ChangeLog 496 KB
Newer Older
1
2
3
4
5
6
2019.	[func]		tmark
	Added new built-in class "SKIP_DDNS" which may be used in
	conjunction with the ddns-tuning hook library to to skip
	performing DDNS updates for a given client.
	(Gitlab #2354)

7
8
9
10
11
12
2018.	[func]		razvan
	The kea-dhcp4 server now supports portions of RFC 3396,
	allowing it to send and receive DHCP options longer than 255
	bytes.
	(Gitlab #2227)

13
2017.	[bug]		marcin
14
15
16
17
18
19
20
	Corrected a bug in the allocation engine which caused it
	to write an allocated lease under the wrong subnet id
	within a shared network. This was occurring when multiple
	clients match the same fixed address reservation. The first
	client is assigned the fixed address while a subsequent
	client is then given a dynamically allocated address from
	a different subnet in the shared-network.
21
22
	(Gitlab #2409)

23
2016.	[doc]		fdupont
24
	Added documentation for the role based access control (rbac)
25
26
27
	premium hook library to the ARM.
	(Gitlab #1263)

Marcin Godzina's avatar
Marcin Godzina committed
28
29
Kea 2.1.5 (development) released on Apr 27, 2022

30
31
32
2015.	[bug]		tmark
	Fixed an issue in kea-dhcp6 that was causing the server
	not to update the FQDN option in outbound responses when
33
34
	the ddns-tuning hook lib calculates a new host name.
	(Gitlab #2392)
35

36
37
38
39
40
41
2014.	[bug]		tmark
	Correct an issue that was causing reconfigure to fail
	in kea-dhcp4 and kea-dhcp6 when using ddns-tuning hook
	library.
	(Gitlab #2390)

Thomas Markwalder's avatar
Thomas Markwalder committed
42
43
44
45
46
2013.	[build]		razvan
	Library version numbers bumped for Kea 2.1.5 development
	version.
	(Gitlab #2385)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
47
48
49
50
51
2012.	[doc]		andrei
	Documented whether it's OK or not to have overlapping pools,
	including PD pools in IPv6.
	(Gitlab #1842)

52
2011.	[func]		djt
53
54
55
56
57
58
	Added CTRL_AGENT_COMMAND_RECEIVED log line with command and
	source address to the kea-ctrl-agent for commands which
	are not forwarded on to another daemon. Added client
	remote-address to CTRL_AGENT_COMMAND_FORWARDED log message if
	it is available.
	(Gitlab #687)
59

Razvan Becheriu's avatar
Razvan Becheriu committed
60
61
2010.	[func]		razvan
	Several extra log messages now detail the subnet selection
62
	process. The messages are available on debuglevel 40.
Razvan Becheriu's avatar
Razvan Becheriu committed
63
64
	(Gitlab #2352)

65
2009.	[func]		tmark
66
	Added new hook callout points: ddns4_update to Kea DHCPv4
67
	server and ddns6_update to Kea DHCPv6 server. This enables
68
	use of the ddns-tuning hook library.
69
70
	(Gitlab #1548)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
71
72
73
74
2008.	[func]*		tomek
	The support for benchmarks have been removed.
	(Gitlab #2372)

Thomas Markwalder's avatar
Thomas Markwalder committed
75
76
77
78
79
2007.	[func]		tmark
	Added split() function to classification expression
	language.
	(GitLab #2272)

Slawek Figiel's avatar
Slawek Figiel committed
80
2006.	[func]		slawek
81
82
83
84
85
86
87
88
	Added ``service-sockets-require-all`` parameter to specify
	mandatory successfully binding all needed service sockets to
	initialize DHCP services (defaults to false). If any socket is
	unavailable, then the service fails to start. Added
	``service-sockets-max-retries`` parameter (defaults to 0) to
	specify the number of retries to open unavailable sockets and
	``service-sockets-retry-wait-time`` parameter to specify a time
	interval to wait between attempts.
Slawek Figiel's avatar
Slawek Figiel committed
89
90
	(Gitlab #1716)

91
2005.	[func]*		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
92
93
94
	The support for Cassandra database backend has been removed.
	(Gitlab #2116)

Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
95
96
Kea 2.1.4 (development) released on March 30, 2022

97
98
99
100
101
2004.	[build]		razvan
	Library version numbers bumped for Kea 2.1.4 development
	version.
	(Gitlab #2363)

102
103
104
105
106
2003.	[func]		fdupont
	Added the support of sub-options in the flex_option
	hook library.
	(GitLab #2314)

107
2002.	[bug]		tmark
Razvan Becheriu's avatar
Razvan Becheriu committed
108
	Fixed a bug in MySql config backend that caused it to
109
110
111
112
	store unspecified, client-class valid and preferred life
	time values as zero in the database.
	(Gitlab #2344)

113
114
115
2001.	[bug]		razvan
	Fixed a bug which causes client classes with empty test
	expressions to fail class evaluation when those classes are
Razvan Becheriu's avatar
Razvan Becheriu committed
116
	retrieved from config backend.
117
118
119
	(Gitlab #2336)

2000.	[func]		fdupont
120
121
122
123
124
125
126
	Added the ``early-global-reservations-lookup`` configuration
	parameter which allows to perform a search for global host
	reservations and set client classes before the subnet
	selection. This is achieved when explicitly configured to
	``true`` and it defaults to ``false`` if not configured.
	(Gitlab #2249)

Razvan Becheriu's avatar
Razvan Becheriu committed
127
1999.	[func]		tmark, razvan
128
	The kea-dhcp6 server fully supports using PostgreSQL for config
Razvan Becheriu's avatar
Razvan Becheriu committed
129
	backend. This should be considered an experimental feature.
130
	(Gitlab #2355, #2356)
131

132
133
1998.	[func]		tmark, razvan
	With the addition of support for client classes, the kea-dhcp4
Razvan Becheriu's avatar
Razvan Becheriu committed
134
	server now fully supports using PostgreSQL for config backend.
135
136
	(Gitlab #2322)

Thomas Markwalder's avatar
Thomas Markwalder committed
137
1997.	[bug]		tmark
Thomas Markwalder's avatar
Thomas Markwalder committed
138
	The obsolete log message, DHCP4_NCR_CREATE, has been
Thomas Markwalder's avatar
Thomas Markwalder committed
139
140
141
	removed from kea-dhcp4.
	(GitLab #2301)

Andrei Pavel's avatar
Andrei Pavel committed
142
143
Kea 2.1.3 (development) released on Feb 23, 2022

144
145
146
147
148
1996.	[build]		razvan
	Library version numbers bumped for Kea 2.1.3 development
	version.
	(Gitlab #2317)

149
150
1995.	[func]		tmark
	kea-dhcp4 now supports using PostgreSQL for config
Razvan Becheriu's avatar
Razvan Becheriu committed
151
	backend for everything except client classes. The
152
153
154
155
	new hook library is libdhcp_pgsql_cb.so. This should
	be considered an experimental feature.
	(Gitlab #95)

Razvan Becheriu's avatar
Razvan Becheriu committed
156
157
158
159
160
161
162
1994.	[func]		razvan
	Added support for Server Identifier Override RAI sub-option
	(RFC 5107). The implementation is not complete according to the
	RFC, because the server does not store the RAI, but the
	functionality handles expected use cases.
	(Gitlab #1695)

Razvan Becheriu's avatar
Razvan Becheriu committed
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
1993.	[func]		razvan
	Added global and per subnet counters for allocation failures:
	``v4-allocation-fail``, ``v4-allocation-fail-shared-network``,
	``v4-allocation-fail-subnet``, ``v4-allocation-fail-no-pools``,
	``v4-allocation-fail-classes``, ``subnet[X].v4-allocation-fail``,
	``subnet[X].v4-allocation-fail-shared-network``,
	``subnet[X].v4-allocation-fail-subnet``,
	``subnet[X].v4-allocation-fail-no-pools``,
	``subnet[X].v4-allocation-fail-classes``,
	``v6-allocation-fail``, ``v6-allocation-fail-shared-network``,
	``v6-allocation-fail-subnet``, ``v6-allocation-fail-no-pools``,
	``v6-allocation-fail-classes``, ``subnet[X].v6-allocation-fail``,
	``subnet[X].v6-allocation-fail-shared-network``,
	``subnet[X].v6-allocation-fail-subnet``,
	``subnet[X].v6-allocation-fail-no-pools``,
Razvan Becheriu's avatar
Razvan Becheriu committed
178
179
180
	``subnet[X].v6-allocation-fail-classes``.
	There is a warning log message emitted in the logs each time one
	of the allocation failure counters is incremented.
Razvan Becheriu's avatar
Razvan Becheriu committed
181
182
	(Gitlab #2054)

Razvan Becheriu's avatar
Razvan Becheriu committed
183
184
185
186
187
188
1992.	[bug]		razvan
	The ``maxver`` and ``maxsize`` logger parameters are excluded
	from ``config-get`` command response if the logger output is
	``stdout``, ``stderr`` or ``syslog``.
	(Gitlab #2288)

Razvan Becheriu's avatar
Razvan Becheriu committed
189
190
191
192
1991.	[bug]		jinmei, razvan
	Fixed keactrl exit code when netconf is not build.
	(Gitlab #2262)

Razvan Becheriu's avatar
Razvan Becheriu committed
193
1990.	[func]		razvan
194
	Added the ``reservations-lookup-first`` configuration parameter
195
196
197
198
199
200
	which controls whether host reservations lookup should be
	performed before lease lookup. This parameter has effect only
	when multi-threading is disabled. When multi-threading is
	enabled, host reservations lookup is always performed first. The
	``reservations-lookup-first`` parameter defaults to ``false``
	when multi-threading is disabled.
Razvan Becheriu's avatar
Razvan Becheriu committed
201
202
	(Gitlab #2036)

Andrei Pavel's avatar
Andrei Pavel committed
203
204
Kea 2.1.2 (development) released on Jan 26, 2022

205
206
207
208
209
1989.	[build]		razvan
	Library version numbers bumped for Kea 2.1.2 development
	version.
	(Gitlab #2281)

210
211
212
1988.	[bug]		tmark
	Kea core logic now ensures options belonging
	to client classes are properly created when
Razvan Becheriu's avatar
Razvan Becheriu committed
213
	classes are read from configuration backends.
214
215
	(Gitlab #2246)

216
1987.	[bug]		tmark
Thomas Markwalder's avatar
Thomas Markwalder committed
217
	Fixed an issue in PostgreSQL support code that caused
218
219
220
	asserts when compiled with: -Wp,-D_GLIBCXX_ASSERTIONS.
	(Gitlab #2284)

221
222
223
224
225
226
227
1986.	[func]		fdupont
	The kea-admin command now accepts extra arguments which
	are passed to the database command tool, e.g. '--ssl' to
	'mysql' with `kea-admin ... -x --ssl'. Quotes are not
	preserved but multiple arguments can be given.
	(Gitlab #2225)

228
229
1985.	[func]		fdupont
	Added support for using files to configure basic HTTP
Razvan Becheriu's avatar
Razvan Becheriu committed
230
231
232
	credentials. Instead of configuring a value, it is taken from
	the content of a file. The new parameters of the Control Agent
	configuration are:
233
234
235
236
237
238
239
240
241
	- 'user-file' pointing to a file vs 'user'
	- 'password-file' pointing to a file vs 'password'
	- 'password-file' pointing to a file with the secret
	(which is <user>:<password>) vs 'user' and 'password'.
	For the High Availability hook library the new parameter
	is 'basic-auth-password-file' which can be used as an
	alternative to 'basic-auth-password'.
	(Gitlab #2006)

Andrei Pavel's avatar
Andrei Pavel committed
242
243
244
245
246
1984.	[func]		andrei
	Introduced the lease-upload command to kea-admin which can upload
	leases from a memfile CSV file to a database backend.
	(Gitlab #2039)

247
248
249
250
251
252
1983.	[bug]		fdupont
	Minimum and maximum values of lifetimes are no longer
	skipped when the configuration is retrieved even when
	they are the same as the default value.
	(Gitlab #2222)

Andrei Pavel's avatar
Andrei Pavel committed
253
254
255
256
257
1982.	[bug]		andrei
	The config for an HA peer now accepts an IPv6 address as a valid
	value for the "url" entry.
	(Gitlab #2264)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
258
259
260
261
262
1981.	[func]		tomek
	The default-url DHCPv4 option has been replaced with
	v4-captive-portal, as defined in RFC8910.
	(Gitlab #1684)

Andrei Pavel's avatar
Andrei Pavel committed
263
264
265
266
267
268
1980.	[func]*		andrei
	The kea-admin lease-dump command now outputs a CSV file that is
	compatible with the memfile backend. This is useful when
	migrating from database to memfile. The generated output is
	backwards incompatible. Any tools that depend on it would need
	to adapt.
Andrei Pavel's avatar
Andrei Pavel committed
269
270
	(Gitlab #2038)

271
272
273
274
275
276
277
1979.	[bug]		fdupont
	Update and delete operations on leases no longer raise
	an error with infinite valid lifetime (used by BOOTP)
	and MySQL or PostgreSQL backends where timestamps can
	be limited to 32 bits.
	(Gitlab 897)

278
1978.	[doc]		tomek
Tomek Mrugalski's avatar
Tomek Mrugalski committed
279
280
	The Kea Administrator Reference Manual now correctly states that
	DHCPv6 authentication option has code 11, not 10.
281
282
	(Gitlab #2207)

283
284
285
286
287
1977.	[bug]		razvan
	Use only MAX_HWADDR_LEN (20) bytes from remote-id when extracting
	the MAC from relay options.
	(Gitlab #2201)

Andrei Pavel's avatar
Andrei Pavel committed
288
289
290
291
1976.	[func]		andrei
	Added hwtype and hwaddr_source columns to v6 memfile.
	(Gitlab #2236)

292
293
294
295
296
1975.	[func]		tmark
	Additional changes and corrections relating to Config Backend
	were made to the PostgreSQL database schema.  In addition, the
	upgrade scripts were renamed to ensure proper file name ordering.
	Note that PostgreSQL CB is not yet functional.
Andrei Pavel's avatar
Andrei Pavel committed
297
	(Gitlab #2183, #2244, #2245)
298

299
300
301
302
303
304
305
306
1974.	[func]		fdupont
	The global parameter lookup has been refactored to provide better
	performance. Proper return error code (CONTROL_RESULT_ERROR) has
	been fixed in some cases when trying to apply the new
	configuration. Old code was using wrong hardcoded '2' value
	(CONTROL_RESULT_COMMAND_UNSUPPORTED).
	(Gitlab #1082)

Francis Dupont's avatar
Francis Dupont committed
307
308
309
310
311
312
1973.	[func]		fdupont
	MySQL backends now can be configured to use the SSL/TLS
	support to protect connections to the server. New
	database parameters are "cert-file", "key-file",
	"trust-anchor" and "cipher-list". The negotiated cipher
	name is logged so the MySQL service configuration can
313
314
	be checked. PostgreSQL accepts the same parameters
	but they only trigger the call to the OpenSSL generic
Francis Dupont's avatar
Francis Dupont committed
315
316
317
	initialization in the Pq C-API.
	(Gitlab #34)

Andrei Pavel's avatar
Andrei Pavel committed
318
1972.	[func]		andrei
319
320
321
322
	Kea servers now can accept trailing commas in file
	configurations. While parsing, a warning is printed with the
	location of the comma to give the user the ability to correct
	a mistake.
Andrei Pavel's avatar
Andrei Pavel committed
323
324
325
	(Gitlab #2084)

1971.	[func]		tmark, jad
326
327
328
329
330
331
332
	Added support for embedded DHCPv6 DUIDs within DHCPv4
	Client Identifier options per RFC 4361.  This allows
	Kea to support DDNS in dual stack environments per
	RFC 4703(Sec 5.2). Thanks to John Dickinson for
	contributing the patch!
	(Gitlab #1934)

Andrei Pavel's avatar
Andrei Pavel committed
333
334
335
Kea 2.1.1 (development) released on Nov 24, 2021

1970.	[build]		razvan
336
337
338
339
	Library version numbers bumped for Kea 2.1.1 development
	version.
	(Gitlab #2195)

Andrei Pavel's avatar
Andrei Pavel committed
340
341
342
343
344
345
346
347
348
349
350
351
352
353
1969.	[build]		andrei
	Fixed "make check -j N" running tests in parallel in src/lib/log.
	(Gitlab #2172)

1968.	[build]		andrei
	Fixed make check failing when googletest support was disabled.
	(Gitlab #2167)

1967.	[bug]		andrei
	Fixed a bug where keactrl did not color the active status code
	for kea-dhcp-ddns as it did for the other servers.
	(Gitlab #2117)

1966.	[func]		djt
Andrei Pavel's avatar
Andrei Pavel committed
354
355
356
357
358
	Allow Kea to pack opaque data tuples within options with zero
	length to accommodate some DHCP clients who have been observed
	to send DHCPv4 option 124 with zero length tuples.
	(Gitlab #2021)

Andrei Pavel's avatar
Andrei Pavel committed
359
1965.	[func]		andrei
360
361
362
	Increase the value that "maxsize" can take from 2GB to 2PB.
	(Gitlab #2130)

Andrei Pavel's avatar
Andrei Pavel committed
363
364
365
366
1964.	[func]		wlodek
	Added support for Debian 11 in hammer.py.
	(Gitlab #2042, #2193)

Andrei Pavel's avatar
Andrei Pavel committed
367
1963.	[func]		andrei
Andrei Pavel's avatar
Andrei Pavel committed
368
369
370
371
372
373
374
375
376
	hammer.py has had several improvements.
	NETCONF and PostgreSQL will be properly configured when running
	prepare-system on Fedora and FreeBSD.
	vagrant will be automatically upgraded if it is too outdated.
	Error messages are more clear when running on unsupported
	systems.
	hammer.py is now able to detect Arch Linux distributions and
	offers limited support for it, being able to prepare-system with
	freeradius and netconf support.
Andrei Pavel's avatar
Andrei Pavel committed
377
378
	(Gitlab #2111, #2112)

Andrei Pavel's avatar
Andrei Pavel committed
379
1962.	[func]		andrei
380
381
	kea-netconf updates: fixed store-extended-info, it was an
	operational node instead of a config node. Added several
Andrei Pavel's avatar
Andrei Pavel committed
382
383
384
385
386
	containers and leaves: compatibility, lenient-option-parsing,
	multi-threading, enable-multi-threading, packet-queue-size,
	thread-pool-size, valid-lifetime, min-valid-lifetime,
	max-valid-lifetime, preferred-lifetime, min-preferred-lifetime,
	max-preferred-lifetime, cache-max-age, cache-threshold,
387
388
389
390
391
	ddns-generated-prefix, ddns-override-client-update,
	ddns-override-no-update, ddns-qualifying-suffix,
	ddns-replace-client-name, ddns-send-updates,
	ddns-update-on-renew, ddns-use-conflict-resolution,
	ip-reservations-unique, parked-packet-limit, reservations-global,
Andrei Pavel's avatar
Andrei Pavel committed
392
393
394
395
396
	reservations-in-subnet, reservations-out-of-pool,
	statistic-default-sample-age, statistic-default-sample-count,
	store-extended-info, on-fail.
	(Gitlab #2136)

Andrei Pavel's avatar
Andrei Pavel committed
397
1961.	[func]		tomek, tmark
398
399
400
401
402
	The initial, stubbed version of the PostgreSQL CB hook
	library has been created.  The library is not yet functional
	and does not installed.
	(Gitlab #1848)

Andrei Pavel's avatar
Andrei Pavel committed
403
404
405
406
407
408
1960.	[build]		andrei
	Froze sphinx dependency versions used to build documentation.
	Added the update-python-dependencies Makefile rule to bump the
	versions.
	(Gitlab #2161)

409
410
1959.	[doc]		djt
	Move documentation for acceptable format strings into the Kea
Andrei Pavel's avatar
Andrei Pavel committed
411
	ARM. The relevant section of the ARM was previously referring
412
	to a dead link in the Log4cpp documentation.
Andrei Pavel's avatar
Andrei Pavel committed
413
	(Gitlab #2134)
414

Andrei Pavel's avatar
Andrei Pavel committed
415
1958.	[func]		tomek, tmark
Tomek Mrugalski's avatar
Tomek Mrugalski committed
416
	PostgreSQL database schema has been extended with tables for
Tomek Mrugalski's avatar
Tomek Mrugalski committed
417
418
	Config Backend (CB). This is the first step towards PostgreSQL
	CB. However, as there is no code yet to use those new tables,
Tomek Mrugalski's avatar
Tomek Mrugalski committed
419
	they're not not functional yet.
Andrei Pavel's avatar
Andrei Pavel committed
420
	(Gitlab #90, #2166)
Tomek Mrugalski's avatar
Tomek Mrugalski committed
421

Andrei Pavel's avatar
Andrei Pavel committed
422
423
Kea 2.1.0 (development) released on Oct 27, 2021

424
425
426
427
428
1957.	[build]		razvan
	Library version numbers bumped for Kea 2.1.0 development
	version.
	(Gitlab #2141)

429
1956.	[bug]		tmark
Andrei Pavel's avatar
Andrei Pavel committed
430
	Modified stat_cmds hook library to omit statistics
431
432
433
434
	for non-existent subnets from results returned by
	stat-lease4-get and stat-lease6-get commands.
	(Gitlab #2033)

435
436
437
438
439
1955.	[bug]		tmark
	kea-dhcp4 no longer sends DHCPNAKs in response to
	DHCPREQUESTs for addresses for which it has no knowledge.
	(Gitlab #1584)

440
441
442
443
444
445
1954.	[doc]		fdupont
	Updated the Developer's Guide to explain what to do when
	GSS-TSIG hook unit tests fail from a system Kerberos
	incompatible configuration.
	(Gitlab #2056)

446
1953.	[build]		fdupont
447
	Changed the name of the GSS-TSIG hook library object to
448
449
450
	libddns_gss_tsig.so.
	(Gitlab #2115)

451
Kea 2.0.0 (stable) released on September 29, 2021
452

453
454
455
456
1952.	[build]		razvan
	Library version numbers bumped for Kea 2.0.0 stable version.
	(Gitlab #2104)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
457
1951.	[doc]		tomek
Tomek Mrugalski's avatar
Tomek Mrugalski committed
458
	A new appendix for configuration templates added to Kea ARM.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
459
	the first of which is a home power user.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
460
461
	(Gitlab #2050)

462
1950.	[doc]		slawek
463
464
	Added a description and an example of the usage of the "include"
	statement in the Kea configuration file to the ARM.
465
466
	(Gitalb #2080)

467
468
469
470
471
472
1949.	[bug]		tmark
	kea-dhcp6 now correctly determines DNS update flags when
	the allocation engine dynamically changes the selected
	network subnet.
	(Gitlab #1622)

473
474
475
476
477
1948.	[func]		tmark
	HTTP library will now emit a warning log when the queue of
	pending client requests for a given URL exceeds a threshold.
	(Gitlab #2085)

478
479
480
481
482
483
1947.	[bug]		marcin
	Corrected a bug in the High Availablity hooks library that could
	cause a standby server not to synchronize its lease database
	after a temporary communication interruption with its partner.
	(Gitlab #1959)

484
485
1946.	[bug]		marcin
	Fixes a bug in MySQL configuration backend schema. DHCP options
486
487
	associated with deleted client classes are now automatically
	deleted.
488
489
	(Gitlab #2094)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
490
491
492
493
494
495
496
1945.	[build]		andrei
	Reverted qa#261 changes, which forced linking with OpenSSL 1.1
	when available. This caused a segfault, when Kea's crypto library
	used OpenSSL 1.1, but the MySQL library it linked against, used
	OpenSSL 1.0.
	(Gitlab #2081)

497
498
499
500
501
502
503
1944.	[bug]		tmark
	kea-dhcp4 and kea-dhcp6 both now support a global parameter,
	parked-packet-limit, that can be used to limit the number
	of client responses the server may park pending completion
	of hook library callouts.
	(Gitlab #1307)

504
505
506
507
508
509
1943.	[bug]		marcin
	Fixed a bug in fetching client classes from the Config Backend.
	The bug resulted in failures during attempts to evaluate the
	classes for a received packet.
	(Gitlab #2077)

510
511
512
513
1942.	[func]		fdupont
	Added basic statistics to the DHCP-DDNS server.
	(Gitlab #2040)

Razvan Becheriu's avatar
Razvan Becheriu committed
514
1941.	[func]		fdupont
515
516
	Per DNS server TSIG keys are now supported in the DHCP-DDNS
	(aka D2) server configuration. A new callout point 'select_key'
Razvan Becheriu's avatar
Razvan Becheriu committed
517
	gives access to the selected TSIG key before sending DNS updates.
518
519
	(Gitlab #2011)

520
521
Kea 1.9.11 (development) released on Aug 30, 2021

522
523
524
525
526
527
528
529
530
531
532
533
1940.	[build]		razvan
	Library version numbers bumped for Kea 1.9.11 development
	version.
	(Gitlab #2053)

1939.	[bug]		tmark
	Removed all MultiThreadingCriticalSections from lease_cmds
	hooks library which can cause a dead-lock when running HA+MT.
	The commands simply try to acquire the resource lock and fail
	if the resource is unavailable also logging an error message.
	(Gitlab #2051)

Razvan Becheriu's avatar
Razvan Becheriu committed
534
1938.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
535
536
537
	Fix dead locks caused by commands with CS on http listener
	threads and CS on main thread racing with CS on other threads.
	(Gitlab #2041, #2043)
Razvan Becheriu's avatar
Razvan Becheriu committed
538

Tomek Mrugalski's avatar
Tomek Mrugalski committed
539
1937.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
540
	The Config Backend is now capable of reestablishing database
Tomek Mrugalski's avatar
Tomek Mrugalski committed
541
542
543
	connection after a failure.
	(Gitlab #1982)

Andrei Pavel's avatar
Andrei Pavel committed
544
545
546
547
548
549
1936.	[build]		andrei
	Kea attempts to first link with compatibility library OpenSSL 1.1
	(usually found on CentOS 7) before falling back to the system
	OpenSSL (1.0 on CentOS 7 which is out of support).
	(Gitlab qa#261)

Andrei Pavel's avatar
Andrei Pavel committed
550
551
552
553
554
1935.	[func]		andrei
	The store-extended-info config entry was added to Kea YANG
	modules at root-level and at subnet-level.
	(Gitlab #1944)

555
556
1934.	[func]		tmark
	Kea-dhcp6 now supports specifying valid-lifetime and
557
558
	preferred-lifetime values in client classes (via both
	configuration file and Config Backend).  Prior to this
559
560
561
562
	it could only be specified at the global, shared-network,
	and subnet scopes.
	(Gitlab #1710)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
563
1933.	[doc]		fdupont, tomek
564
565
566
	Added a new ARM section about GSS-TSIG. Currently it describes
	how to build Kea with GSS-API support. It will be expanded in
	the future.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
567
568
	(Gitlab #2018)

569
570
571
572
573
574
575
576
1932.	[func]		tmark
	MySQL indexing of leases database has been improved. It now
	behaves better on older MySQL versions. In particular, the lease
	reclamation no longer causes full scans to be performed. This
	fix introduces MySQL schema update to 11.0. This should reduce
	the periodic performance slowdowns.
	(Gitlab #2030)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
577
578
579
580
581
582
1931.	[bug]		tomek
	Two hook messages HOOKS_CALLOUT_ERROR and HOOKS_CALLOUT_MESSAGES
	are now printing the hook name and index properly. Thank you to
	Shawn Routhier for reporting the issue.
	(Gitlab #2020)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
583
584
585
586
587
1930.	[doc]		razvan
	Extended documentation section about setting up the timezones in
	MySQL and PostgreSQL databases.
	(Gitlab #1978)

588
589
590
591
592
1929.	[build]		andrei
	Compatibility with upcoming boost 1.77 has been improved.
	Thanks to Brad Smith for the patch!
	(Gitlab #1980)

593
594
595
596
597
598
599
600
1928.	[bug]		tmark
	Modified kea-dhcp4 and kea-dhcp6 to only append the
	ddns-qualifying-suffix if the input name does not
	already end with that suffix.  Prior to this the
	suffix was always added which could lead to names
	including the suffix twice.
	(Gitlab #1529)

Michal Nowikowski's avatar
Michal Nowikowski committed
601
602
Kea 1.9.10 (development) released on Jul 30, 2021

603
604
605
606
607
1927.	[build]		razvan
	Library version numbers bumped for Kea 1.9.10 development
	version.
	(Gitlab #1984)

Marcin Siodelski's avatar
Marcin Siodelski committed
608
609
610
611
612
613
614
615
616
1926.	[func]*		marcin
	Server tags in the MySQL database are now represented as strings
	with a maximum length of 64 characters. Previously, the server
	tags could be up to 256 characters long, and it could cause
	database migrations to fail on the systems with UTF-8 encoding
	configured for MySQL. Shorter server tags avoid hitting the
	limitation on the maximum length of an indexed table column.
	(Gitlab #1976)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
617
618
619
620
1925.	[build]		fdupont
	Updated parsers to bison 3.3 or later.
	(Gitlab #453)

Razvan Becheriu's avatar
Razvan Becheriu committed
621
622
623
624
625
1924.	[bug]		razvan
	The MultiThreadingCriticalSection is now thread-safe and can be
	called from http client or http listener processing threads.
	(Gitlab #1964)

Andrei Pavel's avatar
Andrei Pavel committed
626
627
628
629
630
631
632
1923.	[func]		andrei
	Integrate with Sysrepo v1.x branch. Building with support for
	Sysrepo now requires the latest v1.x versions:
	sysrepo v1.4.140 + libyang v1.0.240.
	Support for legacy Sysrepo versions v0.x has been dropped.
	(Gitlab #1077)

633
634
635
636
637
1922.	[func]		marcin
	Added support for storing client classes in the MySQL config
	backend.
	(Gitlab #1920, #1928, #1965, #1972, #1977)

Michal Nowikowski's avatar
Michal Nowikowski committed
638
1921.	[func]		fdupont
639
	The D2 d2_srv_configured hook point used DROP status to notify
640
	the D2 server that an error has occurred and the configuration
641
642
643
644
	is rejected. The error message is passed to the D2 server
	through the new 'error' hook parameter.
	(Gitlab #1950)

645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
Kea 1.9.9 (development) released on June 30, 2021

1920.	[build]		andrei
	Bump library versions for the Kea 1.9.9 development release.
	(Gitlab #1947)

1919.	[bug]		razvan
	Fix the run script hook library leaving behind defunct processes.
	(Gitlab #1878)

1918.	[bug]		razvan
	When parsed, PSID was incorrectly ignoring the PSID value when
	psid-len was 16 instead of ignoring it when the values is 0 as
	per the RFC.
	(Gitlab #1858)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
661
662
663
664
1917.	[func]		tomek
	DHCPv4 and DHCPv6 are now more consistent when logging the
	reasons	why a packet was dropped. This information is now
	available on debuglevel 15. Also added a section in the ARM
665
	discussing the debug levels. The subnet selection failed log
Tomek Mrugalski's avatar
Tomek Mrugalski committed
666
667
668
	message now provides more useful information about the subnet.
	(Gitlab #1915, #1916)

669
670
671
672
673
1916.	[func]		razvan
	The Kea DHCPv4 server accepts requests using server identifier
	configured at client class level.
	(Gitlab #1836)

Andrei Pavel's avatar
Andrei Pavel committed
674
675
676
677
678
679
680
681
1915.	[func]		andrei
	DOCSIS options are no longer offered to any vendor other than
	Cable Labs (vendor-id == 4491). This was not an explicit check
	previously and the match to the vendor relied on a technicality
	such that other vendors could have received these options under
	certain conditions.
	(Gitlab #1894)

682
683
684
685
686
687
688
689
1914.	[func]*		tomek
	The Cassandra (CQL) support is being deprecated, both for
	leases and host backends. For the time being the features
	will produce a warning, but will otherwise function normally.
	However, the functionality will be removed in the future
	Kea releases.
	(Gitlab #1892)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
690
691
692
693
694
1913.	[doc]		tomek
	Kea adopted Developer Certificate of Origin for incoming
	contributions. Please see the CONTRIBUTING.md file for details.
	(Gitlab #1895)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
695
696
697
1912.	[doc]		fdupont, tomek
	The Kea configuration syntax is now documented in BNF notation.
	See new appendix in the ARM.
698
	(Gitlab #504, #745)
Tomek Mrugalski's avatar
Tomek Mrugalski committed
699

Andrei Pavel's avatar
Andrei Pavel committed
700
701
702
703
704
705
706
1911.	[bug]		andrei
	Fixed a minor regression where kea-admin and keactrl would output
	technical errors like "unbound variable" instead of more helpful
	messages like "missing backend" because of the undefined variable
	checks introduced in 1.9.4. Added tests to further prevent it.
	(Gitlab #1653)

Andrei Pavel's avatar
Andrei Pavel committed
707
708
709
710
1910.	[func]		andrei
	Extended perfdhcp to send v4 DHCPRELEASE messages via -F flag.
	(Gitlab #1119)

Francis Dupont's avatar
Francis Dupont committed
711
712
713
714
715
1909.	[build]		fdupont
	Experimental support for Heimdal implementation of GSS-API
	with Kerberos 5 added.
	(Gitlab #1909)

716
717
718
719
720
721
722
1908.	[func]		razvan
	Added export for V4 option 82 (DHO_DHCP_AGENT_OPTIONS) and
	respective suboptions 1 (RAI_OPTION_AGENT_CIRCUIT_ID) and
	suboption 2 (RAI_OPTION_REMOTE_ID) in the run script hooks
	library.
	(Gitlab #1840)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
723
724
725
726
1907.	[doc]		peterd, andrei, razvan
	Many Kea ARM corrections and updates.
	(Gitlab #1917)

727
728
729
730
1906.	[func]		fdupont
	Added support for the TKEY DNS resource record.
	(Gitlab #1880)

731
732
733
734
735
736
737
738
1905.	[build]		fdupont
	Added an optional --with-gssapi switch to the configure
	script. It checks for the presence and suitability of
	packages pertinent to GSS-TSIG. This has been added in
	anticipation of future work and does not add any
	functionality to Kea.
	(Gitlab #1884)

Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
739
740
Kea 1.9.8 (development) released on May 26, 2021

Razvan Becheriu's avatar
Razvan Becheriu committed
741
1904.	[build]		wlodek
742
743
744
745
	Library version numbers bumped for Kea 1.9.8 development
	version.
	(Gitlab #1882)

Andrei Pavel's avatar
Andrei Pavel committed
746
747
748
749
750
751
752
753
754
1903.	[func]		andrei
	Kea now recognizes requests sent from vendors that include their
	information in DHCPv6 Vendor Class option (code 16) for the
	purpose of offering custom options in the response. Previously,
	only the Vendor-specific Information option (code 17) was
	searched for a vendor ID. For the purpose of classification, both
	options are looked into, now, just as before.
	(Gitlab #1837)

Andrei Pavel's avatar
Andrei Pavel committed
755
756
757
758
759
760
1902.	[func]		andrei, fdupont
	All logs that expose configuration, either in full or in snippets
	now have the values of "password" and "secret" entries replaced
	with asterisks "*****".
	(Gitlab #1721)

761
762
763
764
765
766
767
768
769
770
1901.	[bug]		marcin
	Corrected a bug in DHCPv4 subnet selection. The server ignored
	the Subnet Selection option supplied by a client if its query
	contained a Relay Agent Information (RAI) option without a Link
	Selection option. After this change, the server respects the
	Subnet Selection option when RAI lacks the Link Selection
	option. If RAI includes it, it takes precedence over the Subnet
	Selection option.
	(Gitlab #1816)

771
772
773
774
775
776
1900.	[bug]		tmark
	Fixed a sporadic failure caused by a wrong assertion in
	unit test, testMtHttpClientTest.workPauseResumeShutdown,
	introduced by #1818.
	(Gitlab #1876)

777
778
779
780
781
782
783
784
1899.	[func]		tmark,razvan
	In HA+Mt mode, the HA hook library now pauses and resumes
	its worker threads when Kea core enters and exits critical
	sections, respectively.  This eliminates race conditions
	during core processing such as reconfiguration, shutdown,
	and certain RESTful API commands.
	(Gitlab #1818)

785
786
787
788
789
1898.	[func]		fdupont
	The DROP class may now depend on the KNOWN or UNKNOWN classes
	and may be used after the host reservation lookup.
	(Gitlab #1815)

Andrei Pavel's avatar
Andrei Pavel committed
790
1897.	[func]		andrei
791
792
793
794
795
796
797
798
	Kea has a new configuration section called "compatibility" geared
	towards non-compliant clients. The only boolean parameter added
	for now called "lenient-option-parsing" changes the way DHCPv6
	option 16's vendor-class-data field is parsed. When enabled,
	instead of complaining that a length exceeds the rest of the
	option's buffer, the value is considered to be the rest of the
	buffer. This also applies to custom options defined with the
	tuple type for both DHCPv4 and DHCPv6.
Andrei Pavel's avatar
Andrei Pavel committed
799
	(Gitlab #1860)
Andrei Pavel's avatar
Andrei Pavel committed
800

Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
801
802
803
804
1896.	[func]		wlodek
	Perfdhcp extended to send v6 traffic from multiple networks.
	(Gitlab #1416)

805
806
807
808
809
810
1895.	[func]		razvan
	Added additional evaluation tokens to extract and print data:
	addrtotext, int8totext, int16totext, int32totext, uint8totext,
	uint16totext, uint32totext.
	(Gitlab #1680)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
811
812
813
814
815
1894.	[func]		fdupont
	Implemented 'auth' logger, dedicated to logging access
	control information, such as basic HTTP authentication.
	(Gitlab #1590)

816
817
1893.	[func]		fdupont
	Botan 2.14 or later can now be used as a crypto library for
818
	the TLS/HTTPS support in Kea.
819
820
	(Gitlab #1665)

821
822
823
824
825
1892.	[func]		fdupont
	Added + operator as an convenient alias to concat() function
	in expressions.
	(Gitlab #1824)

Michal Nowikowski's avatar
Michal Nowikowski committed
826
827
Kea 1.9.7 (development) released on Apr 28, 2021

828
829
830
831
832
1891.	[build]		razvan
	Library version numbers bumped for Kea 1.9.7 development
	version.
	(Gitlab #1820)

833
834
835
836
837
1890.	[doc]		fdupont
	Added a new section to the ARM, Kea Security, which describes
	various security related topics and how to address them.
	(Gitlab #1587)

838
1889.	[func]		fdupont
839
840
841
	Accept comments (shell '#', C++ '//' and C '/*...*/') in
	JSON commands sent via the control channel or the Control
	Agent.
842
843
	(Gitlab #1652)

844
845
846
847
848
849
850
1888.	[func]		tmark
	Added a new operational mode, HA+MT, to the HA hook library.
	HA+MT provides direct, multi-threaded HTTP communication
	between peers for the exchange HA protocol commands and
	responses.
	(Gitlab #1736)

Andrei Pavel's avatar
Andrei Pavel committed
851
1887.	[build]		andrei, fdupont
852
853
	Migrated autoconf macros, which became warningly deprecated
	since autoconf 2.70, to supported macros.
Andrei Pavel's avatar
Andrei Pavel committed
854
	(Gitlab #1632, #1651)
Andrei Pavel's avatar
Andrei Pavel committed
855

Tomek Mrugalski's avatar
Tomek Mrugalski committed
856
857
858
859
860
1886.	[doc]		tomek
	Added a section in the ARM explaining the relationship between
	keactrl and systemd scripts.
	(Gitlab #1759)

Andrei Pavel's avatar
Andrei Pavel committed
861
862
863
1885.	[func]		andrei
	kea-admin is now able to interactively ask for a password if no
	parameter follows the -p or the --password parameters. This
864
865
866
867
868
	requires the user to give it as the last parameter. The entered
	password is not echoed back to the terminal in order to prevent
	over-the-shoulder snooping or other social engineering
	techniques. Alternatively, you can set the password via the
	KEA_ADMIN_DB_PASSWORD environment variable.
Andrei Pavel's avatar
Andrei Pavel committed
869
870
	(Gitlab #1675)

Francis Dupont's avatar
Francis Dupont committed
871
872
873
874
875
1884.	[doc]		fdupont
	HTTP_CONNECTION_HANDSHAKE_FAILED log message got a
	description.
	(Gitlab #1779)

876
877
Kea 1.9.6 (development) released on March 31, 2021

Andrei Pavel's avatar
Andrei Pavel committed
878
1883.	[build]		andrei
879
880
	Bump library versions for Kea 1.9.6 release.
	(Gitlab #1772)
Andrei Pavel's avatar
Andrei Pavel committed
881

Razvan Becheriu's avatar
Razvan Becheriu committed
882
883
1882.	[func]		razvan
	Implemented database connection recovery for forensic logging.
884
885
886
887
888
889
890
891
892
893
	To achieve this, the "on-fail" connection parameter has been
	added to control the action performed on connection loss.
	The supported values are "stop-retry-exit", "serve-retry-exit"
	and "serve-retry-continue". They indicate if the server should
	disable the service on connection loss ("stop-retry-exit") or if
	on recovery failure the server should shut down
	("stop-retry-exit" and "serve-retry-exit") or continue
	("serve-retry-continue"). The default value used (if not
	configured) is "stop-retry-exit" for lease, host and config
	backends, and "serve-retry-continue" for forensic log.
Razvan Becheriu's avatar
Razvan Becheriu committed
894
895
	(Gitlab #1621)

Francis Dupont's avatar
Francis Dupont committed
896
897
898
899
900
901
902
1881.	[func]		fdupont
	Moved errors about URLs using names (vs addresses) or
	https (vs http) scheme in High Availability hook
	configuration from connection opening time to
	configuration time.
	(Gitlab #1758)

Francis Dupont's avatar
Francis Dupont committed
903
904
905
906
907
1880.	[build]		fdupont
	TLS support is now reported by configure in the
	cryptographic backend section.
	(Gitlab #1774)

908
1879.	[func]		fdupont
909
910
911
912
	The Control Agent now supports TLS/HTTPS. This works with
	OpenSSL and there are known problems with Botan, which will
	be addressed in the future.
	(Gitlab #1662)
913

Razvan Becheriu's avatar
Razvan Becheriu committed
914
915
1878.	[bug]		razvan
	Request enabling DHCP service when the HA hooks library is
Francis Dupont's avatar
Francis Dupont committed
916
917
918
	unloaded. It may remain disabled if it had been disabled
	outside of the HA hooks library. Prior to this change, if
	the HA hooks library disabled the DHCP service it would
Francis Dupont's avatar
Francis Dupont committed
919
	always remain disabled after the hooks library was unloaded.
Razvan Becheriu's avatar
Razvan Becheriu committed
920
921
	(Gitlab #1697)

922
923
924
925
926
927
928
1877.	[func]		fdupont
	kea-shell supports TLS/HTTPS. This is limited to the python 3
	version i.e. if kea-shell is configured with python 2 it still
	works in 1.9.6 but raises an error if a new TLS/HTTPS argument
	is specified.
	(Gitlab #1663)

Francis Dupont's avatar
Francis Dupont committed
929
930
931
932
933
1876.	[doc]		fdupont
	Added documentation for TLS/HTTPS support.
	(Gitlab #1664)

1875.	[func]		fdupont
934
935
936
	TLS/HTTPS support was added to asiolink and http libraries.
	(Gitlab #1661)

937
938
939
940
941
942
1874.	[doc]		marcin
	Added notes in the ARM highlighting that the address and
	delegated prefix pools must be split when HA load-balancing
	mode is used.
	(Gitlab #1726)

Andrei Pavel's avatar
Andrei Pavel committed
943
1873.	[func]		andrei
Francis Dupont's avatar
Francis Dupont committed
944
945
	kea-admin now accepts the -P|--port parameter with a custom
	port used to connect to the database.
Andrei Pavel's avatar
Andrei Pavel committed
946
947
	(Gitlab #1674)

Michal Nowikowski's avatar
Michal Nowikowski committed
948
949
Kea 1.9.5 (development) released on Feb 24, 2021

Andrei Pavel's avatar
Andrei Pavel committed
950
1872.	[build]		razvan
951
952
953
954
	Library version numbers bumped for Kea 1.9.5 development
	version.
	(Gitlab #1713)

Andrei Pavel's avatar
Andrei Pavel committed
955
956
957
958
959
960
961
962
963
964
965
1871.	[bug]		andrei
	The cache threshold feature introduced in 1.9.4 modified
	previously versioned schema 9.5. This caused problems for people
	who had already upgraded to 9.5 which in Kea versions means 1.9.2
	and 1.9.3.
	In this change, the upgrade commands were moved to schema 9.6 and
	are only applied if the database does not contain the required
	columns. Affected Kea installments can now be upgraded to 1.9.5
	and above seamlessly.
	(Gitlab #1698)

Razvan Becheriu's avatar
Razvan Becheriu committed
966
967
1870.	[bug]		razvan
	Fixed a crash when using the Kea Legal Log Hooks Library with
968
	multi-threading. This bug was affecting only database backends.
Razvan Becheriu's avatar
Razvan Becheriu committed
969
970
971
	The log file backend was not affected by this bug.
	(Gitlab #1711)

972
973
974
975
976
977
1869.	[func]		tmark
	Kea-dhcp4 now supports specifying valid-lifetime in client
	classes.  Prior to this it could only be specified at the
	global, shared-network, and subnet scopes.
	(Gitlab #1635)

Andrei Pavel's avatar
Andrei Pavel committed
978
979
980
981
982
983
984
985
1868.	[func]		andrei
	The forensic log hook library has gained an auto-increment
	primary key column in it's logs table. It is now able to function
	in a MySQL Percona cluster which requires a primary key for all
	it's tables when configured with pxc_strict_mode = ENFORCING
	which is also the default value.
	(Gitlab #1709)

Andrei Pavel's avatar
Andrei Pavel committed
986
987
988
989
990
991
992
1867.	[bug]		andrei
	MySQL connection unit tests have been modified to work with
	Percona cluster. This change doesn't fix all problems, but it
	improves the situation sufficiently to be able to run unit tests
	with positive results on a Percona cluster.
	(Gitlab #1708)

993
994
995
996
997
998
1866.	[func]		marcin
	Added new log messages issued when a dynamic lease allocation
	fails. The new messages provide comprehensive information about
	the circumstances in which the failure occurred. In particular,
	they state whether the client is connected to a shared network
	or not. If it is, the shared network name is provided. Otherwise,
Marcin Siodelski's avatar
Marcin Siodelski committed
999
1000
1001
1002
	the client's subnet id is logged. The new messages also inform
	from how many subnets the server attempted to allocate a lease
	and how many subnets could not be used because of non-matching
	client classes.
1003
1004
	(Gitlab #1701)

Razvan Becheriu's avatar
Razvan Becheriu committed
1005
1006
1007
1865.	[func]		razvan
	Implemented the Run Script hooks library which can be used to
	run external scripts for specific packet processing hook points.
1008
	There are several exported environment variables available for
Razvan Becheriu's avatar
Razvan Becheriu committed
1009
1010
1011
1012
1013
1014
	the script. Currently the implementation is nonblocking and
	Kea will not wait for the script to finish execution before
	continuing to the next step. For this reason, the next step
	provided by the script is ignored.
	(Gitlab #899)

Francis Dupont's avatar
Francis Dupont committed
1015
1864.	[func]		fdupont
1016
1017
1018
	New parameters to handle TLS support added in Control Agent
	config: "trust-anchor", "cert-file", "key-file" and
	"cert-required". They can be configured, but their values are
1019
	not yet used.
Francis Dupont's avatar
Francis Dupont committed
1020
1021
	(Gitlab #1662)

Andrei Pavel's avatar
Andrei Pavel committed
1022
1023
1024
1025
1026
1027
1028
1029
1863.	[func]		andrei
	The perfdhcp tool now supports the -x l option that exports the
	assigned leases to stdout in CSV format. This new capability is
	very useful for the ongoing DB cluster experiments, where we need
	to correlate leases between multiple Kea instances sharing the
	same cluster.
	(Gitlab #1703)

Andrei Pavel's avatar
Andrei Pavel committed
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1862.	[build]		andrei
	Added execution permissions to the upgrade scripts in Kea's
	installation. Previously kea-admin db-upgrade would fail with a
	permission denied error. It started manifesting in 1.9.3 and
	affected 1.9.4 as well. Additionally, now, when running make in
	the source repository to recreate scripts e.g. kea-admin, after a
	change to the .in files e.g. kea-admin.in, they maintain the
	execution permissions granted in the initial build. This makes
	development more seamless.
	(Gitlab #1681)

1041
1861.	[bug]*		tmark
1042
1043
1044
1045
1046
1047
	kea-dhcp4 now uses the value for each fixed field (e.g.
	next-server, server-hostname, boot-file-name) from the
	first class in query's list of classes that specifies the
	field. Prior to this it used the value from the last class
	which specified the field. It may be necessary to revise
	existing configurations to get the desired values.
1048
1049
	(Gitlab #1672)

1050
1051
Kea 1.9.4 (development) released on Jan 27, 2021

Razvan Becheriu's avatar
Razvan Becheriu committed
1052
1053
1054
1055
1056
1860.	[build]		razvan
	Library version numbers bumped for Kea 1.9.4 development
	version.
	(Gitlab #1666)

1057
1058
1059
1060
1061
1062
1859.	[doc]		wlodek
	Added example files with configured Vendor Specific Information
	option (code 43) and Vendor-Identifying Vendor-specific
	Information option (code 125) with several suboptions each.
	(Gitlab #1546)

1063
1858.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1064
1065
1066
1067
1068
1069
1070
1071
1072
	The DHCP service can be independently enabled or disabled by
	the user command, by the database connection mechanics or
	by the HA library. The DHCP service is disabled when any
	of those originators disables the service, and it is enabled
	when all those who previously disabled the service enable it.
	The 'dhcp-enable' and 'dhcp-disable' commands accept 'origin'
	parameter with valid values of 'user' (which is the default)
	indicating a user generated command and 'ha-partner' which is
	used internally by the HA library.
1073
1074
	(Gitlab #1601)

Andrei Pavel's avatar
Andrei Pavel committed
1075
1076
1077
1078
1079
1080
1081
1082
1083
1857.	[build]		andrei
	Code format styles meant to be as close as possible to the
	recommended coding guidelines are now included with the Kea
	source repository in the form of .clang-format and
	.uncrustify.cfg. The clang-format.sh and uncrustify.sh scripts in
	the tools directory can be used to apply these styles to chosen
	files. See coding guidelines in CONTRIBUTING.md for more details.
	(Gitlab #1455)

Razvan Becheriu's avatar
Razvan Becheriu committed
1084
1856.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1085
1086
1087
1088
	When using the config backend, the server converts the old
	'reservation-mode' global parameter internally to new
	reservation flags. The new flags are listed when issuing the
	config-get command.
Razvan Becheriu's avatar
Razvan Becheriu committed
1089
1090
	(Gitlab #1598)

1091
1092
1093
1094
1095
1096
1097
1098
1099
1855.	[func]		marcin
	Improved failover procedure in Kea High Availability library
	by introducing new communication-recovery state. In this
	state the load balancing servers remain responsive to DHCP
	queries when the communication between them is interrupted.
	The new feature is controlled using the delayed-updates-limit
	configuration parameter.
	(Gitlab #1402)

Francis Dupont's avatar
Francis Dupont committed
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1854.	[func, perf]	fdupont
	Implemented "lease caching", a feature similar to ISC
	DHCP's dhcp-cache-threshold. Lease caching is configured
	through two new parameters: cache-max-age and cache-threshold,
	and is supported by both kea-dhcp4 and kea-dhcp6. When enabled,
	lease-caching allows the server to skip updating lease storage,
	when a client is requesting it's own pre-existing lease whose
	age falls under the cache threshold and for which there are no
	substantive changes to lease values such as the hostname.
	(Gitlab #1418)

1111
1112
1113
1114
1115
1116
1117
1118
1853.	[func]		fdupont
	Populated the space field of option definitions. This solved
	reported bugs where a specific standard option processing
	was applied to an option from another space but sharing the
	same code. In particular, this fixes the problem reported
	with vendor suboption 125.
	(Gitlab #1585)

Razvan Becheriu's avatar
Razvan Becheriu committed
1119
1852.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1120
1121
1122
	Corrected the value of unacked-clients-left returned in response
	to the status-get command and the corresponding log messages.
	The previously returned value was too low by 1.
Razvan Becheriu's avatar
Razvan Becheriu committed
1123
1124
	(Gitlab #1578)

1125
1126
1127
1128
1129
1851.	[func]		fdupont
	Removed methods fetching leases by both client identifier
	and hardware addresses from the API.
	(Gitlab #1540)

Andrei Pavel's avatar
Andrei Pavel committed
1130
1131
1132
1850.	[build]		andrei
	Add two scripts to help with code aesthetics, insight on how Kea
	is built or minor build optimizations:
1133
	* ./tools/check-for-duplicate-includes.sh: warns you if
Andrei Pavel's avatar
Andrei Pavel committed
1134
	there is a source file that includes the same header twice.
1135
1136
1137
1138
1139
	While this wouldn't normally result in any errors, it is an
	unusual practice. If you feel that a header should be included
	twice in a file, add the file under "# Exceptions:" in the
	script.
	* ./tools/print-generated-files.sh: prints all the files
Andrei Pavel's avatar
Andrei Pavel committed
1140
	that are generated which may or may not be part of the
1141
1142
	repository. These consist of messages, parser files, and "built
	sources" (as called in Makefile.am files).
Andrei Pavel's avatar
Andrei Pavel committed
1143
1144
	(Gitlab #1602)

1145
1849.	[doc]		tomek
1146
1147
1148
	Two known DHCPv4 RFC violations are now documented in the ARM.
	They are both cases where Kea deliberately deviates from the
	RFC to accommodate some common broken-client behaviors.
1149
1150
	(Gitlab #1608, #1615)

1151
1152
1153
1154
1155
1848.	[bug]		razvan
	The cql upgrade script from schema v3.0 to v4.0 was broken in
	Kea-1.9.3 and has been fixed also enabling the unittest.
	(Gitlab #1616)

Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
1156
1157
Kea 1.9.3 (development) released on Dec 16, 2020

Andrei Pavel's avatar
Andrei Pavel committed
1158
1159
1160
1161
1162
1163
1164
1165
1847.	[bug]		andrei
	Harden shell scripts and fix some of the resulted test failures.
	* #!/bin/sh for all scripts
	* set -eu in all scripts
	* shellcheck all scripts, and fix all shellcheck warnings
	* and more...
	(Gitlab #1574)

1166
1167
1168
1169
1170
1846.	[build]		razvan
	Library version numbers bumped for Kea 1.9.3 development
	version.
	(Gitlab #1605)

1171
1172
1173
1174
1175
1845.	[func]		marcin
	Kea configuration now allows for using database passwords
	which include whitespace.
	(Gitlab #692)

1176
1844.	[bug]		marcin
1177
	Corrected a bug in Kea Control Agent error responses when a
1178
1179
1180
1181
	malformed command was sent. In some cases a map with an error
	response was returned instead of a list.
	(Gitlab #432)

Andrei Pavel's avatar
Andrei Pavel committed
1182
1183
1184
1185
1186
1187
1188
1189
1843.	[func]		andrei
	Allow perfdhcp to request options via option 55 PRL. perfdhcp
	adds option 55 with a few requested options by default so in
	order to allow `perfdhcp -o 55,abcd` special logic to merge all
	the buffers of option 55 was implemented. Works with multiple
	`-o` arguments.
	(Gitlab #1508)

Razvan Becheriu's avatar
Razvan Becheriu committed
1190
1842.	[func]		razvan
Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
1191
	Fixed the db connection reconnect implementation to honor
1192
	each connection backend configuration. The most important
Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
1193
	improvement is that only the affected manager will be
1194
1195
1196
1197
1198
1199
	recreated when a connection is lost. Previously, even
	managers which were not affected had to be recreated on
	any connection loss. Also fixed an issue with recovery
	when multi-threading is enabled.
	(Gitlab #1375)

1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1841.	[bug]		marcin
	Corrected issues with inheritance of the DHCPv6 interface-id
	parameter. When interface-id is set at shared network level
	but not at the subnet level this setting is properly propagated
	to the config backend and reported when responding to the
	config-get command. Prior to this change, if the interface-id
	was set for a shared network, it was always returned for the
	subnets belonging to this shared network, even when subnet
	specific value was not specified.
	(Gitlab #652)

1211
1212
1213
1214
1215
1216
1217
1218
1840.	[bug]		fdupont
	Fixed the inheritance of the triple min-valid-lifetime,
	valid-lifetime and max-valid-lifetime parameters from
	the global scope, and fixed it for preferred-lifetime too.
	Added a sanity check refusing incorrect settings, e.g.
	the lifetime not being between min and max values.
	(Gitlab #1456)

1219
1839.	[bug]		tmark
1220
1221
1222
1223
1224
1225
	kea-dhcp4 and kea-dhcp6 now calculate the DDNS TTL value
	based on RFC 4702, Section 5 which suggests that the
	TTL value be 1/3 of the lease's valid life time with a
	minimum value of 10 minutes. Prior to this the servers
	set the TTL to equal to the lease's valid life time.
	(Gitlab #936)
1226

Andrei Pavel's avatar
Andrei Pavel committed
1227
1838.	[bug]		fdupont
1228
1229
1230
1231
1232
	The DHCPv6 sent multiple instances of an option or a
	sub-option when it seems to be requested more than once
	directly by the client or using the always-send flag.
	(Gitlab #1449)

1233
1234
1235
1236
1837.	[doc]		cstrotm
	Several Kea ARM corrections.
	(Gitlab #1514)

1237
1238
Kea 1.9.2 (development) released on Nov 25, 2020

Razvan Becheriu's avatar
Razvan Becheriu committed
1239
1836.	[build]		razvan
1240
1241
1242
1243
	Library version numbers bumped for Kea 1.9.2 development
	version.
	(Gitlab #1555)

Andrei Pavel's avatar
Andrei Pavel committed
1244
1835.	[doc]		peterd
Tomek Mrugalski's avatar
Tomek Mrugalski committed
1245
1246
1247
	Several Kea ARM corrections.
	(Gitlab #1536)

Francis Dupont's avatar
Francis Dupont committed
1248
1249
1250
1251
1252
1253
1254
1255
1834.	[func]		fdupont
	Added two new callouts (hook points) in the control agent.
	The "auth" callout is executed after the basic authentication
	(if configured) and the command processing. The "response"
	callout is executed after the command processing and before
	the HTTP response is returned.
	(Gitlab #1421)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
1256
1257
1258
1259
1833.	[doc]		sgoldlust
	Many documentation corrections.
	(Gitlab #1539)

Andrei Pavel's avatar
Andrei Pavel committed
1260
1832.	[func]		tomek, wlodek
Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
1261
1262
1263
1264
	Perfdhcp extended with functionality to gradually
	increase elapsed time in solicit and secs field in offer.
	(Gitlab #1332)

Razvan Becheriu's avatar
Razvan Becheriu committed
1265
1831.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1266
1267
1268
1269
	Fixed the DHCPv6 server implementation of the
	reservations-out-of-pool flag to match the DHCPv4 one. When the
	flag is true:
	* the server assumes that all reserved address do not belong to
Razvan Becheriu's avatar
Razvan Becheriu committed
1270
	  the dynamic pool.
Razvan Becheriu's avatar
Razvan Becheriu committed
1271
	* the server will not assign reserved addresses that are inside
Razvan Becheriu's avatar
Razvan Becheriu committed
1272
	  the dynamic pool to the respective clients.
Razvan Becheriu's avatar
Razvan Becheriu committed
1273
1274
1275
	* addresses matching the respective reservations from inside
	  the dynamic pools (if any) can be dynamically assigned to any
	  client.
Razvan Becheriu's avatar
Razvan Becheriu committed
1276
1277
	(Gitlab #1550)

Razvan Becheriu's avatar
Razvan Becheriu committed
1278
1830.	[func]		fdupont, razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1279
1280
1281
1282
	Added new configuration options reservations-global,
	reservations-in-subnet and reservations-out-of-pool to replace
	the old reservation-mode parameter. The new flags can be
	configured independently, adding support for new configuration
Razvan Becheriu's avatar
Razvan Becheriu committed
1283
	scenarios when global and in subnet reservations are both
Razvan Becheriu's avatar
Razvan Becheriu committed
1284
1285
1286
	active.
	(Gitlab #1405)

1287
1829.	[bug]		fdupont, razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1288
1289
1290
1291
	Fixed a bug in the hasAddressReservation function which was
	causing the search for reservations to end as soon as no global
	reservation was found when configuring a subnet or shared
	network with global reservations enabled.
Razvan Becheriu's avatar
Razvan Becheriu committed
1292
1293
	(Gitlab #1405)

Razvan Becheriu's avatar
Razvan Becheriu committed
1294
1828.	[bug]		andrei, razvan
Andrei Pavel's avatar
Andrei Pavel committed
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
	Fix trivial logic error in handling the "lease4-update" command
	manifesting itself on v4 if multi-threading is enabled.
	Notable affected environment is a HA with the
	"send-lease-updates" configuration setting explicitly set to
	true. Prior to this fix, lease updates would not go through to
	other HA nodes, even though some log lines would say they would.
	A simple workaround prior to this fix is to disable
	multi-threading.
	(Gitlab #1542)

Andrei Pavel's avatar
Andrei Pavel committed
1305
1827.	[build]		andrei
1306
	Add `tools/add-config-h.sh` script that can add
Andrei Pavel's avatar
Andrei Pavel committed
1307
1308
1309
1310
	`#include <config.h>` lines to non-generated source files that
	are missing it.
	(Gitlab #1453)

1311
1312
Kea 1.9.1 (development) released on Oct 28, 2020

1313
1314
1315
1316
1317
1826.	[build]		razvan
	Library version numbers bumped for Kea 1.9.1 development
	version.
	(Gitlab #1481)

Andrei Pavel's avatar
Andrei Pavel committed
1318
1319
1320
1321
1322
1323
1825.	[doc]		andrei
	Examples for option definitions, option data, standardized option
	spaces other than "dhcp[46]", custom option spaces, option
	embedding under doc/examples/kea[46]/all-options.json.
	(Gitlab #1298)

1324
1325
1326
1327
1328
1329
1330
1331
1332
1824.	[func]		tmark
	Added a new parameter, ddns-use-conflict-resolution, to
	kea-dhcp4 and kea-dhcp6. This parameter is passed per request
	to kea-dhcp-ddns which uses it to determine whether or not
	conflict resolution rules (see RFC 4703) are followed for that
	request.  The default value is true. Disabling conflict
	resolution should only be used after careful consideration.
	(Gitlab #1386)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
1333
1823.	[doc]		tomek
1334
	Updated options documentation for DHCPv4 and DHCPv6.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
1335
1336
	(Gitlab #1436, #1460)

Francis Dupont's avatar
Francis Dupont committed
1337
1338
1822.	[func]		fdupont
	When multi-threading is enabled the status-get command displays
Andrei Pavel's avatar
Andrei Pavel committed
1339
	the average length of the multi-threading packet queue for last
Francis Dupont's avatar
Francis Dupont committed
1340
1341
1342
	10, 100 and 1000 packets.
	(Gitlab #1306)

1343
1821.	[func]		anonymous, fdupont
1344
1345
	The forensic log hook library now logs release and decline
	events.
Francis Dupont's avatar
Francis Dupont committed
1346
1347
	(Gitlab #1445)

Razvan Becheriu's avatar
Razvan Becheriu committed
1348
1820.	[bug]		razvan
1349
1350
1351
1352
1353
1354
	Fixed lease update when using HA and lease_cmds hooks with
	database backend. Previously, HA updates were rejected because
	the database backend rejects operations on the lease if the old
	expiration time is different than what it is already stored, to
	act as a protection mechanism for parallel updates from several
	threads or processes.
Razvan Becheriu's avatar
Razvan Becheriu committed
1355
1356
	(Gitlab #1434)

Francis Dupont's avatar
Francis Dupont committed
1357
1358
1359
1360
1819.	[func]		fdupont
	Improved error messages for bad escapes in JSON strings.
	(Gitlab #151)

1361
1362
1363
1364
1365
1366
1367
1818.	[doc]		andrei
	Add to the reservation documentation:
	* instructions on how to choose "reservation-mode"
	* priority of "reservation-mode" specified at all levels
	* priority of file reservations vs database reservations
	(Gitlab #1299)

1368
1369
1370
1371
1372
1373
1817.	[func]		fdupont
	Redact control agent logs to hide basic HTTP authentication
	passwords from the configuration files. Note that when HTTP
	headers are logged credentials are present in clear text.
	(Gitlab #1459)

1374
1375
1816.	[func]		fdupont
	The message logged when basic HTTP authentication succeed is
Francis Dupont's avatar
Francis Dupont committed
1376
	now informative (was DEBUG, is INFO now).
1377
1378
	(Gitlab #1450)

1379
1815.	[bug]		marcin
1380
	Fixed libdhcpsrv build failures when building without database
1381
1382
1383
	backends.
	(Gitlab #1468)

1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1814.	[func]		marcin
	Added ip-reservations-unique global parameter which controls
	whether or not it is allowed to create multiple host reservations
	for the same IP address or delegated prefix. By default, it is
	not allowed to create multiple reservations for the same lease
	within the same subnet. This change facilitates the use case
	in which a single host can communicate with the DHCP server over
	multiple network interfaces but should be assigned the same
	reserved lease regardless of which interface is used.
	(Gitlab #1428)

1395
1813.	[func]		tmark
1396
1397
1398
1399
1400
1401
	A new parameter, ddns-update-on-renew, has been added to
	kea-dhcp4 and kea-dhcp6 configuration.  When true, the server
	will always update DNS when a lease is renewed even if the DNS
	information for the lease has not changed. The prior, and now
	default, behavior is for the server to only update DNS for a
	renewing lease if its DNS information has changed.
1402
1403
	(Gitlab #1385)

Andrei Pavel's avatar
Andrei Pavel committed
1404
1405
1406
1407
1408
1812.	[doc]		andrei
	Document how MAC addresses can be formatted for use as attributes
	in RADIUS authentication
	(Gitlab #1441)

1409
1811.	[func]		fdupont
Francis Dupont's avatar
Francis Dupont committed
1410
1411
	Two new parameters were added: cache-threshold and cache-max-age
	to the DHCPv4 and DHCPv6 global scopes. They will govern the
Andrei Pavel's avatar
Andrei Pavel committed
1412
	upcoming cache threshold feature. The parameters can be set and
Francis Dupont's avatar
Francis Dupont committed
1413
1414
1415
	retrieved, but they're not used yet.
	(Gitlab #1418)

Michal Nowikowski's avatar
Michal Nowikowski committed
1416
1417
Kea 1.9.0 (development) released on Sep 30, 2020

Francis Dupont's avatar
Francis Dupont committed
1418
1419
1420
1421
1810.	[build]		fdupont, razvan
	Bump up libs version for Kea 1.9.0 release.
	(Gitlab #1400)

Razvan Becheriu's avatar
Razvan Becheriu committed
1422
1423
1809.	[func]		razvan
	Added csv-format option to flex_option hook to be able to insert
1424
1425
	option data in csv format. The implicit value is false,
	maintaining compatibility with the previous default raw format.
Razvan Becheriu's avatar
Razvan Becheriu committed
1426
1427
	(Gitlab #1373)

1428
1429
1430
1431
1432
1433
1434
1435
1808.	[func]		razvan
	Support for new IPv6-only-preferred option for DHCPv4 has been
	added. It lets Kea to signal to compatible devices that the
	IPv6 connectivity is available and they can disable their
	IPv4 stack. This implements support for draft-ietf-dhc-v6only-08,
	which is expected to be soon published by IETF as an RFC.
	(Gitlab #1351)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
1436
1437
1438
1439
1440
1807.	[doc]		tomek
	Added separate table with DHCPv4 options that are governed by Kea
	itself, rather than configured by administrator.
	(Gitlab #1323, #1398)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
1441
1806.	[bug]		tmark
1442
1443
1444
1445
1446
1447
	The DNS update code behaving better when there is a shared
	network and the code initially selected one subnet, but then
	later determined that a different subnet will be used. There
	is still a corner-case in DHCPv6 if the client requests multiple
	addresses or multiple prefixes and some of them is serviced from
	one subnet and some from another.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
1448
1449
	(Gitlab #1389)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
1450
1451
1452
1453
1454
1805.	[doc]		tomek
	API documentation for lease4-get-* and lease6-get-* commands
	has been updated.
	(Gitlab #1392)

Francis Dupont's avatar
Francis Dupont committed
1455
1456
1457
1458
1459
1460
1804.	[func]		fdupont
	Added a new reservation-get-by-id command to retrieve all host
	reservations with an identifier value and type. Made the
	subnet-id optional in the reservation-get-page command.
	(Gitlab #1163)

Francis Dupont's avatar
Francis Dupont committed
1461
1462
1463
1464
1465
1803.	[doc]		fdupont
	Corrected Kea ARM sections describing how to send DHCPv6
	Vendor-specific Information Option (code 17) with sub-options.
	(Gitlab #1025)

Francis Dupont's avatar
Francis Dupont committed
1466
1802.	[bug]		fdupont
1467
1468
1469
1470
1471
1472
	Removed the bug which allowed for repeating the same
	configuration parameter multiple times in the same scope.
	The second occurrence of the parameter overwrote the first
	occurrence causing server misconfiguration. Starting from
	this change an error is raised when the same parameter occurs
	multiple times in a given scope the location of the first value.
Francis Dupont's avatar
Francis Dupont committed
1473
1474
	(Gitlab #1102)

Francis Dupont's avatar
Francis Dupont committed
1475
1476
1477
1478