ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2018-10-16T12:55:38Zhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/17Only test a IP address once2018-10-16T12:55:38ZMark AndrewsOnly test a IP address oncehttps://gitlab.isc.org/isc-projects/dhcp/-/issues/17Log messages always additionally print to console, even in release builds2020-02-13T13:43:02ZJoe LeVequeLog messages always additionally print to console, even in release builds---
name: Log messages always additionally print to console, even in release builds
---
**Describe the bug**
Lines [40-44 of omapip/errwarn.c](https://gitlab.isc.org/isc-projects/dhcp/blob/master/omapip/errwarn.c#L40) define `log_per...---
name: Log messages always additionally print to console, even in release builds
---
**Describe the bug**
Lines [40-44 of omapip/errwarn.c](https://gitlab.isc.org/isc-projects/dhcp/blob/master/omapip/errwarn.c#L40) define `log_perror` differently based on whether or not it is a DEBUG build. This is done in order to print all log messages to stderr in addition to logging them to syslog *if* compiled with `DEBUG` defined.
However, the definitions are currently as follows:
```
#ifdef DEBUG
int log_perror = -1;
#else
int log_perror = 1;
#endif
```
Therefore, `log_perror` is **always** nonzero no matter whether `DEBUG` is defined or not, thus **always** causing all log_*() functions to print log messages to stderr in addition to logging them to syslog.
For our application, we are redirecting output from stderr to syslog, and we have a very noisy log because we are seeing all log messages at INFO level and above twice as well as all DEBUG-level messages show up in our syslogs, even though DEBUG-level messages are disabled in release builds.
Please let me know if you have any questions.
**To Reproduce**
1. Compile dhcp in non-DEBUG mode (i.e., don't define `DEBUG`)
2. Run a DHCP program (e.g., dhcrelay) in non-daemon mode (or run in daemon mode but make sure to have a facility to redirect stderr to somewhere visible, like syslog)
3. Notice that all log_*() functions are also echoed to stderr, although they should not be
**Expected behavior**
If compiled without defining `DEBUG`, log messages should *not* also get output to stderr
**Environment:**
- ISC DHCP version: All releases (it appears this bug has existed since 1/26/2000)
- OS: All
**Additional Information**
I originally submitted this bug via your old bug reporting system as "ISC-Bugs #47288" on 3/8/2018. It appears that system was deprecated soon thereafter?
**Describe the solution you'd like**
A quick and simple fix is below:
```
#ifdef DEBUG
int log_perror = 1;
#else
int log_perror = 0;
#endif
```Outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/13Stork architecture design2020-05-08T14:26:34ZTomek MrugalskiStork architecture designWe need a high level Stork design. It should cover at least the following:
- overall architecture
- what tasks Stork agent has to do
- backend role, in particular how to handle tasks in the background (such as monitoring for failure eve...We need a high level Stork design. It should cover at least the following:
- overall architecture
- what tasks Stork agent has to do
- backend role, in particular how to handle tasks in the background (such as monitoring for failure events, such as server going down, running out of addresses in dhcp or sending srvfail in dns)
- database interaction
- prometheus integration0.7Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/17Basic repo layout (changelog, readme, authors, contributing)2019-10-14T18:19:38ZTomek MrugalskiBasic repo layout (changelog, readme, authors, contributing)We need some basic information in the repo:
- changelog
- readme
- contributor's gude
- authors fileWe need some basic information in the repo:
- changelog
- readme
- contributor's gude
- authors file0.7https://gitlab.isc.org/isc-projects/kea/-/issues/41Kea should be able to print performance metrics2023-01-09T12:25:26ZGhost UserKea should be able to print performance metricsWhen debugging an issue, it became clear that finding out how long it takes Kea to process a packet and actually send a response is difficult. It requires matching different log entries, which sometimes is very problematic if there are m...When debugging an issue, it became clear that finding out how long it takes Kea to process a packet and actually send a response is difficult. It requires matching different log entries, which sometimes is very problematic if there are multiple packets sent from a client.
We should develop a way to measure how long it takes to process a packet. The easiest way will be to use a stopwatch (see src/lib/util/stopwatch.h). I think we should remember the timestamp somewhere in Pkt4 (and possibly Pkt6) very early when the packet is received (perhaps in Pkt4 constructor?) and then print the interval value once the response packet is being sent out.
I think it would be useful to have separate logger for this, maybe call it performance or perf? If the concept proves to be useful, we may soon extend it to print out more detailed information about different stages (it took X ms to find host reservation, Y ms to select a lease, Z ms to do DNS update etc).backloghttps://gitlab.isc.org/isc-projects/bind9/-/issues/17Revise the usage of custom assertions (Design by Contract)2023-12-22T10:28:30ZOndřej SurýRevise the usage of custom assertions (Design by Contract)The usage of Design by Contract should be reviewed and there are several steps that needs to be taken:
* [ ] trust your own code
* [ ] but write a covering unit tests when refactoring
* [ ] reduce the number of assertions just to places...The usage of Design by Contract should be reviewed and there are several steps that needs to be taken:
* [ ] trust your own code
* [ ] but write a covering unit tests when refactoring
* [ ] reduce the number of assertions just to places with user input
* [ ] use `-NDEBUG` controlled assertions for production build where appropriate
* [ ] keep some run time assertions, but as we progress with refactoring, reduce the number by replacing with proper checks
I am inclined to throw away this whole Design By Contract philosophy and go f.e. with [Defensive Programming](https://en.wikipedia.org/wiki/Defensive_programming) / [Offensive Programming](https://en.wikipedia.org/wiki/Offensive_programming).
I don't buy this whole no-RCE bug in years. I understand it was a good step after BIND 8, but again the world has moved on, and RCE can be much better mitigated at system level, and any class of remote vulnerability is basically the same category now.
This is obviously not something that could be done overnight, but rather we should rethink the whole philosophy and make changes when refactoring the code.
# TL;DR
## Defensive programming
Defensive programming is an approach to improve software and source code, in terms of:
* General quality – reducing the number of software bugs and problems.
* Making the source code comprehensible – the source code should be readable and understandable so it is approved in a code audit.
* Making the software behave in a predictable manner despite unexpected inputs or user actions.
## Offensive programming
Offensive programming is concerned with failing, so to disprove the programmer's assumptions. Producing an error message may be a secondary goal.
Strategies:
* No unnecessary checks: Trusting that other software components behave as specified, so to not paper over any unknown problem, is the basic principle. In particular, some errors may already be guaranteed to crash the program (depending on programming language or running environment), for example dereferencing a null pointer. As such, null pointer checks are unnecessary for the purpose of stopping the program (but can be used to print error messages).
* Assertions – checks that can be disabled – are the preferred way to check things that should be unnecessary to check, such as design contracts between software components.
* Remove fallback code (limp mode) and fallback data (default values): These can hide defects in the main implementation, or, from the user point of view, hide the fact that the software is working suboptimally. Special attention to unimplemented parts may be needed as part of factory acceptance testing, as yet unimplemented code is at no stage of test driven development discoverable by failing unit tests.
* Remove shortcut code (see the strategy pattern): A simplified code path may hide bugs in a more generic code path if the generic code almost never gets to run. Since the two are supposed to produce the same result, the simplified one can be eliminated.https://gitlab.isc.org/isc-projects/kea/-/issues/17Remove kea/doc/design and the contents, which all relate to DNS and BIND102018-09-04T19:56:20ZVicky Riskvicky@isc.orgRemove kea/doc/design and the contents, which all relate to DNS and BIND10I would have take a swing at removing this, but I don't know how to. If we want to archive them somewhere else, I could see doing that, but they are just misleading as they are included with Kea and some people might think they are relev...I would have take a swing at removing this, but I don't know how to. If we want to archive them somewhere else, I could see doing that, but they are just misleading as they are included with Kea and some people might think they are relevant and struggle, for example, with the document on inter-process communication.Kea1.5-beta1https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/18Add support for matching glue to nameservers.2018-10-17T17:41:45ZMark AndrewsAdd support for matching glue to nameservers.https://gitlab.isc.org/isc-projects/dhcp/-/issues/18Bundle BIND9 version-correct tar ball into the main repo2019-11-18T15:24:12ZThomas MarkwalderBundle BIND9 version-correct tar ball into the main repoThe BIND9 tarball, Makefile.in and version file were added dhcp/bind directory on the migration-assistant branch. This makes it possible to pull everything needed in just our repo and ensures you have correct version of bind9. It elimi...The BIND9 tarball, Makefile.in and version file were added dhcp/bind directory on the migration-assistant branch. This makes it possible to pull everything needed in just our repo and ensures you have correct version of bind9. It eliminates outsiders needing to run util/bind.sh. We need to follow suit and do this to main repo. Either that or we simply merge the migration-assistant branch into master.4.4.2https://gitlab.isc.org/isc-projects/kea/-/issues/42Congestion handling2018-11-08T14:15:12ZGhost UserCongestion handlingI propose two ways to control the receive queue to avoid big backlogs which can happen when servicing is too slow (and the fact clients retransmit of course does not help at all).
First is the POSIX `setsockopt(SO_RCVBUF)` which sets th...I propose two ways to control the receive queue to avoid big backlogs which can happen when servicing is too slow (and the fact clients retransmit of course does not help at all).
First is the POSIX `setsockopt(SO_RCVBUF)` which sets the maximum size in bytes of the socket receive queue. When the queue is full (i.e. an incoming packet is bigger than the maximum minus the current size) new packets are dropped instead added at the end of the queue.
This allows to avoid big backlog but as it drops new packets it is not the best/only solution.
Second idea is to use `ioctl(FIONREAD)` which returns the current size in bytes of the receive queue (very efficient system call BTW). I propose to use it in two ways:
- when it returns a large value (threshold to determine) packets should be simply popped and dropped.
- after servicing a packet it is more efficient to look at if there is another one than to come back to select (a real performance pig). Of course only a limited (another parameter to determine) number of packets should be serviced because the select loop includes other services.
About the last part of the second idea I refer to the AFTR code where I implemented this.
Note there is a big theoretical and practical background on the way to manage queue in high load / congestion situations, e.g RED (Random Early Detection). A good subject for a student...
The earlier issue that covered initial discussion and some experiments is #49. Adding the number for easier reference.Kea1.5-beta1Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/bind9/-/issues/18Replace buffered IO (fopen) with unbuffered IO (open)2023-12-22T10:28:30ZOndřej SurýReplace buffered IO (fopen) with unbuffered IO (open)The buffered IO is part of C standard, while the unbuffered IO is part of POSIX. We would just need to create a compatibility layer for non-POSIX systems. But otherwise, I see no strong reason for using buffered IO in low level daemons.The buffered IO is part of C standard, while the unbuffered IO is part of POSIX. We would just need to create a compatibility layer for non-POSIX systems. But otherwise, I see no strong reason for using buffered IO in low level daemons.https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/19Using Latest Redhat 7.X ships still with BIND 9.9.4-RedHat-9.9.4-61.el7_5.12019-02-06T03:31:14ZGhost UserUsing Latest Redhat 7.X ships still with BIND 9.9.4-RedHat-9.9.4-61.el7_5.1```
[root@xxx]# named -V
BIND 9.9.4-RedHat-9.9.4-61.el7_5.1 (Extended Support Version) <id:8f9657aa> built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--pr...```
[root@xxx]# named -V
BIND 9.9.4-RedHat-9.9.4-61.el7_5.1 (Extended Support Version) <id:8f9657aa> built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--with-geoip' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--enable-exportlib' '--with-export-libdir=/usr/lib64' '--with-export-includedir=/usr/include' '--includedir=/usr/include/bind9' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--enable-fixed-rrset' '--with-tuning=large' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
using OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017
using libxml2 version: 2.9.1
dig -v
DiG 9.9.4-RedHat-9.9.4-61.el7_5.1
dig -h
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,...) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-x dot-notation (shortcut for reverse lookups)
-i (use IP6.INT for IPv6 reverse lookups)
-f filename (batch mode)
-b address[#port] (bind to source address/port)
-p port (specify port number)
-q name (specify query name)
-t type (specify query type)
-c class (specify query class)
-k keyfile (specify tsig key file)
-y [hmac:]name:key (specify named base64 tsig key)
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
-m (enable memory usage debugging)
d-opt is of the form +keyword[=value], where keyword is:
+[no]vc (TCP mode)
+[no]tcp (TCP mode, alternate syntax)
+time=### (Set query timeout) [5]
+tries=### (Set number of UDP attempts) [3]
+retry=### (Set number of UDP retries) [2]
+domain=### (Set default domainname)
+bufsize=### (Set EDNS0 Max UDP packet size)
+ndots=### (Set NDOTS value)
+[no]edns[=###] (Set EDNS version) [0]
+[no]search (Set whether to use searchlist)
+[no]showsearch (Search with intermediate results)
+[no]defname (Ditto)
+[no]recurse (Recursive mode)
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]fail (Don't try next server on SERVFAIL)
+[no]besteffort (Try to parse even illegal messages)
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]adflag (Set AD flag in query)
+[no]cdflag (Set CD flag in query)
+[no]cl (Control display of class in records)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]rrcomments (Control display of per-record comments)
+[no]question (Control display of question)
+[no]answer (Control display of answer)
+[no]authority (Control display of authority)
+[no]additional (Control display of additional)
+[no]stats (Control display of statistics)
+[no]short (Disable everything except short
form of answer)
+[no]ttlid (Control display of ttls in records)
+[no]all (Set or clear all display flags)
+[no]qr (Print question before sending)
+[no]nssearch (Search all authoritative nameservers)
+[no]identify (ID responders in short answers)
+[no]trace (Trace delegation down from root [+dnssec])
+[no]dnssec (Request DNSSEC records)
+[no]nsid (Request Name Server ID)
+[no]sigchase (Chase DNSSEC signatures)
+trusted-key=#### (Trusted Key when chasing DNSSEC sigs)
+[no]topdown (Do DNSSEC validation top down mode)
+[no]split=## (Split hex/base64 fields into chunks)
+[no]multiline (Print records in an expanded format)
+[no]onesoa (AXFR prints only one soa record)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)
So i filed a bug to https://bugzilla.redhat.com/show_bug.cgi?id=1640358
```
Description of problem:
```
9.9.13-P1 End-of-Life (EOL) as of July 2018
9.12.2-P2 Current-Stable Sept 2018 / Release Notes (HTML, PDF), EOL April 2019
9.11.4-P2 Current-Stable, ESV Sept 2018 / Release Notes (HTML, PDF), EOL Dec 2021
Version-Release number of selected component (if applicable):
scl
Installed Packages
Name : bind
Arch : x86_64
Epoch : 32
Version : 9.9.4
Release : 61.el7
Size : 4.3 M
Repo : installed
From repo : rhel-7-server-rpms
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
URL : http://www.isc.org/products/BIND/
License : ISC
```
How reproducible:
Try to use the EDNS Test https://ednscomp.isc.org/ednscomp with dig
Steps to Reproduce:
```
1.dig +nocookie +norec +noad +edns=1 +noednsneg soa zone @server
2.dig +nocookie +norec +noad +ednsopt=100 soa zone @server
3.dig +nocookie +norec +noad +edns=1 +noednsneg +ednsopt=100 soa zone @server
4.dig +nocookie +norec +noad +ednsflags=0x80 soa zone @server
```
Actual results:
Option cookie, ednsneg not supported
Expected results:
see https://ednscomp.isc.org/ednscomp
Additional info:
```
https://tools.ietf.org/html/rfc7871
https://dnsflagday.net/
The current DNS suffers from unnecessary delays and an inability to deploy new features. To remediate these problems, vendors of DNS software BIND (ISC), Knot Resolver (CZ.NIC), PowerDNS, and Unbound (NLnet Labs) are going to remove certain workarounds on February 1st, 2019.
This change affects only sites which operate broken software. Are you affected?
Yes, on Redhat 7.x we cannot even test it.
```https://gitlab.isc.org/isc-projects/dhcp/-/issues/19HAVE_SO_BINDTODEVICE referenced before it has a chance to be defined2019-11-22T11:13:17ZJoe LeVequeHAVE_SO_BINDTODEVICE referenced before it has a chance to be defined---
name: HAVE_SO_BINDTODEVICE referenced before it has a chance to be defined
---
**Describe the bug**
In includes/osdep.h, `HAVE_SO_BINDTODEVICE` is referenced on [line 152](https://gitlab.isc.org/isc-projects/dhcp/blob/master/includ...---
name: HAVE_SO_BINDTODEVICE referenced before it has a chance to be defined
---
**Describe the bug**
In includes/osdep.h, `HAVE_SO_BINDTODEVICE` is referenced on [line 152](https://gitlab.isc.org/isc-projects/dhcp/blob/master/includes/osdep.h#L152) in the following conditional:
```
#if defined (USE_BPF_SEND) || defined (USE_NIT_SEND) || \
defined (USE_DLPI_SEND) || defined (USE_UPF_SEND) || \
defined (USE_LPF_SEND) || \
(defined (USE_SOCKET_SEND) && defined (HAVE_SO_BINDTODEVICE))
# define USE_SOCKET_FALLBACK
# define USE_FALLBACK
#endif
```
However, it might not get defined until [line 267](https://gitlab.isc.org/isc-projects/dhcp/blob/master/includes/osdep.h#L267), as follows:
```
#if defined (SO_BINDTODEVICE) && !defined (HAVE_SO_BINDTODEVICE)
# define HAVE_SO_BINDTODEVICE
#endif
```
Therefore, if `USE_SOCKET_SEND` is defined, it is possible that `USE_SOCKET_FALLBACK` and `USE_FALLBACK` will not get defined, even though they should, simply because `HAVE_SO_BINDTODEVICE` is referenced before it has had a chance to get defined.
**To Reproduce**
Steps to reproduce the behavior:
1. Add a `#pragma message()` line inside the first `#if` block mentioned above (e.g., at line 153 of includes/osdep.h) so that the preprocessor will print the message if it enters the block
2. Compile isc-dhcp on a system which defines `SO_BINDTODEVICE` (e.g., Debian Stretch), while also defining `USE_SOCKETS` (e.g., via the `--enable-use-sockets` configure flag)
3. Note that the message does not print, although it should
**Expected behavior**
`HAVE_SO_BINDTODEVICE` should have an opportunity to be defined before it is referenced
**Environment:**
- ISC DHCP version: All versions since commit d758ad8cac9c00c70cfe4dd459bf7e87c268c579 (pre-version 4.0.0)
- OS: Debian Jessie/Stretch, most likely many other Linux flavors
- Which features were compiled in: `USE_SOCKETS`
**Describe the solution you'd like**
Reorder the file includes/osdep.h to ensure `HAVE_SO_BINDTODEVICE` has a chance to be defined before it is referenced.4.4.2Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/stork/-/issues/16Need a basic frond-end UI2019-10-14T15:27:50ZTomek MrugalskiNeed a basic frond-end UIAs we decided on last Stork call, we'll use Angular with PrimeNG for front-end.
The goal is to have a very basic initial front-end. At the very minimum, it should:
- print out it's own version
- print out the backend version (see `vers...As we decided on last Stork call, we'll use Angular with PrimeNG for front-end.
The goal is to have a very basic initial front-end. At the very minimum, it should:
- print out it's own version
- print out the backend version (see `version-get` in !4).
- have some very basic installation instructions
- having some unit-tests for it would be great, but we can postpone tests for now0.7Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/kea/-/issues/43Implement parseCommandWithArguments function in libkea-config2018-11-15T11:05:06ZGhost UserImplement parseCommandWithArguments function in libkea-configIn the review of #5476 Thomas pointed out that it would be useful to have a function in libkea-config, which parses a command and its arguments and expects that the arguments are present and are a map.In the review of #5476 Thomas pointed out that it would be useful to have a function in libkea-config, which parses a command and its arguments and expects that the arguments are present and are a map.Kea1.5-beta2Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/kea/-/issues/84Update KB article AA-01323 with Kea 1.4.0 supported additional DHCPv4 and DHC...2018-12-06T00:43:32ZGhost UserUpdate KB article AA-01323 with Kea 1.4.0 supported additional DHCPv4 and DHCPv6 OptionsKea 1.4 added back RFC7598 options in Trac Item #5514, which suggests these should be included in the knowledge base overview page of supported Options at https://kb.isc.org/article/AA-01323
RFC7598 - DHCPv6 options
* 89 OPTION_S4...Kea 1.4 added back RFC7598 options in Trac Item #5514, which suggests these should be included in the knowledge base overview page of supported Options at https://kb.isc.org/article/AA-01323
RFC7598 - DHCPv6 options
* 89 OPTION_S46_RULE [RFC 7598] -
* 90 OPTION_S46_BR [RFC 7598] -
* 91 OPTION_S46_DMR [RFC 7598] -
* 92 OPTION_S46_V4V6BIND [RFC 7598] -
* 93 OPTION_S46_PORTPARAMS [RFC 7598] -
* 94 OPTION_S46_CONT_MAPE [RFC 7598] -
* 95 OPTION_S46_CONT_MAPT [RFC 7598] -
* 96 OPTION_S46_CONT_LW [RFC 7598] -
A related option should also be mentioned, if supported
111 OPTION_S46_PRIORITY [RFC 8026] - Kea1.5-finalhttps://gitlab.isc.org/isc-projects/kea/-/issues/46Please add circuit-ID to result of get lease-42022-11-02T15:08:42ZGhost UserPlease add circuit-ID to result of get lease-4We want to identify leases with circuit ID, how can we get the circuit ID with the lease4-get?
I want to search for a lease with the circuit ID with lease-get.
Vennlig hilsen / Best regards
Frode SætreWe want to identify leases with circuit ID, how can we get the circuit ID with the lease4-get?
I want to search for a lease with the circuit ID with lease-get.
Vennlig hilsen / Best regards
Frode Sætrebackloghttps://gitlab.isc.org/isc-projects/kea/-/issues/77memfile: add a command to force writing in-memory DB to file2022-11-02T15:08:43ZGhost Usermemfile: add a command to force writing in-memory DB to filememfile keeps leases in memory and writes changes to disk. If the leasefile is lost for whatever reason, it may be useful to tell Kea to write is entire lease file to disk.memfile keeps leases in memory and writes changes to disk. If the leasefile is lost for whatever reason, it may be useful to tell Kea to write is entire lease file to disk.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/78Extend HA hooks library to synchronize leases by chunks, i.e. multiple fetche...2018-11-05T19:25:30ZGhost UserExtend HA hooks library to synchronize leases by chunks, i.e. multiple fetches of leasesOne of the major use cases for the lease_cmds hooks library is to provide a way to synchronize leases between HA enabled servers. Currently the HA hooks library will fetch the entire lease database which requires the lease_cmds hooks lib...One of the major use cases for the lease_cmds hooks library is to provide a way to synchronize leases between HA enabled servers. Currently the HA hooks library will fetch the entire lease database which requires the lease_cmds hooks library to create a JSON structure of the whole lease database. This eats the CPU and memory. In case of large number of leases in the database it may freeze the server for a long period of time.
In order to mitigate this issue the lease_cmds hooks librart must support fetching limited number of leases, e.g. 1000, 2000 leases etc. The controlling client should be able to specify last fetched leases with the limit and the server should return leases with addresses beyond this last fetched address. That way, the entire lease database may be returned in chunks with client specifying the start of the next chunk.
This ticket is about extending the HA hooks library to utilize this mechanism implemented with #5651 in the lease_cmds.Kea1.5-beta1https://gitlab.isc.org/isc-projects/kea/-/issues/80HA: timeout for disabling DHCP service during lease synchronization should be...2018-11-05T19:25:30ZGhost UserHA: timeout for disabling DHCP service during lease synchronization should be controllableThe leases synchronization timeout is now controlled via the 'sync-timeout'. While the synchronization is performed, the DHCP service of the active partner is disabled, but for the hardcoded time of 60 seconds. This should either be the ...The leases synchronization timeout is now controlled via the 'sync-timeout'. While the synchronization is performed, the DHCP service of the active partner is disabled, but for the hardcoded time of 60 seconds. This should either be the same as the timeout for communication over the control channel or should have its own configuration knob. In fact, when we implement the #5652 we can't really set to the same value as the timeout for communication over control channel, because we will be sending multiple commands but the service should be disabled for the entire synchronization.Kea1.5-beta1