ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2022-11-02T15:10:18Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/1768DHCPv6: pkt6 send failed: sendmsg() returned with an error: Message too long2022-11-02T15:10:18ZlaaubertDHCPv6: pkt6 send failed: sendmsg() returned with an error: Message too long---
**Describe the bug**
I have IoT endpoints which get their IPv6 address via a relay and using rapid-commit. Due to the nature of the IoT network, those devices will reconnect to the network pretty often and asks for a DHCPv6 address ...---
**Describe the bug**
I have IoT endpoints which get their IPv6 address via a relay and using rapid-commit. Due to the nature of the IoT network, those devices will reconnect to the network pretty often and asks for a DHCPv6 address each time either via the same relay or another one (meaning the endpoint will receive a v6 address from a different subnet).
After sometimes (I wasn't able to identify any specific trigger yet), KEA will stop replying to the requests and will start logging the following error message:
```
2021-03-24 16:12:30.289 INFO [kea-dhcp6.leases/1] DHCP6_LEASE_ALLOC duid=[00:03:00:06:74:88:bb:10:00:ea:b3:3e], tid=0x53cf3f: lease for address fd12:0:0:2::3 and iaid=0 has been allocated for 2592000 seconds
2021-03-24 16:12:30.289 WARN [kea-dhcp6.alloc-engine/1] ALLOC_ENGINE_V6_ALLOC_FAIL duid=[00:03:00:06:74:88:bb:10:00:ea:b3:3e], tid=0x53cf3f: failed to allocate an IPv6 address after 0 attempt(s)
2021-03-24 16:12:30.290 ERROR [kea-dhcp6.packets/1] DHCP6_PACKET_SEND_FAIL failed to send DHCPv6 packet: pkt6 send failed: sendmsg() returned with an error: Message too long
```
The Warning message can be ignored and is due because the endpoints ask for IPv6 PD and KEA is not configured with any.
At this point, the only way to recover is to delete the leases csv file and restart the DHCP server. It will recreate a new one and load the previous leases from kea-leases6.csv.2
**To Reproduce**
- Run Kea dhcpv6 daemon. ([kea-dhcp6.conf](/uploads/782c0c08bf7afab44d19ef86056156c3/kea-dhcp6.conf))
- The IoT endpoints sends a DHCPv6 solicit which is relayed by a router
- Initially, the server does the address allocation and sends its reply to the relay
- After sometime, the server stops replying to the relays and log the "Message too long" error.
**Expected behavior**
The server should be able to reply to a valid DHCPv6 sollicit in a consistent and reliable way.
**Environment:**
- Kea version: 1.6.3
- OS: Ubuntu 20.04 (based layer for a docker image deployed on a Centos7 host)
- Leases DB: memfile
**Additional Information**
- kea-leases6.csv lease file when the issue is happening: [kea-leases6.csv](/uploads/be1a64f3e7df83960106219b81ca80b7/kea-leases6.csv)
- kea-leases6.csv.2 lease file when the issue is happening: [kea-leases6.csv.2](/uploads/016f8c6f98395580ff4ab3453903f88c/kea-leases6.csv.2)
**Contacting you**
e-mailbacklogTomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/1767check static analysers reports2022-11-02T15:10:18ZWlodzimierz Wencelcheck static analysers reportsRecent increased interest in security reminded me that it was some time since anyone looked into our static analysers, reports are:
* https://scan.coverity.com/projects/kea/view_defects (if you don't have an account please sign in and re...Recent increased interest in security reminded me that it was some time since anyone looked into our static analysers, reports are:
* https://scan.coverity.com/projects/kea/view_defects (if you don't have an account please sign in and request access to kea)
* https://jenkins.isc.org/view/All/job/kea-master-cppcheck-internal/
We need:
* review reports
* in coverity mark issues with correct status
* open tickets for real issues
* fix issues :)backlogRazvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1765move header only files about test utils2022-11-02T15:10:19ZFrancis Dupontmove header only files about test utilsIn src/lib/testutils the two files sandbox.h and gtest_utils.h are header only (i.e. it is enough to include them: no need to link with libkea-testutils.la). I propose to move them to src/lib/util/unittests keeping of course the header o...In src/lib/testutils the two files sandbox.h and gtest_utils.h are header only (i.e. it is enough to include them: no need to link with libkea-testutils.la). I propose to move them to src/lib/util/unittests keeping of course the header only property. The idea is to avoid spurious consideration about not existent dependency when these two standalone files are used in a library before testutils...backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1764Remove massive duplication in http/tls tests code2022-11-02T15:10:17ZTomek MrugalskiRemove massive duplication in http/tls tests codeThe !1116 branch introduced TLS socket and tests. The tests reused existing HTTP tests, which caused massive code duplication. The goal of this ticket is to remove duplication between the following files:
- tls_client_unittests.cc
- tls...The !1116 branch introduced TLS socket and tests. The tests reused existing HTTP tests, which caused massive code duplication. The goal of this ticket is to remove duplication between the following files:
- tls_client_unittests.cc
- tls_server_unittests.cc
- server_client_unittests.cc
See comments https://gitlab.isc.org/isc-projects/kea/-/merge_requests/1116#note_200522 and https://gitlab.isc.org/isc-projects/kea/-/merge_requests/1116#note_200526.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1763create validation script for headers dependencies - instruct how to correctly...2023-02-10T10:49:29ZRazvan Becheriucreate validation script for headers dependencies - instruct how to correctly make Makefile dependenciesbacklogRazvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/stork/-/issues/513Publish Stork API docs2022-11-16T11:54:50ZTomek MrugalskiPublish Stork API docsWe do have Stork API documentation available in the Stork itself. However, during discussions with a potential contractor, a topic of the API doc availability came up. We should publish the docs somewhere, so the docs are easily accessible.We do have Stork API documentation available in the Stork itself. However, during discussions with a potential contractor, a topic of the API doc availability came up. We should publish the docs somewhere, so the docs are easily accessible.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/512update UI system test after TLS changes2022-03-01T14:13:14ZWlodzimierz Wencelupdate UI system test after TLS changesGUI changed during TLS implementation, and now GUI system tests are useless. We need to update them and integrate with CI in gitlab.GUI changed during TLS implementation, and now GUI system tests are useless. We need to update them and integrate with CI in gitlab.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1756Consider signing up Kea for the free Google OSS-fuzz scanning program2022-11-02T15:10:20ZVicky Riskvicky@isc.orgConsider signing up Kea for the free Google OSS-fuzz scanning programYou add your project to the google oss-fuzzing project by submitting a pull request. We did this for BIND. It uses multiple fuzzers, and I think in the case of BIND, we were already running all but one of these in house. They don't publi...You add your project to the google oss-fuzzing project by submitting a pull request. We did this for BIND. It uses multiple fuzzers, and I think in the case of BIND, we were already running all but one of these in house. They don't publish your bugs right away, but report them to the project privately first, so you can fix them before they are published.
https://github.com/google/oss-fuzz/tree/master/projectsbackloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1754Botan option in hammer2022-11-02T15:10:18ZFrancis DupontBotan option in hammerI'd like to get a Botan option in hammer. It does not need to cover all systems.
Note I can only help indirectly: vagrant does not support VMware Fusion, I deeply dislike VirtualBox and since Big Sur some advanced CPU features are no al...I'd like to get a Botan option in hammer. It does not need to cover all systems.
Note I can only help indirectly: vagrant does not support VMware Fusion, I deeply dislike VirtualBox and since Big Sur some advanced CPU features are no allowed so no VM inside a VM too. At the opposite I can find what is the package to use when it exists so my constraint is only in direct testing (i.e. I can't review).
I'll look at for the Botan boost support too but it is 4 header files so something potentially easier than to add --with-boost in package sources and rebuild them.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1746multiple contact points for MySQL and PostgreSQL2023-04-06T12:02:31ZAndrei Pavelandrei@isc.orgmultiple contact points for MySQL and PostgreSQLFor the purpose of highly-available database connectivity, eliminating single point of failures in cluster nodes, and benefitting from Galera and Percona's active-active responsiveness, Kea could use the ability to specify multiple conta...For the purpose of highly-available database connectivity, eliminating single point of failures in cluster nodes, and benefitting from Galera and Percona's active-active responsiveness, Kea could use the ability to specify multiple contact points in the same database access set.
Ideally, it would be less work if you could pass the responsibility of shuffling through the nodes onto the database library, like in Cassandra.
But if this is not an option, to avoid contention on selecting the connection to be used, a connection could be randomly chosen by each thread.
Design document: TODObackloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1744DB_LOG_* implementation using logger stack does not work properly in MT2022-11-02T15:10:18ZRazvan BecheriuDB_LOG_* implementation using logger stack does not work properly in MTThe logger stack can be changed by a different thread before the current thread has the chance to log the message resulting in logs being added to undesired/other logger.The logger stack can be changed by a different thread before the current thread has the chance to log the message resulting in logs being added to undesired/other logger.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1742perfdhcp complains about wrong exchange when receiving reply in rapid-commit ...2022-11-02T15:10:20ZAndrei Pavelandrei@isc.orgperfdhcp complains about wrong exchange when receiving reply in rapid-commit modeThese are relevant options accepted by perfdhcp (description seems wrong, shouldn't exchange be SOLICIT-REPLY?):
```
-c Adds a rapid-commit option (exchanges will be SOLICIT-ADVERTISE).
-i Performs only the initial ...These are relevant options accepted by perfdhcp (description seems wrong, shouldn't exchange be SOLICIT-REPLY?):
```
-c Adds a rapid-commit option (exchanges will be SOLICIT-ADVERTISE).
-i Performs only the initial part of the exchange: DISCOVER-OFFER if -4 is selected, SOLICIT-ADVERTISE
if -6 is chosen.
```
This is a warning that you get if you try to use `-c` without `-i`:
```
"-i must be set to use -c"
```
but then perfdhcp complains:
```
ERROR: running perfdhcp: Packets exchange not specified
```
```
ExchangesMapIterator it = exchanges_.find(xchg_type);
if (it == exchanges_.end()) {
isc_throw(BadValue, "Packets exchange not specified");
}
```
The fix could be as simple as allowing `-c` without `-i`.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1739Implement FORCERENEW support (RFC3203)2022-11-02T17:06:58ZTomek MrugalskiImplement FORCERENEW support (RFC3203)This is roughly a v4 equivalent of RECONFIGURE message in v6. This is not a popular feature (due to lack of support among clients), but it is being requested sporadically.
* [asking about forcerenew on kea-users](https://lists.isc.org/p...This is roughly a v4 equivalent of RECONFIGURE message in v6. This is not a popular feature (due to lack of support among clients), but it is being requested sporadically.
* [asking about forcerenew on kea-users](https://lists.isc.org/pipermail/kea-users/2020-October/002910.html)
* [another one from 2017](http://kea-users.7364.n8.nabble.com/Kea-users-FORCERENEW-feature-td435.html)backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1738Improve VLAN filtering for raw sockets2024-03-14T10:45:38ZTomek MrugalskiImprove VLAN filtering for raw socketsThere were several reports of users struggling with mixed VLAN setups: some interfaces are physical and some are tagged:
* https://lists.isc.org/pipermail/kea-users/2020-February/002619.html (the discussion is long)
The goal of this ti...There were several reports of users struggling with mixed VLAN setups: some interfaces are physical and some are tagged:
* https://lists.isc.org/pipermail/kea-users/2020-February/002619.html (the discussion is long)
The goal of this ticket is to extend the LPF/BPF code to better handle tagged packets.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/506Remember user preferences2021-10-12T13:12:40ZTomek MrugalskiRemember user preferencesDuring UI review, Cathy changed various lists to show 30 items rather then the default of 10. This information is forgotten as soon as you navigate away from the page. This information should be persistent to some degree. Maybe stored in...During UI review, Cathy changed various lists to show 30 items rather then the default of 10. This information is forgotten as soon as you navigate away from the page. This information should be persistent to some degree. Maybe stored in cookies?
Over time, there will be a lot more personal preferences that we should keep somehow. So the solution should be more flexible than just this example.
For background, see #278, second to last item.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/505App list should show IP address in the "Machine Address" column2022-11-16T11:54:50ZTomek MrugalskiApp list should show IP address in the "Machine Address" columnThis is a follow up to #301. The machine address should show IP address, not the hostname.This is a follow up to #301. The machine address should show IP address, not the hostname.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/502Resizing down the browser window makes text overlap and thus not readable2022-11-16T11:54:50ZAndrei Pavelandrei@isc.orgResizing down the browser window makes text overlap and thus not readableIdeally, you would want some generic logic that automatically resizes elements, text, everything down so that it is visible. Maybe add the ability to add weights to the elements so that some are resized more than others.Ideally, you would want some generic logic that automatically resizes elements, text, everything down so that it is visible. Maybe add the ability to add weights to the elements so that some are resized more than others.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/501Comment STORK_DATABASE_PASSWORD in etc/server.env2022-11-16T11:54:50ZAndrei Pavelandrei@isc.orgComment STORK_DATABASE_PASSWORD in etc/server.envI saw the `# empty password is set to avoid prompting user for password to database`, but I refuse to think that this is something that some simple engineering can't fix. This should only be here if there are users who want to get prompt...I saw the `# empty password is set to avoid prompting user for password to database`, but I refuse to think that this is something that some simple engineering can't fix. This should only be here if there are users who want to get prompted for their passwords. These users will want to comment out the password. Even then maybe it should be a separate variable? Like `PROMPT_USER_FOR_PASSWORD`?
I think this change would make the interfacing with the user more pleasant.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/493Make getState API unavailable for unauthorized machines2022-11-16T11:54:51ZTomek MrugalskiMake getState API unavailable for unauthorized machinesFollowing on [Marcin's response](https://gitlab.isc.org/isc-projects/stork/-/merge_requests/272/diffs#note_196568), we need to tighten up getState API command. Here's the original issue:
1. start the demo
1. go to machines, show unautho...Following on [Marcin's response](https://gitlab.isc.org/isc-projects/stork/-/merge_requests/272/diffs#note_196568), we need to tighten up getState API command. Here's the original issue:
1. start the demo
1. go to machines, show unauthorized
1. click on the machine name (I used agent-kea-ha2)
1. click on the get latest state
This scenario is no longer possible from the UI as Marcin blocked the GetState button, but it's still possible using API. There should be an API check that would fail if machine is not authorized.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/491Consider having at least one machine unregistered in the demo2022-11-16T11:54:50ZMarcin SiodelskiConsider having at least one machine unregistered in the demoCurrently, all agents in the demo setup use agent token based registration to connect with the server. When you start the demo, all of the agents are awaiting authorization. In the review of #483, @tomek suggested that at least one demo ...Currently, all agents in the demo setup use agent token based registration to connect with the server. When you start the demo, all of the agents are awaiting authorization. In the review of #483, @tomek suggested that at least one demo agent should be registrable using the command line. The following is the original comment:
https://gitlab.isc.org/isc-projects/stork/-/merge_requests/272#note_196567backlog