ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2022-09-13T12:30:33Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/15851.5.0-P1: configuration error - Attempt to parse truncated vendor option2022-09-13T12:30:33ZPeter Davies1.5.0-P1: configuration error - Attempt to parse truncated vendor option---
name: 1.5.0-P1: configuration error - Attempt to parse truncated vendor option
---
**Describe the bug**
The following configuration error is generated when defining option 125 encapsulated option space:
2020-12-02 00:20:23.376 ERRO...---
name: 1.5.0-P1: configuration error - Attempt to parse truncated vendor option
---
**Describe the bug**
The following configuration error is generated when defining option 125 encapsulated option space:
2020-12-02 00:20:23.376 ERROR [kea-dhcp4.dhcp4/130] DHCP4_CONFIG_LOAD_FAIL configuration error using file: kea-dhcp4.conf.test, reason: option data does not match option definition (space: vendor-encapsulated-options-space, code: 125): Attempt to parse truncated vendor option (kea-dhcp4.conf.test:42:19)
2020-12-02 00:20:23.376 ERROR [kea-dhcp4.dhcp4/130] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file 'kea-dhcp4.conf.test': option data does not match option definition (space: vendor-encapsulated-options-space, code: 125): Attempt to parse truncated vendor option (kea-dhcp4.conf.test:42:19)
Customer reports that on investigation the problem occurs at:
src/lib/dhcp/libdhcp++.cc source, function unpackVendorOptions4 when parsing option value.
It would appear that for some reason 43.125 is treated as just 125 (parent option) and the vendor ID (4-byte unsigned integer) + length octet + data is expected – and that is where error is thrown. This function is called from OptionVendor class, method unpack in option_vendor.cc source.
See[ RT #17358](https://support.isc.org/Ticket/Display.html?id=17358)
**To Reproduce**
The following configuration:
```
{
"Dhcp4": {
"valid-lifetime": 3600,
"echo-client-id": true,
"interfaces-config": {
"interfaces": [
"*"
],
"re-detect": true,
"dhcp-socket-type": "raw",
"outbound-interface": "same-as-inbound"
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/tmp/kea4_command"
},
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/tmp/dhcp4.leases",
"lfc-interval": 3600
},
"sanity-checks": {
"lease-checks": "fix"
},
"subnet4": [
{
"subnet": "10.0.20.0/24",
"match-client-id": true
}
],
"option-def": [
{
"name": "cookie",
"code": 125,
"type": "string",
"space": "ABC"
}
],
"client-classes": [
{
"name": "ABC",
"test": "(option[vendor-class-identifier].text == 'ABC')",
"option-def": [
{
"name": "vendor-encapsulated-options",
"code": 43,
"type": "empty",
"encapsulate": "ABC"
}
],
"option-data": [
{
"name": "cookie",
"space": "ABC",
"data": "1ABCDE"
},
{
"name": "vendor-encapsulated-options"
}
]
}
]
},
"Logging": {
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/tmp/kea_log"
}
],
"severity": "DEBUG",
"debuglevel": 99
}
]
}
}
```
Also note that using a 4 byte string (for example "1APC") does allow
Kea to start upkea1.9.4Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/2331Check whether `dig +trace` works on main2023-11-02T17:00:03ZOndřej SurýCheck whether `dig +trace` works on mainWe should double check that `dig +trace` still works, because it often executes nm_read() inside readcb.We should double check that `dig +trace` still works, because it often executes nm_read() inside readcb.Not plannedMark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2330Add a test that max-udp-size can send a 4096 octet UDP response if it is set ...2022-03-01T09:42:51ZOndřej SurýAdd a test that max-udp-size can send a 4096 octet UDP response if it is set to that value.Stemmed from the MR: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4449#note_180129
People expect that `max-udp-size` changes the EDNS Buffer Size and the throttling by `nocookie-udp-size` was bit unexpected. Let's add a t...Stemmed from the MR: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4449#note_180129
People expect that `max-udp-size` changes the EDNS Buffer Size and the throttling by `nocookie-udp-size` was bit unexpected. Let's add a test that matches the people's expectations.Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2329fix geoip2 when threads are disabled 9.112020-12-02T08:44:11ZMark Andrewsfix geoip2 when threads are disabled 9.11https://gitlab.isc.org/isc-projects/bind9/-/issues/2328Windows system tests fail after Network Manager refactoring2020-12-02T22:41:41ZMichal NowakWindows system tests fail after Network Manager refactoringNearly all system test on Windows [fail](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1335899) after https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4444:
```
01-Dec-2020 20:24:00.891 c:\builds\isc-projects\bind9\lib\isc\n...Nearly all system test on Windows [fail](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1335899) after https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4444:
```
01-Dec-2020 20:24:00.891 c:\builds\isc-projects\bind9\lib\isc\netmgr\netmgr.c:2053: unexpected error:
01-Dec-2020 20:24:00.891 socket() failed: Unknown error
01-Dec-2020 20:24:00.891 c:\builds\isc-projects\bind9\lib\isc\netmgr\netmgr.c:178: REQUIRE(result == 0) failed
01-Dec-2020 20:24:00.891 exiting (due to assertion failure)
```December 2020 (9.11.26, 9.11.26-S1, 9.16.10, 9.16.10-S1, 9.17.8)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2327error: uv_wrap.h: No such file or directory on unit:gcc:tarball CI job2020-12-03T13:44:21ZMichal Nowakerror: uv_wrap.h: No such file or directory on unit:gcc:tarball CI job`unit:gcc:tarball` [CI job fail](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1335745) with:
```
tcp_test.c:37:10: fatal error: uv_wrap.h: No such file or directory
#include "uv_wrap.h"
^~~~~~~~~~~
...
udp_test.c:37:10: fa...`unit:gcc:tarball` [CI job fail](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1335745) with:
```
tcp_test.c:37:10: fatal error: uv_wrap.h: No such file or directory
#include "uv_wrap.h"
^~~~~~~~~~~
...
udp_test.c:37:10: fatal error: uv_wrap.h: No such file or directory
#include "uv_wrap.h"
^~~~~~~~~~~
```
I think `uv_wrap.h` is missing in `libisctest_la_SOURCES` and therefore `make dist` of `tarball-create` CI job does not include it.December 2020 (9.11.26, 9.11.26-S1, 9.16.10, 9.16.10-S1, 9.17.8)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2326Some of the statschannel system test cases fail if I build BIND 9.16.92021-10-27T11:42:55ZPeter DaviesSome of the statschannel system test cases fail if I build BIND 9.16.9<!--
Some of the statschannel system test cases fail if I build BIND 9.16.9
--without-libmlx2 and with pytest as follows:
-->
### Summary
Some of the statschannel system test cases fail if I build BIND 9.16.9
--without-libmlx2 and with...<!--
Some of the statschannel system test cases fail if I build BIND 9.16.9
--without-libmlx2 and with pytest as follows:
-->
### Summary
Some of the statschannel system test cases fail if I build BIND 9.16.9
--without-libmlx2 and with pytest as follows:
D:statschannel:FAILED tests-xml.py::test_zone_timers_primary_xml - assert 404 == 200
D:statschannel:FAILED tests-xml.py::test_zone_timers_secondary_xml - assert 404 == 200
D:statschannel:FAILED tests-xml.py::test_zone_with_many_keys_xml - assert 404 == 200
D:statschannel:FAILED tests-xml.py::test_traffic_xml - assert 404 == 200
These tests seem to be run without checking "HAVEXMLSTATS". It is
suggest skipping these python tests if "HAVEXMLSTATS" is false, like
tests.sh does.
Also suspect the same kind of problem exists for json
### BIND version used
9.16.9
See [RT #17360](https://support.isc.org/Ticket/Display.html?id=17360 )November 2021 (9.16.23, 9.16.23-S1, 9.17.20)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2325CID 313612: Error handling uv_timer_init() in tlsdns.c2021-09-02T11:36:15ZMichal NowakCID 313612: Error handling uv_timer_init() in tlsdns.cCoverity identified following [error](https://scan8.coverity.com/reports.htm#v38342/p12579/fileInstanceId=37809089&defectInstanceId=11335293&mergedDefectId=313612) on `main` (source 634bdfb16d8f91ba411f43d0e871ff45cebe125e):
```
*** CID...Coverity identified following [error](https://scan8.coverity.com/reports.htm#v38342/p12579/fileInstanceId=37809089&defectInstanceId=11335293&mergedDefectId=313612) on `main` (source 634bdfb16d8f91ba411f43d0e871ff45cebe125e):
```
*** CID 313612: Error handling issues (CHECKED_RETURN)
/lib/isc/netmgr/tlsdns.c: 163 in dnslisten_acceptcb()
157
158 dnssock->peer = handle->sock->peer;
159 dnssock->read_timeout = handle->sock->mgr->init;
160 dnssock->tid = isc_nm_tid();
161 dnssock->closehandle_cb = resume_processing;
162
>>> CID 313612: Error handling issues (CHECKED_RETURN)
>>> Calling "uv_timer_init" without checking return value (as is done elsewhere 10 out of 12 times).
163 uv_timer_init(&dnssock->mgr->workers[isc_nm_tid()].loop,
164 &dnssock->timer);
165 dnssock->timer.data = dnssock;
166 dnssock->timer_initialized = true;
167 uv_timer_start(&dnssock->timer, dnstcp_readtimeout,
168 dnssock->read_timeout, 0);
```September 2021 (9.16.21, 9.16.21-S1, 9.17.18)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2324'key_mutex' undeclared in geoip2.c with threads disabled2021-01-07T20:19:43ZMichal Nowak'key_mutex' undeclared in geoip2.c with threads disabledConfiguring `v9_11` with `--with-geoip2=auto` and `--disable-threads` fails the build of `geoip2.c`:
```
libtool: compile: gcc -I/home/newman/isc/ws/bind9 -I../.. -I. -I../../lib/dns -Iinclude -I/home/newman/isc/ws/bind9/lib/dns/include...Configuring `v9_11` with `--with-geoip2=auto` and `--disable-threads` fails the build of `geoip2.c`:
```
libtool: compile: gcc -I/home/newman/isc/ws/bind9 -I../.. -I. -I../../lib/dns -Iinclude -I/home/newman/isc/ws/bind9/lib/dns/include -I../../lib/dns/include -I/home/newman/isc/ws/bind9/lib/isc/include -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include -I../../lib/isc/nothreads/include -I../../lib/isc/x86_32/include -I/usr/include -DUSE_MD5 -DOPENSSL -DGSSAPI -DUSE_ISC_SPNEGO -DISC_LIST_CHECKINIT=1 -D_GNU_SOURCE -g -O2 -I/usr/include/libxml2 -fPIC -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -fno-strict-aliasing -fno-delete-null-pointer-checks -Wshadow -Werror -c geoip2.c -fPIC -DPIC -o .libs/geoip2.o
In file included from /home/newman/isc/ws/bind9/lib/isc/include/isc/assertions.h:19,
from /home/newman/isc/ws/bind9/lib/isc/include/isc/list.h:15,
from /home/newman/isc/ws/bind9/lib/isc/include/isc/types.h:33,
from /home/newman/isc/ws/bind9/lib/isc/include/isc/result.h:19,
from ../../lib/isc/nothreads/include/isc/mutex.h:15,
from /home/newman/isc/ws/bind9/lib/isc/include/isc/mem.h:22,
from geoip2.c:25:
geoip2.c: In function ‘set_state’:
geoip2.c:195:9: error: ‘key_mutex’ undeclared (first use in this function)
195 | LOCK(&key_mutex);
| ^~~~~~~~~
/home/newman/isc/ws/bind9/lib/isc/include/isc/likely.h:23:52: note: in definition of macro ‘ISC_LIKELY’
23 | #define ISC_LIKELY(x) __builtin_expect((x), 1)
| ^
/home/newman/isc/ws/bind9/lib/isc/include/isc/util.h:315:30: note: in expansion of macro ‘ISC_ERROR_RUNTIMECHECK’
315 | #define RUNTIME_CHECK(cond) ISC_ERROR_RUNTIMECHECK(cond)
| ^~~~~~~~~~~~~~~~~~~~~~
/home/newman/isc/ws/bind9/lib/isc/include/isc/util.h:100:2: note: in expansion of macro ‘RUNTIME_CHECK’
100 | RUNTIME_CHECK(isc_mutex_lock((lp)) == ISC_R_SUCCESS); \
| ^~~~~~~~~~~~~
/home/newman/isc/ws/bind9/lib/isc/include/isc/util.h:100:16: note: in expansion of macro ‘isc_mutex_lock’
100 | RUNTIME_CHECK(isc_mutex_lock((lp)) == ISC_R_SUCCESS); \
| ^~~~~~~~~~~~~~
geoip2.c:195:3: note: in expansion of macro ‘LOCK’
195 | LOCK(&key_mutex);
| ^~~~
geoip2.c:195:9: note: each undeclared identifier is reported only once for each function it appears in
195 | LOCK(&key_mutex);
| ^~~~~~~~~
/home/newman/isc/ws/bind9/lib/isc/include/isc/likely.h:23:52: note: in definition of macro ‘ISC_LIKELY’
23 | #define ISC_LIKELY(x) __builtin_expect((x), 1)
| ^
/home/newman/isc/ws/bind9/lib/isc/include/isc/util.h:315:30: note: in expansion of macro ‘ISC_ERROR_RUNTIMECHECK’
315 | #define RUNTIME_CHECK(cond) ISC_ERROR_RUNTIMECHECK(cond)
| ^~~~~~~~~~~~~~~~~~~~~~
/home/newman/isc/ws/bind9/lib/isc/include/isc/util.h:100:2: note: in expansion of macro ‘RUNTIME_CHECK’
100 | RUNTIME_CHECK(isc_mutex_lock((lp)) == ISC_R_SUCCESS); \
| ^~~~~~~~~~~~~
/home/newman/isc/ws/bind9/lib/isc/include/isc/util.h:100:16: note: in expansion of macro ‘isc_mutex_lock’
100 | RUNTIME_CHECK(isc_mutex_lock((lp)) == ISC_R_SUCCESS); \
| ^~~~~~~~~~~~~~
geoip2.c:195:3: note: in expansion of macro ‘LOCK’
195 | LOCK(&key_mutex);
| ^~~~
make[2]: *** [Makefile:346: geoip2.lo] Error 1
```
@marka this blocks https://gitlab.isc.org/isc-projects/bind9/-/issues/2323.January 2021 (9.11.27, 9.11.27-S1, 9.16.11, 9.16.11-S1, 9.17.9)https://gitlab.isc.org/isc-projects/bind9/-/issues/2323Add non-threaded build to 9.11 CI2021-01-19T06:18:32ZMark AndrewsAdd non-threaded build to 9.11 CIFebruary 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2322Bind truncates DNSSEC answers when using UDP2020-12-01T17:50:36ZAnderson FerreiraBind truncates DNSSEC answers when using UDP
### Summary
Bind 9.16.8 and 9.16.9 truncate the answer of DNSSEC queries when answering via UDP.
This issue was observed when the server was queried by hosts on different networks segments, on the same network, and even when the query ...
### Summary
Bind 9.16.8 and 9.16.9 truncate the answer of DNSSEC queries when answering via UDP.
This issue was observed when the server was queried by hosts on different networks segments, on the same network, and even when the query source is the name server itself.
Reducing the values of max-udp-size and edns-udp-size makes no difference in this behavior.
### BIND version used
The issue was observed at least on FreeBSD and Ubuntu machines.
```
BIND 9.16.9 (Stable Release) <id:b3f41b7>
running on FreeBSD amd64 12.1-STABLE FreeBSD 12.1-STABLE r364333 VM-KVM
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr' '--with-readline=-L/usr/local/lib -ledit' '--with-dlz-filesystem=yes' '--disable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-native-pkcs11' '--without-python' '--disable-querytrace' '--enable-tcp-fastopen' '--disable-symtable' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd12.2' 'build_alias=amd64-portbld-freebsd12.2' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf'
compiled by CLANG FreeBSD Clang 10.0.1 (git@github.com:llvm/llvm-project.git llvmorg-10.0.1-0-gef32c611aa2)
compiled with OpenSSL version: OpenSSL 1.1.1h-freebsd 22 Sep 2020
linked to OpenSSL version: OpenSSL 1.1.1g-freebsd 21 Apr 2020
compiled with libuv version: 1.40.0
linked to libuv version: 1.40.0
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
```
```
BIND 9.16.9-Ubuntu (Stable Release) <id:b3f41b7>
running on Linux x86_64 5.4.0-54-generic #60-Ubuntu SMP Fri Nov 6 10:37:59 UTC 2020
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-esyEPC/bind9-9.16.9=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 9.3.0
compiled with OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020
linked to OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020
compiled with libuv version: 1.38.1
linked to libuv version: 1.38.1
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.4.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
```
### Steps to reproduce
The issue can be observed using dig tool:
```
# dig dnskey <domain> @localhost +dnssec
```
### What is the current *bug* behavior?
Dig's output reports that the answer is truncated.
```
;; Truncated, retrying in TCP mode. <--- Dig shows that the answer is truncated
; <<>> DiG 9.16.9 <<>> dnskey <domain> @localhost +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1691
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 2048
; COOKIE: 84ce58cd836fea50010000005fc64ce19b990cfc26ff8286 (good)
;; QUESTION SECTION:
;<domain>. IN DNSKEY
;; ANSWER SECTION:
<domain>. 14400 IN DNSKEY 257 3 8 .........
```
### What is the expected *correct* behavior?
On bind versions prior to 9.16.8, dig's output doesn't report that the answer is truncated. Network traffic dumps also show that the entire communication happened via UDP.https://gitlab.isc.org/isc-projects/bind9/-/issues/2321Refactor netmgr2020-12-16T21:06:24ZOndřej SurýRefactor netmgrWhile working on fixing the bugs in the netmgr, it was discovered that stacking the netmgr APIs on top of each other is very error prone, confusing and mostly unfixable. It was proposed to rewrite the tcpdns using the libuv only and alo...While working on fixing the bugs in the netmgr, it was discovered that stacking the netmgr APIs on top of each other is very error prone, confusing and mostly unfixable. It was proposed to rewrite the tcpdns using the libuv only and along with the other fixes to refactor the netmgr API together with adding unit tests.
The `netmgr/` directory and the unit tests needs to be backported to 9.16 together with relevant changes, but we must not backport any netmgr-client changes outside `netmgr/` yet.December 2020 (9.11.26, 9.11.26-S1, 9.16.10, 9.16.10-S1, 9.17.8)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2320Making netmgr callbacks asynchronous-only crippled performance2020-12-02T22:41:43ZMichał KępieńMaking netmgr callbacks asynchronous-only crippled performance!4386 caused a 40% performance drop in all tested Perflab scenarios:
- https://perflab.isc.org/#/config/run/5bf1959c83ba91a870b2976b/
- https://perflab.isc.org/#/config/run/5bf195a883ba91a870b2976c/
- https://perflab.isc.org/#/con...!4386 caused a 40% performance drop in all tested Perflab scenarios:
- https://perflab.isc.org/#/config/run/5bf1959c83ba91a870b2976b/
- https://perflab.isc.org/#/config/run/5bf195a883ba91a870b2976c/
- https://perflab.isc.org/#/config/run/5bf195c083ba91a870b2976e/
- https://perflab.isc.org/#/config/run/5bf195dd83ba91a870b2976f/
Fortunately, that MR was only merged into `main` so far, but this
problem must be addressed before [recent netmgr changes](#2246) are
backported to `v9_16`.December 2020 (9.11.26, 9.11.26-S1, 9.16.10, 9.16.10-S1, 9.17.8)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/kea/-/issues/1584NAK sent while authoritative=false2021-12-04T11:48:04ZJoost BekkersNAK sent while authoritative=false
**Describe the bug**
When two dhcp servers are serving the same subnet. Kea can receive a REBIND from a client which currently has a lease issued by the other server. Kea notices this and reports ALLOC_ENGINE_V4_REQUEST_OUT_OF_POOL and ...
**Describe the bug**
When two dhcp servers are serving the same subnet. Kea can receive a REBIND from a client which currently has a lease issued by the other server. Kea notices this and reports ALLOC_ENGINE_V4_REQUEST_OUT_OF_POOL and DHCP4_PACKET_NAK_0004. The NAK is sent even though the subnet has authoritative set to false.
**To Reproduce**
Steps to reproduce the behavior:
1. Run Kea dhcpv4 (S1) and a second dhcp server (S2) in the same subnet with non-overlapping pools.
Both servers should be configured as 'not authoritative'.
2. Have a client obtain a lease from S2
3. Have that client perform a REBIND for that lease
4. Observe S1 send a NAK for the valid lease
**Expected behavior**
The server should only send a NAK if either it is authoritative, or the ciaddr/requested-ip-address belongs to its own pool/reservations.
**Environment:**
- Kea version: 1.8.0
- OS: FreeBSD 12.2
- MySQL backend was compiled in, but not configured
- Hooks: flex-option, stats
**Additional Information**
```
DEBUG [kea-dhcp4.packets/38691.0x80173a000] DHCP4_BUFFER_RECEIVED received buffer from 10.2.175.149:68 to 255.255.255.255:67 over interface vmx1
DEBUG [kea-dhcp4.options/38691.0x80173a000] DHCP4_BUFFER_UNPACK parsing buffer received from 10.2.175.149 to 255.255.255.255 over interface vmx1
DEBUG [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS1 evaluated to 0
DEBUG [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS2 evaluated to 0
DEBUG [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS3 evaluated to 0
INFO [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS4 evaluated to 1
DEBUG [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS5 evaluated to 0
INFO [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS6 evaluated to 1
INFO [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS7 evaluated to 1
DEBUG [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS8 evaluated to 0
INFO [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS9 evaluated to 1
INFO [kea-dhcp4.options/38691.0x80173a000] EVAL_RESULT Expression USER_CLASS10 evaluated to 1
DEBUG [kea-dhcp4.dhcpsrv/38691.0x80173a000] DHCPSRV_CFGMGR_SUBNET4_ADDR selected subnet 10.2.0.0/16 for packet received by matching address 10.2.0.8
DEBUG [kea-dhcp4.packets/38691.0x80173a000] DHCP4_SUBNET_SELECTED [hwtype=1 34:e3:80:13:a5:60], cid=[ff:00:01:00:01:00:03:00:01:34:e3:80:13:a5:60], tid=0x5d0d759e: the subnet with ID 167903232 was selected for client assignments
DEBUG [kea-dhcp4.packets/38691.0x80173a000] DHCP4_PACKET_RECEIVED [hwtype=1 34:e3:80:13:a5:60], cid=[ff:00:01:00:01:00:03:00:01:34:e3:80:13:a5:60], tid=0x5d0d759e: DHCPREQUEST (type 3) received from 10.2.175.149 to 255.255.255.255 on interface vmx1
DEBUG [kea-dhcp4.dhcpsrv/38691.0x80173a000] DHCPSRV_CFGMGR_SUBNET4_ADDR selected subnet 10.2.0.0/16 for packet received by matching address 10.2.0.8
DEBUG [kea-dhcp4.packets/38691.0x80173a000] DHCP4_SUBNET_SELECTED [hwtype=1 34:e3:80:13:a5:60], cid=[ff:00:01:00:01:00:03:00:01:34:e3:80:13:a5:60], tid=0x5d0d759e: the subnet with ID 167903232 was selected for client assignments
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 167903232, identified by hwaddr=34E38013A560
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: hwaddr=34E38013A560
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=34E38013A560, found 0 host(s)
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 167903232 and identifier hwaddr=34E38013A560
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 167903232, identified by duid=0003000134E38013A560
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: duid=0003000134E38013A560
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier duid=0003000134E38013A560, found 0 host(s)
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 167903232 and identifier duid=0003000134E38013A560
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 167903232, identified by circuit-id=011630352D33362D5350302D303030343137352D31303230
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: circuit-id=011630352D33362D5350302D303030343137352D31303230
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier circuit-id=011630352D33362D5350302D303030343137352D31303230, found 0 host(s)
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 167903232 and identifier circuit-id=011630352D33362D5350302D303030343137352D31303230
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 167903232, identified by client-id=FF000100010003000134E38013A560
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: client-id=FF000100010003000134E38013A560
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier client-id=FF000100010003000134E38013A560, found 0 host(s)
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 167903232 and identifier client-id=FF000100010003000134E38013A560
DEBUG [kea-dhcp4.dhcp4/38691.0x80173a000] DHCP4_CLASS_ASSIGNED [hwtype=1 34:e3:80:13:a5:60], cid=[ff:00:01:00:01:00:03:00:01:34:e3:80:13:a5:60], tid=0x5d0d759e: client packet has been assigned to the following class(es): UNKNOWN
DEBUG [kea-dhcp4.dhcp4/38691.0x80173a000] DHCP4_CLASS_ASSIGNED [hwtype=1 34:e3:80:13:a5:60], cid=[ff:00:01:00:01:00:03:00:01:34:e3:80:13:a5:60], tid=0x5d0d759e: client packet has been assigned to the following class(es): ALL, VENDOR_CLASS_geneos-lunar-3.13.1-R,lunar,platinum-7840,dslforum.org, USER_CLASS4, USER_CLASS6, USER_CLASS7, USER_CLASS9, USER_CLASS10, UNKNOWN
DEBUG [kea-dhcp4.ddns/38691.0x80173a000] DHCP4_CLIENT_HOSTNAME_PROCESS [hwtype=1 34:e3:80:13:a5:60], cid=[ff:00:01:00:01:00:03:00:01:34:e3:80:13:a5:60], tid=0x5d0d759e: processing client's Hostname option
DEBUG [kea-dhcp4.dhcpsrv/38691.0x80173a000] DHCPSRV_MEMFILE_GET_CLIENTID obtaining IPv4 leases for client ID ff:00:01:00:01:00:03:00:01:34:e3:80:13:a5:60
DEBUG [kea-dhcp4.dhcpsrv/38691.0x80173a000] DHCPSRV_MEMFILE_GET_HWADDR obtaining IPv4 leases for hardware address hwtype=1 34:e3:80:13:a5:60
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4 get one host with reservation for subnet id 167903232 and IPv4 address 10.2.175.149
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_ADDRESS4 get all hosts with reservations for IPv4 address 10.2.175.149
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ALL_ADDRESS4_COUNT using address 10.2.175.149, found 0 host(s)
DEBUG [kea-dhcp4.hosts/38691.0x80173a000] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4_NULL host not found using subnet id 167903232 and address 10.2.175.149
DEBUG [kea-dhcp4.dhcpsrv/38691.0x80173a000] DHCPSRV_MEMFILE_GET_ADDR4 obtaining IPv4 lease for address 10.2.175.149
DEBUG [kea-dhcp4.alloc-engine/38691.0x80173a000] ALLOC_ENGINE_V4_REQUEST_OUT_OF_POOL client [hwtype=1 34:e3:80:13:a5:60], cid=[ff:00:01:00:01:00:03:00:01:34:e3:80:13:a5:60], tid=0x5d0d759e, which doesn't have a reservation, requested address 10.2.175.149 out of the dynamic pool
DEBUG [kea-dhcp4.bad-packets/38691.0x80173a000] DHCP4_PACKET_NAK_0004 [hwtype=1 34:e3:80:13:a5:60], cid=[ff:00:01:00:01:00:03:00:01:34:e3:80:13:a5:60], tid=0x5d0d759e: failed to grant a lease, client sent ciaddr 10.2.175.149, requested-ip-address (no address)
```
**Contacting you**
j.bekkers at e-quest dot nlkea2.1.0Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2319Add the ability to display the BADCOOKIE message to dig when +badcookie is ac...2022-04-26T13:16:07ZMark AndrewsAdd the ability to display the BADCOOKIE message to dig when +badcookie is activeSeptember 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/kea/-/issues/1583bump lib version for kea 1.8.22020-12-04T10:49:24ZRazvan Becheriubump lib version for kea 1.8.2bump lib version for kea 1.8.2bump lib version for kea 1.8.2kea1.8.2Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/dhcp/-/issues/155strange KEAMA Usage string - possible fix2023-05-17T11:22:23ZCarsten Strotmannstrange KEAMA Usage string - possible fixHi,
the KeaMA usage string looks strange: an extra escaped newline control char in the middle of the string, and a closing ']' missing. Attached a small patch that fix this.
[0001-fixed-KEAMA_USAGE-define.patch](/uploads/ff0f20638f1cd3...Hi,
the KeaMA usage string looks strange: an extra escaped newline control char in the middle of the string, and a closing ']' missing. Attached a small patch that fix this.
[0001-fixed-KEAMA_USAGE-define.patch](/uploads/ff0f20638f1cd3cd04964826f490ea22/0001-fixed-KEAMA_USAGE-define.patch)
Date: Mon, 30 Nov 2020 14:16:34 +0100
Subject: [PATCH] fixed KEAMA_USAGE define
---
keama/keama.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/keama/keama.c b/keama/keama.c
index d6573dbc..922aa0ae 100644
--- a/keama/keama.c
+++ b/keama/keama.c
@@ -33,7 +33,7 @@
#include "keama.h"
#define KEAMA_USAGE› "Usage: keama [-4|-6] [-D] [-N]" \
-› › › " [-r {perform|fatal|pass}\\n" \
+› › › " [-r {perform|fatal|pass}]" \
› › › " [-l hook-library-path]" \
› › › " [-i input-file] [-o output-file]\n"
--
2.29.2https://gitlab.isc.org/isc-projects/dhcp/-/issues/154KeaMA build instructions: source tar file not available2020-12-01T08:44:48ZCarsten StrotmannKeaMA build instructions: source tar file not availableThe instructions in the wiki on how to obtain the source code for building KeaMA are broken, the link provided:
`https://gitlab.isc.org/isc-projects/dhcp/-/archive/migration-assistant/dhcp-migration-assistant.tar.gz`
does not point to a ...The instructions in the wiki on how to obtain the source code for building KeaMA are broken, the link provided:
`https://gitlab.isc.org/isc-projects/dhcp/-/archive/migration-assistant/dhcp-migration-assistant.tar.gz`
does not point to a valid resource.
Recommendation: create a stable download link or change documentation to checkout the source from git.https://gitlab.isc.org/isc-projects/stork/-/issues/461Config Review component needed: step 1(design)2021-11-17T11:18:42ZTomek MrugalskiConfig Review component needed: step 1(design)While working on #433 (Stork not able to show stats if stat_cmds hook is not loaded), I realized that there will be many cases like this. Instead of adding specific check for this particular case, I think we need a new component that wil...While working on #433 (Stork not able to show stats if stat_cmds hook is not loaded), I realized that there will be many cases like this. Instead of adding specific check for this particular case, I think we need a new component that will do the Kea config inspection.
For the time being, the checks will be simple:
- if the stat_cmds hook is not loaded, show a note about missing statistics
The code should be written in a way that will be easily extensible with other checks in the future. If possible each entry should be shown as a separate line (maybe an itemized list?). In the far future, we'll probably extend this with a "fix" button that would improve the underlying condition.
Those are not necessarily warnings, more like notes. In many cases it's impossible to tell if certain aspect is a problem or not (e.g. the deployment may not use DB for storing reservations, so they don't care about host cmds). This shouldn't be alarmist.
Here's a bunch of potential things we may check here. Those are out of scope for this ticket. I'm putting them to give you a better perspective how to address the extensibility requirement:
- if the host_cmds hook is not loaded, show a note about being unable to monitor reservations in DB (not included in initial implementation)
- if there is only one subnet in a shared network, suggest disabling shared network;
- if there is in-pool reservation enabled, but there are no in-pool reservations, suggest out-of-pool as better performant;
- if there is custom option definition, but no option-data that uses it, suggest removing unused defintions;
- if there are subnets without any pools and no reservations, suggest removing unused subnets;
- inspect HA configs of both servers and make sure there are no discrepancies;
- it's possible to misconfigure ports in HA+MT configuration, so it's still connecting via CA rather than with DHCP directly.
The follow-up ticket with many more checkers expected is #611.0.22Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/2318dig: REQUIRE(sock->parent == ((void *)0)) assertion failed in TCP mode2020-12-09T09:53:32ZMichał Kępieńdig: REQUIRE(sock->parent == ((void *)0)) assertion failed in TCP modeThis happened for `main`, on OpenBSD:
https://gitlab.isc.org/isc-projects/bind9/-/jobs/1329045
```
I:dns64:checking non-mapped A via CNAME lookup is signed zone works with +dnssec (154)
netmgr/netmgr.c:963: REQUIRE(sock->parent == ((vo...This happened for `main`, on OpenBSD:
https://gitlab.isc.org/isc-projects/bind9/-/jobs/1329045
```
I:dns64:checking non-mapped A via CNAME lookup is signed zone works with +dnssec (154)
netmgr/netmgr.c:963: REQUIRE(sock->parent == ((void *)0)) failed.
Abort trap (core dumped)
```
```
D:dns64:Core was generated by `dig'.
D:dns64:Program terminated with signal SIGABRT, Aborted.
D:dns64:#0 thrkill () at /tmp/-:3
D:dns64:[Current thread is 1 (process 143154)]
D:dns64:#0 thrkill () at /tmp/-:3
D:dns64:#1 0x000009cac4e874be in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51
D:dns64:#2 0x000009cacc5eef15 in isc_assertion_failed (file=<optimized out>, line=<optimized out>, type=<optimized out>, cond=<optimized out>) at assertions.c:47
D:dns64:#3 0x000009cacc5cd80c in isc__nmsocket_prep_destroy (sock=<optimized out>) at netmgr/netmgr.c:963
D:dns64:#4 0x000009cacc5d160f in isc_nm_tcpconnect (mgr=<optimized out>, local=0x9c844760df0 <localaddr>, peer=<optimized out>, cb=<optimized out>, cbarg=<optimized out>, timeout=<optimized out>, extrahandlesize=0) at netmgr/tcp.c:373
D:dns64:#5 0x000009cacc5d55e7 in isc_nm_tcpdnsconnect (mgr=0x9ca98339000, local=0x6, peer=0x0, cb=0x9c844757e00 <tcp_connected>, cbarg=0x9ca9835a008, timeout=0, extrahandlesize=0) at netmgr/tcpdns.c:850
D:dns64:#6 0x000009c8447561c4 in start_tcp (query=0x9ca9835a008) at dighost.c:2837
D:dns64:#7 0x000009c84475678c in onrun_callback (task=<optimized out>, event=0x0) at dighost.c:4179
D:dns64:#8 0x000009cacc610594 in dispatch (manager=0x9ca98350000, threadid=<optimized out>) at task.c:1152
D:dns64:#9 run (queuep=<optimized out>) at task.c:1344
D:dns64:#10 0x000009ca616abe21 in _rthread_start (v=<optimized out>) at /usr/src/lib/librthread/rthread.c:96
D:dns64:#11 0x000009cac4e4df48 in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:77
D:dns64:#12 0x0000000000000000 in ?? ()
```
I believe I have only seen this specific crash once so far, so this is
not critical, but it also does not look OS-specific.December 2020 (9.11.26, 9.11.26-S1, 9.16.10, 9.16.10-S1, 9.17.8)