ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2019-03-11T12:50:56Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/363#13966: DHCP Option start sequence2019-03-11T12:50:56ZVicky Riskvicky@isc.org#13966: DHCP Option start sequenceSome clients require Option 53 first and don't accept options presented in numerical order the way they are in Kea 1.5.0. ISC DHCP sends option 53 first and so this has become an established, although non-standard, expectation.
After di...Some clients require Option 53 first and don't accept options presented in numerical order the way they are in Kea 1.5.0. ISC DHCP sends option 53 first and so this has become an established, although non-standard, expectation.
After discussion in the Kea support meeting, everyone thinks we should just change the default behavior in the base Kea code to support this (non-standard) client requirement. Thomas has written a patch for this (below) which was shared with the support customer requesting this. We should review, merge and test this and include the change in the next Kea release.
----------
diff --git a/src/lib/dhcp/libdhcp++.cc b/src/lib/dhcp/libdhcp++.cc
index ced705dd29..a9f956eda8 100644
--- a/src/lib/dhcp/libdhcp++.cc
+++ b/src/lib/dhcp/libdhcp++.cc
@@ -790,11 +790,19 @@ LibDHCP::packOptions4(isc::util::OutputBuffer& buf,
const OptionCollection& options) {
OptionPtr agent;
OptionPtr end;
+
+ auto x = options.find(DHO_DHCP_MESSAGE_TYPE);
+ if (x != options.end()) {
+ x->second->pack(buf);
+ }
+
for (OptionCollection::const_iterator it = options.begin();
it != options.end(); ++it) {
- // RAI and END options must be last.
+ // TYPE is already done, RAI and END options must be last.
switch (it->first) {
+ case DHO_DHCP_MESSAGE_TYPE:
+ break;
case DHO_DHCP_AGENT_OPTIONS:
agent = it->second;
break;Kea1.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/362Editing User Guide grammar, clarity2019-02-28T15:55:06ZVicky Riskvicky@isc.orgEditing User Guide grammar, clarityThis issue is a placeholder for reviewing and editing the User Guide to improve readability by checking for grammatical mistakes and editing for clarity.
(I think the list below is in the order that the doc is assembled, with of course t...This issue is a placeholder for reviewing and editing the User Guide to improve readability by checking for grammatical mistakes and editing for clarity.
(I think the list below is in the order that the doc is assembled, with of course the dhcpv4 and dhcpv6 server parts broken down into 2000 line chunks)
* [x] kea-guide.xml intro.xml quickstart.xml install.xml admin.xml config.xml
* [x] keactrl.xml
* [x] dhcpv4-serv lines 1 - 2000
* [x] dhcpv4-serv lines 2000 - 4000
* [x] dhcpv4-serv lines 4000 - end
* [x] dhcpv6-serv lines 1 - 2000
* [x] dhcpv6-serv lines 2000 - 4000
* [x] dhcpv6-serv lines 4000 - end
* [x] lease-expiration.xml logging.xml
* [x] ddns.xml hooks.xml hooks-class-cmds.xml hooks-ha.xml, hooks-host-cache.xml
* [x] hooks-lease-cmds.xml hooks-radius.xml hooks-stat-cmds.xml libdhcp.xml
* [x] lfc.xml stats.xml ctrl-channel.xml classify.xml shell.xml agent.xml
* [x] netconf.xml api.xml congestion-handling.xml
Kea1.6Suzanne GoldlustSuzanne Goldlusthttps://gitlab.isc.org/isc-projects/kea/-/issues/361Kea User's Guide table listing standard options uses "hex" instead of "binary"2019-02-12T15:36:34ZMarcin SiodelskiKea User's Guide table listing standard options uses "hex" instead of "binary"It was reported that `Type` column in `Table 8.1. List of standard DHCPv4 options` uses `hex` instead of `binary` for options which are specified as a string of hexadecimal digits. The correct name is `binary`. Also, additional two issue...It was reported that `Type` column in `Table 8.1. List of standard DHCPv4 options` uses `hex` instead of `binary` for options which are specified as a string of hexadecimal digits. The correct name is `binary`. Also, additional two issues were found:
- option 60 (vendor-class-identifier) is listed as "hex" but in fact it is a "string"
- option 124 (vivco-suboptions) should probably come with an exampleKea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/360High Availability - Reverse Proxy with nginx2019-05-10T08:11:59ZChrisHigh Availability - Reverse Proxy with nginx---
name: High availability violating HTTP/1.1 RFC; issues when attempting to use nginx as a reverse proxy
about: When attempting to use the high availability library with nginx acting as a reverse proxy to Kea CA a HTTP 400 error code i...---
name: High availability violating HTTP/1.1 RFC; issues when attempting to use nginx as a reverse proxy
about: When attempting to use the high availability library with nginx acting as a reverse proxy to Kea CA a HTTP 400 error code is returned as the requests are missing a valid "Host" header.
---
**Describe the bug**
I am evaluating using Kea as the DHCP server for my network in a Docker container. For the high availability setup I have Kea Control listening on port 8081 with nginx acting as a reverse proxy on port 8080. I am running it with nginx as I cannot see a way to bind the control agent to all available interfaces/IP's; the IP's being used at run time will be random and I would prefer being able to use all available interfaces. The nginx configuration is very simple:
```
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
location / {
proxy_pass http://127.0.0.1:8081;
}
}
```
The high availability library makes HTTP/1.1 requests without using a "Host" header which results in messages like these from nginx:
```
2018/12/17 03:57:57 [info] 20#20: *32 client sent HTTP/1.1 request without "Host" header while reading client request headers, client: 192.168.155.34, server: _, request: "POST / HTTP/1.1"
```
The HA hook that runs to send the heartbeat also fails as nginx returns a 400 error:
```
2018-12-17 03:57:59.732 WARN [kea-dhcp4.ha-hooks/19] HA_HEARTBEAT_COMMUNICATIONS_FAILED failed to send heartbeat to dhcp1 (http://192.168.155.34:8080/): unable to parse the body of the HTTP response: error: unexpected character < in <string>:1:2 : current state: [ 1 END_ST ] next event: [ 3 FAIL_EVT ]
```
A failing HTTP request looks like this:
```
POST / HTTP/1.1
Content-Length: 53
Content-Type: application/json
{ "command": "ha-heartbeat", "service": [ "dhcp4" ] }
```
And for the response:
```
HTTP/1.1 400 Bad Request
Server: nginx
Date: Mon, 17 Dec 2018 04:12:39 GMT
Content-Type: text/html
Content-Length: 166
Connection: close
<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx</center>
</body>
</html>
```
According to RFC7230 this is a violation of HTTP/1.1:
> A client **MUST** send a Host header field in all HTTP/1.1 request messages. If the target URI includes an authority component, then a client MUST send a field-value for Host that is identical to that authority component, excluding any userinfo subcomponent and its "@" delimiter (Section 2.7.1). If the authority component is missing or undefined for the target URI, then a client MUST send a Host header field with an empty field-value.
>
> Since the Host field-value is critical information for handling a request, a user agent SHOULD generate Host as the first header field following the request-line.
**To Reproduce**
Steps to reproduce the behavior:
1. Run Kea CA (doesn't matter where you bind to, the next step is the important part) + Kea4 or Kea6 with the high availability hook
2. Install nginx and configure it to act as a reverse proxy to Kea CA
3. Configure the HA hooks to send the health checks to the listening IP/port for nginx (which in turn proxies them back to Kea CA)
4. Kea CA is unable to sync any leases or send heartbeats as nginx will return a HTTP 400 error
**Expected behavior**
Kea CA should not violate the HTTP/1.1 spec, attempting to run it behind a reverse proxy results in a non-working high availability setup.
**Environment:**
- Kea version: 1.5.0
- OS: Debian Stretch x64
- Which features were compiled in (in particular which backends): `./configure --with-mysql --with-openssl --enable-shell`
- If/which hooks where loaded in: libdhcp_lease_cmds.so, libdhcp_ha.so
**Additional Information**
Covered above
**Some initial questions**
- Are you sure your feature is not already implemented in the latest Kea version? Yes
- Are you sure what you would like to do is not possible using some other mechanisms? There are other ways around this problem, but for my specific situation this is the most elegant. As I am running nginx in the container which is bound to all IP's (to provide a web UI) I would like to be able to use it as a reverse proxy as well; if that is not possible and there is a way to configure Kea CA to listen on all interfaces (eg. using a wildcard like it is possible in kea4/kea6) I could potentially use that as a work around.
- Have you discussed your idea on kea-users or kea-dev mailing lists? No
**Is your feature request related to a problem? Please describe.**
Ability to run nginx as a reverse proxy for Kea CA.
**Describe the solution you'd like**
Either:
* Ability to configure Kea CA to bind to all available interfaces/IP's. With Kea4/Kea6 it is possible to define the interfaces in the following format, but it is not possible with Kea CA:
```
"Dhcp4": {
"interfaces-config": {
// Listen on all interfaces
"interfaces": [ "*" ],
// Traffic to this server is sent via a DHCP relay, the server will listen on a UDP socket rather than raw socket
"dhcp-socket-type": "udp"
},
```
* Ability to configure a "Host" header for requests the high availability library sendsKea1.6Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/kea/-/issues/357unit tests create too long socket paths that are not allowed by unix systems2019-03-07T11:25:26ZMichal Nowikowskiunit tests create too long socket paths that are not allowed by unix systemsUnit tests should create safe socket path e.g. in /tmp folder.
There is KEA_SOCKET_TEST_DIR but this is not obvious for new comers or sporadic users.Unit tests should create safe socket path e.g. in /tmp folder.
There is KEA_SOCKET_TEST_DIR but this is not obvious for new comers or sporadic users.Kea1.6Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/kea/-/issues/354compilation with mysql fails on fedora 292019-11-19T14:30:19ZMichal Nowikowskicompilation with mysql fails on fedora 29It seems that my_bool type has been removed from mysql 8.
https://bugs.mysql.com/bug.php?id=85131
I used community-mysql-devel package to get C headers:
sudo dnf install community-mysql-devel
```
compilation log fragment:
make[5]: Wejśc...It seems that my_bool type has been removed from mysql 8.
https://bugs.mysql.com/bug.php?id=85131
I used community-mysql-devel package to get C headers:
sudo dnf install community-mysql-devel
```
compilation log fragment:
make[5]: Wejście do katalogu '/home/godfryd/isc/1.5.0/kea-1.5.0/src/lib/mysql'
CXX mysql_connection.lo
CXX mysql_binding.lo
In file included from ../../../src/lib/mysql/mysql_binding.h:16,
from ../../../src/lib/mysql/mysql_connection.h:14,
from mysql_connection.cc:11:
../../../src/lib/mysql/mysql_constants.h:20:7: error: ‘my_bool’ does not name a type; did you mean ‘bool’?
const my_bool MLM_FALSE = 0;
^~~~~~~
bool
```Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/347remove dependencies list from AUTHORS file2019-01-18T16:19:09ZWlodzimierz Wencelremove dependencies list from AUTHORS fileCan we remove this from AUTHORS file?Can we remove this from AUTHORS file?Kea1.6https://gitlab.isc.org/isc-projects/kea/-/issues/340Make perfdhcp build optional.2019-02-05T22:19:12ZFrancis DupontMake perfdhcp build optional.Same than for the kea-shell. Two questions:
- is it a good idea?
- what should be the default (on vs off)?Same than for the kea-shell. Two questions:
- is it a good idea?
- what should be the default (on vs off)?Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/320kea-admin, keactrl doesn't report Kea version (trac5411) (GH #76)2019-01-17T14:54:03ZVicky Riskvicky@isc.orgkea-admin, keactrl doesn't report Kea version (trac5411) (GH #76)<Migrated from Gitlab issue #76, originally opened by Tomaszmrugalski on April 19, 2018>
Those two tools don't report their version as other components do (neither -v or -V is working).
For details, see https://kea.isc.org/ticket/5411.<Migrated from Gitlab issue #76, originally opened by Tomaszmrugalski on April 19, 2018>
Those two tools don't report their version as other components do (neither -v or -V is working).
For details, see https://kea.isc.org/ticket/5411.Kea1.6https://gitlab.isc.org/isc-projects/kea/-/issues/319kea-admin / admin-utils.sh ignores the -h --host arg for the database (GH#104)2019-01-17T14:54:51ZVicky Riskvicky@isc.orgkea-admin / admin-utils.sh ignores the -h --host arg for the database (GH#104)<This issue was opened on Github as issue #104 by Kroki0815 on Sept 20, 2018>
If the mysql-database is not on localhost, upgrade of the database with kea-admin is not possible.
i looked into the code and the problem is in the admin-uti...<This issue was opened on Github as issue #104 by Kroki0815 on Sept 20, 2018>
If the mysql-database is not on localhost, upgrade of the database with kea-admin is not possible.
i looked into the code and the problem is in the admin-utils.sh:
```
mysql_execute() {
QUERY=$1
shift
if [ $# -gt 1 ]; then
mysql -N -B "$@" -e "${QUERY}"
retcode=$?
else
mysql -N -B --database="${db_name}" --user="${db_user}" --password="${db_password}" -e "${QUERY}"
retcode=$?
fi
return $retcode
}
mysql_execute_script() {
file=$1
shift
if [ $# -ge 1 ]; then
mysql -N -B "$@" < "${file}"
retcode=$?
else
mysql -N -B --database="${db_name}" --user="${db_user}" --password="${db_password}" < "${file}"
retcode=$?
fi
return $retcode
}
```
The mysql lines should look like this:
```
mysql -N -B --host="${db_host}" --database="${db_name}" --user="${db_user}" --password="${db_password}"
```
This problem may be also in the other backends.
This bug is in all versions, also in the master-branch.Kea1.6https://gitlab.isc.org/isc-projects/kea/-/issues/313Return a list of all reservations by subnet ID2019-05-02T17:33:52ZMichael McNallyReturn a list of all reservations by subnet IDKea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/312Move some backend code from radius to host cache.2019-03-08T00:05:39ZFrancis DupontMove some backend code from radius to host cache.It is not a critical issue as the host cache is used only by the radius hook but formally this code in the radius hook belongs to the host cache.It is not a critical issue as the host cache is used only by the radius hook but formally this code in the radius hook belongs to the host cache.Kea1.6Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/305Fix Ubuntu installation notes on KB2019-01-11T16:33:31ZTomek MrugalskiFix Ubuntu installation notes on KBThe installation procedure here: https://kb.isc.org/docs/kea-build-on-ubuntu needs some corrections and updates.
1. it still mentions --with-tier2 (which was removed in 1.4.0)
2. the Radius installation section mentions FreeRADIUS clie...The installation procedure here: https://kb.isc.org/docs/kea-build-on-ubuntu needs some corrections and updates.
1. it still mentions --with-tier2 (which was removed in 1.4.0)
2. the Radius installation section mentions FreeRADIUS client being installed from the upstream. Francis did some important (segfault preventing) fixes in his version. See https://jenkins.isc.org/job/Kea_doc/guide/kea-guide.html#hooks-radius. It may be ok to use the upstream **if** they accepted Francis' patches and released fixed version.
3. It doesn't cover NETCONF. This is pretty important, because sysrepo is pretty darn tricky to install and Ubuntu happens to be a least painful system to get it on.Kea1.6https://gitlab.isc.org/isc-projects/kea/-/issues/300Installing *messages.h files doesn't seem to be trivial2019-05-13T19:25:36ZMarcin SiodelskiInstalling *messages.h files doesn't seem to be trivialFor Kea 1.5.0 beta2 we attempted to install all *_messages.h files which contain labels of log messages used by loggers. That turned out to be a problem for `make distcheck` because it requires to compile .mes files using the message com...For Kea 1.5.0 beta2 we attempted to install all *_messages.h files which contain labels of log messages used by loggers. That turned out to be a problem for `make distcheck` because it requires to compile .mes files using the message compiler from the `$(top_builddir)` where the kea-msg-compiler is not available. At the stage where the compiler is needed the compiler is presumably available in the $(top_distdir) instead. We haven't figured out why this issue occurs when we attempt to install the files and not when we don't. Because this issue was found right before the Kea 1.5.0 beta2 release we didn't have time to investigate it and find the proper solution. We simply backed off the changes (we don't install message headers) hoping for some solution for it later.
We should also consider whether the messages files should be installed at all. It seems they will only be needed if there are any header files installed which require the message files. That could be the case if we have a template class implemented within the header file which requires logging. As far as we can tell today, we don't have such cases in the code. So, backing off the changes seemed safe for Kea 1.5.0 beta2.Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/292Possible issue at exit with dynamic host backend2019-01-11T16:33:20ZFrancis DupontPossible issue at exit with dynamic host backendCf #87: there were some problems (supposedly fixed) with dynamic host backend destruction at server exit. They could need more work (invalid write reported by valgrind) and they definitively require a more robust solution. BTW they are v...Cf #87: there were some problems (supposedly fixed) with dynamic host backend destruction at server exit. They could need more work (invalid write reported by valgrind) and they definitively require a more robust solution. BTW they are variants of the global destructor disaster so very system dependent.Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/283perfdhcp: indicated requests rate is not kept during testing2019-01-18T16:02:09ZMichal Nowikowskiperfdhcp: indicated requests rate is not kept during testingDue to accumulating time slips in sending procedure the actual requests rate is lower than indicated.
It can be even ~20% lower for higher rates. Examples: 2700 instead of 3000.Due to accumulating time slips in sending procedure the actual requests rate is lower than indicated.
It can be even ~20% lower for higher rates. Examples: 2700 instead of 3000.Kea1.6Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/kea/-/issues/282make distcheck incompatible with premium2019-02-04T16:03:27ZFrancis Dupontmake distcheck incompatible with premiumGot on a build with premium from `make distcheck`:
```
configure: creating ./config.status
config.status: creating premium/src/hooks/dhcp/forensic_log/Makefile
config.status: creating premium/src/hooks/dhcp/forensic_log/libloadtests/Mak...Got on a build with premium from `make distcheck`:
```
configure: creating ./config.status
config.status: creating premium/src/hooks/dhcp/forensic_log/Makefile
config.status: creating premium/src/hooks/dhcp/forensic_log/libloadtests/Makefile
config.status: creating premium/src/hooks/dhcp/forensic_log/tests/Makefile
config.status: creating premium/src/hooks/dhcp/forensic_log/testutils/Makefile
config.status: error: cannot find input file: `premium/src/share/Makefile.in'
make: *** [distcheck] Error 1
```
There is no premium/src/share in the tar.Kea1.6https://gitlab.isc.org/isc-projects/kea/-/issues/273Warn about legacy top-level entries2019-05-23T20:24:14ZFrancis DupontWarn about legacy top-level entriesAnnounce in ~~1.5~~ 1.6 release that a Dhcp6 entry in a DHCPv4 server configuration is ignored and will raise an error in the next release.Announce in ~~1.5~~ 1.6 release that a Dhcp6 entry in a DHCPv4 server configuration is ignored and will raise an error in the next release.Kea1.6https://gitlab.isc.org/isc-projects/kea/-/issues/214add colors to services states in keactrl2019-05-14T15:18:10ZMichal Nowikowskiadd colors to services states in keactrlKea1.6Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/kea/-/issues/184Performance testing with kea less than ISC2019-02-07T21:00:01ZGhost UserPerformance testing with kea less than ISCHi,
I was trying to do the bench marking between ISC dhcp and Kea for POC
Since kea HA will have two IP, how can i test perfdhcp with multiple DHCP server ip
```
perfdhcp -b mac=dd:55:33:00:dd:00 -4 10.25.133.12
perfdhcp -M smac -4...Hi,
I was trying to do the bench marking between ISC dhcp and Kea for POC
Since kea HA will have two IP, how can i test perfdhcp with multiple DHCP server ip
```
perfdhcp -b mac=dd:55:33:00:dd:00 -4 10.25.133.12
perfdhcp -M smac -4 10.25.133.12
```
Is it possible to test with both servers ?Kea1.6