Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2023-07-17T13:58:21Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/2815reservation-del for reservations from JSON config2023-07-17T13:58:21ZSlawek Figielreservation-del for reservations from JSON configTo implement Config Backend Migration #1623, the possibility of deleting host reservations from the JSON configuration is needed.
The reservations will be first inserted into the database and, after that, deleted from the config file.
Un...To implement Config Backend Migration #1623, the possibility of deleting host reservations from the JSON configuration is needed.
The reservations will be first inserted into the database and, after that, deleted from the config file.
Unfortunately, the hosts_cmds hook doesn't have any capabilities to manage the reservations from the configuration file. It supports only database entries.kea2.3.8Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/kea/-/issues/2749Enable MT in the HA config by default2023-07-17T13:58:22ZFrancis DupontEnable MT in the HA config by default#2402 is only about the core.#2402 is only about the core.kea2.3.7Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/2707ability to detect Kea config changes (config-hash-get)2023-07-17T13:58:20ZTomek Mrugalskiability to detect Kea config changes (config-hash-get)There was a [discussion in Porto](https://pad.isc.org/p/porto2022-kea-features-for-stork#L19) about detecting out of bounds configuration changes in Kea. The overall idea is that Stork should be able to detect somewhat easily if Kea's co...There was a [discussion in Porto](https://pad.isc.org/p/porto2022-kea-features-for-stork#L19) about detecting out of bounds configuration changes in Kea. The overall idea is that Stork should be able to detect somewhat easily if Kea's config has changed, e.g. by sysadmin or some external tool.
Couple ideas were discussed:
- storing timestamp of last modification
- using hash
- using monotonic counter
- using journal file or auditlog
The overall idea is that Stork (and other monitoring tools) should be able to reasonably easily answer the question whether configuration was modified or not. It is essential the question/answer should be relatively low cost as Stork and other monitoring tools tend to look at Kea's config frequently (e.g. every 15 seconds) and the config changes are typically rare events.
This requires a short ~design.kea2.4.0Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/2677T2 gt T1 warning2023-07-17T13:58:22ZPeter DaviesT2 gt T1 warningT2 gt T1 warning
It may be useful in some configurations that when "renew" time (option 58) has
a value greater than "rebind" time (option 59) to ignore the "rebind" time and
for Kea to emit a warning message.
Users compla...T2 gt T1 warning
It may be useful in some configurations that when "renew" time (option 58) has
a value greater than "rebind" time (option 59) to ignore the "rebind" time and
for Kea to emit a warning message.
Users complain that given such a situation Kea exits with the "DHCP4_PARSER_FAIL"
error message.
[RT #21543](https://support.isc.org/Ticket/Display.html?id=21543)kea2.3.5Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/2543Add feature to ignore RAI Link Selection suboption for subnet selection2023-07-17T13:58:24ZDan TheisenAdd feature to ignore RAI Link Selection suboption for subnet selectionIt seems that some vendors may not allow granular control of the option 82 suboptions which are sent. We should add a configuration parameter that allows clients to choose whether or not the RAI Link Selection suboption (option 82.5) is ...It seems that some vendors may not allow granular control of the option 82 suboptions which are sent. We should add a configuration parameter that allows clients to choose whether or not the RAI Link Selection suboption (option 82.5) is used as the primary source of truth for which subnet to use. Clients need to be able to choose the subnet selection logic that Kea regardless of which vendors they use for routing equipment. The specific client in question is attempting to use option 82.1 to classify packets into specific client classes, and use client classification to determine the subnet which a client has an address assigned from. The subnet specified by the routers in the Link Selection subnet is not necessarily the subnet which the client should use. The client uses Juniper routers as DHCP relays, and Juniper's docs do not shed light on how to specifically disable the Link Selection suboption: https://stage.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-sessions/topics/topic-map/dhcp-option-82-using.html#id-using-dhcp-relay-agent-option-82-information
Users should be able to ignore the Link Selection suboption as a primary source of truth for subnet selection, and instead fall back to the normal subnet selection process that is used when the Link Selection suboption is not present. In this case, the routers still include a giaddr (relay address) in the bootp header that can be used for shared network selection.
(Another proposed solution was flex-option for queries)
[RT#20921](https://support.isc.org/Ticket/Display.html?id=20921)kea2.3.2Dan TheisenDan Theisenhttps://gitlab.isc.org/isc-projects/kea/-/issues/2402multi threading mode enabled by default2023-07-17T13:58:22ZWlodzimierz Wencelmulti threading mode enabled by defaultIt's been some time when we released MT support, and HA+MT. We tested this extensively and code looks stable. Also according to performance tests results, Kea running in MT mode with poorly optimised configuration (incorrect thread count...It's been some time when we released MT support, and HA+MT. We tested this extensively and code looks stable. Also according to performance tests results, Kea running in MT mode with poorly optimised configuration (incorrect thread count and queue size for different backends) is much faster than ST mode.
Making this step before releasing next stable is reasonable thing to do.kea2.3.5Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/2288maxsize and maxver should be excluded from the loggers entry in config-get's ...2022-02-16T15:13:45ZAndrei Pavelandrei@isc.orgmaxsize and maxver should be excluded from the loggers entry in config-get's output if destination is not a filemaxsize and maxver are always included in config-get's output and this is a regression (or a feature) gained in Kea 2.1.2. They should be excluded when the output is not a file since they don't make sense in that case.
The behavior is s...maxsize and maxver are always included in config-get's output and this is a regression (or a feature) gained in Kea 2.1.2. They should be excluded when the output is not a file since they don't make sense in that case.
The behavior is similar for other entries. For example, "lease-database" excludes user, password, port when type is memfile.kea2.1.3Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2222min-valid-lifetime and max-valid-lifetime not written by config-write2022-01-20T16:24:34ZMaria Hrabosovamin-valid-lifetime and max-valid-lifetime not written by config-writeThe min/max lifetimes in subnets are missing when the configuration is written using `config-write` management API command.
Subnet configuration tested and set using `config-test` and `config-set`:
```
{
"subnet": "192.168.0.0/24",
....The min/max lifetimes in subnets are missing when the configuration is written using `config-write` management API command.
Subnet configuration tested and set using `config-test` and `config-set`:
```
{
"subnet": "192.168.0.0/24",
...
"valid-lifetime": 3600,
"min-valid-lifetime": 3600,
"max-valid-lifetime": 3600,
}
```
Subnet configuration written using `config-write`:
```
{
"subnet": "192.168.0.0/24",
...
"valid-lifetime": 3600,
}
```
_Kea 1.9.6 on CentOS 7_kea2.1.2Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2086Subnet id limits are not enforced2022-06-23T19:26:12ZPeter DaviesSubnet id limits are not enforcedKea 9.11: According to the ARM "Subnet IDs must be greater than zero and less than 4294967295."
However no configuration error appears to be generated when a subnet with an id greater than this is used?
```
{
"id": 102552...Kea 9.11: According to the ARM "Subnet IDs must be greater than zero and less than 4294967295."
However no configuration error appears to be generated when a subnet with an id greater than this is used?
```
{
"id": 10255255025,
"subnet": "10.0.0.0/24",
"pools": [
{
"pool": "10.0.0.50 - 10.0.0.201" } ]
}
]
```
Subnet id 10255255025 becomes 1665320433.
```
2021-09-01 09:16:29.465 DEBUG [kea-dhcp4.hosts/4035250.140148899886976] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4 get one host with reservation for subnet id 1665320433 and IPv4 address 10.0.0.160
```
kea-lease4.csv:
```
address,hwaddr,client_id,valid_lifetime,expire,subnet_id,fqdn_fwd,fqdn_rev,hostname,state,user_context
10.0.0.50,98:ee:cb:4c:22:8f,,600,1631520296,1665320433,0,0,,0,
```
[RT #19141](https://support.isc.org/Ticket/Display.html?id=19141)kea2.1.7Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1866segfault on parameter-less forensic logging2021-05-19T14:26:22ZAndrei Pavelandrei@isc.orgsegfault on parameter-less forensic loggingWhen configuring kea-dhcp[46] with a forensic logging without a "parameters" field, it segfaults.
```json
"hooks-libraries": [
{
"library": "libdhcp_legal_log.so"
}
]
```
`
kea-dhcp6: /usr/include/boost/smar...When configuring kea-dhcp[46] with a forensic logging without a "parameters" field, it segfaults.
```json
"hooks-libraries": [
{
"library": "libdhcp_legal_log.so"
}
]
```
`
kea-dhcp6: /usr/include/boost/smart_ptr/shared_ptr.hpp:728: typename boost::detail::sp_member_access<T>::type boost::shared_ptr<T>::operator->() const [with T = isc::legal_log::BackendStore; typename boost::detail::sp_member_access<T>::type = isc::legal_log::BackendStore*]: Assertion 'px != 0' failed.
`
`
#4 0x00007ffff34e1cf5 in boost::shared_ptr<isc::legal_log::BackendStore>::operator-> (this=0x7ffff3558250 <isc::legal_log::BackendStore::instance()::backend_store>) at /usr/include/boo
st/smart_ptr/shared_ptr.hpp:728
#5 0x00007ffff34decf1 in load (handle=...) at load_unload.cc:52
`
This used to work in 1.9.7.
This is also why system tests are failing on Jenkins.
`parameters` is checked on the first line of `BackendStore::parseFile()`, it returns on null, and the backend store is not instantiated further down below.
```cpp
void
BackendStore::parseFile(const ConstElementPtr& parameters) {
if (!parameters) {
return;
}
[..]
BackendStore::instance().reset(new RotatingFile(path, base, unit, count,
prerotate, postrotate));
}
```kea1.9.8Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/1457Pools in example configurations conflict2020-11-16T08:18:24ZAndrei Pavelandrei@isc.orgPools in example configurations conflictI know pools are the first thing an administrator changes in a real environment, but then there are developers who try to come up with a fast local setup and take inspiration from example configurations. And then they stumble upon
`
DHC...I know pools are the first thing an administrator changes in a real environment, but then there are developers who try to come up with a fast local setup and take inspiration from example configurations. And then they stumble upon
`
DHCP6_INIT_FAIL [..] subnet configuration failed: a pool of type IA_PD, with the following address range: 2001:db8::-2001:db8:ff:ffff:ffff:ffff:ffff:ffff overlaps with an existing pool in the subnet: 2001:db8::/32 to which it is being added
`
This is the case for `kea6/all-keys.json`, but there might be others. Pools can be easily changed to not come into conflict, so let's do that.kea1.9.2Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/1456Minor bug in inheritance2020-12-09T14:19:27ZFrancis DupontMinor bug in inheritancegetGlobalProperty does not work as expected with Triplet return type so for instance maximum and minimum lifetimes are not inherited from global values when a subnet is added by the configuration backend.
Note when this will be fixed we...getGlobalProperty does not work as expected with Triplet return type so for instance maximum and minimum lifetimes are not inherited from global values when a subnet is added by the configuration backend.
Note when this will be fixed we should be able to get rid of the syntax inheritance i.e. here of deriveParameters.kea1.9.3Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1454PDExclude example in kea6/all-keys.json is invalid2020-10-16T10:42:33ZAndrei Pavelandrei@isc.orgPDExclude example in kea6/all-keys.json is invalidUsing the pool which contains the `"excluded-prefix"` and `"excluded-prefix-len"` fields found in `all-keys.json` would result in
`
DHCP6_INIT_FAIL failed to initialize Kea server: configuration error using file '/etc/kea-dhcp6.conf': E...Using the pool which contains the `"excluded-prefix"` and `"excluded-prefix-len"` fields found in `all-keys.json` would result in
`
DHCP6_INIT_FAIL failed to initialize Kea server: configuration error using file '/etc/kea-dhcp6.conf': Excluded prefix (48) must be longer than the delegated prefix length (64
`
which, mind you, is also missing a bracket at the end.kea1.9.1Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/1423Generate tests for syntax entry uniqueness2020-10-20T12:39:47ZFrancis DupontGenerate tests for syntax entry uniquenessThe following discussion from #1102 !928 should be addressed:
- [ ] @marcin started a [discussion](https://gitlab.isc.org/isc-projects/kea/-/merge_requests/928#note_163552): (+3 comments)
> It would be good to extend these tests t...The following discussion from #1102 !928 should be addressed:
- [ ] @marcin started a [discussion](https://gitlab.isc.org/isc-projects/kea/-/merge_requests/928#note_163552): (+3 comments)
> It would be good to extend these tests to have a list of all supported parameters and iterate over them and see if an error is raised when they are duplicated. This test only covers selected ones.kea1.9.1Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1330Add a test mode to the interface configuration parser2020-07-27T08:51:32ZFrancis DupontAdd a test mode to the interface configuration parserSee https://gitlab.isc.org/isc-projects/kea/-/issues/1166#note_148112 for the reason.See https://gitlab.isc.org/isc-projects/kea/-/issues/1166#note_148112 for the reason.kea1.7.10Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1298Request for more examples of option specification2020-11-16T15:40:14ZVicky Riskvicky@isc.orgRequest for more examples of option specificationWe see a fair number of support and user list questions about how to define and use new options and option spaces.
We could use lots of examples, please. Vendor options, nested options.
Either the ARM or a KB is fine. The ARM is probab...We see a fair number of support and user list questions about how to define and use new options and option spaces.
We could use lots of examples, please. Vendor options, nested options.
Either the ARM or a KB is fine. The ARM is probably easier to maintain.kea1.9.1Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/1245convert parsing of global entries to flat style2020-06-18T20:13:11ZFrancis Dupontconvert parsing of global entries to flat styleIn json_config_parser.cc the loop parsing global entries incorrectly assumes entries are handled in the code order when they are in the alphabetic entry name order. The code must be converted into the flat style to enforce this property.In json_config_parser.cc the loop parsing global entries incorrectly assumes entries are handled in the code order when they are in the alphabetic entry name order. The code must be converted into the flat style to enforce this property.kea1.7.9Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1166Improve what happens with the server after an operator tries to load a broken...2020-07-24T08:31:46ZMichael McNallyImprove what happens with the server after an operator tries to load a broken config.
**Problem summary**
Recently we had a [support ticket for a customer](https://support.isc.org/Ticket/Display.html?id=16161) where the root cause of the interruption in service turned out to be self-inflicted -- the customer had tried t...
**Problem summary**
Recently we had a [support ticket for a customer](https://support.isc.org/Ticket/Display.html?id=16161) where the root cause of the interruption in service turned out to be self-inflicted -- the customer had tried to load a config to which the parser objected (because of a duplicated subnet.) This unsuccessful attempt to load a new config had the non-obvious effect of causing the server to stop listening for DHCP packets according to @tmark's diagnosis of the problem.
**What should we do instead?**
While it may not be possible in every case to define what ought to happen when an operator attempts to load a new config with a parse problem in it, the behavior in this instance could stand to be improved. The config load operation would have returned an error and the server did log messages about the parser fail error, e.g.:
> kea4-logs.5:2020-03-14 05:47:51.882 ERROR [kea-dhcp4.dhcp4/10414] DHCP4_PARSER_FAIL failed to create or run parser for configuration element shared-networks: duplicate network 'relay-89.36.121.129' found in the configuration (<wire>:0:2859)
> kea4-logs.5:2020-03-14 05:48:06.686 ERROR [kea-dhcp4.dhcp4/10414] DHCP4_PARSER_FAIL failed to create or run parser for configuration element shared-networks: duplicate network 'relay-89.36.121.129' found in the configuration (<wire>:0:2859)
**BUT** it was not obvious to the operator, even after the fact, that their unsuccessful attempt had had the effect of causing the server to stop responding to clients.
- A preferred alternative would be to revert to the previously-working config and to continue processing requests.
- If this is not possible then at least the logging and error messages issued should be re-written to increase their level of urgency and to make it plain to the operator that their unsuccessful attempt to load a new config has been service-affecting.kea1.7.10Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1137some configuration related functions should throw exception if called from pa...2021-10-20T11:53:14ZRazvan Becheriusome configuration related functions should throw exception if called from packet processing functions or while processing packets (in MT)outstandingRazvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1100Remove conversion from user-context to comments2020-06-15T15:41:19ZTomek MrugalskiRemove conversion from user-context to comments#1079 explained the relationship between comments and user-context. Right now we load comments and convert them to user-context on the fly. When storing configuration (config-get, config-write and similar), we convert them back. There wa...#1079 explained the relationship between comments and user-context. Right now we load comments and convert them to user-context on the fly. When storing configuration (config-get, config-write and similar), we convert them back. There was a complaint about that - see #1006. This ticket is for removing the conversion from user-context to comments.kea1.7.9Francis DupontFrancis Dupont