Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2021-10-20T10:30:59Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/972Pool level DHCP options are ignored while returning ACK to client's INFORM2021-10-20T10:30:59ZGhost UserPool level DHCP options are ignored while returning ACK to client's INFORM**Bug Description**
For a client's DHCPINFORM message that requests (option 55) for a set of DHCP options, Kea ignores DHCP options in the pool configuration and only returns options specified in the subnet configuration while returning...**Bug Description**
For a client's DHCPINFORM message that requests (option 55) for a set of DHCP options, Kea ignores DHCP options in the pool configuration and only returns options specified in the subnet configuration while returning the DHCPACK
**To Reproduce**
For the example below, randomly selected option 67 (bootfile name) to test
1. Run Kea dhcpv4 with the following subnet config
```
"subnet4": [
{
"subnet": "192.168.5.0/24",
"pools": [
{
"pool": "192.168.5.111 - 192.168.5.222",
"option-data": [
{
"name": "boot-file-name",
"data": "poolLevel"
}]
}],
"option-data": [
{
"name": "boot-file-name",
"data": "subnetLevel"
}]
}
]
```
2. Client sends DHCPDISCOVER wherein client requests for Bootfile name (option 67) in the Parameter Request List (option 55)
3. Kea responds with DHCPOFFER that includes Bootfile name (option 67) with value `poolLevel` from pool configuration
4. Client follows up with DHCPREQUEST with the same list of options and Kea returns DHCPACK with the OFFER'd values.
5. Client sends DHCPINFORM requesting for Bootfile name (option 67) in the Parameter Request List (option 55)
6. Kea returns DHCPACK including Bootfile name (option 67) with unexpected value `subnetLevel`
**Expected behavior**
Server must respond to DHCPINFORM with values from the client's matching pool configuration in the DHCPACK, unless no such option is defined in the pool configuration.
In context of the example above, at step 6, server must return DHCPACK with value of Bootfile name (option 67) as `poolLevel`
**Environment:**
- Kea version: 1.7.1-git
git cf6a766d28c565bd4a0abe8631422dd9fdeb27ce
- OS: Ubuntu 18.04.2outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1039avoiding race conditions when sharing database between processes or threads2021-10-20T10:31:31ZRazvan Becheriuavoiding race conditions when sharing database between processes or threadsthis ticket is intended to clarify the design needed to make 2 servers using the same database function properly.
the main problem is that, by having 2 separate servers or threads, one could insert/delete/update one lease at the same tim...this ticket is intended to clarify the design needed to make 2 servers using the same database function properly.
the main problem is that, by having 2 separate servers or threads, one could insert/delete/update one lease at the same time the other does some similar action.
this ticket is no related to multi-threading but the MT design relies on the fact that the functionality of 2 servers sharing the database is handled properlyoutstandingRazvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1447use thread_local to optimize access to thread context2021-10-20T11:53:14ZRazvan Becheriuuse thread_local to optimize access to thread contextmoved from
#1333 https://gitlab.isc.org/isc-projects/kea/-/merge_requests/917
and
#1333 https://gitlab.isc.org/isc-private/kea-premium/-/merge_requests/130moved from
#1333 https://gitlab.isc.org/isc-projects/kea/-/merge_requests/917
and
#1333 https://gitlab.isc.org/isc-private/kea-premium/-/merge_requests/130outstandingWlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/1137some configuration related functions should throw exception if called from pa...2021-10-20T11:53:14ZRazvan Becheriusome configuration related functions should throw exception if called from packet processing functions or while processing packets (in MT)outstandingRazvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1687Batch lease insertion for database lease backend2021-10-20T11:53:14ZVicky Riskvicky@isc.orgBatch lease insertion for database lease backendThe DHCP service might receive thousands of requests per second under peak loads. If each granted lease executes a COMMIT in the database, object contention may occur in rows, tables or indexes. A batch insert provides a mechanism where ...The DHCP service might receive thousands of requests per second under peak loads. If each granted lease executes a COMMIT in the database, object contention may occur in rows, tables or indexes. A batch insert provides a mechanism where the DHCP delays lease insertion for a configurable period of time (in seconds) and then inserts leases in batches using a single database transaction. To avoid data loss in case the DHCP service crashes all queued leases should be persisted to a local on-disk database for a configurable period of time, for example 5 seconds.
This feature should also support configuring the max number of database connections and the number of threads Kea should use to insert leases in the database.
```
# kea config batch lease insertion
batch-lease-insertion-interval-ms = 5000
# if database enabled
batch-lease-insertion-db-connections = 5
batch-lease-insertion-threads = 5
```outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2180kea-premium: own build system2021-11-10T15:29:18ZAndrei Pavelandrei@isc.orgkea-premium: own build systemKea Premium could have it's own build system that installs required libraries for Kea then to load.
It could be made such that each library has it's own build sub-system which can be triggered as standalone or by the parent system.
Thi...Kea Premium could have it's own build system that installs required libraries for Kea then to load.
It could be made such that each library has it's own build sub-system which can be triggered as standalone or by the parent system.
This makes development & packaging easier and allows for better separation of concerns. Kea won't need to be aware of the premium hook libraries.
And it would be a great candidate for the meson build system.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2171Migrating old style (TXT) guard DNS records to DHCID2021-11-23T16:01:13ZTomek MrugalskiMigrating old style (TXT) guard DNS records to DHCIDDescription TBDDescription TBDoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2214kea 2.0.0 drop Discover-Offer and Reuqest-ACK2021-12-30T14:27:10ZALOK KUMAR SINGHkea 2.0.0 drop Discover-Offer and Reuqest-ACKI have recently updated my client environment to Kea 2.0.0, in earlier version we faced issues related to packet-parked. Since, I saw that issue is addressed in version 2.0.0, upgraded to it but when performing a load test using perfdhcp...I have recently updated my client environment to Kea 2.0.0, in earlier version we faced issues related to packet-parked. Since, I saw that issue is addressed in version 2.0.0, upgraded to it but when performing a load test using perfdhcp, I see huge drops. Please let me know if I need to make any changes in config or is there any bug with the version?
Also, attaching packet captured while running the test. [haperfdhcp.pcap](/uploads/c972ba0d021b369ca7e47f1391d4a48d/haperfdhcp.pcap)
/usr/local/sbin/perfdhcp -p 60 -r 300
/usr/local/sbin/perfdhcp -I ens192 -r 3000
![Capture1](/uploads/548a2d5439d47924d6533f887234518a/Capture1.PNG)
![capture2](/uploads/65e2478bd4f33e057519572401a5e7dd/capture2.PNG)
[root@xsdclxmdndh001 hscadmin]$ /usr/local/sbin/kea-admin -v
2.0.0
"parked-packet-limit": 128,
Note: I have tried to remove this section, increase value of this section to 128000 but no difference was observed in drop packets. [xs-config-kea-dhcp4.txt](/uploads/3b683cb87474068d478a5bb5ad7af8c6/xs-config-kea-dhcp4.txt)outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1981compile warning2022-01-27T13:51:40ZGene Ccompile warningIn case of interest there is compile warning when building with gcc 11.1 on linux for ncr_msg.cc :
```
inlined from ‘void isc::dhcp_ddns::D2Dhcid::fromHWAddr(const HWAddrPtr&, const std::vector<unsigned char>&)’ at ncr_msg.cc:119:23:
/u...In case of interest there is compile warning when building with gcc 11.1 on linux for ncr_msg.cc :
```
inlined from ‘void isc::dhcp_ddns::D2Dhcid::fromHWAddr(const HWAddrPtr&, const std::vector<unsigned char>&)’ at ncr_msg.cc:119:23:
/usr/include/c++/11.1.0/bits/stl_algobase.h:431:30: warning: ‘void* __builtin_memcpy(void*, const void*, long unsigned int)’ reading 1 or more bytes from a region of size 0 [-Wstringop-overread]
431 | __builtin_memmove(__result, __first, sizeof(_Tp) * _Num);
| ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/c++/11.1.0/x86_64-pc-linux-gnu/bits/c++allocator.h:33,
from /usr/include/c++/11.1.0/bits/allocator.h:46,
from /usr/include/c++/11.1.0/string:41,
from ../../../src/lib/cc/data.h:11,
from ../../../src/lib/dhcp_ddns/ncr_msg.h:15,
from ncr_msg.cc:9:
```outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1181serializing config is not consistent2022-02-01T18:33:52ZRazvan Becheriuserializing config is not consistentsome parts of the srv_config are not serialized, so they are stored and presented just as they are received from config
I am suggesting to have a well defined way to serialize/deserialize configsome parts of the srv_config are not serialized, so they are stored and presented just as they are received from config
I am suggesting to have a well defined way to serialize/deserialize configoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2267Lease file syntax should be documented2022-02-10T14:38:30ZTomek MrugalskiLease file syntax should be documentedWe need a documentation for lease file syntax. In particular, the escaping should be covered.We need a documentation for lease file syntax. In particular, the escaping should be covered.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1001configure tweaks2022-02-21T16:09:52ZTomek Mrugalskiconfigure tweaksThere are several things we could tweak in the configure script:
- several help instances show defaults in double brackets `[[default=no]]`, but others show in single brackets `[default=no]` and others as `(default=no)` , e.g. --with-we...There are several things we could tweak in the configure script:
- several help instances show defaults in double brackets `[[default=no]]`, but others show in single brackets `[default=no]` and others as `(default=no)` , e.g. --with-werror.
- unknown (e.g. misspelled) parameters are ignored (e.g. `--with-gtest-sources=..`). There's a warning at the top, but it should either be error or at least made more prominent.
- sphinx-build is being printed twice
- the expression "building docs in PDF" is awkward, should be "building PDF docs"
- there are old checks for __SUNPRO_CC - we don't and won't support Solaris
- with-aix-soname - why do we have option like this?
- the options are split into "optional features" and "optional packages" in seemingly random fashion (perfdhcp, static link and disable-rpath are in packages section, mysql, werror checking and some weird AIX options in "packages")outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2131revisit and extend D2 update retry code2022-02-25T12:09:25ZFrancis Dupontrevisit and extend D2 update retry codeThe waiting delay between two attempts is not clear and for GSS-TSIG to be able to set the number of retries is requested.
This ticket should stay in the core code. Note the idea to save and restore the NCR queue is not considered here ...The waiting delay between two attempts is not clear and for GSS-TSIG to be able to set the number of retries is requested.
This ticket should stay in the core code. Note the idea to save and restore the NCR queue is not considered here (it has its own ticket #1801).
Opening a design phaseoutstandingFrancis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/792quality of life improvement: kea-admin db-version fails on empty db2022-03-31T08:12:51ZTomek Mrugalskiquality of life improvement: kea-admin db-version fails on empty dbkea-admin db-version prints the following error:
```
# kea-admin db-version mysql
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1146 (42S02) at line 1: Table 'keatest.schema_version' doesn't exis...kea-admin db-version prints the following error:
```
# kea-admin db-version mysql
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1146 (42S02) at line 1: Table 'keatest.schema_version' doesn't exist
```
when run on an empty DB (without any schema).
Instead, it should catch the fact that schema_version does not exist and should point user to kea-admin db-init command.
This is a quality of life improvement, so it's not terribly important.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/435A design for "backends in hooks"2022-04-21T10:39:03ZTomek MrugalskiA design for "backends in hooks"We had a discussion about Kea packaging in 1.6 (see meeting notes 2019-01-24). The conclusion was that we want to prepare for Kea packaging better. In particular, the database backends should be moved to hooks that are loaded dynamically...We had a discussion about Kea packaging in 1.6 (see meeting notes 2019-01-24). The conclusion was that we want to prepare for Kea packaging better. In particular, the database backends should be moved to hooks that are loaded dynamically, rather than included during compilation time.
The overall intention is to have a directory where hooks could be loaded from. This is similar to Apache modules. They have 2 directories: mods-available and mods-enabled. The first one contains a list of modules (hooks). The second one has symlinks to those modules (hooks) that will be loaded. This approach is super easy to understand and use. Also, very extensible, because you can package backends and other hooks in independent RPM or DEB packages.
It's different than what we do now and several things have to be changed before we get there:
1. When Kea parses configuration, it has to know what lease-database and hosts-database backends are supported. Right now it's hardcoded* (but see below). We'd need to load the hooks first and they would register available backends, then we'd process rest of the configuration.
1. RADIUS is implemented as a hook and it does provide hosts backend. Before doing anything, please investigate how it registers "radius" hosts-backend type. This is not exactly a ready to use solution (because you can't configure "radius" backend in the config yet), but they underlying implementation of backend type registration is good.
1. we need to develop a code that would load all the hooks from a directory
Things to consider:
1. name the directory properly (people complained that the hooks have incorrect name libdhcp- and also are placed in incorrect directory)
2. perhaps we could have hooks that are loaded always (call them permanent hooks maybe?). Those would be put in the hooks-enabled directory and would be loaded at kea startup and not unloaded during reconfiguration? This would be most useful for parameter-less hooks (such a config backends)
3. apache allows having a separate config file for each module. IMHO this is a bit too much, but maybe it's something to look at after all?
The goal of this ticket is to write a design. It should conclude with w written design and a list of tickets needed to implement it.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2399kea-dhcp4 2.0.2 fails to always send custom option2022-05-19T13:39:39ZJohn Crichtonkea-dhcp4 2.0.2 fails to always send custom optionI´ve set up a dhcp IPv4 server, and set 3 custom options in a specific space, set a client class, and a subnet for this client, tried setting the 3 custom options as always send, but 2 of them do not get sent.
The always send should forc...I´ve set up a dhcp IPv4 server, and set 3 custom options in a specific space, set a client class, and a subnet for this client, tried setting the 3 custom options as always send, but 2 of them do not get sent.
The always send should force the option packet anyway.
```
"option-def": [ { "name": "PolycomVLAN",
"code": 128,
"space": "polycom",
"type": "string" },
{ "name": "PolycomVLANFixed",
"code": 129,
"space": "polycom",
"type": "string"
},
{ "name": "PolycomProvSer",
"code": 160,
"space": "polycom",
"type": "string" },
```
```
"client-classes": [ { "name": "Polycom-VVX1500",
"test": "option[vendor-class-identifier].text == 'Polycom-VVX1500'" } ]
```
```
{"subnet": "10.1.1.0/24",
"id": 1,
"pools": [ { "pool": "10.1.1.5 - 10.1.1.30" } ],
"client-class": "Polycom-VVX1500",
"option-data": [ { "always-send": true,
"code":128,
"space": "polycom",
"data": "VLAN-A=11;" },
{ "always-send": true,
"code":129,
"space": "polycom",
"data": "VLAN-A=11;" },
{ "code":160,
"space": "polycom",
"data": "ftp://<Redacted>" },
{ "name": "routers",
"data": "10.1.1.1" }
]
}
```
Kea:
2.0.2
tarball
linked with:
log4cplus 1.1.2
OpenSSL 1.1.1f 31 Mar 2020
database:
MySQL backend 12.0, library 10.3.34
Memfile backend 2.1
Hooks: libdhcp_lease_cmds.so / libdhcp_stat_cmds.so
Ubuntu 20.04.4 LTS
jon_lui@hotmail.comoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2417add support for option overload RFC33962022-05-19T14:01:36ZRazvan Becheriuadd support for option overload RFC3396Related to #2227.
long options should be stored in: sname space (64 bytes), and filename space (128 bytes)Related to #2227.
long options should be stored in: sname space (64 bytes), and filename space (128 bytes)outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1869Design relay daemon in Kea2022-05-24T22:43:14ZTomek MrugalskiDesign relay daemon in KeaAs of June 2021, Kea provides the DHCP server functionality, with relay agent and client functionalities missing. The client likely never going to happen, but with relay there is some possibility. At this time, we would love to get some...As of June 2021, Kea provides the DHCP server functionality, with relay agent and client functionalities missing. The client likely never going to happen, but with relay there is some possibility. At this time, we would love to get some feedback from potential users and customers who are interested in the relay functionality. Please post your thoughts here.
In particular, details about your deployment use cases are most useful. Most people assume that the relay functionality is provided by hardware routers and switches and there's very limited need for software relay. Counter-arguments for this reasoning would be much appreciated.
Steps necessary:
- [ ] decide if there's a need for software relay
- [ ] write down requirements
- [ ] architecture design
- [ ] implement skeleton code
- [ ] implement relay functionality for v4
- [ ] implement relay functionality for v6outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2378Add a callout point in HttpConnection::recordParameters2022-05-30T09:05:47ZFrancis DupontAdd a callout point in HttpConnection::recordParametersThe RBAC (#1263) role assignment can be extended using the custom value, a free member of HTTP request objects which comes with remote address, certification subject and issuer name, etc. The idea is to prepend a dedicated hook at the au...The RBAC (#1263) role assignment can be extended using the custom value, a free member of HTTP request objects which comes with remote address, certification subject and issuer name, etc. The idea is to prepend a dedicated hook at the auth callout point which for instance implements 'you need a TLS cert AND you need to connect from specific IP' by setting a custom value and configure RBAC to assign the role from it.
Now at the auth callout point all available informations are in the HTTP request object. This can be enough or not. The idea in this ticket is to get more information from the HttpConnection object including the Transaction sub-object. Perhaps it is an illusion as for instance TLS details are not available mainly because the TLS socket depends on the crypto backend...
So I propose to wait for a concrete customer request which can be only solved by such new callout point.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2306PsqlBindArray::addTempString should be used for temp strings only2022-05-30T11:19:24ZRazvan BecheriuPsqlBindArray::addTempString should be used for temp strings onlythe use of PsqlBindArray::addTempString should be avoided if possible because it uses heap for a new string.
if the strings have long scope/lifetime, PsqlBindArray::add should be used insteadthe use of PsqlBindArray::addTempString should be avoided if possible because it uses heap for a new string.
if the strings have long scope/lifetime, PsqlBindArray::add should be used insteadoutstanding