Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2022-11-02T15:08:41Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/200Remove obsolete and duplicate exceptions2022-11-02T15:08:41ZTomek MrugalskiRemove obsolete and duplicate exceptionsThere are currently 179 different types of exceptions Kea can throw. See $439 for details. We should review then and remove duplicates. For example we have 6 different ParserError exception, 4 ConfigError exceptions, 7 Type exceptions, 4...There are currently 179 different types of exceptions Kea can throw. See $439 for details. We should review then and remove duplicates. For example we have 6 different ParserError exception, 4 ConfigError exceptions, 7 Type exceptions, 4 socket errors. I'm sure there are many other duplicates.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/193Server level option data is sent instead of subnet level option data2022-11-02T15:08:41ZKevan BrownServer level option data is sent instead of subnet level option data**Describe the bug**
Given a DHCP4 configuration where a client option is defined at the server level, and also at the subnet level, the client is receiving the option data from the server level first, and then after forcing the client t...**Describe the bug**
Given a DHCP4 configuration where a client option is defined at the server level, and also at the subnet level, the client is receiving the option data from the server level first, and then after forcing the client to renew, it receives the value from the subnet level.
**To Reproduce**
1) Kea DHCP4
2) Boot a Windows 10 client
3) Client receives domain-name-servers option data defined at the server level
4) Run ipconfig /renew Ethernet on the client and now it receives the correct domain-name-servers option data defined at the subnet level
5) Reboot the client and it now has the server level domain-name-servers option data again.
**Expected behavior**
The Kea DHCP4 server should send the option data defined at the subnet level to which the host reservation is mapped.
**Environment:**
- Kea version:
* 1.4.0-P1
* tarball
* linked with:
* log4cplus 1.1.2
* OpenSSL 1.1.0f 25 May 2017
* database:
* PostgreSQL backend 4.0, library 90610
* Memfile backend 2.0
- OS: Debian Stretch (Raspbian)
- Which features were compiled in (in particular which backends): "--with-pgsql --enable-shell"
- If/which hooks where loaded in: libdhcp_lease_cmds.so
**Additional Information**
- The intent here is to define common option data at level that reduces redundancy, while overriding it at the subnet level when required.
- Configuration excerpt:
```
"option-data": [
{
"name": "domain-name",
"code": 15,
"data": "mydomain.com"
},
{
"name": "domain-name-servers",
"code": 6,
"data": "172.20.0.1"
},
{
"name": "ntp-servers",
"code": 42,
"data": "172.20.0.1"
}
],
"hooks-libraries": [
{
// Lease hooks library for Kea Anterius
"library": "/usr/local/lib/hooks/libdhcp_lease_cmds.so"
}
],
"shared-networks": [
{
"name": "Home",
"subnet4": [
{
// Networking Devices
"subnet": "172.20.0.0/24",
"id": 1,
"pools": [ { "pool": "172.20.0.3 - 172.20.0.8" } ],
"option-data": [
{
"name": "routers",
"code": 3,
"data": "172.20.0.1"
}
]
},
{
// Host Management
"subnet": "172.20.1.0/24",
"id": 2,
"pools": [
{ "pool": "172.20.1.2 - 172.20.1.4" },
{ "pool": "172.20.1.6/32" }
],
"option-data": [
{
"name": "routers",
"code": 3,
"data": "172.20.1.1"
}
]
},
{
// Non-Domain Servers
"subnet": "172.20.3.0/24",
"id": 4,
"pools": [ { "pool": "172.20.3.4 - 172.20.3.4" } ],
"option-data": [
{
"name": "routers",
"code": 3,
"data": "172.20.3.1"
}
]
},
{
// Known Clients
"subnet": "172.20.4.0/24",
"id": 5,
"pools": [ { "pool": "172.20.4.2 - 172.20.4.5" } ],
"option-data": [
{
"name": "routers",
"code": 3,
"data": "172.20.4.1"
},
{
"name": "domain-name-servers",
"code": 6,
"data": "172.20.2.3,172.20.2.4,172.21.0.10,172.20.2.5,172.20.0.1"
}
]
},
```
**Describe the solution you'd like**
A fix for the options data hierarchy behavior in the product.
**Describe alternatives you've considered**
The only other alternative I have is to remove the common options data and repeat it, over and over, for each of the subnets that use it.
**Contacting you**
How can ISC reach you to discuss this matter further? If you do not specify any means such as e-mail, jabber id or a telephone, we may send you a message on github with questions when we have them.
- Emailbackloghttps://gitlab.isc.org/isc-projects/kea/-/issues/191Allow IPv6 multicast to be disabled2022-11-02T15:08:43ZGhost UserAllow IPv6 multicast to be disabled---
name: Feature request
about: Allow IPv6 multicast to be disabled
---
Currently for kea-dhcp6 on FreeBSD, a socket is opened and bound to `*:547` for multicast joining, regardless of how `interfaces-config/interface` is configured. ...---
name: Feature request
about: Allow IPv6 multicast to be disabled
---
Currently for kea-dhcp6 on FreeBSD, a socket is opened and bound to `*:547` for multicast joining, regardless of how `interfaces-config/interface` is configured. I wish to use port 547 on another interface for health checking, but can't. Since I only use external unicast relays, I don't need the multicast functionality of kea-dhcp6, so it would be nice if there was an option to disable this.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/159Kea daemonization2022-11-02T15:08:41ZAdam OsuchowskiKea daemonizationThere are some best practices on how unix daemons should behave. Some of these are not met on Kea. You can read little old but still up-to-date howto document for general overview how to linux daemons should work: http://www.netzmafia.de...There are some best practices on how unix daemons should behave. Some of these are not met on Kea. You can read little old but still up-to-date howto document for general overview how to linux daemons should work: http://www.netzmafia.de/skripten/unix/linux-daemon-howto.html
In particular:
- Kea should put its daemons into background, not stay foreground
- daemons should unbind their stdin, stdout and stderr from current streams (i.e. terminal) and bind them to /dev/null or alternatively stdout and stderr may be binded to log file
- daemons should release their controlling terminal (setsid) because they don't communicate with users this way
- daemons should change current working directory to root (/) not to lock any possible mount points
- daemons should ignore all signals which is not significant to it (i.e. SIGPIPE)backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/139lease times stored in localtime in Postgres (DST issue?)2022-11-02T15:08:42ZRay Bellislease times stored in localtime in Postgres (DST issue?)I've observed that lease expiry times appear to be stored in local time in the Postgres database (and perhaps in others?) rather than in UTC.
This might cause unexpected removal of leases from the database at the changeover to or from DST.I've observed that lease expiry times appear to be stored in local time in the Postgres database (and perhaps in others?) rather than in UTC.
This might cause unexpected removal of leases from the database at the changeover to or from DST.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/114Timeouts specified in inconsistent units2022-11-02T15:08:43ZTomek MrugalskiTimeouts specified in inconsistent unitsAccording to our documentation, timeouts for MySQL and PostgreSQL are specified in seconds, while the same values for CQL are in milliseconds.
I think it's better to use milliseconds. The use case for this is that in HA scenarios, somet...According to our documentation, timeouts for MySQL and PostgreSQL are specified in seconds, while the same values for CQL are in milliseconds.
I think it's better to use milliseconds. The use case for this is that in HA scenarios, sometimes waiting for a second is too much and sub-second precision may be needed. Milliseconds is also the units used in HA.
The immediate reason why this popped up is NETCONF model definition.
However, our current documentation probably should be improved as well. We currently have the parameters explained several times, once for each backend.
Parameters affected: connect-timeout, reconnect-wait-time, request-timeout. There may be others I missed.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/108Need to quote some keys for yang.2022-11-02T15:08:43ZFrancis DupontNeed to quote some keys for yang.The Kea6 reservations.json example file use ```'somevalue'``` as the identifier of a (flex-id) host reservation. Yang uses the same character ```'``` for list keys so it conflicts.
The solution should be to convert the identifier in hexa...The Kea6 reservations.json example file use ```'somevalue'``` as the identifier of a (flex-id) host reservation. Yang uses the same character ```'``` for list keys so it conflicts.
The solution should be to convert the identifier in hexadecimal so:
- check the textual and hexadecimal forms can be used together / safely.
- check presence of problematic characters in a string used as a list key
- create an adaptor to quote or convert strings used as list key.
Nothing hard but low priority as this is clearly a corner case.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/106CB: Update Developer's Guide for Configuration Backend2022-11-02T15:08:42ZMarcin SiodelskiCB: Update Developer's Guide for Configuration BackendThis ticket covers updates to the Developer's Guide after the implementation of the Kea Config Backend.This ticket covers updates to the Developer's Guide after the implementation of the Kea Config Backend.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/60Add automatic rate adjustment to perfdhcp2022-11-02T15:08:41ZGhost UserAdd automatic rate adjustment to perfdhcpTo facilitate performance measurements, it would be helpful if perfdhcp had an automatic rate adjustment feature.
With this, perfdhcp would start sending packets a specified initial rate, then periodically adjust the rate upwards or dow...To facilitate performance measurements, it would be helpful if perfdhcp had an automatic rate adjustment feature.
With this, perfdhcp would start sending packets a specified initial rate, then periodically adjust the rate upwards or downwards automatically until it reached the maximum rate at which the fraction of packets lost was no higher than a given value.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/38Updating DNS entry on host reservation changing2022-11-02T15:08:42ZGhost UserUpdating DNS entry on host reservation changingI sent this questions to kea-users@lists.isc.org two days ago, but nothing happens and I can't see my message in thread list. So, I decided to create a new ticket.
My previous message:
I'm trying to bond Kea with BIND. When a new lease ...I sent this questions to kea-users@lists.isc.org two days ago, but nothing happens and I can't see my message in thread list. So, I decided to create a new ticket.
My previous message:
I'm trying to bond Kea with BIND. When a new lease is created or expired it works well. In this cases I get correct records in "forward" and "reverse" DNS zones. But, when I'm changing an IP-address in host reservation entry in MySQL database, a new address is allocated to the customer and new correct entries appear in DNS. However, an old entry for previous IP-address still remains in "reverse" DNS zone. Thus, now I have a "ghost" entry in my DNS.
I would manually remove the lease BEFORE changing the reservation entry. I guess it should work. But maybe there is a routine solution for this issue?backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/2131revisit and extend D2 update retry code2022-02-25T12:09:25ZFrancis Dupontrevisit and extend D2 update retry codeThe waiting delay between two attempts is not clear and for GSS-TSIG to be able to set the number of retries is requested.
This ticket should stay in the core code. Note the idea to save and restore the NCR queue is not considered here ...The waiting delay between two attempts is not clear and for GSS-TSIG to be able to set the number of retries is requested.
This ticket should stay in the core code. Note the idea to save and restore the NCR queue is not considered here (it has its own ticket #1801).
Opening a design phaseoutstandingFrancis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1345Ability to always-respond to all requests in HA active-active mode to support...2021-01-22T13:30:51ZEwald van GeffenAbility to always-respond to all requests in HA active-active mode to support anycast DHCPMy impression is that ISC KEA doesn't always respond to all requests. I think this is due to the 1/n split.
I run two KEA instances sharing a single BGP anycast /32 IP prefix. DHCP Requests get routed via a DHCP relay towards the closes...My impression is that ISC KEA doesn't always respond to all requests. I think this is due to the 1/n split.
I run two KEA instances sharing a single BGP anycast /32 IP prefix. DHCP Requests get routed via a DHCP relay towards the closest ISC KEA instance according to BGP. Load balancing is externally handled. This means KEA should respond to all requests it receives and not impose any load-balancing logic.
I think this is where the magic happens [1]
From my understanding active_servers needs to reflect the current server instance id (pri,sec).
[1] https://github.com/isc-projects/kea/blob/457111f9db051723ff9f8e7fb621872d0aa10363/src/hooks/dhcp/high_availability/query_filter.cc#L316outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2686Minor: MultiThreadingMgr::[gs]etMode are not MT safe.2023-01-19T14:45:45ZFrancis DupontMinor: MultiThreadingMgr::[gs]etMode are not MT safe.TSAN reports a race on enabled_ in MultiThreadingMgr::getMode and MultiThreadingMgr::setMode. It is only an issue if we want the code to be race free i.e. TSAN no longer reporting any race.TSAN reports a race on enabled_ in MultiThreadingMgr::getMode and MultiThreadingMgr::setMode. It is only an issue if we want the code to be race free i.e. TSAN no longer reporting any race.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2200Format GSS-TSIG code2022-10-06T10:58:58ZAndrei Pavelandrei@isc.orgFormat GSS-TSIG codeNow that GSS-TSIG development has reached maturity, this is a good opportunity to:
* [x] apply code formatting to its code
* [ ] improve .clang-formatNow that GSS-TSIG development has reached maturity, this is a good opportunity to:
* [x] apply code formatting to its code
* [ ] improve .clang-formatoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2140Can't use kea-dhcp6 as Prefix Delegation backend (like previously dibbler)2023-07-31T13:38:18ZLajos KatonaCan't use kea-dhcp6 as Prefix Delegation backend (like previously dibbler)Hi
I would like to use Kea for Openstack Neutron's pd "backend" (https://opendev.org/openstack/neutron ).
Currently we have a driver in Neutron for Dibbler which we use the following way (user workflow: https://docs.openstack.org/neutro...Hi
I would like to use Kea for Openstack Neutron's pd "backend" (https://opendev.org/openstack/neutron ).
Currently we have a driver in Neutron for Dibbler which we use the following way (user workflow: https://docs.openstack.org/neutron/latest/admin/config-ipv6.html#prefix-delegation ):
Neutron l3-agent creates IP namespaces for the routers, and dibbler is started within the ip namespace with a config like this:
_duid-type duid-en 8888 0x0f73d556b8364067bc6b3c2e61367d67
downlink-prefix-ifaces "none"
script
"/opt/stack/data/neutron/pd/877976ab-71c1-4c3f-ab76-281c5f2a61fa:0f73d556-b836-4067-bc6b-3c2e61367d67:qr-58b7a155-28/notify.sh"
iface "qg-f63df9d7-a7" {
bind-to-address fe80::f816:3eff:fe3a:f745
pd 1
}_
sudo ip netns exec qrouter-7dc7553b-b3aa-4782-b534-e4fc61f8b54f dibbler-client start -w /opt/stack/data/neutron/pd/877976ab-71c1-4c3f-ab76-281c5f2a61fa:0f73d556-b836-4067-bc6b-3c2e61367d67:qr-58b7a155-28/client.conf
notify.sh is a hook script to make possible that the prefix is finally stored in db and user can fetch it via REST API.
I tried to use Kea isntead to reach something similar result:
```
_$ cat kea_test.conf
{
# DHCPv6 configuration starts on the next line
"Dhcp6": {
# Next we set up the interfaces to be used by the server.
"interfaces-config": {
"interfaces": [ "qg-f63df9d7-a7" ]
},
# Finally, we list the subnets from which we will be leasing addresses.
"subnet6": [
{
"subnet": "2001:db8:2222::/48",
"pools": [
{"pool": "2001:db8:2222::/64"}
],
"pd-pools": [
{
"prefix": "3000:1::",
"prefix-len": 64,
"delegated-len": 96
}
]
}
]
# DHCPv6 configuration ends with the next line
}}
sudo kea-dhcp6 -c kea_test.conf_
```
but without success.
I saw that Kea has support for hooks (not sure I can use them as those are not in current distros), not sure if I can have similar hook like we have with dibbler.
environment:
Ubuntu 20.04.3 LTS
Linux mykeaenv 5.4.0-88-generic #99-Ubuntu SMP Thu Sep 23 17:29:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ kea-dhcp6 -v
2.0.0outstandingTomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/1562command_processed hook not tested or documented in CA2022-08-01T13:27:57ZTomek Mrugalskicommand_processed hook not tested or documented in CAThis was discovered in #1421 that the `command_processed` hook point is not documented and not tested.
With the upcoming RBAC, we need to improve the testing situation.This was discovered in #1421 that the `command_processed` hook point is not documented and not tested.
With the upcoming RBAC, we need to improve the testing situation.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1447use thread_local to optimize access to thread context2021-10-20T11:53:14ZRazvan Becheriuuse thread_local to optimize access to thread contextmoved from
#1333 https://gitlab.isc.org/isc-projects/kea/-/merge_requests/917
and
#1333 https://gitlab.isc.org/isc-private/kea-premium/-/merge_requests/130moved from
#1333 https://gitlab.isc.org/isc-projects/kea/-/merge_requests/917
and
#1333 https://gitlab.isc.org/isc-private/kea-premium/-/merge_requests/130outstandingWlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/1328Kea and link time optimization2023-09-28T08:09:49ZFrancis DupontKea and link time optimizationThis ticket addressed two different goals:
- first to investigate if/how Kea can be build using -flto
- second fix bugs revealed by the -flto optionsThis ticket addressed two different goals:
- first to investigate if/how Kea can be build using -flto
- second fix bugs revealed by the -flto optionsoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1316switch to an unordered map for LabeledValueSet2020-10-08T15:35:13ZFrancis Dupontswitch to an unordered map for LabeledValueSetCurrently a private map keyed by unsigned int is used and no iterating method is defined so it is safe and perhaps faster to use an unordered map i.e. a hash table instead a balanced binary search tree.
LabeledValueSet is used in state ...Currently a private map keyed by unsigned int is used and no iterating method is defined so it is safe and perhaps faster to use an unordered map i.e. a hash table instead a balanced binary search tree.
LabeledValueSet is used in state models which are themselves used to handle HTTP and JSON input.
Note an alternative is to get rid of the LabeledValueSet and to use directly an unordered map in StateSet as I am not happy with the StateSet::getState() method performance which is called in the runModel loop.
Or moved for LabeledValueSet to a template taking a shared pointer to LabeledValue derived object type parameter and of course LabelValuePtr for default.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1137some configuration related functions should throw exception if called from pa...2021-10-20T11:53:14ZRazvan Becheriusome configuration related functions should throw exception if called from packet processing functions or while processing packets (in MT)outstandingRazvan BecheriuRazvan Becheriu