ChangeLog 500 KB
Newer Older
Andrei Pavel's avatar
Andrei Pavel committed
1
2
3
4
5
6
7
2036.	[build]		andrei
	Added a tool that checks if there are any missing REST commands
	from the API Reference section of the ARM.
	See tools/check-for-missing-api-commands.sh.
	It has been integrated into Gitlab CI and runs on every push.
	(Gitlab #2379)

Razvan Becheriu's avatar
Razvan Becheriu committed
8
9
10
11
12
13
2035.	[doc]		Daniel Bjors
	The developer's guide now correctly uses the Lease4CollectionPtr
	and Lease6CollectionPtr types. Thanks to Daniel Bjors for
	reporting this typo.
	(Gitlab #2447)

Andrei Pavel's avatar
Andrei Pavel committed
14
15
16
17
18
2034.	[func]		andrei
	The PostgreSQL schema has been changed to provide initial support
	for the lease limiting feature, part of the limits hook library.
	(Gitlab #2445)

19
20
21
22
23
2033.	[func]		tmark
	Functionality needed to support the lease limiting feature of
	of the limits hook library has been added Memfile_LeaseMgr.
	(Gitlab #2436)

Marcin Godzina's avatar
Marcin Godzina committed
24
25
Kea 2.1.7 (development) released on June 29, 2022

26
27
28
29
30
2032.	[build]         razvan
	The library version numbers have been bumped for the Kea 2.1.7
	development release.
	(Gitlab #2455)

31
2031.	[func]		fdupont
Marcin Godzina's avatar
Marcin Godzina committed
32
	Improved compatibility with OpenSSL 3.0.x, in particular
33
34
35
	recover system error messages.
	(Gitlab #1614)

Razvan Becheriu's avatar
Razvan Becheriu committed
36
2030.	[doc]		fdupont, tomek
Tomek Mrugalski's avatar
Tomek Mrugalski committed
37
38
39
40
	GSS-TSIG examples updated. The recommendation to not use
	client-keytab and credentials-cache at the same time added.
	(Gitlab #2247)

Francis Dupont's avatar
Francis Dupont committed
41
2029.	[bug]		fdupont
42
43
44
	The check of the subnet id in configuration is stricter:
	values outside the 0..4294967295 are rejected. Note that
	the value 0 means to leave Kea to assign itself the id.
Francis Dupont's avatar
Francis Dupont committed
45
	(Gitlab #2086)
46

Tomek Mrugalski's avatar
Tomek Mrugalski committed
47
48
49
50
2028.	[build]		orbea, fdupont
	Compatibility with LibreSSL 3.5.2 improved.
	(Github #121, Gitlab #2411)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
51
2027.	[func]		fdupont
52
	The TLS is now supported with Multi-Threaded HA (HA+MT) scenario.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
53
54
55
56
	Additional parameters (trust-anchor, cert-file, key-file,
	require-client-certs) are now supported in the HA configuration.
	(Gitlab #1706)

Andrei Pavel's avatar
Andrei Pavel committed
57
58
59
60
61
2026.	[func]		andrei
	The MySQL schema has been changed to provide initial support for
	the lease limiting feature, part of the limits hook library.
	(Gitlab #2438)

62
63
64
65
66
2025.	[bug]		tmark
	Added missing support for client-class user-context to
	both MySQL and PostgreSQL CB hook libraries.
	(Gitlab #2430)

67
2024.	[func]		djt
68
	The ALLOC_ENGINE_V4_ALLOC_FAIL_SUBNET log message format has been
69
70
71
72
73
74
75
76
	slightly modified, so that when it is emitted for a subnet that
	is not within a shared network, it emits "(none)" for the value
	of the shared network. The ARM documentation for this parameter
	has been updated to reflect that subnets within shared networks
	will in fact display which shared network the subnet belongs to.
	The ALLOC_ENGINE_V6_ALLOC_FAIL_SUBNET log message format has
	changed to be consistent with the format of
	ALLOC_ENGINE_V4_ALLOC_FAIL_SUBNET.
77
	(Gitlab #2395)
78

79
80
81
82
83
84
85
86
87
88
2023.	[bug]		tmark
	Corrected a MySQL CB issue that caused subnets to be
	updated without having audit entries created when the
	affiliated shared-network is deleted.  This can cause
	the subnets to be excluded from subsequent CB refresh
	cycles.
	(Gitlab #2299)

Kea 2.1.6 (development) released on May 25 2022

Andrei Pavel's avatar
Andrei Pavel committed
89
2022.	[func]		andrei, djt
90
	kea-admin lease-upload now calls the lease file cleanup (LFC)
Andrei Pavel's avatar
Andrei Pavel committed
91
	process to clean up entries with duplicate addresses in the input
92
93
94
95
96
	CSV file, to avoid a conflict error when inserting the leases in
	the database. kea-admin also no longer asks for input on
	non-interactive shells. A new -y|--yes flag has been added that
	enables automatic overwriting of any file that kea-admin writes
	to, when dumping or uploading leases.
Andrei Pavel's avatar
Andrei Pavel committed
97
98
	(Gitlab #2293)

99
2021.	[build]		razvan
100
101
	The library version numbers have been bumped for the Kea 2.1.6
	development release.
102
103
	(Gitlab #2421)

Andrei Pavel's avatar
Andrei Pavel committed
104
2020.	[doc]		andrei
105
106
	The rate-limiting feature of the new limits hook library has been
	documented. It can apply a specified limit of a certain number of
Andrei Pavel's avatar
Andrei Pavel committed
107
108
109
	packets per time unit to a given client class or subnet.
	(Gitlab #562, #1650)

110
2019.	[func]		tmark
111
112
	A new built-in class, "SKIP_DDNS", was added, which can be used
	in conjunction with the ddns-tuning hook library to skip
113
114
115
	performing DDNS updates for a given client.
	(Gitlab #2354)

116
2018.	[func]		razvan
117
118
	The kea-dhcp4 server now supports portions of RFC 3396, allowing
	it to send and receive DHCP options longer than 255 bytes.
119
120
	(Gitlab #2227)

121
2017.	[bug]		marcin
122
123
124
125
126
127
128
	A bug in the allocation engine, which caused it to write an
	allocated lease under the wrong subnet ID within a shared
	network, has been corrected. This was occurring when multiple
	clients matched the same fixed address reservation. The first
	client is now assigned the fixed address, while a subsequent
	client is then given a dynamically allocated address from a
	different subnet in the shared network.
129
130
	(Gitlab #2409)

131
2016.	[doc]		fdupont
132
133
	Documentation for the role-based access control (RBAC)
	premium hook library was added to the ARM.
134
135
	(Gitlab #1263)

Marcin Godzina's avatar
Marcin Godzina committed
136
137
Kea 2.1.5 (development) released on Apr 27, 2022

138
139
140
2015.	[bug]		tmark
	Fixed an issue in kea-dhcp6 that was causing the server
	not to update the FQDN option in outbound responses when
141
142
	the ddns-tuning hook lib calculates a new host name.
	(Gitlab #2392)
143

144
145
146
147
148
149
2014.	[bug]		tmark
	Correct an issue that was causing reconfigure to fail
	in kea-dhcp4 and kea-dhcp6 when using ddns-tuning hook
	library.
	(Gitlab #2390)

Thomas Markwalder's avatar
Thomas Markwalder committed
150
151
152
153
154
2013.	[build]		razvan
	Library version numbers bumped for Kea 2.1.5 development
	version.
	(Gitlab #2385)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
155
156
157
158
159
2012.	[doc]		andrei
	Documented whether it's OK or not to have overlapping pools,
	including PD pools in IPv6.
	(Gitlab #1842)

160
2011.	[func]		djt
161
162
163
164
165
166
	Added CTRL_AGENT_COMMAND_RECEIVED log line with command and
	source address to the kea-ctrl-agent for commands which
	are not forwarded on to another daemon. Added client
	remote-address to CTRL_AGENT_COMMAND_FORWARDED log message if
	it is available.
	(Gitlab #687)
167

Razvan Becheriu's avatar
Razvan Becheriu committed
168
169
2010.	[func]		razvan
	Several extra log messages now detail the subnet selection
170
	process. The messages are available on debuglevel 40.
Razvan Becheriu's avatar
Razvan Becheriu committed
171
172
	(Gitlab #2352)

173
2009.	[func]		tmark
174
	Added new hook callout points: ddns4_update to Kea DHCPv4
175
	server and ddns6_update to Kea DHCPv6 server. This enables
176
	use of the ddns-tuning hook library.
177
178
	(Gitlab #1548)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
179
180
181
182
2008.	[func]*		tomek
	The support for benchmarks have been removed.
	(Gitlab #2372)

Thomas Markwalder's avatar
Thomas Markwalder committed
183
184
185
186
187
2007.	[func]		tmark
	Added split() function to classification expression
	language.
	(GitLab #2272)

Slawek Figiel's avatar
Slawek Figiel committed
188
2006.	[func]		slawek
189
190
191
192
193
194
195
196
	Added ``service-sockets-require-all`` parameter to specify
	mandatory successfully binding all needed service sockets to
	initialize DHCP services (defaults to false). If any socket is
	unavailable, then the service fails to start. Added
	``service-sockets-max-retries`` parameter (defaults to 0) to
	specify the number of retries to open unavailable sockets and
	``service-sockets-retry-wait-time`` parameter to specify a time
	interval to wait between attempts.
Slawek Figiel's avatar
Slawek Figiel committed
197
198
	(Gitlab #1716)

199
2005.	[func]*		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
200
201
202
	The support for Cassandra database backend has been removed.
	(Gitlab #2116)

Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
203
204
Kea 2.1.4 (development) released on March 30, 2022

205
206
207
208
209
2004.	[build]		razvan
	Library version numbers bumped for Kea 2.1.4 development
	version.
	(Gitlab #2363)

210
211
212
213
214
2003.	[func]		fdupont
	Added the support of sub-options in the flex_option
	hook library.
	(GitLab #2314)

215
2002.	[bug]		tmark
Razvan Becheriu's avatar
Razvan Becheriu committed
216
	Fixed a bug in MySql config backend that caused it to
217
218
219
220
	store unspecified, client-class valid and preferred life
	time values as zero in the database.
	(Gitlab #2344)

221
222
223
2001.	[bug]		razvan
	Fixed a bug which causes client classes with empty test
	expressions to fail class evaluation when those classes are
Razvan Becheriu's avatar
Razvan Becheriu committed
224
	retrieved from config backend.
225
226
227
	(Gitlab #2336)

2000.	[func]		fdupont
228
229
230
231
232
233
234
	Added the ``early-global-reservations-lookup`` configuration
	parameter which allows to perform a search for global host
	reservations and set client classes before the subnet
	selection. This is achieved when explicitly configured to
	``true`` and it defaults to ``false`` if not configured.
	(Gitlab #2249)

Razvan Becheriu's avatar
Razvan Becheriu committed
235
1999.	[func]		tmark, razvan
236
	The kea-dhcp6 server fully supports using PostgreSQL for config
Razvan Becheriu's avatar
Razvan Becheriu committed
237
	backend. This should be considered an experimental feature.
238
	(Gitlab #2355, #2356)
239

240
241
1998.	[func]		tmark, razvan
	With the addition of support for client classes, the kea-dhcp4
Razvan Becheriu's avatar
Razvan Becheriu committed
242
	server now fully supports using PostgreSQL for config backend.
243
244
	(Gitlab #2322)

Thomas Markwalder's avatar
Thomas Markwalder committed
245
1997.	[bug]		tmark
Thomas Markwalder's avatar
Thomas Markwalder committed
246
	The obsolete log message, DHCP4_NCR_CREATE, has been
Thomas Markwalder's avatar
Thomas Markwalder committed
247
248
249
	removed from kea-dhcp4.
	(GitLab #2301)

Andrei Pavel's avatar
Andrei Pavel committed
250
251
Kea 2.1.3 (development) released on Feb 23, 2022

252
253
254
255
256
1996.	[build]		razvan
	Library version numbers bumped for Kea 2.1.3 development
	version.
	(Gitlab #2317)

257
258
1995.	[func]		tmark
	kea-dhcp4 now supports using PostgreSQL for config
Razvan Becheriu's avatar
Razvan Becheriu committed
259
	backend for everything except client classes. The
260
261
262
263
	new hook library is libdhcp_pgsql_cb.so. This should
	be considered an experimental feature.
	(Gitlab #95)

Razvan Becheriu's avatar
Razvan Becheriu committed
264
265
266
267
268
269
270
1994.	[func]		razvan
	Added support for Server Identifier Override RAI sub-option
	(RFC 5107). The implementation is not complete according to the
	RFC, because the server does not store the RAI, but the
	functionality handles expected use cases.
	(Gitlab #1695)

Razvan Becheriu's avatar
Razvan Becheriu committed
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
1993.	[func]		razvan
	Added global and per subnet counters for allocation failures:
	``v4-allocation-fail``, ``v4-allocation-fail-shared-network``,
	``v4-allocation-fail-subnet``, ``v4-allocation-fail-no-pools``,
	``v4-allocation-fail-classes``, ``subnet[X].v4-allocation-fail``,
	``subnet[X].v4-allocation-fail-shared-network``,
	``subnet[X].v4-allocation-fail-subnet``,
	``subnet[X].v4-allocation-fail-no-pools``,
	``subnet[X].v4-allocation-fail-classes``,
	``v6-allocation-fail``, ``v6-allocation-fail-shared-network``,
	``v6-allocation-fail-subnet``, ``v6-allocation-fail-no-pools``,
	``v6-allocation-fail-classes``, ``subnet[X].v6-allocation-fail``,
	``subnet[X].v6-allocation-fail-shared-network``,
	``subnet[X].v6-allocation-fail-subnet``,
	``subnet[X].v6-allocation-fail-no-pools``,
Razvan Becheriu's avatar
Razvan Becheriu committed
286
287
288
	``subnet[X].v6-allocation-fail-classes``.
	There is a warning log message emitted in the logs each time one
	of the allocation failure counters is incremented.
Razvan Becheriu's avatar
Razvan Becheriu committed
289
290
	(Gitlab #2054)

Razvan Becheriu's avatar
Razvan Becheriu committed
291
292
293
294
295
296
1992.	[bug]		razvan
	The ``maxver`` and ``maxsize`` logger parameters are excluded
	from ``config-get`` command response if the logger output is
	``stdout``, ``stderr`` or ``syslog``.
	(Gitlab #2288)

Razvan Becheriu's avatar
Razvan Becheriu committed
297
298
299
300
1991.	[bug]		jinmei, razvan
	Fixed keactrl exit code when netconf is not build.
	(Gitlab #2262)

Razvan Becheriu's avatar
Razvan Becheriu committed
301
1990.	[func]		razvan
302
	Added the ``reservations-lookup-first`` configuration parameter
303
304
305
306
307
308
	which controls whether host reservations lookup should be
	performed before lease lookup. This parameter has effect only
	when multi-threading is disabled. When multi-threading is
	enabled, host reservations lookup is always performed first. The
	``reservations-lookup-first`` parameter defaults to ``false``
	when multi-threading is disabled.
Razvan Becheriu's avatar
Razvan Becheriu committed
309
310
	(Gitlab #2036)

Andrei Pavel's avatar
Andrei Pavel committed
311
312
Kea 2.1.2 (development) released on Jan 26, 2022

313
314
315
316
317
1989.	[build]		razvan
	Library version numbers bumped for Kea 2.1.2 development
	version.
	(Gitlab #2281)

318
319
320
1988.	[bug]		tmark
	Kea core logic now ensures options belonging
	to client classes are properly created when
Razvan Becheriu's avatar
Razvan Becheriu committed
321
	classes are read from configuration backends.
322
323
	(Gitlab #2246)

324
1987.	[bug]		tmark
Thomas Markwalder's avatar
Thomas Markwalder committed
325
	Fixed an issue in PostgreSQL support code that caused
326
327
328
	asserts when compiled with: -Wp,-D_GLIBCXX_ASSERTIONS.
	(Gitlab #2284)

329
330
331
332
333
334
335
1986.	[func]		fdupont
	The kea-admin command now accepts extra arguments which
	are passed to the database command tool, e.g. '--ssl' to
	'mysql' with `kea-admin ... -x --ssl'. Quotes are not
	preserved but multiple arguments can be given.
	(Gitlab #2225)

336
337
1985.	[func]		fdupont
	Added support for using files to configure basic HTTP
Razvan Becheriu's avatar
Razvan Becheriu committed
338
339
340
	credentials. Instead of configuring a value, it is taken from
	the content of a file. The new parameters of the Control Agent
	configuration are:
341
342
343
344
345
346
347
348
349
	- 'user-file' pointing to a file vs 'user'
	- 'password-file' pointing to a file vs 'password'
	- 'password-file' pointing to a file with the secret
	(which is <user>:<password>) vs 'user' and 'password'.
	For the High Availability hook library the new parameter
	is 'basic-auth-password-file' which can be used as an
	alternative to 'basic-auth-password'.
	(Gitlab #2006)

Andrei Pavel's avatar
Andrei Pavel committed
350
351
352
353
354
1984.	[func]		andrei
	Introduced the lease-upload command to kea-admin which can upload
	leases from a memfile CSV file to a database backend.
	(Gitlab #2039)

355
356
357
358
359
360
1983.	[bug]		fdupont
	Minimum and maximum values of lifetimes are no longer
	skipped when the configuration is retrieved even when
	they are the same as the default value.
	(Gitlab #2222)

Andrei Pavel's avatar
Andrei Pavel committed
361
362
363
364
365
1982.	[bug]		andrei
	The config for an HA peer now accepts an IPv6 address as a valid
	value for the "url" entry.
	(Gitlab #2264)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
366
367
368
369
370
1981.	[func]		tomek
	The default-url DHCPv4 option has been replaced with
	v4-captive-portal, as defined in RFC8910.
	(Gitlab #1684)

Andrei Pavel's avatar
Andrei Pavel committed
371
372
373
374
375
376
1980.	[func]*		andrei
	The kea-admin lease-dump command now outputs a CSV file that is
	compatible with the memfile backend. This is useful when
	migrating from database to memfile. The generated output is
	backwards incompatible. Any tools that depend on it would need
	to adapt.
Andrei Pavel's avatar
Andrei Pavel committed
377
378
	(Gitlab #2038)

379
380
381
382
383
384
385
1979.	[bug]		fdupont
	Update and delete operations on leases no longer raise
	an error with infinite valid lifetime (used by BOOTP)
	and MySQL or PostgreSQL backends where timestamps can
	be limited to 32 bits.
	(Gitlab 897)

386
1978.	[doc]		tomek
Tomek Mrugalski's avatar
Tomek Mrugalski committed
387
388
	The Kea Administrator Reference Manual now correctly states that
	DHCPv6 authentication option has code 11, not 10.
389
390
	(Gitlab #2207)

391
392
393
394
395
1977.	[bug]		razvan
	Use only MAX_HWADDR_LEN (20) bytes from remote-id when extracting
	the MAC from relay options.
	(Gitlab #2201)

Andrei Pavel's avatar
Andrei Pavel committed
396
397
398
399
1976.	[func]		andrei
	Added hwtype and hwaddr_source columns to v6 memfile.
	(Gitlab #2236)

400
401
402
403
404
1975.	[func]		tmark
	Additional changes and corrections relating to Config Backend
	were made to the PostgreSQL database schema.  In addition, the
	upgrade scripts were renamed to ensure proper file name ordering.
	Note that PostgreSQL CB is not yet functional.
Andrei Pavel's avatar
Andrei Pavel committed
405
	(Gitlab #2183, #2244, #2245)
406

407
408
409
410
411
412
413
414
1974.	[func]		fdupont
	The global parameter lookup has been refactored to provide better
	performance. Proper return error code (CONTROL_RESULT_ERROR) has
	been fixed in some cases when trying to apply the new
	configuration. Old code was using wrong hardcoded '2' value
	(CONTROL_RESULT_COMMAND_UNSUPPORTED).
	(Gitlab #1082)

Francis Dupont's avatar
Francis Dupont committed
415
416
417
418
419
420
1973.	[func]		fdupont
	MySQL backends now can be configured to use the SSL/TLS
	support to protect connections to the server. New
	database parameters are "cert-file", "key-file",
	"trust-anchor" and "cipher-list". The negotiated cipher
	name is logged so the MySQL service configuration can
421
422
	be checked. PostgreSQL accepts the same parameters
	but they only trigger the call to the OpenSSL generic
Francis Dupont's avatar
Francis Dupont committed
423
424
425
	initialization in the Pq C-API.
	(Gitlab #34)

Andrei Pavel's avatar
Andrei Pavel committed
426
1972.	[func]		andrei
427
428
429
430
	Kea servers now can accept trailing commas in file
	configurations. While parsing, a warning is printed with the
	location of the comma to give the user the ability to correct
	a mistake.
Andrei Pavel's avatar
Andrei Pavel committed
431
432
433
	(Gitlab #2084)

1971.	[func]		tmark, jad
434
435
436
437
438
439
440
	Added support for embedded DHCPv6 DUIDs within DHCPv4
	Client Identifier options per RFC 4361.  This allows
	Kea to support DDNS in dual stack environments per
	RFC 4703(Sec 5.2). Thanks to John Dickinson for
	contributing the patch!
	(Gitlab #1934)

Andrei Pavel's avatar
Andrei Pavel committed
441
442
443
Kea 2.1.1 (development) released on Nov 24, 2021

1970.	[build]		razvan
444
445
446
447
	Library version numbers bumped for Kea 2.1.1 development
	version.
	(Gitlab #2195)

Andrei Pavel's avatar
Andrei Pavel committed
448
449
450
451
452
453
454
455
456
457
458
459
460
461
1969.	[build]		andrei
	Fixed "make check -j N" running tests in parallel in src/lib/log.
	(Gitlab #2172)

1968.	[build]		andrei
	Fixed make check failing when googletest support was disabled.
	(Gitlab #2167)

1967.	[bug]		andrei
	Fixed a bug where keactrl did not color the active status code
	for kea-dhcp-ddns as it did for the other servers.
	(Gitlab #2117)

1966.	[func]		djt
Andrei Pavel's avatar
Andrei Pavel committed
462
463
464
465
466
	Allow Kea to pack opaque data tuples within options with zero
	length to accommodate some DHCP clients who have been observed
	to send DHCPv4 option 124 with zero length tuples.
	(Gitlab #2021)

Andrei Pavel's avatar
Andrei Pavel committed
467
1965.	[func]		andrei
468
469
470
	Increase the value that "maxsize" can take from 2GB to 2PB.
	(Gitlab #2130)

Andrei Pavel's avatar
Andrei Pavel committed
471
472
473
474
1964.	[func]		wlodek
	Added support for Debian 11 in hammer.py.
	(Gitlab #2042, #2193)

Andrei Pavel's avatar
Andrei Pavel committed
475
1963.	[func]		andrei
Andrei Pavel's avatar
Andrei Pavel committed
476
477
478
479
480
481
482
483
484
	hammer.py has had several improvements.
	NETCONF and PostgreSQL will be properly configured when running
	prepare-system on Fedora and FreeBSD.
	vagrant will be automatically upgraded if it is too outdated.
	Error messages are more clear when running on unsupported
	systems.
	hammer.py is now able to detect Arch Linux distributions and
	offers limited support for it, being able to prepare-system with
	freeradius and netconf support.
Andrei Pavel's avatar
Andrei Pavel committed
485
486
	(Gitlab #2111, #2112)

Andrei Pavel's avatar
Andrei Pavel committed
487
1962.	[func]		andrei
488
489
	kea-netconf updates: fixed store-extended-info, it was an
	operational node instead of a config node. Added several
Andrei Pavel's avatar
Andrei Pavel committed
490
491
492
493
494
	containers and leaves: compatibility, lenient-option-parsing,
	multi-threading, enable-multi-threading, packet-queue-size,
	thread-pool-size, valid-lifetime, min-valid-lifetime,
	max-valid-lifetime, preferred-lifetime, min-preferred-lifetime,
	max-preferred-lifetime, cache-max-age, cache-threshold,
495
496
497
498
499
	ddns-generated-prefix, ddns-override-client-update,
	ddns-override-no-update, ddns-qualifying-suffix,
	ddns-replace-client-name, ddns-send-updates,
	ddns-update-on-renew, ddns-use-conflict-resolution,
	ip-reservations-unique, parked-packet-limit, reservations-global,
Andrei Pavel's avatar
Andrei Pavel committed
500
501
502
503
504
	reservations-in-subnet, reservations-out-of-pool,
	statistic-default-sample-age, statistic-default-sample-count,
	store-extended-info, on-fail.
	(Gitlab #2136)

Andrei Pavel's avatar
Andrei Pavel committed
505
1961.	[func]		tomek, tmark
506
507
508
509
510
	The initial, stubbed version of the PostgreSQL CB hook
	library has been created.  The library is not yet functional
	and does not installed.
	(Gitlab #1848)

Andrei Pavel's avatar
Andrei Pavel committed
511
512
513
514
515
516
1960.	[build]		andrei
	Froze sphinx dependency versions used to build documentation.
	Added the update-python-dependencies Makefile rule to bump the
	versions.
	(Gitlab #2161)

517
518
1959.	[doc]		djt
	Move documentation for acceptable format strings into the Kea
Andrei Pavel's avatar
Andrei Pavel committed
519
	ARM. The relevant section of the ARM was previously referring
520
	to a dead link in the Log4cpp documentation.
Andrei Pavel's avatar
Andrei Pavel committed
521
	(Gitlab #2134)
522

Andrei Pavel's avatar
Andrei Pavel committed
523
1958.	[func]		tomek, tmark
Tomek Mrugalski's avatar
Tomek Mrugalski committed
524
	PostgreSQL database schema has been extended with tables for
Tomek Mrugalski's avatar
Tomek Mrugalski committed
525
526
	Config Backend (CB). This is the first step towards PostgreSQL
	CB. However, as there is no code yet to use those new tables,
Tomek Mrugalski's avatar
Tomek Mrugalski committed
527
	they're not not functional yet.
Andrei Pavel's avatar
Andrei Pavel committed
528
	(Gitlab #90, #2166)
Tomek Mrugalski's avatar
Tomek Mrugalski committed
529

Andrei Pavel's avatar
Andrei Pavel committed
530
531
Kea 2.1.0 (development) released on Oct 27, 2021

532
533
534
535
536
1957.	[build]		razvan
	Library version numbers bumped for Kea 2.1.0 development
	version.
	(Gitlab #2141)

537
1956.	[bug]		tmark
Andrei Pavel's avatar
Andrei Pavel committed
538
	Modified stat_cmds hook library to omit statistics
539
540
541
542
	for non-existent subnets from results returned by
	stat-lease4-get and stat-lease6-get commands.
	(Gitlab #2033)

543
544
545
546
547
1955.	[bug]		tmark
	kea-dhcp4 no longer sends DHCPNAKs in response to
	DHCPREQUESTs for addresses for which it has no knowledge.
	(Gitlab #1584)

548
549
550
551
552
553
1954.	[doc]		fdupont
	Updated the Developer's Guide to explain what to do when
	GSS-TSIG hook unit tests fail from a system Kerberos
	incompatible configuration.
	(Gitlab #2056)

554
1953.	[build]		fdupont
555
	Changed the name of the GSS-TSIG hook library object to
556
557
558
	libddns_gss_tsig.so.
	(Gitlab #2115)

559
Kea 2.0.0 (stable) released on September 29, 2021
560

561
562
563
564
1952.	[build]		razvan
	Library version numbers bumped for Kea 2.0.0 stable version.
	(Gitlab #2104)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
565
1951.	[doc]		tomek
Tomek Mrugalski's avatar
Tomek Mrugalski committed
566
	A new appendix for configuration templates added to Kea ARM.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
567
	the first of which is a home power user.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
568
569
	(Gitlab #2050)

570
1950.	[doc]		slawek
571
572
	Added a description and an example of the usage of the "include"
	statement in the Kea configuration file to the ARM.
573
574
	(Gitalb #2080)

575
576
577
578
579
580
1949.	[bug]		tmark
	kea-dhcp6 now correctly determines DNS update flags when
	the allocation engine dynamically changes the selected
	network subnet.
	(Gitlab #1622)

581
582
583
584
585
1948.	[func]		tmark
	HTTP library will now emit a warning log when the queue of
	pending client requests for a given URL exceeds a threshold.
	(Gitlab #2085)

586
587
588
589
590
591
1947.	[bug]		marcin
	Corrected a bug in the High Availablity hooks library that could
	cause a standby server not to synchronize its lease database
	after a temporary communication interruption with its partner.
	(Gitlab #1959)

592
593
1946.	[bug]		marcin
	Fixes a bug in MySQL configuration backend schema. DHCP options
594
595
	associated with deleted client classes are now automatically
	deleted.
596
597
	(Gitlab #2094)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
598
599
600
601
602
603
604
1945.	[build]		andrei
	Reverted qa#261 changes, which forced linking with OpenSSL 1.1
	when available. This caused a segfault, when Kea's crypto library
	used OpenSSL 1.1, but the MySQL library it linked against, used
	OpenSSL 1.0.
	(Gitlab #2081)

605
606
607
608
609
610
611
1944.	[bug]		tmark
	kea-dhcp4 and kea-dhcp6 both now support a global parameter,
	parked-packet-limit, that can be used to limit the number
	of client responses the server may park pending completion
	of hook library callouts.
	(Gitlab #1307)

612
613
614
615
616
617
1943.	[bug]		marcin
	Fixed a bug in fetching client classes from the Config Backend.
	The bug resulted in failures during attempts to evaluate the
	classes for a received packet.
	(Gitlab #2077)

618
619
620
621
1942.	[func]		fdupont
	Added basic statistics to the DHCP-DDNS server.
	(Gitlab #2040)

Razvan Becheriu's avatar
Razvan Becheriu committed
622
1941.	[func]		fdupont
623
624
	Per DNS server TSIG keys are now supported in the DHCP-DDNS
	(aka D2) server configuration. A new callout point 'select_key'
Razvan Becheriu's avatar
Razvan Becheriu committed
625
	gives access to the selected TSIG key before sending DNS updates.
626
627
	(Gitlab #2011)

628
629
Kea 1.9.11 (development) released on Aug 30, 2021

630
631
632
633
634
635
636
637
638
639
640
641
1940.	[build]		razvan
	Library version numbers bumped for Kea 1.9.11 development
	version.
	(Gitlab #2053)

1939.	[bug]		tmark
	Removed all MultiThreadingCriticalSections from lease_cmds
	hooks library which can cause a dead-lock when running HA+MT.
	The commands simply try to acquire the resource lock and fail
	if the resource is unavailable also logging an error message.
	(Gitlab #2051)

Razvan Becheriu's avatar
Razvan Becheriu committed
642
1938.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
643
644
645
	Fix dead locks caused by commands with CS on http listener
	threads and CS on main thread racing with CS on other threads.
	(Gitlab #2041, #2043)
Razvan Becheriu's avatar
Razvan Becheriu committed
646

Tomek Mrugalski's avatar
Tomek Mrugalski committed
647
1937.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
648
	The Config Backend is now capable of reestablishing database
Tomek Mrugalski's avatar
Tomek Mrugalski committed
649
650
651
	connection after a failure.
	(Gitlab #1982)

Andrei Pavel's avatar
Andrei Pavel committed
652
653
654
655
656
657
1936.	[build]		andrei
	Kea attempts to first link with compatibility library OpenSSL 1.1
	(usually found on CentOS 7) before falling back to the system
	OpenSSL (1.0 on CentOS 7 which is out of support).
	(Gitlab qa#261)

Andrei Pavel's avatar
Andrei Pavel committed
658
659
660
661
662
1935.	[func]		andrei
	The store-extended-info config entry was added to Kea YANG
	modules at root-level and at subnet-level.
	(Gitlab #1944)

663
664
1934.	[func]		tmark
	Kea-dhcp6 now supports specifying valid-lifetime and
665
666
	preferred-lifetime values in client classes (via both
	configuration file and Config Backend).  Prior to this
667
668
669
670
	it could only be specified at the global, shared-network,
	and subnet scopes.
	(Gitlab #1710)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
671
1933.	[doc]		fdupont, tomek
672
673
674
	Added a new ARM section about GSS-TSIG. Currently it describes
	how to build Kea with GSS-API support. It will be expanded in
	the future.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
675
676
	(Gitlab #2018)

677
678
679
680
681
682
683
684
1932.	[func]		tmark
	MySQL indexing of leases database has been improved. It now
	behaves better on older MySQL versions. In particular, the lease
	reclamation no longer causes full scans to be performed. This
	fix introduces MySQL schema update to 11.0. This should reduce
	the periodic performance slowdowns.
	(Gitlab #2030)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
685
686
687
688
689
690
1931.	[bug]		tomek
	Two hook messages HOOKS_CALLOUT_ERROR and HOOKS_CALLOUT_MESSAGES
	are now printing the hook name and index properly. Thank you to
	Shawn Routhier for reporting the issue.
	(Gitlab #2020)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
691
692
693
694
695
1930.	[doc]		razvan
	Extended documentation section about setting up the timezones in
	MySQL and PostgreSQL databases.
	(Gitlab #1978)

696
697
698
699
700
1929.	[build]		andrei
	Compatibility with upcoming boost 1.77 has been improved.
	Thanks to Brad Smith for the patch!
	(Gitlab #1980)

701
702
703
704
705
706
707
708
1928.	[bug]		tmark
	Modified kea-dhcp4 and kea-dhcp6 to only append the
	ddns-qualifying-suffix if the input name does not
	already end with that suffix.  Prior to this the
	suffix was always added which could lead to names
	including the suffix twice.
	(Gitlab #1529)

Michal Nowikowski's avatar
Michal Nowikowski committed
709
710
Kea 1.9.10 (development) released on Jul 30, 2021

711
712
713
714
715
1927.	[build]		razvan
	Library version numbers bumped for Kea 1.9.10 development
	version.
	(Gitlab #1984)

Marcin Siodelski's avatar
Marcin Siodelski committed
716
717
718
719
720
721
722
723
724
1926.	[func]*		marcin
	Server tags in the MySQL database are now represented as strings
	with a maximum length of 64 characters. Previously, the server
	tags could be up to 256 characters long, and it could cause
	database migrations to fail on the systems with UTF-8 encoding
	configured for MySQL. Shorter server tags avoid hitting the
	limitation on the maximum length of an indexed table column.
	(Gitlab #1976)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
725
726
727
728
1925.	[build]		fdupont
	Updated parsers to bison 3.3 or later.
	(Gitlab #453)

Razvan Becheriu's avatar
Razvan Becheriu committed
729
730
731
732
733
1924.	[bug]		razvan
	The MultiThreadingCriticalSection is now thread-safe and can be
	called from http client or http listener processing threads.
	(Gitlab #1964)

Andrei Pavel's avatar
Andrei Pavel committed
734
735
736
737
738
739
740
1923.	[func]		andrei
	Integrate with Sysrepo v1.x branch. Building with support for
	Sysrepo now requires the latest v1.x versions:
	sysrepo v1.4.140 + libyang v1.0.240.
	Support for legacy Sysrepo versions v0.x has been dropped.
	(Gitlab #1077)

741
742
743
744
745
1922.	[func]		marcin
	Added support for storing client classes in the MySQL config
	backend.
	(Gitlab #1920, #1928, #1965, #1972, #1977)

Michal Nowikowski's avatar
Michal Nowikowski committed
746
1921.	[func]		fdupont
747
	The D2 d2_srv_configured hook point used DROP status to notify
748
	the D2 server that an error has occurred and the configuration
749
750
751
752
	is rejected. The error message is passed to the D2 server
	through the new 'error' hook parameter.
	(Gitlab #1950)

753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
Kea 1.9.9 (development) released on June 30, 2021

1920.	[build]		andrei
	Bump library versions for the Kea 1.9.9 development release.
	(Gitlab #1947)

1919.	[bug]		razvan
	Fix the run script hook library leaving behind defunct processes.
	(Gitlab #1878)

1918.	[bug]		razvan
	When parsed, PSID was incorrectly ignoring the PSID value when
	psid-len was 16 instead of ignoring it when the values is 0 as
	per the RFC.
	(Gitlab #1858)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
769
770
771
772
1917.	[func]		tomek
	DHCPv4 and DHCPv6 are now more consistent when logging the
	reasons	why a packet was dropped. This information is now
	available on debuglevel 15. Also added a section in the ARM
773
	discussing the debug levels. The subnet selection failed log
Tomek Mrugalski's avatar
Tomek Mrugalski committed
774
775
776
	message now provides more useful information about the subnet.
	(Gitlab #1915, #1916)

777
778
779
780
781
1916.	[func]		razvan
	The Kea DHCPv4 server accepts requests using server identifier
	configured at client class level.
	(Gitlab #1836)

Andrei Pavel's avatar
Andrei Pavel committed
782
783
784
785
786
787
788
789
1915.	[func]		andrei
	DOCSIS options are no longer offered to any vendor other than
	Cable Labs (vendor-id == 4491). This was not an explicit check
	previously and the match to the vendor relied on a technicality
	such that other vendors could have received these options under
	certain conditions.
	(Gitlab #1894)

790
791
792
793
794
795
796
797
1914.	[func]*		tomek
	The Cassandra (CQL) support is being deprecated, both for
	leases and host backends. For the time being the features
	will produce a warning, but will otherwise function normally.
	However, the functionality will be removed in the future
	Kea releases.
	(Gitlab #1892)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
798
799
800
801
802
1913.	[doc]		tomek
	Kea adopted Developer Certificate of Origin for incoming
	contributions. Please see the CONTRIBUTING.md file for details.
	(Gitlab #1895)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
803
804
805
1912.	[doc]		fdupont, tomek
	The Kea configuration syntax is now documented in BNF notation.
	See new appendix in the ARM.
806
	(Gitlab #504, #745)
Tomek Mrugalski's avatar
Tomek Mrugalski committed
807

Andrei Pavel's avatar
Andrei Pavel committed
808
809
810
811
812
813
814
1911.	[bug]		andrei
	Fixed a minor regression where kea-admin and keactrl would output
	technical errors like "unbound variable" instead of more helpful
	messages like "missing backend" because of the undefined variable
	checks introduced in 1.9.4. Added tests to further prevent it.
	(Gitlab #1653)

Andrei Pavel's avatar
Andrei Pavel committed
815
816
817
818
1910.	[func]		andrei
	Extended perfdhcp to send v4 DHCPRELEASE messages via -F flag.
	(Gitlab #1119)

Francis Dupont's avatar
Francis Dupont committed
819
820
821
822
823
1909.	[build]		fdupont
	Experimental support for Heimdal implementation of GSS-API
	with Kerberos 5 added.
	(Gitlab #1909)

824
825
826
827
828
829
830
1908.	[func]		razvan
	Added export for V4 option 82 (DHO_DHCP_AGENT_OPTIONS) and
	respective suboptions 1 (RAI_OPTION_AGENT_CIRCUIT_ID) and
	suboption 2 (RAI_OPTION_REMOTE_ID) in the run script hooks
	library.
	(Gitlab #1840)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
831
832
833
834
1907.	[doc]		peterd, andrei, razvan
	Many Kea ARM corrections and updates.
	(Gitlab #1917)

835
836
837
838
1906.	[func]		fdupont
	Added support for the TKEY DNS resource record.
	(Gitlab #1880)

839
840
841
842
843
844
845
846
1905.	[build]		fdupont
	Added an optional --with-gssapi switch to the configure
	script. It checks for the presence and suitability of
	packages pertinent to GSS-TSIG. This has been added in
	anticipation of future work and does not add any
	functionality to Kea.
	(Gitlab #1884)

Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
847
848
Kea 1.9.8 (development) released on May 26, 2021

Razvan Becheriu's avatar
Razvan Becheriu committed
849
1904.	[build]		wlodek
850
851
852
853
	Library version numbers bumped for Kea 1.9.8 development
	version.
	(Gitlab #1882)

Andrei Pavel's avatar
Andrei Pavel committed
854
855
856
857
858
859
860
861
862
1903.	[func]		andrei
	Kea now recognizes requests sent from vendors that include their
	information in DHCPv6 Vendor Class option (code 16) for the
	purpose of offering custom options in the response. Previously,
	only the Vendor-specific Information option (code 17) was
	searched for a vendor ID. For the purpose of classification, both
	options are looked into, now, just as before.
	(Gitlab #1837)

Andrei Pavel's avatar
Andrei Pavel committed
863
864
865
866
867
868
1902.	[func]		andrei, fdupont
	All logs that expose configuration, either in full or in snippets
	now have the values of "password" and "secret" entries replaced
	with asterisks "*****".
	(Gitlab #1721)

869
870
871
872
873
874
875
876
877
878
1901.	[bug]		marcin
	Corrected a bug in DHCPv4 subnet selection. The server ignored
	the Subnet Selection option supplied by a client if its query
	contained a Relay Agent Information (RAI) option without a Link
	Selection option. After this change, the server respects the
	Subnet Selection option when RAI lacks the Link Selection
	option. If RAI includes it, it takes precedence over the Subnet
	Selection option.
	(Gitlab #1816)

879
880
881
882
883
884
1900.	[bug]		tmark
	Fixed a sporadic failure caused by a wrong assertion in
	unit test, testMtHttpClientTest.workPauseResumeShutdown,
	introduced by #1818.
	(Gitlab #1876)

885
886
887
888
889
890
891
892
1899.	[func]		tmark,razvan
	In HA+Mt mode, the HA hook library now pauses and resumes
	its worker threads when Kea core enters and exits critical
	sections, respectively.  This eliminates race conditions
	during core processing such as reconfiguration, shutdown,
	and certain RESTful API commands.
	(Gitlab #1818)

893
894
895
896
897
1898.	[func]		fdupont
	The DROP class may now depend on the KNOWN or UNKNOWN classes
	and may be used after the host reservation lookup.
	(Gitlab #1815)

Andrei Pavel's avatar
Andrei Pavel committed
898
1897.	[func]		andrei
899
900
901
902
903
904
905
906
	Kea has a new configuration section called "compatibility" geared
	towards non-compliant clients. The only boolean parameter added
	for now called "lenient-option-parsing" changes the way DHCPv6
	option 16's vendor-class-data field is parsed. When enabled,
	instead of complaining that a length exceeds the rest of the
	option's buffer, the value is considered to be the rest of the
	buffer. This also applies to custom options defined with the
	tuple type for both DHCPv4 and DHCPv6.
Andrei Pavel's avatar
Andrei Pavel committed
907
	(Gitlab #1860)
Andrei Pavel's avatar
Andrei Pavel committed
908

Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
909
910
911
912
1896.	[func]		wlodek
	Perfdhcp extended to send v6 traffic from multiple networks.
	(Gitlab #1416)

913
914
915
916
917
918
1895.	[func]		razvan
	Added additional evaluation tokens to extract and print data:
	addrtotext, int8totext, int16totext, int32totext, uint8totext,
	uint16totext, uint32totext.
	(Gitlab #1680)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
919
920
921
922
923
1894.	[func]		fdupont
	Implemented 'auth' logger, dedicated to logging access
	control information, such as basic HTTP authentication.
	(Gitlab #1590)

924
925
1893.	[func]		fdupont
	Botan 2.14 or later can now be used as a crypto library for
926
	the TLS/HTTPS support in Kea.
927
928
	(Gitlab #1665)

929
930
931
932
933
1892.	[func]		fdupont
	Added + operator as an convenient alias to concat() function
	in expressions.
	(Gitlab #1824)

Michal Nowikowski's avatar
Michal Nowikowski committed
934
935
Kea 1.9.7 (development) released on Apr 28, 2021

936
937
938
939
940
1891.	[build]		razvan
	Library version numbers bumped for Kea 1.9.7 development
	version.
	(Gitlab #1820)

941
942
943
944
945
1890.	[doc]		fdupont
	Added a new section to the ARM, Kea Security, which describes
	various security related topics and how to address them.
	(Gitlab #1587)

946
1889.	[func]		fdupont
947
948
949
	Accept comments (shell '#', C++ '//' and C '/*...*/') in
	JSON commands sent via the control channel or the Control
	Agent.
950
951
	(Gitlab #1652)

952
953
954
955
956
957
958
1888.	[func]		tmark
	Added a new operational mode, HA+MT, to the HA hook library.
	HA+MT provides direct, multi-threaded HTTP communication
	between peers for the exchange HA protocol commands and
	responses.
	(Gitlab #1736)

Andrei Pavel's avatar
Andrei Pavel committed
959
1887.	[build]		andrei, fdupont
960
961
	Migrated autoconf macros, which became warningly deprecated
	since autoconf 2.70, to supported macros.
Andrei Pavel's avatar
Andrei Pavel committed
962
	(Gitlab #1632, #1651)
Andrei Pavel's avatar
Andrei Pavel committed
963

Tomek Mrugalski's avatar
Tomek Mrugalski committed
964
965
966
967
968
1886.	[doc]		tomek
	Added a section in the ARM explaining the relationship between
	keactrl and systemd scripts.
	(Gitlab #1759)

Andrei Pavel's avatar
Andrei Pavel committed
969
970
971
1885.	[func]		andrei
	kea-admin is now able to interactively ask for a password if no
	parameter follows the -p or the --password parameters. This
972
973
974
975
976
	requires the user to give it as the last parameter. The entered
	password is not echoed back to the terminal in order to prevent
	over-the-shoulder snooping or other social engineering
	techniques. Alternatively, you can set the password via the
	KEA_ADMIN_DB_PASSWORD environment variable.
Andrei Pavel's avatar
Andrei Pavel committed
977
978
	(Gitlab #1675)

Francis Dupont's avatar
Francis Dupont committed
979
980
981
982
983
1884.	[doc]		fdupont
	HTTP_CONNECTION_HANDSHAKE_FAILED log message got a
	description.
	(Gitlab #1779)

984
985
Kea 1.9.6 (development) released on March 31, 2021

Andrei Pavel's avatar
Andrei Pavel committed
986
1883.	[build]		andrei
987
988
	Bump library versions for Kea 1.9.6 release.
	(Gitlab #1772)
Andrei Pavel's avatar
Andrei Pavel committed
989

Razvan Becheriu's avatar
Razvan Becheriu committed
990
991
1882.	[func]		razvan
	Implemented database connection recovery for forensic logging.
992
993
994
995
996
997
998
999
1000
1001
	To achieve this, the "on-fail" connection parameter has been
	added to control the action performed on connection loss.
	The supported values are "stop-retry-exit", "serve-retry-exit"
	and "serve-retry-continue". They indicate if the server should
	disable the service on connection loss ("stop-retry-exit") or if
	on recovery failure the server should shut down
	("stop-retry-exit" and "serve-retry-exit") or continue
	("serve-retry-continue"). The default value used (if not
	configured) is "stop-retry-exit" for lease, host and config
	backends, and "serve-retry-continue" for forensic log.
Razvan Becheriu's avatar
Razvan Becheriu committed
1002
1003
	(Gitlab #1621)

Francis Dupont's avatar
Francis Dupont committed
1004
1005
1006
1007
1008
1009
1010
1881.	[func]		fdupont
	Moved errors about URLs using names (vs addresses) or
	https (vs http) scheme in High Availability hook
	configuration from connection opening time to
	configuration time.
	(Gitlab #1758)

Francis Dupont's avatar
Francis Dupont committed
1011
1012
1013
1014
1015
1880.	[build]		fdupont
	TLS support is now reported by configure in the
	cryptographic backend section.
	(Gitlab #1774)

1016
1879.	[func]		fdupont
1017
1018
1019
1020
	The Control Agent now supports TLS/HTTPS. This works with
	OpenSSL and there are known problems with Botan, which will
	be addressed in the future.
	(Gitlab #1662)
1021

Razvan Becheriu's avatar
Razvan Becheriu committed
1022
1023
1878.	[bug]		razvan
	Request enabling DHCP service when the HA hooks library is
Francis Dupont's avatar
Francis Dupont committed
1024
1025
1026
	unloaded. It may remain disabled if it had been disabled
	outside of the HA hooks library. Prior to this change, if
	the HA hooks library disabled the DHCP service it would
Francis Dupont's avatar
Francis Dupont committed
1027
	always remain disabled after the hooks library was unloaded.
Razvan Becheriu's avatar
Razvan Becheriu committed
1028
1029
	(Gitlab #1697)

1030
1031
1032
1033
1034
1035
1036
1877.	[func]		fdupont
	kea-shell supports TLS/HTTPS. This is limited to the python 3
	version i.e. if kea-shell is configured with python 2 it still
	works in 1.9.6 but raises an error if a new TLS/HTTPS argument
	is specified.
	(Gitlab #1663)

Francis Dupont's avatar
Francis Dupont committed
1037
1038
1039
1040
1041
1876.	[doc]		fdupont
	Added documentation for TLS/HTTPS support.
	(Gitlab #1664)

1875.	[func]		fdupont
1042
1043
1044
	TLS/HTTPS support was added to asiolink and http libraries.
	(Gitlab #1661)

1045
1046
1047
1048
1049
1050
1874.	[doc]		marcin
	Added notes in the ARM highlighting that the address and
	delegated prefix pools must be split when HA load-balancing
	mode is used.
	(Gitlab #1726)

Andrei Pavel's avatar
Andrei Pavel committed
1051
1873.	[func]		andrei
Francis Dupont's avatar
Francis Dupont committed
1052
1053
	kea-admin now accepts the -P|--port parameter with a custom
	port used to connect to the database.
Andrei Pavel's avatar
Andrei Pavel committed
1054
1055
	(Gitlab #1674)

Michal Nowikowski's avatar
Michal Nowikowski committed
1056
1057
Kea 1.9.5 (development) released on Feb 24, 2021

Andrei Pavel's avatar
Andrei Pavel committed
1058
1872.	[build]		razvan
1059
1060
1061
1062
	Library version numbers bumped for Kea 1.9.5 development
	version.
	(Gitlab #1713)

Andrei Pavel's avatar
Andrei Pavel committed
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1871.	[bug]		andrei
	The cache threshold feature introduced in 1.9.4 modified
	previously versioned schema 9.5. This caused problems for people
	who had already upgraded to 9.5 which in Kea versions means 1.9.2
	and 1.9.3.
	In this change, the upgrade commands were moved to schema 9.6 and
	are only applied if the database does not contain the required
	columns. Affected Kea installments can now be upgraded to 1.9.5
	and above seamlessly.
	(Gitlab #1698)

Razvan Becheriu's avatar
Razvan Becheriu committed
1074
1075
1870.	[bug]		razvan
	Fixed a crash when using the Kea Legal Log Hooks Library with
1076
	multi-threading. This bug was affecting only database backends.
Razvan Becheriu's avatar
Razvan Becheriu committed
1077
1078
1079
	The log file backend was not affected by this bug.
	(Gitlab #1711)

1080
1081
1082
1083
1084
1085
1869.	[func]		tmark
	Kea-dhcp4 now supports specifying valid-lifetime in client
	classes.  Prior to this it could only be specified at the
	global, shared-network, and subnet scopes.
	(Gitlab #1635)

Andrei Pavel's avatar
Andrei Pavel committed
1086
1087
1088
1089
1090
1091
1092
1093
1868.	[func]		andrei
	The forensic log hook library has gained an auto-increment
	primary key column in it's logs table. It is now able to function
	in a MySQL Percona cluster which requires a primary key for all
	it's tables when configured with pxc_strict_mode = ENFORCING
	which is also the default value.
	(Gitlab #1709)

Andrei Pavel's avatar
Andrei Pavel committed
1094
1095
1096
1097
1098
1099
1100
1867.	[bug]		andrei
	MySQL connection unit tests have been modified to work with
	Percona cluster. This change doesn't fix all problems, but it
	improves the situation sufficiently to be able to run unit tests
	with positive results on a Percona cluster.
	(Gitlab #1708)

1101
1102
1103
1104
1105
1106
1866.	[func]		marcin
	Added new log messages issued when a dynamic lease allocation
	fails. The new messages provide comprehensive information about
	the circumstances in which the failure occurred. In particular,
	they state whether the client is connected to a shared network
	or not. If it is, the shared network name is provided. Otherwise,
Marcin Siodelski's avatar
Marcin Siodelski committed
1107
1108
1109
1110
	the client's subnet id is logged. The new messages also inform
	from how many subnets the server attempted to allocate a lease
	and how many subnets could not be used because of non-matching
	client classes.
1111
1112
	(Gitlab #1701)

Razvan Becheriu's avatar
Razvan Becheriu committed
1113
1114
1115
1865.	[func]		razvan
	Implemented the Run Script hooks library which can be used to
	run external scripts for specific packet processing hook points.
1116
	There are several exported environment variables available for
Razvan Becheriu's avatar
Razvan Becheriu committed
1117
1118
1119
1120
1121
1122
	the script. Currently the implementation is nonblocking and
	Kea will not wait for the script to finish execution before
	continuing to the next step. For this reason, the next step
	provided by the script is ignored.
	(Gitlab #899)

Francis Dupont's avatar
Francis Dupont committed
1123
1864.	[func]		fdupont
1124
1125
1126
	New parameters to handle TLS support added in Control Agent
	config: "trust-anchor", "cert-file", "key-file" and
	"cert-required". They can be configured, but their values are
1127
	not yet used.
Francis Dupont's avatar
Francis Dupont committed
1128
1129
	(Gitlab #1662)

Andrei Pavel's avatar
Andrei Pavel committed
1130
1131
1132
1133
1134
1135
1136
1137
1863.	[func]		andrei
	The perfdhcp tool now supports the -x l option that exports the
	assigned leases to stdout in CSV format. This new capability is
	very useful for the ongoing DB cluster experiments, where we need
	to correlate leases between multiple Kea instances sharing the
	same cluster.
	(Gitlab #1703)

Andrei Pavel's avatar
Andrei Pavel committed
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1862.	[build]		andrei
	Added execution permissions to the upgrade scripts in Kea's
	installation. Previously kea-admin db-upgrade would fail with a
	permission denied error. It started manifesting in 1.9.3 and
	affected 1.9.4 as well. Additionally, now, when running make in
	the source repository to recreate scripts e.g. kea-admin, after a
	change to the .in files e.g. kea-admin.in, they maintain the
	execution permissions granted in the initial build. This makes
	development more seamless.
	(Gitlab #1681)

1149
1861.	[bug]*		tmark
1150
1151
1152
1153
1154
1155
	kea-dhcp4 now uses the value for each fixed field (e.g.
	next-server, server-hostname, boot-file-name) from the
	first class in query's list of classes that specifies the
	field. Prior to this it used the value from the last class
	which specified the field. It may be necessary to revise
	existing configurations to get the desired values.
1156
1157
	(Gitlab #1672)

1158
1159
Kea 1.9.4 (development) released on Jan 27, 2021

Razvan Becheriu's avatar
Razvan Becheriu committed
1160
1161
1162
1163
1164
1860.	[build]		razvan
	Library version numbers bumped for Kea 1.9.4 development
	version.
	(Gitlab #1666)

1165
1166
1167
1168
1169
1170
1859.	[doc]		wlodek
	Added example files with configured Vendor Specific Information
	option (code 43) and Vendor-Identifying Vendor-specific
	Information option (code 125) with several suboptions each.
	(Gitlab #1546)

1171
1858.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1172
1173
1174
1175
1176
1177
1178
1179
1180
	The DHCP service can be independently enabled or disabled by
	the user command, by the database connection mechanics or
	by the HA library. The DHCP service is disabled when any
	of those originators disables the service, and it is enabled
	when all those who previously disabled the service enable it.
	The 'dhcp-enable' and 'dhcp-disable' commands accept 'origin'
	parameter with valid values of 'user' (which is the default)
	indicating a user generated command and 'ha-partner' which is
	used internally by the HA library.
1181
1182
	(Gitlab #1601)

Andrei Pavel's avatar
Andrei Pavel committed
1183
1184
1185
1186
1187
1188
1189
1190
1191
1857.	[build]		andrei
	Code format styles meant to be as close as possible to the
	recommended coding guidelines are now included with the Kea
	source repository in the form of .clang-format and
	.uncrustify.cfg. The clang-format.sh and uncrustify.sh scripts in
	the tools directory can be used to apply these styles to chosen
	files. See coding guidelines in CONTRIBUTING.md for more details.
	(Gitlab #1455)

Razvan Becheriu's avatar
Razvan Becheriu committed
1192
1856.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1193
1194
1195
1196
	When using the config backend, the server converts the old
	'reservation-mode' global parameter internally to new
	reservation flags. The new flags are listed when issuing the
	config-get command.
Razvan Becheriu's avatar
Razvan Becheriu committed
1197
1198
	(Gitlab #1598)

1199
1200
1201
1202
1203
1204
1205
1206
1207
1855.	[func]		marcin
	Improved failover procedure in Kea High Availability library
	by introducing new communication-recovery state. In this
	state the load balancing servers remain responsive to DHCP
	queries when the communication between them is interrupted.
	The new feature is controlled using the delayed-updates-limit
	configuration parameter.
	(Gitlab #1402)

Francis Dupont's avatar
Francis Dupont committed
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1854.	[func, perf]	fdupont
	Implemented "lease caching", a feature similar to ISC
	DHCP's dhcp-cache-threshold. Lease caching is configured
	through two new parameters: cache-max-age and cache-threshold,
	and is supported by both kea-dhcp4 and kea-dhcp6. When enabled,
	lease-caching allows the server to skip updating lease storage,
	when a client is requesting it's own pre-existing lease whose
	age falls under the cache threshold and for which there are no
	substantive changes to lease values such as the hostname.
	(Gitlab #1418)

1219
1220
1221
1222
1223
1224
1225
1226
1853.	[func]		fdupont
	Populated the space field of option definitions. This solved
	reported bugs where a specific standard option processing
	was applied to an option from another space but sharing the
	same code. In particular, this fixes the problem reported
	with vendor suboption 125.
	(Gitlab #1585)

Razvan Becheriu's avatar
Razvan Becheriu committed
1227
1852.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1228
1229
1230
	Corrected the value of unacked-clients-left returned in response
	to the status-get command and the corresponding log messages.
	The previously returned value was too low by 1.
Razvan Becheriu's avatar
Razvan Becheriu committed
1231
1232
	(Gitlab #1578)

1233
1234
1235
1236
1237
1851.	[func]		fdupont
	Removed methods fetching leases by both client identifier
	and hardware addresses from the API.
	(Gitlab #1540)

Andrei Pavel's avatar
Andrei Pavel committed
1238
1239
1240
1850.	[build]		andrei
	Add two scripts to help with code aesthetics, insight on how Kea
	is built or minor build optimizations:
1241
	* ./tools/check-for-duplicate-includes.sh: warns you if
Andrei Pavel's avatar
Andrei Pavel committed
1242
	there is a source file that includes the same header twice.
1243
1244
1245
1246
1247
	While this wouldn't normally result in any errors, it is an
	unusual practice. If you feel that a header should be included
	twice in a file, add the file under "# Exceptions:" in the
	script.
	* ./tools/print-generated-files.sh: prints all the files
Andrei Pavel's avatar
Andrei Pavel committed
1248
	that are generated which may or may not be part of the
1249
1250
	repository. These consist of messages, parser files, and "built
	sources" (as called in Makefile.am files).
Andrei Pavel's avatar
Andrei Pavel committed
1251
1252
	(Gitlab #1602)

1253
1849.	[doc]		tomek
1254
1255
1256
	Two known DHCPv4 RFC violations are now documented in the ARM.
	They are both cases where Kea deliberately deviates from the
	RFC to accommodate some common broken-client behaviors.
1257
1258
	(Gitlab #1608, #1615)

1259
1260
1261
1262
1263
1848.	[bug]		razvan
	The cql upgrade script from schema v3.0 to v4.0 was broken in
	Kea-1.9.3 and has been fixed also enabling the unittest.
	(Gitlab #1616)

Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
1264
1265
Kea 1.9.3 (development) released on Dec 16, 2020

Andrei Pavel's avatar
Andrei Pavel committed
1266
1267
1268
1269
1270
1271
1272
1273
1847.	[bug]		andrei
	Harden shell scripts and fix some of the resulted test failures.
	* #!/bin/sh for all scripts
	* set -eu in all scripts
	* shellcheck all scripts, and fix all shellcheck warnings
	* and more...
	(Gitlab #1574)

1274
1275
1276
1277
1278
1846.	[build]		razvan
	Library version numbers bumped for Kea 1.9.3 development
	version.
	(Gitlab #1605)

1279
1280
1281
1282
1283
1845.	[func]		marcin
	Kea configuration now allows for using database passwords
	which include whitespace.
	(Gitlab #692)

1284
1844.	[bug]		marcin
1285
	Corrected a bug in Kea Control Agent error responses when a
1286
1287
1288
1289
	malformed command was sent. In some cases a map with an error
	response was returned instead of a list.
	(Gitlab #432)

Andrei Pavel's avatar
Andrei Pavel committed
1290
1291
1292
1293
1294
1295
1296
1297
1843.	[func]		andrei
	Allow perfdhcp to request options via option 55 PRL. perfdhcp
	adds option 55 with a few requested options by default so in
	order to allow `perfdhcp -o 55,abcd` special logic to merge all
	the buffers of option 55 was implemented. Works with multiple
	`-o` arguments.
	(Gitlab #1508)

Razvan Becheriu's avatar
Razvan Becheriu committed
1298
1842.	[func]		razvan
Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
1299
	Fixed the db connection reconnect implementation to honor
1300
	each connection backend configuration. The most important
Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
1301
	improvement is that only the affected manager will be
1302
1303
1304
1305
1306
1307
	recreated when a connection is lost. Previously, even
	managers which were not affected had to be recreated on
	any connection loss. Also fixed an issue with recovery
	when multi-threading is enabled.
	(Gitlab #1375)

1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1841.	[bug]		marcin
	Corrected issues with inheritance of the DHCPv6 interface-id
	parameter. When interface-id is set at shared network level
	but not at the subnet level this setting is properly propagated
	to the config backend and reported when responding to the
	config-get command. Prior to this change, if the interface-id
	was set for a shared network, it was always returned for the
	subnets belonging to this shared network, even when subnet
	specific value was not specified.
	(Gitlab #652)

1319
1320
1321
1322
1323
1324
1325
1326
1840.	[bug]		fdupont
	Fixed the inheritance of the triple min-valid-lifetime,
	valid-lifetime and max-valid-lifetime parameters from
	the global scope, and fixed it for preferred-lifetime too.
	Added a sanity check refusing incorrect settings, e.g.
	the lifetime not being between min and max values.
	(Gitlab #1456)

1327
1839.	[bug]		tmark
1328
1329
1330
1331
1332
1333
	kea-dhcp4 and kea-dhcp6 now calculate the DDNS TTL value
	based on RFC 4702, Section 5 which suggests that the
	TTL value be 1/3 of the lease's valid life time with a
	minimum value of 10 minutes. Prior to this the servers
	set the TTL to equal to the lease's valid life time.
	(Gitlab #936)
1334

Andrei Pavel's avatar
Andrei Pavel committed
1335
1838.	[bug]		fdupont
1336
1337
1338
1339
1340
	The DHCPv6 sent multiple instances of an option or a
	sub-option when it seems to be requested more than once
	directly by the client or using the always-send flag.
	(Gitlab #1449)

1341
1342
1343
1344
1837.	[doc]		cstrotm
	Several Kea ARM corrections.
	(Gitlab #1514)

1345
1346
Kea 1.9.2 (development) released on Nov 25, 2020

Razvan Becheriu's avatar
Razvan Becheriu committed
1347
1836.	[build]		razvan
1348
1349
1350
1351
	Library version numbers bumped for Kea 1.9.2 development
	version.
	(Gitlab #1555)

Andrei Pavel's avatar
Andrei Pavel committed
1352
1835.	[doc]		peterd
Tomek Mrugalski's avatar
Tomek Mrugalski committed
1353
1354
1355
	Several Kea ARM corrections.
	(Gitlab #1536)

Francis Dupont's avatar
Francis Dupont committed
1356
1357
1358
1359
1360
1361
1362
1363
1834.	[func]		fdupont
	Added two new callouts (hook points) in the control agent.
	The "auth" callout is executed after the basic authentication
	(if configured) and the command processing. The "response"
	callout is executed after the command processing and before
	the HTTP response is returned.
	(Gitlab #1421)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
1364
1365
1366
1367
1833.	[doc]		sgoldlust
	Many documentation corrections.
	(Gitlab #1539)

Andrei Pavel's avatar
Andrei Pavel committed
1368
1832.	[func]		tomek, wlodek
Wlodzimierz Wencel's avatar
Wlodzimierz Wencel committed
1369
1370
1371
1372
	Perfdhcp extended with functionality to gradually
	increase elapsed time in solicit and secs field in offer.
	(Gitlab #1332)

Razvan Becheriu's avatar
Razvan Becheriu committed
1373
1831.	[bug]		razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1374
1375
1376
1377
	Fixed the DHCPv6 server implementation of the
	reservations-out-of-pool flag to match the DHCPv4 one. When the
	flag is true:
	* the server assumes that all reserved address do not belong to
Razvan Becheriu's avatar
Razvan Becheriu committed
1378
	  the dynamic pool.
Razvan Becheriu's avatar
Razvan Becheriu committed
1379
	* the server will not assign reserved addresses that are inside
Razvan Becheriu's avatar
Razvan Becheriu committed
1380
	  the dynamic pool to the respective clients.
Razvan Becheriu's avatar
Razvan Becheriu committed
1381
1382
1383
	* addresses matching the respective reservations from inside
	  the dynamic pools (if any) can be dynamically assigned to any
	  client.
Razvan Becheriu's avatar
Razvan Becheriu committed
1384
1385
	(Gitlab #1550)

Razvan Becheriu's avatar
Razvan Becheriu committed
1386
1830.	[func]		fdupont, razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1387
1388
1389
1390
	Added new configuration options reservations-global,
	reservations-in-subnet and reservations-out-of-pool to replace
	the old reservation-mode parameter. The new flags can be
	configured independently, adding support for new configuration
Razvan Becheriu's avatar
Razvan Becheriu committed
1391
	scenarios when global and in subnet reservations are both
Razvan Becheriu's avatar
Razvan Becheriu committed
1392
1393
1394
	active.
	(Gitlab #1405)

1395
1829.	[bug]		fdupont, razvan
Razvan Becheriu's avatar
Razvan Becheriu committed
1396
1397
1398
1399
	Fixed a bug in the hasAddressReservation function which was
	causing the search for reservations to end as soon as no global
	reservation was found when configuring a subnet or shared
	network with global reservations enabled.
Razvan Becheriu's avatar
Razvan Becheriu committed
1400
1401
	(Gitlab #1405)

Razvan Becheriu's avatar
Razvan Becheriu committed
1402
1828.	[bug]		andrei, razvan
Andrei Pavel's avatar
Andrei Pavel committed
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
	Fix trivial logic error in handling the "lease4-update" command
	manifesting itself on v4 if multi-threading is enabled.
	Notable affected environment is a HA with the
	"send-lease-updates" configuration setting explicitly set to
	true. Prior to this fix, lease updates would not go through to
	other HA nodes, even though some log lines would say they would.
	A simple workaround prior to this fix is to disable
	multi-threading.
	(Gitlab #1542)

Andrei Pavel's avatar
Andrei Pavel committed
1413
1827.	[build]		andrei
1414
	Add `tools/add-config-h.sh` script that can add
Andrei Pavel's avatar
Andrei Pavel committed
1415
1416
1417
1418
	`#include <config.h>` lines to non-generated source files that
	are missing it.
	(Gitlab #1453)

1419
1420
Kea 1.9.1 (development) released on Oct 28, 2020

1421
1422
1423
1424
1425
1826.	[build]		razvan
	Library version numbers bumped for Kea 1.9.1 development
	version.
	(Gitlab #1481)

Andrei Pavel's avatar
Andrei Pavel committed
1426
1427
1428
1429
1430
1431
1825.	[doc]		andrei
	Examples for option definitions, option data, standardized option
	spaces other than "dhcp[46]", custom option spaces, option
	embedding under doc/examples/kea[46]/all-options.json.
	(Gitlab #1298)

1432
1433
1434
1435
1436
1437
1438
1439
1440
1824.	[func]		tmark
	Added a new parameter, ddns-use-conflict-resolution, to
	kea-dhcp4 and kea-dhcp6. This parameter is passed per request
	to kea-dhcp-ddns which uses it to determine whether or not
	conflict resolution rules (see RFC 4703) are followed for that
	request.  The default value is true. Disabling conflict
	resolution should only be used after careful consideration.
	(Gitlab #1386)

Tomek Mrugalski's avatar
Tomek Mrugalski committed
1441
1823.	[doc]		tomek
1442
	Updated options documentation for DHCPv4 and DHCPv6.
Tomek Mrugalski's avatar
Tomek Mrugalski committed
1443
1444
	(Gitlab #1436, #1460)

Francis Dupont's avatar
Francis Dupont committed
1445
1446
1822.	[func]		fdupont
	When multi-threading is enabled the status-get command displays
Andrei Pavel's avatar
Andrei Pavel committed
1447
	the average length of the multi-threading packet queue for last
Francis Dupont's avatar
Francis Dupont committed
1448
1449
1450
	10, 100 and 1000 packets.
	(Gitlab #1306)

1451
1821.	[func]		anonymous, fdupont
1452
1453
	The forensic log hook library now logs release and decline
	events.
Francis Dupont's avatar
Francis Dupont committed
1454
1455
	(Gitlab #1445)