Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2021-08-31T20:56:53Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/1818HA+MT Hook libs need a way to honor or/be notified of CriticalSection entry/exit2021-08-31T20:56:53ZThomas MarkwalderHA+MT Hook libs need a way to honor or/be notified of CriticalSection entry/exitWhen Kea core needs to do critical work, it enters a critical section, (see util::MultiThreadingCriticalSection). Currently this causes DHCP threads to be destroyed, thus eliminating contention for critical resources that need to be man...When Kea core needs to do critical work, it enters a critical section, (see util::MultiThreadingCriticalSection). Currently this causes DHCP threads to be destroyed, thus eliminating contention for critical resources that need to be manipulated, and the threads are recreated upon critical section exit. MT hooks need the opportunity to stop/pause and start/resume in-step with this to avoid train wrecks. One notion that @razvan and I discussed was having a way to register critical section entry/exit callbacks with core. These would be invoked as critical sections are entered and exited.
As @razvan described "...most things are related to having http client/listener threads running while entering CS (mostly while other commands are run: lease updates/config-reload/config-set/config-test)."
I am breaking this down into at least two MRs:
1. Make it possible to pause/resume thread-pools in HttpClient and CmdHttpListener
2. Add Critical section entry/exit callbacks and integrate their use into HAkea1.9.8Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/1860more lenient parsing of DHCPv6 option 162021-08-19T19:30:10ZAndrei Pavelandrei@isc.orgmore lenient parsing of DHCPv6 option 16kea-dhcp6 currently enforces a format of length-value pairs when parsing vendor-class-data and vendor-option-data fields of option 16 ~~and 17~~, respectively. This is not mentioned in RFC 8415, nor does it recommend against, and so the ...kea-dhcp6 currently enforces a format of length-value pairs when parsing vendor-class-data and vendor-option-data fields of option 16 ~~and 17~~, respectively. This is not mentioned in RFC 8415, nor does it recommend against, and so the decision is left to the implementer:
```
vendor-option-data Vendor options, interpreted by
vendor-specific code on the clients and
servers. A variable-length field (4 octets
less than the value in the option-len field).
```
The mentioned option-len field is the length of the entire option. That is also checked against, and that behavior is RFC-compliant and should be left as it is. Not only is it required, but it is also sufficient to determine the size of said data fields.
The suggestion is to not check against the inner length i.e. inside the data fields. There are considerations to be made whether it should be done:
* generally
* on a vendor-by-vendor basis
* with a configurable boolean setting as "support-broken-clients", "lenient-option-parsing", and so on.
See the ongoing discussion for more clues: [RT#18187](https://support.isc.org/Ticket/Display.html?id=18187)kea1.9.8Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/1815add new DROP points2021-07-01T16:01:59ZFrancis Dupontadd new DROP pointsThe idea is to extend the DROP class idea by adding new points where queries belonging to the DROP class are dropped (named DROP points):
- duplicate the current only DROP point code
- add a new log message
- add a new unit test
- up...The idea is to extend the DROP class idea by adding new points where queries belonging to the DROP class are dropped (named DROP points):
- duplicate the current only DROP point code
- add a new log message
- add a new unit test
- update documentation
To summary the DROP class idea was very successful so we should increase the number of use cases.kea1.9.8Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1837retrieve vendor information from DHCPv6 vendor class option (16)2021-06-24T18:30:43ZAndrei Pavelandrei@isc.orgretrieve vendor information from DHCPv6 vendor class option (16)Kea supports parsing vendor information for the purpose of providing vendor-specific options in the response only via vendor-specific information option (17) directly embedded in the DHCP message.
The other use case, suggested for addit...Kea supports parsing vendor information for the purpose of providing vendor-specific options in the response only via vendor-specific information option (17) directly embedded in the DHCP message.
The other use case, suggested for addition in the hereby issue, is to provide vendor information via vendor class option (16) and to embed option 17 inside an option request option (6).
This could be considered as two separate features:
* look at option[16] for determining whether to send vendor options, not just for classification
* look for option[17] in ORO
One take on this would be to change the logic from:
```
if (option[17].exists) {
enterprise_ID = option[17].enterprise_ID
respond with configured vendor options
}
```
to:
```
if (option[17].exists) {
enterprise_ID = option[17].enterprise_ID
} else if (option[6].option[17].exists && option[16].exists) {
enterprise_ID = option[16].enterprise_ID
}
if (enterprise_ID) {
respond with configured vendor options
}
```
From RFC 8415, section 21.17 (https://tools.ietf.org/html/rfc8415#section-21.17):
> A client that is interested in receiving a Vendor-specific
Information option:
> - MUST specify the Vendor-specific Information option in an Option
Request option.
See the todo:
> /// @todo: We could get the vendor-id from vendor-class option (16).
[RT#18187](https://support.isc.org/Ticket/Display.html?id=18187)kea1.9.8Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/1871configure fails when building with gcc 11.12021-06-07T08:57:10ZGene Cconfigure fails when building with gcc 11.1Building kea with gcc 11.1 fails with - i'm sure there's a simple config fix for those with deeper understanding than mine:
```
...
checking thread support... no
configure: WARNING: unsupported C++11 feature
configure: retrying by addin...Building kea with gcc 11.1 fails with - i'm sure there's a simple config fix for those with deeper understanding than mine:
```
...
checking thread support... no
configure: WARNING: unsupported C++11 feature
configure: retrying by adding --std=c++1x to g++ --std=c++0x
checking --std=c++1x support... no
configure: error: thread (a C++11 feature) is not supported
...
```kea1.9.8Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/1891Sanity checks for Kea 1.9.8 rc12021-05-27T13:44:31ZjenkinsSanity checks for Kea 1.9.8 rc1```We are now at step SANITY CHECKS of Kea 1.9.8 rc1.
Please verify the packages and files according to "4. Sanity Checks" chapter on:
https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks
and your imagination.
Bef...```We are now at step SANITY CHECKS of Kea 1.9.8 rc1.
Please verify the packages and files according to "4. Sanity Checks" chapter on:
https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks
and your imagination.
Before starting any checks, please state what check you are doing in a
thread/discussion (not as comment) in Sanity Checks issue in GitLab:
When you finish given check state in the same thread/discussion what is the result.
This way we know what is covered upfront and we can avoid repeating ourselves.
Release content is located on:
1) [tarballs] repo.isc.org in the following folders:
/data/shared/sweng/kea/releases/1.9.8-rc1
/data/shared/sweng/kea/releases/premium-1.9.8-rc1
/data/shared/sweng/kea/releases/subscription-1.9.8-rc1
SHA256 (kea-1.9.8.tar.gz) = 1008b521cdd8105d28af7ec0b78f2c68ac2601ccd3c1fe46b5b12c40da296e5d
SHA256 (kea-premium-1.9.8.tar.gz) = f119f7104eae98af18f6cf4ac6d3146e677358c4a143213de69373d4fc8c09d6
SHA256 (kea-subscription-1.9.8.tar.gz) = 9da26fff0f5a32ba1218db2e0c3ebaa0a52c270c436d1f6526197f3180187d4d
2) [rpm/deb packages] on packages.isc.org, exact packages versions are stored here:
https://jenkins.aws.isc.org/job/kea-dev/job/pkg/377/
Release version is 1.9.8-isc0034220210524113122 (please verify if it is this version while installing).
Install instruction is here: https://wiki.isc.org/bin/view/QA/KeaReleaseProcess, chapter 4. Sanity Checks, point 9.
```kea1.9.8https://gitlab.isc.org/isc-projects/kea/-/issues/1680[ISC-support #17598] Forensic logging enhancements2021-05-24T16:37:21ZPeter Davies[ISC-support #17598] Forensic logging enhancements**Advanced logging facility for forensic logging.**
A number of customers have been asking for enhanced logging features to be available to the forensic logging library hook.
These enhancement could include:
**Logging format:**
...**Advanced logging facility for forensic logging.**
A number of customers have been asking for enhanced logging features to be available to the forensic logging library hook.
These enhancement could include:
**Logging format:**
The ability to configure the output logging string.
Represent the client-id as ascii instead of hex.
**Logfile attributes**:
The ability to configure rollover settings
The ability automatically compresses rollover files.
[RT #17277](https://support.isc.org/Ticket/Display.html?id=17277)
[RT #17559](https://support.isc.org/Ticket/Display.html?id=17559)
[RT #17523](https://support.isc.org/Ticket/Display.html?id=17523)
[RT #17598](https://support.isc.org/Ticket/Display.html?id=17598)kea1.9.8Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1888unit tests don't build on CentOS 72021-05-24T10:02:17ZAndrei Pavelandrei@isc.orgunit tests don't build on CentOS 7https://jenkins.aws.isc.org/job/kea-dev/job/ut-basic/328/
```
01:35:14 context_unittest.cc: In member function ‘void {anonymous}::EvalContextTest::checkTokenIntToText(const TokenPtr&, const string&)’:
01:35:15 context_unittest.cc:517:...https://jenkins.aws.isc.org/job/kea-dev/job/ut-basic/328/
```
01:35:14 context_unittest.cc: In member function ‘void {anonymous}::EvalContextTest::checkTokenIntToText(const TokenPtr&, const string&)’:
01:35:15 context_unittest.cc:517:30: error: ‘boost::core’ has not been declared
01:35:15 << boost::core::demangle(typeid(n).name()) << " error: "
01:35:15 ^
01:35:15 context_unittest.cc: In instantiation of ‘void {anonymous}::EvalContextTest::checkTokenIntToText(const TokenPtr&, const string&) [with IntegerType = signed char; TokenIntegerType = isc::dhcp::TokenInt8ToText; isc::dhcp::TokenPtr = boost::shared_ptr<isc::dhcp::Token>; std::string = std::basic_string<char>]’:
```
CentOS 7 has boost 1.53 by defaultkea1.9.8https://gitlab.isc.org/isc-projects/kea/-/issues/1887Changes for Kea 1.9.8 release2021-05-24T09:53:56ZWlodzimierz WencelChanges for Kea 1.9.8 release- updated copyright years
- regenerated parsers
- regenerated message headers
- added release entry in ChangeLog
- update kea version- updated copyright years
- regenerated parsers
- regenerated message headers
- added release entry in ChangeLog
- update kea versionkea1.9.8https://gitlab.isc.org/isc-projects/kea/-/issues/1873hammer: drop support for python2 in building kea packages2021-05-21T21:02:19ZMichal Nowikowskihammer: drop support for python2 in building kea packageskea1.9.8https://gitlab.isc.org/isc-projects/kea/-/issues/1883fix netconf compilation2021-05-21T20:37:13ZRazvan Becheriufix netconf compilation```
simple_parser.lo
netconf_cfg_mgr.cc:168:1: error: no declaration matches ‘std::__cxx11::list<std::__cxx11::list<std::__cxx11::basic_string<char> > > isc::netconf::NetconfCfgMgr::jsonPathsToRedact() const’
168 | NetconfCfgMgr::jsonP...```
simple_parser.lo
netconf_cfg_mgr.cc:168:1: error: no declaration matches ‘std::__cxx11::list<std::__cxx11::list<std::__cxx11::basic_string<char> > > isc::netconf::NetconfCfgMgr::jsonPathsToRedact() const’
168 | NetconfCfgMgr::jsonPathsToRedact() const {
```kea1.9.8Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1882lib version bump up 1.9.82021-05-21T19:32:49ZWlodzimierz Wencellib version bump up 1.9.8bump up lib versions for 1.9.8 releasebump up lib versions for 1.9.8 releasekea1.9.8Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/1854Member 'datavector_' was not initialized in this constructor BasicRdataIterat...2021-05-21T19:23:26ZRazvan BecheriuMember 'datavector_' was not initialized in this constructor BasicRdataIterator() {}BasicRdataIterator() {}
```
CID 1449371 (#1 of 1): Uninitialized pointer field (UNINIT_CTOR)
2. uninit_member: Non-static class member datavector_ is not initialized in this constructor nor in any functions that it calls
```BasicRdataIterator() {}
```
CID 1449371 (#1 of 1): Uninitialized pointer field (UNINIT_CTOR)
2. uninit_member: Non-static class member datavector_ is not initialized in this constructor nor in any functions that it calls
```kea1.9.8Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1855Parser4Context::Parser4Context() and Parser6Context::Parser6Context() don't i...2021-05-21T13:53:47ZRazvan BecheriuParser4Context::Parser4Context() and Parser6Context::Parser6Context() don't initialize sfile_ member```
CID 1398349 (#1 of 1): Uninitialized pointer field (UNINIT_CTOR)
2. uninit_member: Non-static class member sfile_ is not initialized in this constructor nor in any functions that it calls
CID 1398351 (#1 of 1): Uninitialized poin...```
CID 1398349 (#1 of 1): Uninitialized pointer field (UNINIT_CTOR)
2. uninit_member: Non-static class member sfile_ is not initialized in this constructor nor in any functions that it calls
CID 1398351 (#1 of 1): Uninitialized pointer field (UNINIT_CTOR)
2. uninit_member: Non-static class member sfile_ is not initialized in this constructor nor in any functions that it calls.
```kea1.9.8Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/1721Obfuscate passwords in logs that show configuration2021-05-21T13:43:06ZAndrei Pavelandrei@isc.orgObfuscate passwords in logs that show configurationThere seem to be only two types of logging that could expose passwords: configuration logs and dbaccess logs.
INFO [kea-dhcp4.dhcpsrv] DHCPSRV_MYSQL_DB opening MySQL lease database: host=127.0.0.1 max-reconnect-tries=3 name=keatest pas...There seem to be only two types of logging that could expose passwords: configuration logs and dbaccess logs.
INFO [kea-dhcp4.dhcpsrv] DHCPSRV_MYSQL_DB opening MySQL lease database: host=127.0.0.1 max-reconnect-tries=3 name=keatest password=***** port=3306 reconnect-wait-time=3000 type=mysql universe=4 user=keatest
dbaccess logs are covered, but config logs have the password exposed. **except** for this kea-ctrl-agent configuration log which also obfuscates:
DEBUG [kea-ctrl-agent.dctl] DCTL_CONFIG_START parsing new configuration: { "authentication": { "clients": [ { "password": "*****", "user": "superadmin" } ], ... }
So this seems like a slip-up in hiding passwords everywhere?
Something to note in the code is that there might be some places where passwords can't be hidden like this place where the problem seems to be that it might rethrow:
```
} catch (const std::exception& ex) {
// We'd obscure the password if we could parse the access string.
DB_LOG_ERROR(DB_INVALID_ACCESS).arg(dbaccess);
throw;
}
```
Is this a similar case?
[RT#17595](https://support.isc.org/Ticket/Display.html?id=17597)kea1.9.8Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/1852ParkingInfo constructor needs to set refcount_ to 02021-05-21T12:48:52ZRazvan BecheriuParkingInfo constructor needs to set refcount_ to 0```
CID 1476305 (#1 of 1): Uninitialized scalar field (UNINIT_CTOR)
2. uninit_member: Non-static class member refcount_ is not initialized in this constructor nor in any functions that it calls.
``````
CID 1476305 (#1 of 1): Uninitialized scalar field (UNINIT_CTOR)
2. uninit_member: Non-static class member refcount_ is not initialized in this constructor nor in any functions that it calls.
```kea1.9.8Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/1850initialize auth_key_length_ in MySqlHostExchange Constructor2021-05-21T12:41:36ZRazvan Becheriuinitialize auth_key_length_ in MySqlHostExchange Constructor```
CID 1476326 (#1 of 1): Uninitialized scalar field (UNINIT_CTOR)
2. uninit_member: Non-static class member auth_key_length_ is not initialized in this constructor nor in any functions that it calls.
``````
CID 1476326 (#1 of 1): Uninitialized scalar field (UNINIT_CTOR)
2. uninit_member: Non-static class member auth_key_length_ is not initialized in this constructor nor in any functions that it calls.
```kea1.9.8Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1853Member 'htype_' was not initialized in this constructor in ClientHandler::Cl...2021-05-21T11:51:43ZRazvan BecheriuMember 'htype_' was not initialized in this constructor in ClientHandler::Client::Client v4 code.in ClientHandler::Client::Client(Pkt4Ptr query, DuidPtr client_id, HWAddrPtr hwaddr)
```
CID 1463892 (#1 of 1): Uninitialized scalar field (UNINIT_CTOR)
7. uninit_member: Non-static class member htype_ is not initialized in this construc...in ClientHandler::Client::Client(Pkt4Ptr query, DuidPtr client_id, HWAddrPtr hwaddr)
```
CID 1463892 (#1 of 1): Uninitialized scalar field (UNINIT_CTOR)
7. uninit_member: Non-static class member htype_ is not initialized in this constructor nor in any functions that it calls.
```
wrongly detected in v6 code because classes share name and namespacekea1.9.8Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1879forensic logging freebsd unit test failures2021-05-20T18:41:53ZAndrei Pavelandrei@isc.orgforensic logging freebsd unit test failureshttps://jenkins.aws.isc.org/job/kea-dev/job/ut-basic/318/
```
Test Result (3 failures / -1)
run tests / freebsd-12.1-amd64 / freebsd-12.1-amd64 results / RotatingFileTest.prerotateActions
run tests / freebsd-12.1-amd64 / freebs...https://jenkins.aws.isc.org/job/kea-dev/job/ut-basic/318/
```
Test Result (3 failures / -1)
run tests / freebsd-12.1-amd64 / freebsd-12.1-amd64 results / RotatingFileTest.prerotateActions
run tests / freebsd-12.1-amd64 / freebsd-12.1-amd64 results / RotatingFileTest.postrotateActions
run tests / freebsd-12.1-amd64 / freebsd-12.1-amd64 results / RotatingFileTest.prerotateAndPostrotateActions
```
```
rotating_file_unittests.cc:1124
Value of: fileExists(exp_name)
Actual: false
Expected: true
```kea1.9.8Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/1816Bug in CfgSubnets4::initSelector2021-05-20T14:50:50ZChuck StearnsBug in CfgSubnets4::initSelectorOnce the code detects that there is an RAI option it skips checking the
subnet selection option whether or not the RAI option actually included
a LINK SELECTION sub-option.
If a request arrives that has a relay option that doesn't inc...Once the code detects that there is an RAI option it skips checking the
subnet selection option whether or not the RAI option actually included
a LINK SELECTION sub-option.
If a request arrives that has a relay option that doesn't include the link selection
sub option and that does include the subnet selection option the code will end up
using the GIADDR or if that doesn't exist fall back to one of the other choices.kea1.9.8Marcin SiodelskiMarcin Siodelski