Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2024-03-28T12:35:45Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/3200Kea unable to remove pid file on exit when installed via rpm2024-03-28T12:35:45ZWlodzimierz WencelKea unable to remove pid file on exit when installed via rpmjournal:
```
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal systemd[1]: Started kea-dhcp6.service - Kea DHCPv6 Service.
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO HOSTS_BACKENDS_REGISTERED the following host backend ...journal:
```
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal systemd[1]: Started kea-dhcp6.service - Kea DHCPv6 Service.
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO HOSTS_BACKENDS_REGISTERED the following host backend types are available: mysql postgresql
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: WARN DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: WARN DHCP6_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always perfo>
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: 2001:db8:1::/64 with params: t1=1000, >
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCPSRV_CFGMGR_SOCKET_TYPE_SELECT using socket type raw
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO COMMAND_ACCEPTOR_START Starting to accept connections via unix domain socket bound to /tmp/kea6-ctrl-socket
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCP6_CONFIG_COMPLETE DHCPv6 server has completed configuration: added IPv6 subnets: 1; DDNS: disabled
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCPSRV_MEMFILE_DB opening memory file lease database: lfc-interval=3600 type=memfile universe=6
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCPSRV_MEMFILE_LEASE_FILE_LOAD loading leases from file /var/lib/kea/kea-leases6.csv
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCPSRV_MEMFILE_BUILD_EXTENDED_INFO_TABLES6 building extended info tables saw 0 leases, extended info sanity ch>
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCPSRV_MEMFILE_LFC_SETUP setting up the Lease File Cleanup interval to 3600 sec
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCP6_USING_SERVERID server is using server-id 00:01:00:01:2d:21:94:f1:0e:90:95:e1:82:d1 and stores in the file>
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: WARN DHCPSRV_NO_SOCKETS_OPEN no interface configured to listen to DHCP traffic
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_NA leases in subnet 2001:db8:1::/64
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_TA leases in subnet 2001:db8:1::/64
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCPSRV_CFGMGR_USE_ALLOCATOR using the iterative allocator for IA_PD leases in subnet 2001:db8:1::/64
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: WARN DHCP6_MULTI_THREADING_INFO enabled: yes, number of threads: 4, queue size: 64
Dec 29 14:32:17 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCP6_STARTED Kea DHCPv6 server version 2.5.5 started
Dec 29 14:34:21 ip-10-10-0-170.ec2.internal systemd[1]: Stopping kea-dhcp6.service - Kea DHCPv6 Service...
Dec 29 14:34:21 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: INFO DHCP6_SHUTDOWN server shutdown
Dec 29 14:34:21 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: terminate called after throwing an instance of 'isc::util::PIDFileError'
Dec 29 14:34:21 ip-10-10-0-170.ec2.internal kea-dhcp6[2900]: what(): Unable to delete PID file '/run/kea/kea-dhcp6.kea-dhcp6.pid'
Dec 29 14:34:22 ip-10-10-0-170.ec2.internal systemd[1]: kea-dhcp6.service: Main process exited, code=dumped, status=6/ABRT
Dec 29 14:34:22 ip-10-10-0-170.ec2.internal systemd[1]: kea-dhcp6.service: Failed with result 'core-dump'.
Dec 29 14:34:22 ip-10-10-0-170.ec2.internal systemd[1]: Stopped kea-dhcp6.service - Kea DHCPv6 Service.
Dec 29 14:34:54 ip-10-10-0-170.ec2.internal systemd[1]: Started kea-dhcp6.service - Kea DHCPv6 Service.
Dec 29 14:34:54 ip-10-10-0-170.ec2.internal (ea-dhcp6)[12118]: kea-dhcp6.service: Failed to set up special execution directory in /run: Permission denied
Dec 29 14:34:54 ip-10-10-0-170.ec2.internal (ea-dhcp6)[12118]: kea-dhcp6.service: Failed at step RUNTIME_DIRECTORY spawning /usr/sbin/kea-dhcp6: Permission denied
Dec 29 14:34:54 ip-10-10-0-170.ec2.internal systemd[1]: kea-dhcp6.service: Main process exited, code=exited, status=233/RUNTIME_DIRECTORY
Dec 29 14:34:54 ip-10-10-0-170.ec2.internal systemd[1]: kea-dhcp6.service: Failed with result 'exit-code'.
Dec 29 14:37:43 ip-10-10-0-170.ec2.internal systemd[1]: Started kea-dhcp6.service - Kea DHCPv6 Service.
Dec 29 14:37:43 ip-10-10-0-170.ec2.internal (ea-dhcp6)[12857]: kea-dhcp6.service: Failed to set up special execution directory in /run: Permission denied
Dec 29 14:37:43 ip-10-10-0-170.ec2.internal (ea-dhcp6)[12857]: kea-dhcp6.service: Failed at step RUNTIME_DIRECTORY spawning /usr/sbin/kea-dhcp6: Permission denied
Dec 29 14:37:43 ip-10-10-0-170.ec2.internal systemd[1]: kea-dhcp6.service: Main process exited, code=exited, status=233/RUNTIME_DIRECTORY
Dec 29 14:37:43 ip-10-10-0-170.ec2.internal systemd[1]: kea-dhcp6.service: Failed with result 'exit-code'.
```
probably packaging issue but it's up for investigation.kea2.6.0https://gitlab.isc.org/isc-projects/kea/-/issues/3194fix UTs when Kea is configured with botan without TLS2024-02-23T18:26:02ZRazvan Becheriufix UTs when Kea is configured with botan without TLSnext-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3189Follow-up on #3019: limits are incompatbile with retry-on-startup2024-03-28T14:56:49ZAndrei Pavelandrei@isc.orgFollow-up on #3019: limits are incompatbile with retry-on-startupThe limits library needs the lease manager initialized in dhcpX_srv_configured in order to check for JSON support and to do some recounting. When `retry-on-startup` is configured for the lease database, and a retry is triggered, the leas...The limits library needs the lease manager initialized in dhcpX_srv_configured in order to check for JSON support and to do some recounting. When `retry-on-startup` is configured for the lease database, and a retry is triggered, the lease manager is not yet available, so an exception is thrown and the reconfiguration aborts, instead of actually retrying.
We should make limits compatible with retry-on-startup. Through some lazy recounting mechanism. @razvan's idea was a callback in `LeaseMgrFactory` that gets called on instantiation.kea2.6.0https://gitlab.isc.org/isc-projects/kea/-/issues/3188Support hot plugging network interfaces2024-02-01T10:52:48ZJakub OkońskiSupport hot plugging network interfaces---
name: Feature request
about: Suggest an idea for this project
---
I'm migrating to kea from the previous ISC DHCP4 server and I noticed a difference in behavior. Kea refuses to start if an interface declared in `interfaces-config` i...---
name: Feature request
about: Suggest an idea for this project
---
I'm migrating to kea from the previous ISC DHCP4 server and I noticed a difference in behavior. Kea refuses to start if an interface declared in `interfaces-config` is not present when Kea starts.
I want to be able to declare subnets & definitions for a USB adapter that I sometimes hotplug to the gateway. Without support from Kea, I'd need to keep two different configs and reload Kea at appropriate times. I assume it's also going to fail when a network interface it's listening on disappears.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3176Kea disables logging if configured without an `output-options`2023-11-30T14:32:43ZAndrei Pavelandrei@isc.orgKea disables logging if configured without an `output-options`To replicate, start a `kea-dhcp6` with a configuration that has the `loggers` entry for the general logger `kea-dhcp6` that does not have an `output-options` entry.
```json
{
"Dhcp6": {
"loggers": [
{
"name": "kea-dh...To replicate, start a `kea-dhcp6` with a configuration that has the `loggers` entry for the general logger `kea-dhcp6` that does not have an `output-options` entry.
```json
{
"Dhcp6": {
"loggers": [
{
"name": "kea-dhcp6",
"severity": "INFO"
}
]
}
}
```
Or set the same configuration through unix socket or kea-ctrl-agent (maybe while still preserving the control-socket, that's why it's there):
```json
{
"arguments": {
"Dhcp6": {
"control-socket": {
"socket-name": "/tmp/kea-dhcp6-ctrl.sock",
"socket-type": "unix"
},
"loggers": [
{
"name": "kea-dhcp6",
"severity": "INFO"
}
]
}
},
"command": "config-set",
"service": [
"dhcp6"
]
}
```
You get this and no more logging after that.
```
log4cplus:ERROR No appenders could be found for logger (kea-dhcp6.hosts).
log4cplus:ERROR Please initialize the log4cplus system properly.
```
This contradicts the ARM which says:
> Each logger can have zero or more `output-options`.
It replicates with subloggers too. Only the sublogger is affected in that case.
You can have `interfaces-config` and `subnet6` and anything else besides it.
DHCP traffic works. Commands work. Logging does not.
It also replicates on `kea-dhcp4`.
There is the workaround of reconfiguring with `output-options`. Logging recovers after that.
Also found a typo in the ARM: `output_commands` should be `output-options`.
Suggested actions:
* [ ] Make logging work when `output-options` is not configured with the documented default of `stdout` as output option.
* [ ] Fix the typo in the ARM: `output_commands` should be `output-options`.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3170Feature request: Add regex classification expression2023-11-30T14:29:47ZottoreiFeature request: Add regex classification expressionIt would be a huge improvement for client classification to have the possibility of using regular expressions. That way even more complex inputs could be handled with ease.It would be a huge improvement for client classification to have the possibility of using regular expressions. That way even more complex inputs could be handled with ease.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3167BLQ: query-by-link-address and shared networks2024-03-21T13:20:14ZTomek MrugalskiBLQ: query-by-link-address and shared networksThis is a continuation of #3149. It was brought to our attention that the `QUERY_BY_LINK_ADDRESS` does not return PD leases properly in some circumstances. The algorithm we came up with is as follows:
Proposed algorithm for QUERY_BY_LIN...This is a continuation of #3149. It was brought to our attention that the `QUERY_BY_LINK_ADDRESS` does not return PD leases properly in some circumstances. The algorithm we came up with is as follows:
Proposed algorithm for QUERY_BY_LINK_ADDRESS:
1. select subnet for specified address, pick its subnet-id
2. (if shared network is used, select all subnet-ids for all subnets in the shared network) - this behavior should be configurable (extra parameter that governs if this step should be done or not).
3. return all leases (NA, PD) with the matching subnet-id
Steps 1 and 3 are to be implemented in #3149. This ticket is about extending the code with shared network scenario. Once implemented, it should be configurable if the leases from shared network should be returned or not. The parameter could be global.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3162Kea does not look at all IP addresses on an interface when attempting to matc...2023-11-23T14:57:47Zmpratik-aristaKea does not look at all IP addresses on an interface when attempting to match incoming packet with subnetSay that Kea has started a DHCPv4 server instance and the interface (on which Kea is listening) has multiple IP addresses configured on it (say using `sudo ip addr add ADDR/MASK dev IFACE`). Now if Kea receives a packet from a directly c...Say that Kea has started a DHCPv4 server instance and the interface (on which Kea is listening) has multiple IP addresses configured on it (say using `sudo ip addr add ADDR/MASK dev IFACE`). Now if Kea receives a packet from a directly connected client on the interface, the Kea code appears to fetch the first available address on the interface, specifically the code here -> https://gitlab.isc.org/isc-projects/kea/-/blob/master/src/lib/dhcp/iface_mgr.cc#L225. This IP address is then used during subnet selection.
In the example (which is also our setup) below, the interface on which kea is listening is vlan42. The primary IP address configured on the interface is 152.44.134.1/16 (configured earlier) and the secondary IP Address configured on the interface is 169.254.4.3/16 (configured later). I see the following traces ->
```
2023-11-09 12:27:39.167 DEBUG [kea-dhcp4.dhcpsrv/23369.139809668667520] DHCPSRV_PRINT_ATTR Attribute: iface.address = 152.44.134.1 (I added this log where I printed the IP address that Kea selected for subnet matching)
2023-11-09 12:27:39.167 DEBUG [kea-dhcp4.packets/23369.139809668667520] DHCP4_SUBNET_SELECTION_FAILED [hwtype=1 56:83:3f:7a:76:07], cid=[no info], tid=0xb02e9d17: failed to select subnet for the client
2023-11-09 12:27:39.167 DEBUG [kea-dhcp4.bad-packets/23369.139809668667520] DHCP4_PACKET_DROP_0002 [hwtype=1 56:83:3f:7a:76:07], cid=[no info], tid=0xb02e9d17, from interface vlan42: no suitable subnet configured for a direct client
```
I verified that Kea successfully adds both the primary and secondary IP address in the Netlink::ipaddrs_get function for vlan42. My expectation was that Kea would look at all the IP addresses active on the interface and then check if any subnet configured in the Kea config file matches these IPs
The Kea config only had a subnet associated with the secondary IP 169.254.4.3/16 so understandably the packet could not be matched to any subnet. We want to be able to provide addresses from the subnet 169.254.0.0 to the clients who are sending their Discover packets on vlan42.
Steps to reproduce the behavior:
1. Run Kea dhcpv4 with the attached config and configure an interface with two IP addresses so that Kea is listening on this interface using both these IPs.
2. Let a directly connected client does A send a Discover packet to the interface that Kea listens on
3. The server will not be able to provide an IP back to the client as it will not match a subnet.
4. This same behavior is seen regardless of whether I add the following block of code.
```
"interfaces-config": {
"interfaces": [
"vlan42/169.254.4.3"
]
}
```
Expected behavior:
The client would have obtained IP address 169.254.5.5 (first available IP from the subnet 169.254.0.0/16 as specified in the Kea config file) since the IP address is getting added to the interface's address list.
We used Kea-2.0.0 for this experiment[kea-dhcp4-default.conf.rtf](/uploads/b771e974c2c29aa7357bbc6e4e9de553/kea-dhcp4-default.conf.rtf)next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3159ThreadSanitize: SEGSV complain on dhcp4 UT when postgresql isn't running2023-11-23T14:46:57ZThomas MarkwalderThreadSanitize: SEGSV complain on dhcp4 UT when postgresql isn't runningThis ism ore of an inconvenience than anything else but it might be a sign of something else too. When postgresql is compiled in but server is not running, kea-dhcp4 builtin for TSAN, UT throws the following error:
```
[----------] 2 t...This ism ore of an inconvenience than anything else but it might be a sign of something else too. When postgresql is compiled in but server is not running, kea-dhcp4 builtin for TSAN, UT throws the following error:
```
[----------] 2 tests from DORAPgSQLTest
[ RUN ] DORAPgSQLTest.multiStageBoot
wipePgSQLData failed:[export PGPASSWORD=keatest; sh /home/tmark/labs/build/keadev/open/git.3084/kea/src/share/database/scripts/pgsql/wipe_data.sh 19.0 --set ON_ERROR_STOP=1 -A -t -h localhost -q -U keatest -d keatest 2>/dev/null ]
runPgSQLSchema failed: export PGPASSWORD=keatest; cat < /home/tmark/labs/build/keadev/open/git.3084/kea/src/share/database/scripts/pgsql/dhcpdb_drop.pgsql | psql --set ON_ERROR_STOP=1 -A -t -h localhost -q -U keatest -d keatest 2>/dev/null
unknown file: Failure
C++ exception with description "runPgSQLSchema failed: export PGPASSWORD=keatest; cat < /home/tmark/labs/build/keadev/open/git.3084/kea/src/share/database/scripts/pgsql/dhcpdb_drop.pgsql | psql --set ON_ERROR_STOP=1 -A -t -h localhost -q -U keatest -d keatest 2>/dev/null " thrown in the test fixture's constructor.
ThreadSanitizer:DEADLYSIGNAL
==71954==ERROR: ThreadSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55d4686f55bf bp 0x000000000000 sp 0x7ffd8d3170e0 T71954)
==71954==The signal is caused by a READ memory access.
==71954==Hint: address points to the zero page.
#0 testing::Test::DeleteSelf_() /opt/googletest-release-1.8.0/googletest/include/gtest/gtest.h:453 (dhcp4_unittests+0x7735bf)
#1 void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /opt/googletest-release-1.8.0/googletest/src/gtest.cc:2402 (dhcp4_unittests+0x781869)
#2 void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /opt/googletest-release-1.8.0/googletest/src/gtest.cc:2438 (dhcp4_unittests+0x781869)
#3 testing::TestInfo::Run() /opt/googletest-release-1.8.0/googletest/src/gtest.cc:2661 (dhcp4_unittests+0x76f514)
#4 testing::TestCase::Run() /opt/googletest-release-1.8.0/googletest/src/gtest.cc:2774 (dhcp4_unittests+0x76f871)
#5 testing::internal::UnitTestImpl::RunAllTests() /opt/googletest-release-1.8.0/googletest/src/gtest.cc:4649 (dhcp4_unittests+0x76ff25)
#6 bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /opt/googletest-release-1.8.0/googletest/src/gtest.cc:2402 (dhcp4_unittests+0x781fa9)
#7 bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /opt/googletest-release-1.8.0/googletest/src/gtest.cc:2438 (dhcp4_unittests+0x781fa9)
#8 testing::UnitTest::Run() /opt/googletest-release-1.8.0/googletest/src/gtest.cc:4257 (dhcp4_unittests+0x7704a5)
#9 RUN_ALL_TESTS() /opt/googletest-release-1.8.0/googletest/include/gtest/gtest.h:2233 (dhcp4_unittests+0x18f59b)
#10 main /home/tmark/labs/build/keadev/open/git.3084/kea/src/bin/dhcp4/tests/dhcp4_unittests.cc:23 (dhcp4_unittests+0x18f59b)
#11 __libc_start_main ../csu/libc-start.c:308 (libc.so.6+0x24082)
#12 _start <null> (dhcp4_unittests+0x1c66dd)
```
Of course if postgresql is running it's not an issue.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3151Reject RADIUS config with multiple default NAS ports2023-11-23T14:42:38ZAndrei Pavelandrei@isc.orgReject RADIUS config with multiple default NAS portsA default NAS port applies to all packets. It makes no sense to have more than one default in a configuration, and that is likely an user error. It would be appropriate for the user to be notified, so that the config can be changed accor...A default NAS port applies to all packets. It makes no sense to have more than one default in a configuration, and that is likely an user error. It would be appropriate for the user to be notified, so that the config can be changed accordingly.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3144redetect-interfaces command2024-02-08T14:35:31ZTomek Mrugalskiredetect-interfaces commandThe idea is to tell Kea to redetect network interfaces. There's `re-detect` flag in `interfaces-config` that can be used in `config-set`. But this requires a general heavy-weight reconfiguration of the whole server.
The idea here is tha...The idea is to tell Kea to redetect network interfaces. There's `re-detect` flag in `interfaces-config` that can be used in `config-set`. But this requires a general heavy-weight reconfiguration of the whole server.
The idea here is that Kea could be told that some new interfaces appeared or disappeared (VLAN, PPP, some other tunnel etc.) and Kea should redetect them. For an added bonus, there should be a way to tell Kea to open sockets on those new interfaces. This can be done either by telling Kea to open the on any newly detected interfaces or perhaps return a list of interfaces and have a dedicated call `open-socket` or something similar? Anyway, this would be useful to have a mini-design for.
This problem is not new and there are many requests in this problem space:
- A [nicely described use case in #3040](https://gitlab.isc.org/isc-projects/kea/-/issues/3040#note_414899)
- #1084
- #3062
- possibly couple morenext-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3135DHCPv4 V-I Vendor Class option data-len is treated as part of opaque-data string2024-01-25T06:40:06ZErik FlinkDHCPv4 V-I Vendor Class option data-len is treated as part of opaque-data string**Describe the bug**
The [OptionVendorClass](src/lib/dhcp/option_vendor_class.h#L42) encapsulates both DHCPv6 Vendor Class and DHCPv4 V-I Vendor Class options, but for DHCPv4 V-I Vendor Class options the first byte of vendor-class-data...**Describe the bug**
The [OptionVendorClass](src/lib/dhcp/option_vendor_class.h#L42) encapsulates both DHCPv6 Vendor Class and DHCPv4 V-I Vendor Class options, but for DHCPv4 V-I Vendor Class options the first byte of vendor-class-data is treated as part of the opaque-data string even though it is a data-len as specified in [RFC 3925 section 3](https://datatracker.ietf.org/doc/html/rfc3925#section-3).
**Expected behavior**
For both DHCPv6 Vendor Class and DHCPv4 V-I Vendor Class options, the tuple collection should consist of tuples of opaque-data and corresponding length field.
**Actual behavior**
- For DHCPv6 Vendor Class option, the tuple collection consists of tuples of opaque-data and corresponding length as expected.
- For DHCPv4 V-I Vendor Class option, the tuple collection consists of tuples containing vendor-class-data and corresponding length.
**Additional Information**
The actual behavior can been observed by enabling Kea debug logs and observing logs of incoming packets containing DHCPv4 V-I Vendor Class options, or by implementing a Kea hook that inspects the option. It can also be confirmed by comparing implementations of [`OptionVendorClass::pack`](src/lib/dhcp/option_vendor_class.cc#L38) and [`OptionVendorClass::unpack`](src/lib/dhcp/option_vendor_class.cc#L58) functions with RFC specifications.
DHCPv6 Vendor Class option is specified in [RFC 8415 section 21.16](https://datatracker.ietf.org/doc/html/rfc8415#section-21.16)
DHCPv4 V-I Vendor Class option is specified in [RFC 3925 section 3](https://datatracker.ietf.org/doc/html/rfc3925#section-3)
DHCPv6 Vendor Class option contains one or more instances of vendor-class-data corresponding to a single Enterprise Number, while DHCPv4 V-I Vendor Class option contains information corresponding to one or more Enterprise Numbers and one or more corresponding instances of vendor-class-data corresponding to each Enterprise Number. This difference is not handled by Kea, as also mentioned in #2521.
A related bug was recently reported and solved in Wireshark ([DHCPv4 Option 124 parsing is incorrect (#18970) · Issues · Wireshark Foundation / Wireshark · GitLab](https://gitlab.com/wireshark/wireshark/-/issues/18970)). It caused Wireshark to parse DHCPv4 V-I Vendor Class option incorrectly and not flag packets as malformed if the data-len field inside the vendor-class-data field was set incorrectly, such as if the whole vendor-class-data field was treated as opaque-data like Kea does.
**Contact**
erik.flink@ericsson.comnext-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3134Kea tries to open sockets on wrong interfaces when using "service-sockets-req...2024-02-08T14:34:25ZYannikKea tries to open sockets on wrong interfaces when using "service-sockets-require-all"I am using kea with this `interfaces-config`:
```
"interfaces": ["enp88s0.140"],
"service-sockets-require-all": true,
"service-sockets-max-retries": 100000
```
For some reason, kea tries to open sockets on other interfaces than the spe...I am using kea with this `interfaces-config`:
```
"interfaces": ["enp88s0.140"],
"service-sockets-require-all": true,
"service-sockets-max-retries": 100000
```
For some reason, kea tries to open sockets on other interfaces than the specified `enp88s0.140`. According to the docs, `The “service-sockets-require-all” option makes Kea require all sockets to be successfully bound.`. As far as I understand that, it means that it will retry opening sockets for the specified interfaces until they are successfully bound. However, it does not mean binding sockets for all interfaces (that would make `interfaces` useless).
I noticed this issue because some interfaces on this system do not have ip adresses asssigned, which results in kea logging the following errors over and over:
```
Nov 01 10:25:07 nuc kea-dhcp4[1306]: WARN DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface macvtap0 has no usable IPv4 addresses configured
Nov 01 10:25:07 nuc kea-dhcp4[1306]: WARN DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface macvtap1 has no usable IPv4 addresses configured
Nov 01 10:25:07 nuc kea-dhcp4[1306]: WARN DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface macvtap2 has no usable IPv4 addresses configured
Nov 01 10:25:07 nuc kea-dhcp4[1306]: WARN DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface macvtap3 has no usable IPv4 addresses configured
Nov 01 10:25:07 nuc kea-dhcp4[1306]: WARN DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface macvtap4 has no usable IPv4 addresses configured
Nov 01 10:25:07 nuc kea-dhcp4[1306]: WARN DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: the interface macvtap5 has no usable IPv4 addresses configured
```
Here is the list of configured interfaces on this host:
```
$ ip link show |grep -v ether
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp88s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
3: enp88s0.20@enp88s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
4: enp88s0.140@enp88s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
5: enp88s0.160@enp88s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
6: enp88s0.300@enp88s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
7: enp88s0.310@enp88s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
8: macvtap0@enp88s0.20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 500
9: macvtap1@enp88s0.300: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 500
10: macvtap2@enp88s0.300: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 500
11: macvtap3@enp88s0.300: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 500
12: macvtap4@enp88s0.140: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 500
13: macvtap5@enp88s0.160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 500
```next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3113Don't seem to be able to skip subnet/lease selection in a hook2024-03-28T08:10:19ZAndrew ForgueDon't seem to be able to skip subnet/lease selection in a hookWhat's the proper way to skip lease/subnet selection and delegate _everything_ to a hook library? I'm trying to hook kea up to a custom IPAM system.
The best I can tell is that you implement `pkt4_receive`/`pkt4_send` and tell `lease4_...What's the proper way to skip lease/subnet selection and delegate _everything_ to a hook library? I'm trying to hook kea up to a custom IPAM system.
The best I can tell is that you implement `pkt4_receive`/`pkt4_send` and tell `lease4_select` and `subnet4_select` as `setStatus(CalloutHandle::NEXT_STEP_SKIP)`.
The hook documentation for lease4_select says:
> Next step status: If any callout installed on the "lease4_select" hook sets the next step action to SKIP, the server will not assign any lease and the callouts become responsible for the lease assignment. If the callouts fail to provide a lease, the packet processing will continue, but client will not get an address.
I'm confused as to which (other) callouts should "provide a lease" if I'm skipping lease4_select? Should I be overwriting the lease4 argument in `lease4_select` instead, and setting `NEXT_STATUS_CONTINUE`? If I do this, how do I prevent Kea from recording the lease? Do I need to SKIP `lease4_*` callouts too?
The only subnet is one from `0.0.0.0` - `255.255.255.255`
```
int pkt4_receive(CalloutHandle &handle) {
... business logic here ...
}
int pkt4_send(CalloutHandle &handle) {
... business logic here ...
}
int lease4_select(CalloutHandle &handle) {
handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
return 0;
}
int subnet4_select(CalloutHandle &handle) {
handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
return 0;
}
```
Kea 2.4 seems to drop the packet after DHCP4_PACKET_NAK_0003 (even though pkt4_send will eventually fill in everything), the client never receives anything:
```
2023-10-17 06:44:16.759 DEBUG [kea-dhcp4.packets/657887.140610219676288] DHCP4_BUFFER_RECEIVED received buffer from 127.1.2.3:6671 to 127.0.0.1:6672 over interface lo
2023-10-17 06:44:16.759 DEBUG [kea-dhcp4.options/657887.140610166056640] DHCP4_BUFFER_UNPACK parsing buffer received from 127.1.2.3 to 127.0.0.1 over interface lo
2023-10-17 06:44:16.759 DEBUG [kea-dhcp4.packets/657887.140610166056640] DHCP4_PACKET_RECEIVED [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: DHCPDISCOVER (type 1) received from 127.1.2.3 to 127.0.0.1 on interface lo
2023-10-17 06:44:16.759 DEBUG [kea-dhcp4.packets/657887.140610166056640] DHCP4_QUERY_DATA [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1, packet details: local_address=127.0.0.1:6672, remote_address=127.1.2.3:6671, msg_type=DHCPDISCOVER (1), transid=0x
1,
options:
type=053, len=001: 1 (uint8)
type=060, len=015: "HTTPClient::7::" (string)
type=082, len=012:,
options:
type=001, len=004: 65:74:68:30
type=005, len=004: 172.16.42.1 (ipv4-address)
type=093, len=002: 0(uint16)
2023-10-17 06:44:16.759 DEBUG [kea-dhcp4.callouts/657887.140610166056640] HOOKS_CALLOUTS_BEGIN begin all callouts for hook pkt4_receive
2023-10-17 06:44:16.759 INFO [kea-dhcp4.myhooklib-callouts/657887.140610166056640] LOG_MYHOOKLIB_GENERIC Carbide: type=082, len=012:,
options:
type=001, len=004: 65:74:68:30
type=005, len=004: 172.16.42.1 (ipv4-address)
2023-10-17 06:44:16.759 INFO [kea-dhcp4.myhooklib-callouts/657887.140610166056640] LOG_MYHOOKLIB_PKT4_RECEIVE: CIRCUIT ID [eth0] in packet
2023-10-17 06:44:16.759 INFO [kea-dhcp4.myhooklib-callouts/657887.140610166056640] LOG_MYHOOKLIB_GENERIC Carbide: type=060, len=015: "HTTPClient::7::" (string)
2023-10-17 06:44:16.759 ERROR [kea-dhcp4.myhooklib-callouts/657887.140610166056640] LOG_MYHOOKLIB_PKT4_RECEIVE: Missing option [93] in packet
2023-10-17 06:44:16.846 DEBUG [kea-dhcp4.callouts/657887.140610166056640] HOOKS_CALLOUT_CALLED hooks library with index 1 has called a callout on hook pkt4_receive that has address 0x7fe25b9f3ae3 (callout duration: 87.199 ms)
2023-10-17 06:44:16.846 DEBUG [kea-dhcp4.callouts/657887.140610166056640] HOOKS_CALLOUTS_COMPLETE completed callouts for hook pkt4_receive (total callouts duration: 87.199 ms)
2023-10-17 06:44:16.846 DEBUG [kea-dhcp4.dhcpsrv/657887.140610166056640] DHCPSRV_CFGMGR_SUBNET4_ADDR selected subnet 0.0.0.0/0 for packet received by matching address 172.16.42.1
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.packets/657887.140610166056640] DHCP4_SUBNET_SELECTED [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: the subnet with ID 1 was selected for client assignments
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.packets/657887.140610166056640] DHCP4_SUBNET_DATA [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: the selected subnet details: 0.0.0.0/0
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 1, identified by hwaddr=020000000001
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: hwaddr=020000000001
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier hwaddr=020000000001, found 0 host(s)
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier hwaddr=020000000001
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER get one host with IPv4 reservation for subnet id 1, identified by circuit-id=65746830
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: circuit-id=65746830
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ALL_IDENTIFIER_COUNT using identifier circuit-id=65746830, found 0 host(s)
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ONE_SUBNET_ID_IDENTIFIER_NULL host not found using subnet id 1 and identifier circuit-id=65746830
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.dhcp4/657887.140610166056640] DHCP4_CLASS_ASSIGNED [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: client packet has been assigned to the following class(es): UNKNOWN
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.dhcp4/657887.140610166056640] DHCP4_CLASS_ASSIGNED [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: client packet has been assigned to the following class(es): ALL, VENDOR_CLASS_HTTPClient::7::, UNKNOWN
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.ddns/657887.140610166056640] DHCP4_CLIENT_HOSTNAME_PROCESS [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: processing client's Hostname option
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.dhcpsrv/657887.140610166056640] DHCPSRV_MEMFILE_GET_HWADDR obtaining IPv4 leases for hardware address hwtype=1 02:00:00:00:00:01
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.alloc-engine/657887.140610166056640] ALLOC_ENGINE_V4_OFFER_NEW_LEASE allocation engine will try to offer new lease to the client [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4 get one host with reservation for subnet id 1 and IPv4 address 0.0.0.1
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ALL_ADDRESS4 get all hosts with reservations for IPv4 address 0.0.0.1
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ALL_ADDRESS4_COUNT using address 0.0.0.1, found 0 host(s)
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.hosts/657887.140610166056640] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4_NULL host not found using subnet id 1 and address 0.0.0.1
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.dhcpsrv/657887.140610166056640] DHCPSRV_MEMFILE_GET_ADDR4 obtaining IPv4 lease for address 0.0.0.1
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.callouts/657887.140610166056640] HOOKS_CALLOUTS_BEGIN begin all callouts for hook lease4_select
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.callouts/657887.140610166056640] HOOKS_CALLOUT_CALLED hooks library with index 1 has called a callout on hook lease4_select that has address 0x7fe25b9f4647 (callout duration: 0.007 ms)
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.callouts/657887.140610166056640] HOOKS_CALLOUTS_COMPLETE completed callouts for hook lease4_select (total callouts duration: 0.007 ms)
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.dhcpsrv/657887.140610166056640] DHCPSRV_HOOK_LEASE4_SELECT_SKIP Lease4 creation was skipped, because of callout skip flag.
```
... not sure what's supposed to happen at this point to prevent the WARN/ERROR of not having a lease ...
Then:
```
2023-10-17 06:44:16.847 WARN [kea-dhcp4.alloc-engine/657887.140610166056640] ALLOC_ENGINE_V4_ALLOC_FAIL_SUBNET [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: failed to allocate an IPv4 lease in the subnet 0.0.0.0/0, subnet-id 1, shared network (none)
2023-10-17 06:44:16.847 WARN [kea-dhcp4.alloc-engine/657887.140610166056640] ALLOC_ENGINE_V4_ALLOC_FAIL [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: failed to allocate an IPv4 address after 1 attempt(s)
2023-10-17 06:44:16.847 WARN [kea-dhcp4.alloc-engine/657887.140610166056640] ALLOC_ENGINE_V4_ALLOC_FAIL_CLASSES [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: Failed to allocate an IPv4 address for client with classes: ALL, VENDOR_CLASS_HTTPClient::7
::, UNKNOWN
2023-10-17 06:44:16.847 DEBUG [kea-dhcp4.bad-packets/657887.140610166056640] DHCP4_PACKET_NAK_0003 [hwtype=1 02:00:00:00:00:01], cid=[no info], tid=0x1: failed to advertise a lease, client sent ciaddr 0.0.0.0, requested-ip-address (no address)
```
... no further output here ...kea2.6.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/3102Possible bug for not pure option containers2023-10-13T23:32:53ZFrancis DupontPossible bug for not pure option containersHere the word pure means empty type, and container an option with sub-options. This ticket is from a dicussion in #2881 which fixed pure option containers.
The goal is to verify that toElement o parse gives back cvs-format and data entr...Here the word pure means empty type, and container an option with sub-options. This ticket is from a dicussion in #2881 which fixed pure option containers.
The goal is to verify that toElement o parse gives back cvs-format and data entries. If it is not the case Option::toBinary should be extended with a new parameter to not include sub-options.next-stable-2.6Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/3100Support array of OPT_RECORD_TYPE for Option definition2024-01-09T11:40:57ZPiotrek ZadrogaSupport array of OPT_RECORD_TYPE for Option definitionWhile working on #3074 it occurred to me that it would be very useful to be able to define new Option as an array of OPT_RECORD_TYPE.
We could consider implementing that in Kea.While working on #3074 it occurred to me that it would be very useful to be able to define new Option as an array of OPT_RECORD_TYPE.
We could consider implementing that in Kea.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3096No error message when I apply a different subnet with the same subnet id2023-10-05T20:40:41ZSandeep GagalapallyNo error message when I apply a different subnet with the same subnet idHi,
I was testing the premium hook command "remote-subnet4-set" to see if there is way to let the user know that there is an existing subnet-id , what happens is if I add a new subnet with the same subnet-id which I used before it gets...Hi,
I was testing the premium hook command "remote-subnet4-set" to see if there is way to let the user know that there is an existing subnet-id , what happens is if I add a new subnet with the same subnet-id which I used before it gets replaced instead of throwing an error or message in response. How can make these records unique ?
For example. If I send this command first and then lets say if another user uses the same id '2' , the config is getting replaced.
```
{
"command": "remote-subnet4-set",
"service": [
"dhcp4"
],
"arguments": {
"subnets": [
{
"id": 2,
"subnet": "192.0.2.0/24",
"shared-network-name": "",
"pools": [
{
"pool": "192.0.2.100 - 192.0.2.200",
}
]
}
],
"remote": {
"type": "mysql"
},
"server-tags": [
"all"
]
}
}
```
Thank You,
Sandeepnext-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3094Support for IPv6-only networks with RFC 8925 (v6-only-preferred)2023-09-28T14:31:07ZBrian CandlerSupport for IPv6-only networks with RFC 8925 (v6-only-preferred)**Some initial questions**
- Are you sure your feature is not already implemented in the latest Kea version? Yes
- Are you sure what you would like to do is not possible using some other mechanisms? Yes
- Have you discussed your idea on ...**Some initial questions**
- Are you sure your feature is not already implemented in the latest Kea version? Yes
- Are you sure what you would like to do is not possible using some other mechanisms? Yes
- Have you discussed your idea on kea-users or kea-dev mailing lists? Yes: https://lists.isc.org/pipermail/kea-users/2023-July/004207.html
**Is your feature request related to a problem? Please describe.**
In APRICOT 2024 next year, there will be a separate IPv6-only wifi network (in parallel with the main conference SSID). There's nothing new about that.
However, this year we want to ensure that clients will gracefully fall back to IPv6-only operation *and* make use of a NAT64 device to access the IPv4-only Internet via the client's embedded CLAT. MacOS, Android and iOS support this mode of operation. Full details are in the article here: https://labs.ripe.net/author/ondrej_caletka_1/deploying-ipv6-mostly-access-networks/
In summary, these clients will request option 108 in their (DHCPv4) discover request. The server should respond with yiaddr 0.0.0.0 and option 108. The client will then activate their CLAT, as long as they also get the NAT64 prefix from a separate field (PREF64) in the RA's.
Running ISC-KEA or ISC-DHCPD for the DHCPv4 service doesn't currently work well here. Well, it *does* work for those clients which support option 108. But for clients which don't, they will be offered an IPv4 address, and will configure their interface with it. This is supposed to be an IPv6-only network, and hence we don't want machines to pick up an IPv4 address. They will find they have failing connectivity when they try to use their IPv4 address.
*Not* running a DHCPv4 server at all is not an option, because the clients won't enable their CLAT unless they've successfully done the option 108 dance.
**Describe the solution you'd like**
I would like KEA to implement the following:
- Allow IPv4 subnets to have no pool
- Allow IPv4 subnets to have a flag for enabling v6-preferred
- In such a subnet, if a client requests option 108, then return yiaddr 0.0.0.0 with option 108
- (Optionally: if I client sents option 116, then return yiaddr 0.0.0.0 with option 116)
- Otherwise, if there's no pool, then do whatever you'd normally do when the pool is exhausted (presumably either send no response, or send a NAK)
(Option 116 is RFC 2563: it also returns yiaddr 0.0.0.0. It lets you tell a client *not* to configure a global v4 address, and also to tell it whether or not to configure a link-local address. In principle, it could also reduce DHCPv4 discovery chatter in networks without v4. However I mark this support "optionally" because I've not actually found a client which makes use of this option yet)
**Describe alternatives you've considered**
There's a discussion in the list at https://lists.isc.org/pipermail/kea-users/2023-July/004207.html
The key thing I need to make sure is that *no* IPv4 address is returned to a client unless it requests option 108.
Note that the client doesn't actually *send* option 108, it puts 108 in its parameter request list, and it seems to be quite tricky to handle this in KEA. The best I could come up with was:
```
"client-classes": [
{
"name": "rfc8925",
// We need to test whether option 108 is in the client's parameter request list (option 55).
// That's not the same as "option[108].exists"
// https://kea.readthedocs.io/en/latest/arm/classify.html#using-expressions-in-classification
"test": "substring(option[55].hex, 0, 1) == 0x6c
or substring(option[55].hex, 1, 1) == 0x6c or substring(option[55].hex, 2, 1) == 0x6c
or substring(option[55].hex, 3, 1) == 0x6c or substring(option[55].hex, 4, 1) == 0x6c
or substring(option[55].hex, 5, 1) == 0x6c or substring(option[55].hex, 6, 1) == 0x6c
or substring(option[55].hex, 7, 1) == 0x6c or substring(option[55].hex, 8, 1) == 0x6c
or substring(option[55].hex, 9, 1) == 0x6c or substring(option[55].hex, 10, 1) == 0x6c
or substring(option[55].hex, 11, 1) == 0x6c or substring(option[55].hex, 12, 1) == 0x6c"
},
],
```
(it's ugly and incomplete - what if the client send more than 13 options?)
Then avoid sending any response to clients which *don't* provide this option:
```
"pools": [
{
// Only give OFFERs to devices which support RFC 8925
"pool": "10.12.65.2 - 10.12.65.254",
"client-class": "rfc8925"
}
],
"option-data": [
{
"name": "v6-only-preferred",
"data": "0"
}
],
```
That kind-of works. It's still not entirely RFC 8925 compliant as it *should* set the yiaddr to 0.0.0.0 (I couldn't see how to do that with the non-commercial plugins) and it *shouldn't* need to consume an address from the pool, although I can make that pool arbitrarily large.
As described before: the option of *not* running DHCPv4 service doesn't work, because the clients won't activate their CLAT without having received option 108.
What I have ended up doing is writing some custom DHCPv4 server modules for a standalone Go DHCP server:
https://github.com/coredhcp/coredhcp/pull/170
**Additional context**
This is a demonstration network at a conference, so it's not exactly "production" but more is a technology demonstrator of how well an IPv6-only network with NAT64 could work.
When I've tested this locally, I find that IPv4 access via the NAT64 works nicely, even when using IPv4 literals. For example, "ping 8.8.8.8" or browse to https://1.1.1.1 work fine (except from Safari). The traffic is actually IPv6 across to the NAT64. No DNS64 is required.
We'd like to demonstrate this so people can evaluate the feasibility of real deployment of single-stack IPv6 networks now or in the future.
**Funding its development**
Only in-kind development contributions
**Participating in development**
Yes, willing to contribute to discussions and/or testing.
**Contacting you**
brian@nsrc.orgnext-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3090Move the krb5.conf config file in hammer2023-10-05T13:49:05ZFrancis DupontMove the krb5.conf config file in hammerWhen a Kerberos V library is installed a kerb5.conf config file is installed. Often it interferes with the gss_tig hook unit tests making some of them to fail. As documented in the ARM the default setting from this config file can be inc...When a Kerberos V library is installed a kerb5.conf config file is installed. Often it interferes with the gss_tig hook unit tests making some of them to fail. As documented in the ARM the default setting from this config file can be incompatible with these tests. The solution is to remove or rename it: this ticket is about doing this in hammer.next-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3064performance drop during 2.3 release cycle for mysql2023-09-21T13:53:17ZWlodzimierz Wencelperformance drop during 2.3 release cycle for mysqlWe observed huge performance drop during 2.3 release cycle, Exactly between 2.3.8 and 2.3.9
![Screenshot_2023-09-14_at_09.55.50](/uploads/06cdfb127f6609246e68c58d63663a2e/Screenshot_2023-09-14_at_09.55.50.png)
![Screenshot_2023-09-14_at...We observed huge performance drop during 2.3 release cycle, Exactly between 2.3.8 and 2.3.9
![Screenshot_2023-09-14_at_09.55.50](/uploads/06cdfb127f6609246e68c58d63663a2e/Screenshot_2023-09-14_at_09.55.50.png)
![Screenshot_2023-09-14_at_09.57.01](/uploads/d9fb7fbabb11d49faa3e40efbd6f4bac/Screenshot_2023-09-14_at_09.57.01.png)
Please check [report on master](https://jenkins.aws.isc.org/job/kea-dev/job/performance/lastSuccessfulBuild/artifact/qa-dhcp/kea/performance-jenkins/report.html), during this work I was testing migration to binary addresses in mysql and this did not show performance degradation in [the report](https://jenkins.aws.isc.org/view/Kea-manual/job/kea-manual/job/performance/108/artifact/qa-dhcp/kea/performance-jenkins/report.html)next-stable-2.6