Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2024-02-20T10:26:54Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/3238Sanity checks for Kea 2.5.5 rc12024-02-20T10:26:54ZWlodzimierz WencelSanity checks for Kea 2.5.5 rc1We are now at step SANITY CHECKS of Kea 2.5.5 rc1.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-co...We are now at step SANITY CHECKS of Kea 2.5.5 rc1.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks) and according to your imagination.
Before starting, please state what you are checking in a thread/discussion (not as comment).
When you finish a check, state in the same thread/discussion what the result is.
This way we know what is covered upfront and we can avoid repeating ourselves.
#### Tarballs on repo.isc.org
* `/data/shared/sweng/kea/releases/2.5.5-rc1`
* `/data/shared/sweng/kea/releases/premium-2.5.5-rc1`
* `/data/shared/sweng/kea/releases/subscription-2.5.5-rc1`
* `/data/shared/sweng/kea/releases/enterprise-2.5.5-rc1`
```
SHA256 (kea-2.5.5.tar.gz) = 77918ea7ccb9bc89756c3e52a26adf515b91e47dbf258027fa973f68eff82f67
SHA256 (kea-enterprise-2.5.5.tar.gz) = 8041d0fd418846c36dc51dc0b64cb820ba46c5d1ec392990f2d30068272c3013
SHA256 (kea-premium-2.5.5.tar.gz) = b376b98480dcf31435d72f42edfc194ba41c3864dacd12fd3d46f43f5ae9d6c4
SHA256 (kea-subscription-2.5.5.tar.gz) = ae4b940a984d80fa93d0f9130bb1fdf41c15cf29858a46dbbf8a5eda98119768
```
#### Packages on packages.aws.isc.org
* [APK: 2.5.5-r20240129145054](https://packages.aws.isc.org/#browse/search/raw=format%3Draw%20AND%20name.raw%3D*r20240129145054.apk)
* [deb: 2.5.5-isc20240129145054](https://packages.aws.isc.org/#browse/search/apt=format%3Dapt%20AND%20version%3D2.5.5-isc20240129145054)
* [RPM: 2.5.5-isc20240129145054.\[os\]](https://packages.aws.isc.org/#browse/search/yum=format%3Dyum%20AND%20version%3D2.5.5-isc20240129145054*)
You can find the name for all the packages attached as build artifacts in the pkg job: https://jenkins.aws.isc.org/job/kea-dev/job/pkg/1407/
Instructions for installing packages are at point 9 of [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks).kea2.5.6Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/3237Changes for Kea 2.5.5 release2024-01-29T14:39:11ZWlodzimierz WencelChanges for Kea 2.5.5 release
- [x] added release entry to ChangeLogs
- [x] regenerated BNF grammar
- [x] regenerated message headers
- [x] regenerated parsers
- [x] reordered messages in alphabetical order
- [x] updated copyright years
- [x] added release entry to ChangeLogs
- [x] regenerated BNF grammar
- [x] regenerated message headers
- [x] regenerated parsers
- [x] reordered messages in alphabetical order
- [x] updated copyright yearskea2.5.5Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/32362.5.5 release checklist2024-01-31T19:24:29ZWlodzimierz Wencel2.5.5 release checklist# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of these checks and updates can be made before the actual fr...# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of these checks and updates can be made before the actual freeze. For new stable releases or maintenance releases, please don't use the `kea-dev` build farm; use a dedicated build farm for each release cycle.
1. [x] Check Jenkins results:
1. [x] Check Jenkins jobs for failures: [distcheck](https://jenkins.aws.isc.org/job/kea-dev/job/distcheck/), etc...
1. [x] Check [Jenkins Tests Report](https://jenkins.aws.isc.org/job/kea-dev/job/jenkins-tests-report/).
1. [x] Check [tarball check report](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/Kea_20Build_20Checks/)
1. [x] Check [Performance Test Results](https://jenkins.aws.isc.org/job/kea-dev/job/performance/lastSuccessfulBuild/artifact/qa-dhcp/kea/performance-jenkins/report.html) in Jenkins for drops in performance.
1. [x] Create a Gitlab issue for bumping up library versions and `KEA_HOOKS_VERSION` and notify developers.
* In case of no developers available, it can be done by running: [./tools/bump-lib-versions.sh](https://gitlab.isc.org/isc-projects/kea/-/blob/master/tools/bump-lib-versions.sh) Kea-q.w.e Kea-a.b.c (where `a.b.c` is the version to be released and `q.w.e` is the version previous to that).
1. [x] Look at the issue numbers in commit descriptions. Add to ChangeLog a mention about any change with visible impact that had not been mentioned already.
1. [x] If any changes have been done to database schemas, then:
1. [x] Check that a previously released schema has not been changed.
1. [x] Check that the additions to `dhcpdb_create.*sql`, and nothing more nor less than what was added in this release, is present in a `upgrade_*_to_*.sh.in` script that should also have been added in this release.
1. [x] Prepare release notes.
1. [x] Create release note on Kea GitLab wiki and notify @tomek. It should be created under the `Release-Notes` directory, like this one: https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes/release-notes-2.3.4
1. [x] Finish release notes and conduct its review.
1. [x] Notify support that release notes are ready for review. To avoid conflicts in edits wait with next step after review is done.
1. [x] Notify @sgoldlust or @vicky that release notes are ready for review. Due to time difference please do this at least 36 hours before planned release.
1. [ ] Check that packages can be uploaded to cloudsmith.
1. Go to [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/).
1. Click `Build with Parameters`.
1. Pick the latest pkg build in the `Packages` field, and the corresponding tarball build in the `Tarball` field, leave the rest as they are `PrivPubRepos: "private"`, `TarballOrPkg: "packages"`, `TestProdRepos: "testing"` and click `Build`.
1. If a new Cloudsmith repository is used, then:
1. [ ] Make sure access tokens have been synchronized from previous Cloudsmith repositories and to the [check-pkgs.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/pkgs-check/check-pkgs.py) QA tool.
1. [x] Check if ReadTheDocs can build Kea documentation. Alternatively, look for failures in emails if you know that the ReadTheDocs webhook is working.
1. Trigger rebuilding docs on [readthedocs.org](https://readthedocs.org/projects/kea/builds) and wait for the build to complete.
The following steps may involve changing files in the repository.
1. [x] Run [update-code-for-release.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/update-code-for-release.py) \
Example command: `GITLAB_TOKEN='...' ./update-code-for-release.py 2.3.4 --repo-dir ~/isc/repos/kea/`. \
Help: `GITLAB_TOKEN='...' ./update-code-for-release.py --help`. \
The script requires an explicit flag for stable and maintenances releases e.g. `--repo-branch v2_4`. \
The script makes the following changes and actions:
1. Runs [prepare_kea_release.sh](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/prepare_kea_release.sh) that:
1. Adds release entries in ChangeLogs.
1. Updates Kea version in configure.ac.
1. Updates copyright years in files that were changed in current year.
1. Sorts message files.
1. Regenerates message files headers.
1. Regenerates parsers using Bison from Docker
1. [x] Run the script again with the `--upload-only` flag which:
1. Creates an issue in GitLab for release changes in kea repo.
1. Creates branches and merge requests for kea and kea-premium.
1. Commits the changes in both repos.
1. Checks out created branches in both repos.
1. Commits and pushes the changes to GitLab server.
1. [x] Check manually User's Guide sections:
1. [x] Chapter 1. Introduction
1. [x] On what platforms we are running tests using Jenkins? Update Supported Platforms in platforms.rst file.
1. [x] Did we add any additional 3rd party software? Update if needed.
1. [x] Is there a new tool installed in bin or sbin released this time? If yes, is it documented?
1. [x] Chapter 2. Quick Start
1. [x] Has the default installation process changed (for kea and hooks)? If yes, are those changes documented and highlighted in the release notes?
1. [x] Chapter 3. Installation
1. [x] Check installation hierarchy (this is also automatically checked at the end of [ut-extended job](https://jenkins.aws.isc.org/job/kea-dev/job/ut-extended/)).
1. [x] Check and update Build Requirements.
1. [x] Check configure options against what `./configure -h` says.
1. [x] Check ChangeLog entries in Kea main and premium: spelling, trailing whitespaces, etc.
1. [x] Check AUTHORS, INSTALL, README files in Kea main and premium.
- AUTHORS: update credits
- README: check "provides" with Release Notes, User Guide (1.3 Kea Software)
1. [x] If changes were made, commit the change, push the branch to the main repository and request a review. Once the changes have been approved, merge the MR to master.
## Build selection, tarballs upload and sanity checks
This is the last moment to freeze code! :snowflake:
1. [x] Go to [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/) Jenkins job and pick the last tarball built - it will be a release candidate.
1. [x] Check tarball before requesting sanity checks from the development team.
1. Download tarballs from picked Jenkins build
1. Check hook libraries.
1. Are there any new hook libraries installed in this release?
1. Are they in the proper tarball? Premium or subscription?
1. Do they have their own package?
1. Check sizes - is the new package reasonable?
1. Check installation tree, compare it with the previous release
1. Check installed libraries.
1. which were updated? (save results)
1. Do any of the libraries from the current release have lower version than in the previous release?
1. Uninstall Kea, check what left (there should be just configuration files)
1. Check if each of the installed binaries has a man page.
1. If not, is the binary included in the tarball? That might explain it.
1. Are man pages up to date?
1. Check if documentation is properly formatted, has correct versions and dates.
1. It's advised to search for previous version numbers, some of them are statically added in statements that are no longer valid.
1. [x] Upload tarballs to repo.isc.org using Jenkins and send sanity checks request.
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click `Build with Parameters`.
1. In field `Tarball` select picked tarball build.
1. In field `Pkg` select the corresponding pkg job.
1. In field `Release_Candidate` pick:
1. `rc1` if this is the first selected build for release, it will push the selected tarballs to repo.isc.org, to a directory suffixed with indicated rc#
1. next rc# if this is a respin after some fixes (note: it is not possible to pick previous rc number - it will result in an error)
1. Submit the job that will automatically:
1. Upload the tarballs.
1. Create a GitLab issue for sanity checks, put the announcement there.
1. Send Sanity Checks announcement on the Kea/DHCP channel on Mattermost.\
The announcement includes:
- a link to chapter 4 Sanity Checks of the release process: [KeaReleaseProcess - SanityChecks](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks)
- a link to the GitLab issue
- tarballs locations with SHA256 checksums
- rpm/deb packages locations and versions
## Releasing Tarballs and Packages
Now it's time to publish the code.
1. [x] Update Release Notes with ChangeLog entries.
1. [x] Mark Jenkins jobs with release artifacts to be kept forever and update description of build by adding there version of released kea (e.g. `Kea-2.3.4`).
1. Go to the following Jenkins jobs, click release build and then, on the build page, click `Keep this build forever` button and edit description:
1. [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/).
1. [pkg job](https://jenkins.aws.isc.org/job/kea-dev/job/pkg/).
1. [x] Upload final tarballs to repo.isc.org.
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click `Build with Parameters`.
1. In field `Tarball` select picked tarball build.
1. In field `Pkg` select the corresponding pkg job.
1. In field `Release_Candidate` pick `final`. This job will also:
- Open an issue on [the signing repository](https://gitlab.isc.org/isc-private/signing/-/issues) for signing final tarballs on repo.isc.org.
- Create Git tags `Kea-a.b.c` in Kea main and premium repositories.
- Create Gitlab releases `Kea-a.b.c` in Kea main and premium repositories.
1. [x] Sign tarballs with the personal key, by running [sign_kea_and_upload_asc.sh](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/sign_kea_and_upload_asc.sh) which signs, verifies signatures and uploads them.
- If release engineer does NOT have signing key, please contact team member.
1. [x] Confirm that the tarballs have the checksums mentioned on the signing ticket.
1. [ ] Wait for clearance from Security Officer to proceed with the public release (if applicable). If this is a security release, next steps will be impacted by CVE checklist.
1. [x] Login to repo.isc.org and upload final tarball to public ftp using the make-available script.
* Example command: `make-available --public --symlink=cur/2.3 /data/shared/sweng/kea/releases/2.3.4`.
* [x] For premium tarballs use `--private` option.
* For more information use `--debug` option.
* To overwrite existing content, use `--force` option.
* If you did a mistake, contact ASAP someone from the ops team to remove incorrectly uploaded tarballs.
* [x] save links to all premium tarballs and put them into signing ticket as a comment.
1. [x] Upload final RPM & DEB packages, tarballs and sign files to cloudsmith.io:
1. Go to [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/).
1. Click `Build with Parameters`.
1. Pick your selected pkg build in the `Packages` field, the corresponding tarball build in the `Tarball` field, `PrivPubRepos: "both"`, `TarballOrPkg: "both"`, `TestProdRepos: "production"` and click `Build`.
- This step also verifies sign files.
1. When it finishes run check: [releases-pkgs-check](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-check/).
1. [ ] Check that Docker images can be uploaded to Cloudsmith. Run [build-upload-docker](https://jenkins.aws.isc.org/job/kea-dev/job/build-upload-docker/).
* Make sure the right package job is selected under `Packages`.
* Tick `Upload`.
* Leave `TestProdRepos` to `testing`.
* Leave `versionTag` ticked.
* Tick `latestTag` if this is a stable or a maintenance release.
* If this is a stable or maintenance release, change `KeaDockerBranch` to the appropriate branch.
* Press `Build`.
1. [x] Build and upload Docker images to Cloudsmith. Run [build-upload-docker](https://jenkins.aws.isc.org/job/kea-dev/job/build-upload-docker/) with the same actions as above except change `TestProdRepos` to `production`.
1. [x] Update ReadTheDocs:
1. Trick ReadTheDocs into pulling the latest tags. Click `Build version` on [readthedocs.org](https://readthedocs.org/projects/kea/builds).
1. Publish currently released version. On the `Versions` tab, scroll down to `Activate a version`, search for `kea-a.b.c` and click `Activate`.
1. If it's a stable release, change the default version to point to this stable release. `Admin -> Advanced Settings -> Default version* -> Kea-a.b.c`.
1. [x] Create an issue and a merge request to bump up Kea version in `configure.ac` to next development version which could be, based on just released version `a.b.c`:
* `a.b.z-git` where `z == c + 1` most of the time, or
* `a.y.0-git` where `y == b + 2` if a new development series starts, or
* `x.1.0-git` where `x == a + 1` when the released minor version `b` is 9 and `a.b.c` was the last version in the development series and a new development version is coming up next.
1. [x] Contact Marketing team, and find a member who will continue work on this release:
1. [x] Assign this ticket to person who will continue.
1. [x] Share link to signing ticket either directly or as a comment in this issue.
## Marketing
1. [x] Publish links to downloads on ISC website.
1. [x] Update the supported versions document in the Salesforce portal (if there are stable versions released), and update the Kea document in the portal.
1. [x] If it is a new `major.minor` version, SWENG will have created a new repo in Cloudsmith, which will need the customer tokens migrated from an existing repo. Verify that the KB on installing from Cloudsmith has also been updated, then update the Kea document in the SF portal and notify support customers that this new private repo exists.
1. [x] If a new Cloudsmith repository is used, make sure that the Zapier scripts are updated.
* If those are not updated, there was an error made during preparation for new stable release. Please contact QA team and coordinate fix.
1. [x] Upload Premium hooks tarball to SendOwl. Create a new product if a new branch, otherwise update existing product. Send notifications to existing subscribers of the new version.
1. [x] Write release email to _kea-announce_.
1. [x] Write email to _kea-users_ (if a major release).
1. [ ] Announce on social media.
1. [x] Update [Wikipedia entry for Kea](https://en.wikipedia.org/wiki/Kea\_(software)).
1. [x] Write blog article (if a major release).
1. [x] Update [Kea page on website if any new hooks](https://www.isc.org/kea/).
1. [x] Update Kea Premium and Kea Subscription data sheets if any new hooks.
1. [ ] Update [significant features matrix](https://kb.isc.org/docs/en/aa-01615) (if any significant new features).
1. [x] Contact Support team, find a person who will continue this release and assign this issue to them.
## Support
1. [x] Update tickets in case of waiting for support customers.
1. [x] Close this ticketkea2.5.5https://gitlab.isc.org/isc-projects/kea/-/issues/3235bump up lib versions for 2.5.52024-01-26T17:03:30ZWlodzimierz Wencelbump up lib versions for 2.5.5as stated in the subject ;)as stated in the subject ;)kea2.5.5Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/3234Update Kea Premium License text2024-01-29T14:40:19ZVicky Riskvicky@isc.orgUpdate Kea Premium License textThe Kea Premium license text has been updated to version 2.1.1. I made a MR over in the Premium repo but I don't know how to tell for sure if the license text has to go in headers for multiple files, or just in the 'copying' file at the ...The Kea Premium license text has been updated to version 2.1.1. I made a MR over in the Premium repo but I don't know how to tell for sure if the license text has to go in headers for multiple files, or just in the 'copying' file at the top of the tree.kea2.5.5https://gitlab.isc.org/isc-projects/kea/-/issues/3231PerfMon-Core-Task-3 Modify Dhcpv4Srv and Dhcpv6Srv to add packet events2024-02-20T18:22:47ZThomas MarkwalderPerfMon-Core-Task-3 Modify Dhcpv4Srv and Dhcpv6Srv to add packet eventsComplete Kea Core task 3 per PerfMon design: https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#kea-core-tasksComplete Kea Core task 3 per PerfMon design: https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#kea-core-taskskea2.5.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3230PerfMon-Core-Tasks-1-and-2 Create PktEvent Class Modify PktFilters2024-02-16T16:58:12ZThomas MarkwalderPerfMon-Core-Tasks-1-and-2 Create PktEvent Class Modify PktFiltersComplete Kea Core tasks 1 and 2 per PerfMon design: https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#kea-core-tasksComplete Kea Core tasks 1 and 2 per PerfMon design: https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#kea-core-taskskea2.5.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3229hammer.py prepare-system --just-configure2024-01-26T09:15:21ZAndrei Pavelandrei@isc.orghammer.py prepare-system --just-configureWe could use a way to just configure packages without installing them in hammer.We could use a way to just configure packages without installing them in hammer.kea2.5.5Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/3227config-set accepts incorrect "prefix-len" value2024-01-19T08:22:53ZPeter Daviesconfig-set accepts incorrect "prefix-len" value
---
name: config-set accepts incorrect "prefix-len" value
about: On kea-dhcp6 version 2.2.1 config-set accepts incorrect "prefix-len"
value and future config-get and config-write calls fail.
---
**Describe the bug**
Given the follo...
---
name: config-set accepts incorrect "prefix-len" value
about: On kea-dhcp6 version 2.2.1 config-set accepts incorrect "prefix-len"
value and future config-get and config-write calls fail.
---
**Describe the bug**
Given the following subnet definition ( within a shared-network)
```
"subnet": "2a02:6b67:fc00:31::/64",
"id": 2,
"pd-pools": [{
"prefix": "2a02:6b67:ed70::",
"prefix-len": 44,
"delegated-len": 56}],
```
Kea starts correctly and config-* commands function as expected.
Change "prefix-len": 44, to "prefix-len": 38, and run "config-test" with this
invalid configuration. The command returns "result": 0,
```
[root@blaenau agent]# ./config-test6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5776 100 147 100 5629 143 5507 0:00:01 0:00:01 --:--:-- 5662
[
{
"result": 0,
"text": "Configuration seems sane. Control-socket, hook-libraries, and D2 configuration were sanity checked, but not applied."
}
]
```
Run config-set with this invalid configuration and it also returns 0
```
[root@blaenau agent]# ./config-set6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 5684 100 56 100 5628 53 5411 0:00:01 0:00:01 --:--:-- 5475
[
{
"result": 0,
"text": "Configuration successful."
}
]
````
Now try and retrieve the running configuration with config-get or config-write.
```
[root@blaenau agent]# ./config-get6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 191 100 141 100 50 10071 3571 --:--:-- --:--:-- --:--:-- 15916
[
{
"result": 1,
"text": "Error during command processing: invalid prefix range 2a02:6b67:ed70::-2a02:6b67:efff:ffff:ffff:ffff:ffff:ffff"
}
]
```
```
[root@blaenau agent]# ./config-write6
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 269 100 134 100 135 13400 13500 --:--:-- --:--:-- --:--:-- 38428
[
{
"result": 1,
"text": "Error during write-config:invalid prefix range 2a02:6b67:ed70::-2a02:6b67:efff:ffff:ffff:ffff:ffff:ffff"
}
]
````
Strangely after accepting the invalid configuration Kea appears to start sending
logging to stdout. the last message in the Kea log file is:
```
2024-01-19 01:52:35.014 INFO [kea-dhcp6.commands/97719.140321550017664] COMMAND_RECEIVED Received command 'config-set'
```
Correcting "prefix-len" and re-runing config-set re-enables the retrieval of the
running config but not the logging issue.
I haven't test if lease processing is affected by this.
**To Reproduce**
Steps to reproduce the behavior:
1. Run Kea dhcpv6 with the attached configuration file [
2. change the prefix-len to some invalid value via config-set
3. The server then appears to accept the configuration but efforts to retrieve
the runing configuration fail
4. See above
**Expected behavior**.
When running config-test Kea ought to have discovered the configuration error
and reported it.
When running config-set Kea ought to have discovered the configuration error
and reported it.
**Environment:**
- Kea version: 2.2.1
tarball
linked with:
log4cplus 1.2.0
OpenSSL 1.1.1k FIPS 25 Mar 2021
database:
Memfile backend 4.0
- OS: Oracle Linux 8"
- none
- none
**Additional Information**
This does not affect 2.5.4 which generates the following error:
```
2024-01-18 14:53:13.667 ERROR [kea-dhcp6.dhcp6/431892.140413956814720] DHCP6_PARSER_FAIL failed to create or run parser for configuration element shared-networks: Invalid Pool6 address boundaries: 2a02:6b67:ed70:: is not the first address in prefix: 2a02:6b67:ec00::/38 (<wire>:0:3314) (<wire>:0:2401)
```
**SalesForce**
[#00001600](https://isc.lightning.force.com/lightning/r/Case/500S6000003m9ybIAA/view)https://gitlab.isc.org/isc-projects/kea/-/issues/3215Changing the value of a key in a YANG list element creates a new node rather ...2024-01-25T14:52:44ZAndrei Pavelandrei@isc.orgChanging the value of a key in a YANG list element creates a new node rather than replacing itThe title may be over-generalizing, but I suspect not.
I experienced this issue with option-data for kea-dhcp4.
The issue manifests in master and 2.4.1 with sysrepo v2, but also in 2.2.1 with sysrepo v1.
The issue may become more prev...The title may be over-generalizing, but I suspect not.
I experienced this issue with option-data for kea-dhcp4.
The issue manifests in master and 2.4.1 with sysrepo v2, but also in 2.2.1 with sysrepo v1.
The issue may become more prevalent if issue 3198 gets merged as it was written at the time this issue was created. It makes `data` a key and that makes it more likely to have entries with only code, space and data (all keys), which is also why this issue became obvious there.
Replication:
1. Start kea-dhcp4 with a control-socket configured.
2. Start kea-netconf with the same control-socket configured under the `"dhcp4"` server.
3. Do a `sysrepocfg --edit=kea-dhcp4-config.xml` where `kea-dhcp4-config.xml` has this content:
```xml
<config xmlns="urn:ietf:params:xml:ns:yang:kea-dhcp4-server">
<control-socket>
<socket-name>/tmp/kea-dhcp4-ctrl.sock</socket-name>
<socket-type>unix</socket-type>
</control-socket>
<option-data>
<code>100</code>
<space>dhcp4</space>
<data>1234</data>
</option-data>
</config>
```
4. Run the command again with `<code>100</code>` changed to `<code>101</code>`.
Only one option was expected as specified in the XML, but there are two options as indicated by the kea-netconf logs:
```
DEBUG [kea-netconf.netconf] NETCONF_UPDATE_CONFIG updating configuration with dhcp4 server: {
"Dhcp4": {
"control-socket": {
"socket-name": "/tmp/kea-dhcp4-ctrl.sock",
"socket-type": "unix"
},
"option-data": [
{
"code": 100,
"data": "1234",
"space": "dhcp4"
},
{
"code": 101,
"data": "1234",
"space": "dhcp4"
}
]
}
}
INFO [kea-netconf.netconf] NETCONF_UPDATE_CONFIG_COMPLETED completed updating configuration for dhcp4 server
```
and by the response to a subsequent `config-get` command which contains:
```
"option-data": [
{
"always-send": false,
"code": 100,
"csv-format": true,
"data": "1234",
"name": "tcode",
"space": "dhcp4"
},
{
"always-send": false,
"code": 101,
"csv-format": true,
"data": "1234",
"name": "pcode",
"space": "dhcp4"
}
],
```https://gitlab.isc.org/isc-projects/kea/-/issues/3199Minor Netconf documentation issue2024-01-11T15:07:21ZDarren AnkneyMinor Netconf documentation issueAs of the 2.4.1 version of the documentation, the ARM shows `output-options` in the example `kea-netconf` configurations found under https://kea.readthedocs.io/en/kea-2.4.1/arm/integrations.html#yang-netconf The `kea-netconf` daemon refu...As of the 2.4.1 version of the documentation, the ARM shows `output-options` in the example `kea-netconf` configurations found under https://kea.readthedocs.io/en/kea-2.4.1/arm/integrations.html#yang-netconf The `kea-netconf` daemon refuses to start until these are changed to `output_options` when using Kea 2.4.1 matching the version of the ARM.https://gitlab.isc.org/isc-projects/kea/-/issues/3198vivso-suboptions not properly supported in Netconf2024-01-26T10:58:09ZDarren Ankneyvivso-suboptions not properly supported in NetconfAn example of configuration of `vivso-suboptions` is shown in the ARM (simplified here):
```
"Dhcp4": {
"option-data": [
{
"name": "vivso-suboptions",
"space": "dhcp4",
"data": "2234"
...An example of configuration of `vivso-suboptions` is shown in the ARM (simplified here):
```
"Dhcp4": {
"option-data": [
{
"name": "vivso-suboptions",
"space": "dhcp4",
"data": "2234"
},
{
"name": "vivso-suboptions",
"space": "dhcp4",
"data": "3561"
},
...
]
}
```
In the Kea yang definition found in: src/share/yang/modules/kea-dhcp4-server@2023-06-28.yang the keys are "code space" as shown here:
```
grouping option-data-list {
description "Option data list grouping.";
list option-data {
key "code space";
description "Option data entry.";
leaf code {
type uint8;
mandatory true;
description "Option code.";
}
leaf space {
type string;
mandatory true;
description "Option space.";
}
uses dhcp:option-data-name;
uses dhcp:option-data-data;
uses dhcp:option-data-csv-format;
uses dhcp:option-data-always-send;
uses dhcp:option-data-never-send;
uses dhcp:option-data-user-context;
}
}
```
which makes it impossible to create two option-data entries with the same space (dhcp4) and code (125 for VIVSO). This is as stated in [RFC6020](https://datatracker.ietf.org/doc/html/rfc6020#section-7.8.2):
> The combined values of all the leafs specified in the key are used to uniquely identify a list entry. All key leafs MUST be given values when a list entry is created.
So this `sysrepocfg` xml works:
```
<config xmlns="urn:ietf:params:xml:ns:yang:kea-dhcp4-server">
<subnet4>
<id>1</id>
<pool>
<start-address>192.168.20.100</start-address>
<end-address>192.168.20.200</end-address>
</pool>
<subnet>192.168.20.0/24</subnet>
</subnet4>
<option-data>
<code>125</code>
<space>dhcp4</space>
<data>2234</data>
</option-data>
<interfaces-config>
<interfaces>enp0s3</interfaces>
</interfaces-config>
<control-socket>
<socket-name>/tmp/kea-dhcp4-ctrl.sock</socket-name>
<socket-type>unix</socket-type>
</control-socket>
</config>
```
while this, with second entry for option 125, does not:
```
<config xmlns="urn:ietf:params:xml:ns:yang:kea-dhcp4-server">
<subnet4>
<id>1</id>
<pool>
<start-address>192.168.20.100</start-address>
<end-address>192.168.20.200</end-address>
</pool>
<subnet>192.168.20.0/24</subnet>
</subnet4>
<option-data>
<code>125</code>
<space>dhcp4</space>
<data>2234</data>
<code>125</code>
<space>dhcp4</space>
<data>3561</data>
</option-data>
<interfaces-config>
<interfaces>enp0s3</interfaces>
</interfaces-config>
<control-socket>
<socket-name>/tmp/kea-dhcp4-ctrl.sock</socket-name>
<socket-type>unix</socket-type>
</control-socket>
</config>
```
When an attempt to apply the configuration is made, the output is as follows:
```
$ sudo sysrepocfg -v debug -d startup -f xml -m kea-dhcp4-server --edit=startup4.xml
[INF] Connection 52 created.
[INF] Session 20 (user "root", CID 52) created.
libyang error: Invalid position of the key "code" in a list. (Data location "/kea-dhcp4-server:config/option-data[code='125'][space='dhcp4']/code", line number 14.)
sysrepocfg error: Data parsing failed
[INF] No datastore changes to apply.
```
Please see [SF1556](https://isc.lightning.force.com/lightning/r/Case/500S6000002qbYdIAI/view) for further details including some proposed solutions.kea2.5.5Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/3193fix use after free when using botan2024-02-23T18:44:19ZRazvan Becheriufix use after free when using botan```plaintext
WARNING: ThreadSanitizer: heap-use-after-free (pid=73943)
Atomic write of size 4 at 0x7b0800000e68 by main thread:
#0 boost::detail::atomic_decrement(unsigned int*) /usr/include/boost/smart_ptr/detail/sp_counted_base_g...```plaintext
WARNING: ThreadSanitizer: heap-use-after-free (pid=73943)
Atomic write of size 4 at 0x7b0800000e68 by main thread:
#0 boost::detail::atomic_decrement(unsigned int*) /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:40 (libkea-cryptolink.so.48+0x8a2c)
#1 boost::detail::sp_counted_base::release() /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:118 (libkea-cryptolink.so.48+0x8a2c)
#2 boost::detail::shared_count::~shared_count() /usr/include/boost/smart_ptr/detail/shared_count.hpp:432 (libkea-cryptolink.so.48+0x8a2c)
#3 boost::shared_ptr<isc::cryptolink::RNG>::~shared_ptr() /usr/include/boost/smart_ptr/shared_ptr.hpp:335 (libkea-cryptolink.so.48+0x8a2c)
#4 boost::shared_ptr<isc::cryptolink::RNG>::reset() /usr/include/boost/smart_ptr/shared_ptr.hpp:687 (libkea-cryptolink.so.48+0x8a2c)
#5 operator() /home/razvan/isc/git/kea-work/src/lib/cryptolink/botan_link.cc:74 (libkea-cryptolink.so.48+0x8a2c)
#6 _FUN /home/razvan/isc/git/kea-work/src/lib/cryptolink/botan_link.cc:74 (libkea-cryptolink.so.48+0x8a2c)
#7 cxa_at_exit_wrapper ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:389 (libtsan.so.2+0x2e813)
Previous write of size 8 at 0x7b0800000e68 by main thread:
#0 operator delete(void*, unsigned long) ../../../../src/libsanitizer/tsan/tsan_new_delete.cpp:150 (libtsan.so.2+0x8cef5)
#1 boost::detail::sp_counted_impl_p<isc::cryptolink::RNGImpl>::~sp_counted_impl_p() /usr/include/boost/smart_ptr/detail/sp_counted_impl.hpp:64 (libkea-cryptolink.so.48+0x914e)
#2 boost::detail::sp_counted_base::destroy() /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:99 (libkea-cryptolink.so.48+0x8c27)
#3 boost::detail::sp_counted_base::weak_release() /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:134 (libkea-cryptolink.so.48+0x8c27)
#4 boost::detail::sp_counted_base::release() /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:121 (libkea-cryptolink.so.48+0x8c27)
#5 boost::detail::shared_count::~shared_count() /usr/include/boost/smart_ptr/detail/shared_count.hpp:432 (libkea-cryptolink.so.48+0x8c27)
#6 boost::shared_ptr<isc::cryptolink::RNG>::~shared_ptr() /usr/include/boost/smart_ptr/shared_ptr.hpp:335 (libkea-cryptolink.so.48+0x8c27)
#7 isc::cryptolink::CryptoLink::~CryptoLink() /home/razvan/isc/git/kea-work/src/lib/cryptolink/botan_link.cc:27 (libkea-cryptolink.so.48+0x8c27)
#8 cxa_at_exit_wrapper ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:389 (libtsan.so.2+0x2e813)
SUMMARY: ThreadSanitizer: heap-use-after-free /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:40 in boost::detail::atomic_decrement(unsigned int*)
==================
ThreadSanitizer: reported 1 warnings
```kea2.5.6Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/3191fix asiolink using botan2023-12-15T20:08:50ZRazvan Becheriufix asiolink using botankea2.5.5Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/3190heap-use-after-free and invalid vptr on Mgrs after IOThreadPool IOService/oth...2024-03-13T12:10:37ZAndrei Pavelandrei@isc.orgheap-use-after-free and invalid vptr on Mgrs after IOThreadPool IOService/other-non-main-thread IOservice distructionReplication steps:
1. Start `kea-dhcp4` built with address sanitizer and UB sanitizer with this configuration:
```plaintext
{
"Dhcp4": {
"hooks-libraries": [
{
"library": "/opt/kea/lib/kea/hooks/li...Replication steps:
1. Start `kea-dhcp4` built with address sanitizer and UB sanitizer with this configuration:
```plaintext
{
"Dhcp4": {
"hooks-libraries": [
{
"library": "/opt/kea/lib/kea/hooks/libdhcp_ping_check.so",
"parameters": {
}
}
]
}
}
```
2. `kill -SIGINT $(pidof kea-dhcp4)` or `clrl-C` in the terminal.
3a. If Kea is built with code prior to merging of issue 3019, then you should observe this warning: https://gitlab.isc.org/isc-projects/kea/-/issues/3190#note_423820
3b. If Kea is built after merging of issue 3019, then you might observe a different warning:
```plaintext
INFO PING_CHECK_MGR_STOPPED channel operations have stopped
/usr/include/boost/asio/basic_deadline_timer.hpp:351:41: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
00 00 00 00 00 0d 00 00 00 00 00 00 a8 6d b5 51 38 7f 00 00 00 00 00 00 00 00 00 00 10 5e 05 00
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/basic_deadline_timer.hpp:351:41 in
/usr/include/boost/asio/detail/io_object_impl.hpp:97:15: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
00 00 00 00 00 0d 00 00 00 00 00 00 a8 6d b5 51 38 7f 00 00 00 00 00 00 00 00 00 00 10 5e 05 00
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/detail/io_object_impl.hpp:97:15 in
/usr/include/boost/asio/detail/deadline_timer_service.hpp:100:5: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
00 00 00 00 00 0d 00 00 00 00 00 00 a8 6d b5 51 38 7f 00 00 00 00 00 00 00 00 00 00 10 5e 05 00
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/detail/deadline_timer_service.hpp:100:5 in
INFO PING_CHECK_UNLOAD Ping Check hooks library has been unloaded
```kea2.5.7Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/3187ping-check hook should honor NetworkState2023-12-19T19:26:20ZThomas Markwalderping-check hook should honor NetworkStateThe last piece missing in ping check is coordinating with NetworkState. Currently, the hook library will continue to process existing ping checks even if NetworkState becomes disabled. Obviously no new checks would be created by core u...The last piece missing in ping check is coordinating with NetworkState. Currently, the hook library will continue to process existing ping checks even if NetworkState becomes disabled. Obviously no new checks would be created by core until the NetworkState is enabled again.
At first blush, this is matter of adding state checks in strategic places and acting accordingly. If disabled state is detected, existing checks would be flushed. If NetworkState were to be expanded to provide callbacks, similar to what is done with CriticalSections, this might have broader applications than just ping-check. Food for thought.kea2.5.5Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3186extend hammer to build aarch64 packages2024-01-03T10:49:15ZWlodzimierz Wencelextend hammer to build aarch64 packageskea2.5.5https://gitlab.isc.org/isc-projects/kea/-/issues/3185Coverity detected invalid iterator in perfdhcp2024-02-21T10:10:08ZPiotrek ZadrogaCoverity detected invalid iterator in perfdhcpThis might be a false positive, but it could be double checked anyway:
> In `isc::perfdhcp::AvalancheScen::resendPackets(isc::perfdhcp::ExchangeType):` An invalid or past-the-end iterator is being used
```c++
// get some th...This might be a false positive, but it could be double checked anyway:
> In `isc::perfdhcp::AvalancheScen::resendPackets(isc::perfdhcp::ExchangeType):` An invalid or past-the-end iterator is being used
```c++
// get some things from previous retransmissions
auto start_time = pkt->getTimestamp();
int current_pkt_resent_cnt = 0;
auto r_it = retrans.find(trans_id);
if (r_it != retrans.end()) {
start_time = (*start_times.find(trans_id)).second;
current_pkt_resent_cnt = (*r_it).second;
} else {
start_times[trans_id] = start_time;
}
```
> Dereferencing iterator `start_times->find(trans_id)` though it is already past the end of its container.
`CID 1533337`kea2.5.6Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/3182Avoid copy in range-based for loops2023-12-05T09:30:15ZFrancis DupontAvoid copy in range-based for loopsAs coverity reports there are some range-based for loops in Kea code where the range-expression (ab)using the `auto` keyword is copied at eache iterations when a better declaration (i.e. `const auto&`) works well with a better performanc...As coverity reports there are some range-based for loops in Kea code where the range-expression (ab)using the `auto` keyword is copied at eache iterations when a better declaration (i.e. `const auto&`) works well with a better performance (compilers should infer a better type but this is not specified for C++...).https://gitlab.isc.org/isc-projects/kea/-/issues/3178Run multiple HA relationships in hub-and-spoke configuration2024-01-26T14:35:10ZMarcin SiodelskiRun multiple HA relationships in hub-and-spoke configurationThis is the actual implementation of the hub-and-spoke model described in the design ticket: https://gitlab.isc.org/isc-projects/kea/-/issues/1149
It should add the logic to run multiple `HAService` instances concurrently. The major iss...This is the actual implementation of the hub-and-spoke model described in the design ticket: https://gitlab.isc.org/isc-projects/kea/-/issues/1149
It should add the logic to run multiple `HAService` instances concurrently. The major issue is to implement the callouts for the `subnet4_select` and `subnet6_select` hook points that would be used in the hub-and-spoke configuration to select the relationship based on the selected subnet. We should also test that the `HAService` instances do not stomp on each other, that are thread safe etc. After this ticket, the hub-and-spoke configuration should be usable, at least in a basic form.
[support#22017](https://support.isc.org/Ticket/Display.html?id=22017).kea2.5.5Marcin SiodelskiMarcin Siodelski