address as
> the link-layer destination address.** If the BROADCAST bit is cleared
> to 0, the message SHOULD be sent as an IP unicast to the IP address
> specified in the 'yiaddr' field and the link-layer address specified
> in the 'chaddr' field. If unicasting is not possible, the message
> MAY be sent as an IP broadcast using an IP broadcast address
> (preferably 0xffffffff) as the IP destination address and the link-
> layer broadcast address as the link-layer destination address.
**Environment:**
- Kea version: 2.1.0
- OS: Ubuntukea2.3.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2071distcheck is missing db backends, sysrepo and gss-tsig and CXX flags for TSAN...2023-07-17T13:58:25ZRazvan Becheriudistcheck is missing db backends, sysrepo and gss-tsig and CXX flags for TSAN are not propagatedkea2.3.0Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2551Changes for Kea 2.3.0 release2023-07-17T13:58:25ZWlodzimierz WencelChanges for Kea 2.3.0 release
- [x] added release entry to ChangeLogs
- [x] regenerated BNF grammar
- [x] regenerated message headers
- [x] regenerated parsers
- [x] reordered messages in alphabetical order
- [x] updated copyright years
- [x] added release entry to ChangeLogs
- [x] regenerated BNF grammar
- [x] regenerated message headers
- [x] regenerated parsers
- [x] reordered messages in alphabetical order
- [x] updated copyright yearskea2.3.0Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/25492.3.0 release checklist2022-09-14T14:46:46ZWlodzimierz Wencel2.3.0 release checklist---
name: a.b.c release checklist
about: Create a new issue using this checklist for each release.
---
# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaRelease...---
name: a.b.c release checklist
about: Create a new issue using this checklist for each release.
---
# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of those checks and updates can be made before the actual freeze.
For new stable releases or maintenance releases, please don't use `kea-dev` build farm. Use dedicated build farm for each release cycle.
1. Check Jenkins results:
1. [x] Check Jenkins jobs for failures: [distcheck](https://jenkins.aws.isc.org/job/kea-dev/job/distcheck/), etc...
1. [x] Check [Jenkins Tests Report](https://jenkins.aws.isc.org/job/kea-dev/job/jenkins-tests-report/).
1. [x] Check [tarball check report](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/Kea_20Build_20Checks/)
1. [x] Check [Performance Test Results](https://jenkins.isc.org/job/kea-dev/job/performance/KeaPerformanceReport/) in Jenkins for drops in performance.
1. Check versioning, ask the development team if:
- the library versions are being updated
- `KEA_HOOKS_VERSION` is being updated
- [x] create an issue for that for developers in Gitlab
- script: [./tools/bump-lib-versions.sh](https://gitlab.isc.org/isc-projects/kea/-/blob/master/tools/bump-lib-versions.sh) Kea-q.w.e Kea-a.b.c (where `a.b.c` is the version to be released and `q.w.e` is the version previous to that)
1. [x] Look at the issue numbers in commit descriptions. Add to ChangeLog a mention about any change with visible impact that had not been mentioned already.
1. If any changes have been done to database schemas, then:
1. [x] Check that a previously released schema has not been changed.
1. [x] Check that the additions to `dhcpdb_create.*sql`, and nothing more nor less than what was added in this release, is present in a `upgrade_*_to_*.sh.in` script that should also have been added in this release.
1. Prepare Release Notes
1. [x] Create Release Notes on Kea GitLab wiki and notify @tomek about that. It should be created under "release notes" directory, like this one: https://gitlab.isc.org/isc-projects/kea/-/wikis/release%20notes/release-notes-2.1.0
1. [ ] Finish release notes and conduct its review. Also please notify @sgoldlust or @vicky that release notes are ready for review.
1. [x] Run [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/) as running parameter `TarballOrPkg` select `packages` and [release-pkgs-check](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-check/) to test repositories for correctness.
1. If a new Cloudsmith repository is used, then:
1. [x] Make sure freeradius packages are uploaded to the Cloudsmith repository or copied from a previous repository.
1. [x] Make sure access tokens have been synchronized from previous Cloudsmith repositories and to the [check-pkgs.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/pkgs-check/check-pkgs.py) QA tool.
1. [x] Check if ReadTheDocs can build Kea documentation.
1. Trigger rebuilding docs on [readthedocs.org](https://readthedocs.org/projects/kea/builds) and wait for the build to complete.
The following steps may involve changing files in the repository.
1. [x] Run [update-code-for-release.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/update-code-for-release.py) <br>
Example command: `GITLAB_KEA_TOKEN='...' GITLAB_KEA_PREMIUM_TOKEN='...' ./update-code-for-release.py 1.9.7 'Apr 28, 2021' ~/isc/repos/kea/` <br>
The script:
- creates Gitlab issue and MR for release changes
- adds release entries to ChangeLogs
- regenerates BNF grammar
- regenerates documentation
- regenerates messages
- reorders messages in alphabetical order
- regenerates parsers
- updates copyright dates
- pushes the changes to MR
1. Check manually User's Guide sections:
1. Chapter 1. Introduction
1. [x] On what platforms we are running tests using Jenkins? Update Supported Platforms in platforms.rst file.
1. [x] Did we add any additional 3rd party software? Update if needed
1. [x] Is there a new tool installed in bin or sbin released this time? If yes, is it documented?
1. Chapter 2. Quick Start
1. [x] Has the default installation process changed (for kea and hooks)? If yes, are those changes documented and highlighted in the release notes?
1. Chapter 3. Installation
1. [x] Check installation hierarchy (this is also automatically checked at the end of [ut-extended job](https://jenkins.aws.isc.org/job/kea-dev/job/ut-extended/))
1. [x] Check and update Build Requirements
1. [x] Check configure options against what `./configure -h` says
1. [x] Check ChangeLog entries in Kea main and premium: spelling, trailing whitespaces, etc.
1. [x] Check AUTHORS, INSTALL, README files in Kea main and premium.
- AUTHORS: update credits
- README: check "provides" with Release Notes, User Guide (1.3 Kea Software)
1. [x] If changes were made, commit the change, push the branch to the main repository and request a review. Once the changes have been approved, merge the MR to master.
## Build selection, tarballs upload and sanity checks
This is the last moment to freeze code! :snowflake:
1. [x] Go to [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/) Jenkins job and pick the last tarball built - it will be a release candidate.
1. [x] Check tarball before requesting sanity checks from the development team.
1. Download tarballs from picked Jenkins build
1. Check hook libraries.
1. Are there any new hook libraries installed in this release?
1. Are they in the proper tarball? Premium or subscription?
1. Do they have their own package?
1. Check sizes - is the new package reasonable?
1. Check installation tree, compare it with the previous release
1. Check installed libraries.
1. which were updated? (save results)
1. Do any of the libraries from the current release have lower version than in the previous release?
1. Uninstall Kea, check what left (there should be just configuration files)
1. Check if all of the installed binaries has man page
1. if not, is it in the tarball?
1. are man page up-to-date?
1. Check if documentation is properly formatted, has correct versions and dates.
1. it's advised to search for previous version numbers, some of them are statically added in statements that are no longer valid
1. [x] Upload tarballs to repo.isc.org using Jenkins and send sanity checks request.
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click "Build with Parameters"
1. In field "Tarball" select picked tarball build
1. In field "Release_Candidate" pick:
1. rc1 if this is the first selected build for release, it will push the selected tarballs to repo.isc.org, to a directory suffixed with indicated rc#
1. next rc# if this is a respin after some fixes (note: it is not possible to pick previous rc number - it will result in an error)
1. final if the last rc number was ok, this will push the selected tarball to repo.isc.org, to a directory with no suffixes
1. Submit the job that will automatically:
1. Upload the tarballs <br>
and if this is not the final version:
1. Create a GitLab issue for sanity checks, put there the announcement
1. Send Sanity Checks announcement via email to dhcp-team@isc.org and to DHCP channel on Mattermost.<br>
The announcement includes:
- a link to chapter 4 Sanity Checks of the release process: [KeaReleaseProcess - SanityChecks](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks)
- a link to the GitLab issue
- tarballs locations with SHA256 checksums
- rpm/deb packages locations and versions
## Releasing Tarballs and Packages
1. [x] Update Release Notes with ChangeLog entries
1. [x] Upload final tarballs to repo.isc.org
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click "Build with Parameters"
1. In field "Tarball" select picked tarball build
1. In field "Release_Candidate" pick final <br>
This job will also:
- open an issue on [the signing repository](https://gitlab.isc.org/isc-private/signing/-/issues) requesting signing final tarballs on repo.isc.org
- create Git tags `Kea-a.b.c` in Kea main and premium repositories
- send a signing request issue link on the DHCP Mattermost channel
Wait until tarballs are signed.
1. [x] Upload final RPM & DEB packages, tarballs and sign files to cloudsmith.io
1. Go to [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/).
1. Click "Build with Parameters" link
1. Pick your selected pkg build in Packages field, and select `PrivPubRepos: "both"`, `TestProdRepos: "production"`, `TarballOrPkg: "both"` and click Build button.
1. When it finishes run check: [releases-pkgs-check](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-check/).
1. [x] Update ReadTheDocs
1. Trigger rebuilding docs on [readthedocs.org](https://readthedocs.org/projects/kea/builds).
1. Publish currently released version. On the `Versions` tab, scroll down to `Activate a version`, search for `kea-a.b.c` and click `Activate`.
1. For stable releases, change the default version to point to this stable release.
1. [x] Mark Jenkins jobs with release artifacts to be kept forever and update description of build by adding there version of released kea (e.g. Kea-2.2.2): <br>
Go to the following Jenkins jobs, click release build and then, on the build page, click `Keep this build forever` button and edit description: <br>
1. [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/)
1. [pkg job](https://jenkins.aws.isc.org/job/kea-dev/job/pkg/)
1. [x] Create an issue and a merge request to bump up Kea version in `configure.ac` to next development version which could be, based on just released version `a.b.c`:
* `a.b.z-git` where `z == c + 1` or
* `a.y.0-git` where `y == b + 1` or
* `x.1.0-git` where `x == a + 1`
1. [x] Send a request for publishing the release on the Support Mattermost channel linking the Signing issue and the release checklist issue.
### On the Day of Public Release
- [ ] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- [x] ***(Support)*** Wait for the signing ticket from the release engineer.
- [x] ***(Support)*** Confirm that the tarballs have the checksums mentioned on the signing ticket.
- [x] ***(Support)*** Sign the tarballs.
- [x] ***(Support)*** Upload signature files to repo.isc.org.
- [x] ***(Support)*** Place tarballs in public location on FTP site.
- [x] ***(Support)*** Publish links to downloads on ISC website.
- [x] ***(Support)*** Write release email to *kea-announce*.
- [x] ***(Support)*** Write email to *kea-users* (if a major release).
- [x] ***(Support)*** Send eligible customers updated links to the Subscription software FTP site.
- [ ] ***(Support)*** If it is a new `major.minor` version, SWENG will have created a new repo in Cloudsmith, which will need the customer tokens migrated from an existing repo. Then update support customers that this new private repo exists.
- [x] ***(Support)*** Update tickets in case of waiting for support customers.
- [x] ***(QA)*** Inform Marketing of the release.
- [x] ***(Marketing)*** If a new Cloudsmith repository is used, update the Zapier scripts.
- [x] ***(Marketing)*** Upload Premium hooks tarball to SendOwl. Create a new product if a new branch, otherwise update existing product. Send notifications to existing subscribers of the new version.
- [x] ***(Marketing)*** Announce on social media.
- [x] ***(Marketing)*** Update [Wikipedia entry for Kea](https://en.wikipedia.org/wiki/Kea_(software)).
- [ ] ***(Marketing)*** Write blog article (if a major release).
- [ ] ***(Marketing)*** Update [Kea page on web site if any new hooks](https://www.isc.org/kea/).
- [ ] ***(Marketing)*** Update Kea Premium and Kea Subscription data sheets if any new hooks.
- [ ] ***(Marketing)*** Update [significant features matrix](https://kb.isc.org/docs/en/aa-01615) (if any significant new features).
- [x] ***(Marketing)*** Update [Kea documentation page in KB](https://kb.isc.org/docs/en/kea-administrator-reference-manual).kea2.3.0Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/2542broadcast address is not set in DHCP ACK2022-08-29T13:24:27Zleoliudanbroadcast address is not set in DHCP ACKI configurated in kea-dhcp4.conf, but I still can get broadcast IP when I took tcpdump from server.
I checked that the broadcast flag in DHCP OFFER is set to 1.
[kea-dhcp4.conf](/uploads/186a47f8d1ef1b74bbd10241e015bf40/kea-dhcp4.conf)
...I configurated in kea-dhcp4.conf, but I still can get broadcast IP when I took tcpdump from server.
I checked that the broadcast flag in DHCP OFFER is set to 1.
[kea-dhcp4.conf](/uploads/186a47f8d1ef1b74bbd10241e015bf40/kea-dhcp4.conf)
I used the 2.2.0 version in my server.
Could you please advise me how I should config the broadcast-address in config.kea2.3.0Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/2515Building Kea-DHCP 2.2.0 on Raspberry Pi 4 (Debian Bullseye) fails2022-08-20T16:51:22ZTalkaboutBuilding Kea-DHCP 2.2.0 on Raspberry Pi 4 (Debian Bullseye) fails---
name: Bug report
about: Building Kea-DHCP on Debian Bullseye (ARM)
---
**Describe the bug**
Trying to build Kea-DHCP 2.2.0 on a Raspberry Pi 4 with Debian Bullseye the following error is shown during build process:
`Making all in ...---
name: Bug report
about: Building Kea-DHCP on Debian Bullseye (ARM)
---
**Describe the bug**
Trying to build Kea-DHCP 2.2.0 on a Raspberry Pi 4 with Debian Bullseye the following error is shown during build process:
`Making all in d2
make[4]: Verzeichnis „/home/user/kea/src/bin/d2“ wird betreten
Making all in .
make[5]: Verzeichnis „/home/user/kea/src/bin/d2“ wird betreten
CXX parser_context.lo
In file included from ../../../src/lib/d2srv/d2_log.h:11,
from parser_context.cc:11:
parser_context.cc: In member function ‘void isc::d2::D2ParserContext::warning(const isc::d2::location&, const string&)’:
parser_context.cc:211:32: error: ‘DHCP_DDNS_CONFIG_SYNTAX_WARNING’ was not declared in this scope; did you mean ‘DHCP_DDNS_CONFIG_CHECK_FAIL’?
211 | LOG_WARN(d2_to_dns_logger, DHCP_DDNS_CONFIG_SYNTAX_WARNING)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../src/lib/log/macros.h:29:24: note: in definition of macro ‘LOG_WARN’
29 | (LOGGER).warn((MESSAGE))
| ^~~~~~~
make[5]: *** [Makefile:677: parser_context.lo] Fehler 1
make[5]: Verzeichnis „/home/user/kea/src/bin/d2“ wird verlassen
make[4]: *** [Makefile:699: all-recursive] Fehler 1
make[4]: Verzeichnis „/home/user/kea/src/bin/d2“ wird verlassen
make[3]: *** [Makefile:440: all-recursive] Fehler 1
make[3]: Verzeichnis „/home/user/kea/src/bin“ wird verlassen
make[2]: *** [Makefile:438: all-recursive] Fehler 1
make[2]: Verzeichnis „/home/user/kea/src“ wird verlassen
make[1]: *** [Makefile:605: all-recursive] Fehler 1
make[1]: Verzeichnis „/home/user/kea“ wird verlassen
make: *** [Makefile:493: all] Fehler 2`
Is there a dependency missing from my end?
**To Reproduce**
Steps to reproduce the behavior:
1. Try to build Kea-DHCP on a Raspberry Pi 4 with Debian Bullseye and MYSQL extension enabled
**Expected behavior**
Build process should finish successfully
**Environment:**
- Kea 2.2.0
- Debian Bullseye ARM
- Redis Backend, MySQL support
**Additional Information**
Make sure you anonymize your config files (at the very lease make sure you obfuscate your database credentials, but you may also replace your actual IP addresses and host names with example.com and 10.0.0.0/8 or 2001:db8::/32).
**Contacting you**kea2.3.0Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2273HA Peers can't send Heartbeat (HA+TLS)2022-08-31T10:23:31ZGJEHA Peers can't send Heartbeat (HA+TLS)I have installed and configured KEA Server version 2.0.0 in 2 Debian 10 Buster virtual machines in Virtual Box and I was able to install these machines in Stork. Also I have successfully configured logging and ha hooks on both machines. ...I have installed and configured KEA Server version 2.0.0 in 2 Debian 10 Buster virtual machines in Virtual Box and I was able to install these machines in Stork. Also I have successfully configured logging and ha hooks on both machines. Unfortunately when I try to set up HA (either with load -balancing and hot-standby) they have both unavailable HA status. For communication between KEA Servers I have followed the instruction in kea 2.0.0 admin reference manual(/kea-2.0.0/src/lib/asiolink/testutils/ca/doc).
Regarding dhcpv4 logs both machines can't send ha-heartbeat message. Regarding control agents logs tls-handshake failed but I can't find more detailed info about that.
I have configured HA as followed (in kea-dhcp4.conf file)
"hooks-libraries": [
{
"library": "/usr/local/lib/kea/hooks/libdhcp_stat_cmds.so",
"parameters": { }
},
{
"library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so",
"parameters": { }
},
{ "library": "/usr/local/lib/kea/hooks/libdhcp_ha.so",
"parameters": {
"high-availability": [{
"this-server-name": "server2",
"mode": "load-balancing",
"heartbeat-delay": 10000,
"max-response-delay": 60000,
"max-ack-delay": 5000,
"max-unacked-clients": 5,
"delayed-updates-limit": 100,
"peers": [{
"name": "server2",
"url": "http://192.168.0.20:8090/",
"role": "secondary",
"auto-failover": true
}, {
"name": "enea",
"url": "http://192.168.0.10:8088/",
"role": "primary",
"auto-failover": true
}]
}]
}
}
],
Example of my control agent configuration in kea-ctrl-agent.conf:
"http-host": "192.168.0.20",
"http-port": 8090,
"trust-anchor": "/KEA/StorkCA.pem",
"cert-file": "/KEA/keacrt2.pem",
"key-file": "KEA/keakey2.pem",
![HA_Error_End_of_File](/uploads/98a27148a62d164bf90aee111b9e1baf/HA_Error_End_of_File.jpg)
![TLS_Handshake_Error](/uploads/b7a8494f9d02e13fc89e60c70c540621/TLS_Handshake_Error.jpg)
![HA_Status](/uploads/a6d159ba8bcca8c9fc6c42fb1ee36445/HA_Status.jpg)kea2.3.0https://gitlab.isc.org/isc-projects/kea/-/issues/1270Automatic dhcp class (sticky lease)2022-06-08T07:17:02ZPeter DaviesAutomatic dhcp class (sticky lease)The creation of an automatic dhcp class or some other mechanism that would:
Allow a client once being granted a lease being able to hold it in perpetuity, unaffected by LFC or dhcp releases.
See also https://gitlab.isc.org/isc-projects/...The creation of an automatic dhcp class or some other mechanism that would:
Allow a client once being granted a lease being able to hold it in perpetuity, unaffected by LFC or dhcp releases.
See also https://gitlab.isc.org/isc-projects/kea/-/issues/897
[RT #16580](https://support.isc.org/Ticket/Display.html?id=16580 )
There are several ways how this could be implemented:
- use infinite lease lifetimes (similar to BOOTP), and then ignore RELEASE messages
- implement a hook point that would call reservation-add on lease assignmentkea2.3.0Peter DaviesPeter Davieshttps://gitlab.isc.org/isc-projects/bind9/-/issues/3518libxml2 v2.10.0 deprecated functions2022-09-06T11:51:34ZArаm Sаrgsyаnlibxml2 v2.10.0 deprecated functions`libxml2` v2.10.0 (release date Aug 17 2022) has deprecated some functions that BIND is currently using. See https://github.com/GNOME/libxml2/blob/master/NEWS.
```
main.c:1366:9: error: `xmlInitThreads` is deprecated
main.c:1487:9: erro...`libxml2` v2.10.0 (release date Aug 17 2022) has deprecated some functions that BIND is currently using. See https://github.com/GNOME/libxml2/blob/master/NEWS.
```
main.c:1366:9: error: `xmlInitThreads` is deprecated
main.c:1487:9: error: `xmlCleanupThreads` is deprecated
```September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3517[CVE-2022-3080] BIND 9 resolvers configured to answer from stale cache with z...2023-06-13T13:23:10ZCathy Almond[CVE-2022-3080] BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly### CVE-specific actions
- [x] [Assign a CVE identifier](#note_310882)
- [x] [Determine CVSS score](#note_310943)
- [x] [Determine the range of BIND versions affected (including the Subscription Edition)](#note_311336)
- [x] [De...### CVE-specific actions
- [x] [Assign a CVE identifier](#note_310882)
- [x] [Determine CVSS score](#note_310943)
- [x] [Determine the range of BIND versions affected (including the Subscription Edition)](#note_311336)
- [x] [Determine whether workarounds for the problem exists](#note_311338)
- [x] Create a draft of the security advisory and put the information above in there
- [x] Prepare a detailed description of the problem which should include the following by default:
- [instructions for reproducing the problem (a system test is good enough)](isc-private/bind9!438)
- [explanation of code flow which triggers the problem (a system test is *not* good enough)](https://gitlab.isc.org/isc-private/bind9/-/merge_requests/443/diffs?commit_id=0b0c2e2be5a9932249bb5e603cd13c817e12a5ec)
- [x] Prepare a private merge request containing the following items in separate commits:
- [a test for the issue (may be moved to a separate merge request for deferred merging)](isc-private/bind9!438)
- [a fix for the issue](isc-private/bind9!443)
- [documentation updates (`CHANGES`, release notes, anything else applicable)](isc-private/bind9!443)
- [x] Ensure the merge request from the previous step is reviewed by SWENG staff and has no outstanding discussions
- [x] Ensure the documentation changes introduced by the merge request addressing the problem are reviewed by Support and Marketing staff
- [x] Prepare backports of the merge request addressing the problem for all affected (and still maintained) BIND branches (backporting might affect the issue's scope and/or description)
- [x] [Prepare a standalone patch for the last stable release of each affected (and still maintained) BIND branch](https://gitlab.isc.org/isc-private/bind9/-/issues/58#note_313292)
### Release-specific actions
- [x] Create/update the private issue containing links to fixes & reproducers for all CVEs fixed in a given release cycle
- [x] Reserve a block of `CHANGES` placeholders once the complete set of vulnerabilities fixed in a given release cycle is determined
- [x] Ensure the merge requests containing CVE fixes are merged into `security-*` branches in CVE identifier order
### Post-disclosure actions
- [x] Merge a regression test reproducing the bug into all affected (and still maintained) BIND branches
### Incident tracking
https://gitlab.isc.org/isc-private/bind9/-/issues/58
---
As reported to Security Officer:
### Summary
Confirmed behaviour in sefl-built bind 9.16.31 and in Bind 9.18.1 installed from official Ubuntu repo.
named constantly crashes with stale-cache enabled and option stale-answer-client-timeout set to 0
This behavior constantly reproducible with A requests for CNAME record.
```
test-cname.myctl.com 30 IN CNAME test-cname.myctl.com.
test-cname-a.myctl.com 60 IN A 127.0.0.1
```
Trace:
```
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: test-cname.myctl.com stale answer used, an attempt to refresh the RRset will still be made
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: resolver priming query complete: success
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: test-cname.myctl.com stale answer used, an attempt to refresh the RRset will still be made
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: query.c:8199: INSIST(qctx->rdataset == ((void *)0) || qctx->qtype == ((dns_rdatatype_t)dns_rdatatype_dname)) failed, back trace
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /usr/sbin/named(+0x1f0f7) [0x55796ab880f7]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libisc-9.18.1-1ubuntu1.1-Ubuntu.so(isc_assertion_failed+0x10) [0x7fb9dd89a560]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libns-9.18.1-1ubuntu1.1-Ubuntu.so(+0x2633f) [0x7fb9dd63833f]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libns-9.18.1-1ubuntu1.1-Ubuntu.so(+0x27785) [0x7fb9dd639785]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libns-9.18.1-1ubuntu1.1-Ubuntu.so(+0x2804a) [0x7fb9dd63a04a]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libisc-9.18.1-1ubuntu1.1-Ubuntu.so(isc_task_run+0x2b0) [0x7fb9dd8c2aa0]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libisc-9.18.1-1ubuntu1.1-Ubuntu.so(+0x2572d) [0x7fb9dd88e72d]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libisc-9.18.1-1ubuntu1.1-Ubuntu.so(+0x25e05) [0x7fb9dd88ee05]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libisc-9.18.1-1ubuntu1.1-Ubuntu.so(+0x265b7) [0x7fb9dd88f5b7]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libuv.so.1(+0x91ed) [0x7fb9dd1211ed]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libuv.so.1(+0x2511e) [0x7fb9dd13d11e]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libuv.so.1(uv_run+0x678) [0x7fb9dd126c88]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libisc-9.18.1-1ubuntu1.1-Ubuntu.so(+0x25e9e) [0x7fb9dd88ee9e]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libisc-9.18.1-1ubuntu1.1-Ubuntu.so(isc__trampoline_run+0x1a) [0x7fb9dd8be7aa]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libc.so.6(+0x94b43) [0x7fb9dcd47b43]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: /lib/x86_64-linux-gnu/libc.so.6(+0x126a00) [0x7fb9dcdd9a00]
Aug 30 16:26:18 ip-172-31-0-120 named[15571]: exiting (due to assertion failure)
Aug 30 16:26:19 ip-172-31-0-120 systemd[1]: named.service: Main process exited, code=killed, status=6/ABRT
```
### BIND version used
# /sbin/named -V
BIND 9.18.1-1ubuntu1.1-Ubuntu (Stable Release) <id:>
running on Linux x86_64 5.15.0-1017-aws #21-Ubuntu SMP Fri Aug 5 11:10:45 UTC 2022
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-IeZYTB/bind9-9.18.1=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.2.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.43.0
linked to libuv version: 1.43.0
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
also confirmed in 9.16.31
### Steps to reproduce
Bind installed on freshly installed Ubuntu Ubuntu 22.04.1 LTS from official repo
Run command: `while true; do dig +tries=1 +timeout=10 @127.0.0.1 test-cname.myctl.com. A; done`
After several seconds named dies with error:
query.c:8199: INSIST(qctx->rdataset == ((void *)0) || qctx->qtype == ((dns_rdatatype_t)dns_rdatatype_dname)) failed, back trace
### Config
```
# cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
dnssec-validation no;
stale-cache-enable yes;
stale-answer-enable yes;
stale-answer-client-timeout 0;
listen-on-v6 { any; };
};
```September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Tom KrizekTom Krizekhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3515named crash in tcp test on shutdown in delete_trace_entry()2022-09-15T07:50:38ZArаm Sаrgsyаnnamed crash in tcp test on shutdown in delete_trace_entry()See the failed `tcp` test here: https://gitlab.isc.org/isc-projects/bind9/-/jobs/2724884
```
D:tcp:--------------------------------------------------------------------------------
D:tcp:Core was generated by `/builds/isc-projects/bind9/...See the failed `tcp` test here: https://gitlab.isc.org/isc-projects/bind9/-/jobs/2724884
```
D:tcp:--------------------------------------------------------------------------------
D:tcp:Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/lt-named -D tcp-ns1 -X named.lock -m'.
D:tcp:Program terminated with signal SIGABRT, Aborted.
D:tcp:#0 delete_trace_entry (mctx=mctx@entry=0x7fe54d7ea000, ptr=<optimized out>, size=<optimized out>, file=file@entry=0x7fe54f0734fd "message.c", line=line@entry=2577) at mem.c:315
D:tcp:315 dl = ISC_LIST_NEXT(dl, link);
D:tcp:[Current thread is 1 (LWP 1980)]
D:tcp:#0 delete_trace_entry (mctx=mctx@entry=0x7fe54d7ea000, ptr=<optimized out>, size=<optimized out>, file=file@entry=0x7fe54f0734fd "message.c", line=line@entry=2577) at mem.c:315
D:tcp:#1 0x00007fe54f115fc2 in isc__mempool_put (mpctx=0x7fe5243ac720, mem=mem@entry=0x7fe5245eb680, file=file@entry=0x7fe54f0734fd "message.c", line=line@entry=2577) at mem.c:1332
D:tcp:#2 0x00007fe54ef32a00 in dns_message_puttempname (msg=msg@entry=0x7fe5245eac80, itemp=itemp@entry=0x7ffc11dc59c0) at message.c:2577
D:tcp:#3 0x00007fe54ef32d6e in msgresetnames (msg=msg@entry=0x7fe5245eac80, first_section=first_section@entry=0) at message.c:461
D:tcp:#4 0x00007fe54ef33068 in msgreset (msg=msg@entry=0x7fe5245eac80, everything=everything@entry=false) at message.c:532
D:tcp:#5 0x00007fe54ef33cac in dns_message_reset (msg=0x7fe5245eac80, intent=intent@entry=1) at message.c:759
D:tcp:#6 0x00007fe54ee67b7f in ns_client_endrequest (client=0x7fe524621000) at client.c:264
D:tcp:#7 ns__client_reset_cb (client0=0x7fe524621000) at client.c:1631
D:tcp:#8 0x00007fe54f0ee9b9 in nmhandle_detach_cb (handlep=handlep@entry=0x7fe5245afa40) at netmgr/netmgr.c:1264
D:tcp:#9 0x00007fe54f0efc09 in isc__nm_async_detach (ev0=0x7fe5245afa00, worker=0x7fe54dc7c000) at netmgr/netmgr.c:2272
D:tcp:#10 process_netievent (arg=0x7fe5245afa00) at netmgr/netmgr.c:501
D:tcp:#11 0x00007fe54f10abc8 in isc__job_cb (idle=0x7fe5490e43c8) at job.c:75
D:tcp:#12 0x00007fe54e9f0cd1 in uv.run_idle () from /usr/lib/libuv.so.1
D:tcp:#13 0x00007fe54e9eb105 in uv_run () from /usr/lib/libuv.so.1
D:tcp:#14 0x00007fe54f110f3e in loop_run (loop=0x7fe54dc48900) at loop.c:266
D:tcp:#15 loop_thread (arg=0x7fe54dc48900) at loop.c:293
D:tcp:#16 0x00007fe54f1120d5 in isc_loopmgr_run (loopmgr=0x7fe54dc45000) at loop.c:473
D:tcp:#17 0x000055f580bc1a78 in main (argc=16, argv=0x7ffc11dc5ed8) at main.c:1441
D:tcp:--------------------------------------------------------------------------------
```
It crashed on line `315` in `mem.c:delete_trace_entry()` (see below), called by `mem.c:isc__mempool_put()`.
```
307. dl = ISC_LIST_HEAD(mctx->debuglist[idx]);
308. while (dl != NULL) {
309. if (dl->ptr == ptr) {
310. ISC_LIST_UNLINK(mctx->debuglist[idx], dl, link);
311. decrement_malloced(mctx, sizeof(*dl));
312. sdallocx(dl, sizeof(*dl), 0);
313. goto unlock;
314. }
315. dl = ISC_LIST_NEXT(dl, link);
316. }
```
Which means that `dl` became invalid while iterating through the loop, which, I think, means that the memory context was destroyed.
I think this can be fixed by adding an attach and detach pair to the memory context in `isc__mempool_create()` and `isc__mempool_destroy()` functions respectively.
After a visual inspection, I think ~"v9.16" is also affected.September 2022 (9.16.33, 9.16.33-S1, 9.18.7, 9.19.5)Arаm SаrgsyаnArаm Sаrgsyаn