Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2022-06-14T14:54:28Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/2248SPDX tags for Kea2022-06-14T14:54:28ZTomek MrugalskiSPDX tags for KeaThere's a SPDX project that defined tags for sources. Those are used to automatically determine license. Details: https://spdx.org/licenses/
@vicky said it would be beneficial to do this for Kea.There's a SPDX project that defined tags for sources. Those are used to automatically determine license. Details: https://spdx.org/licenses/
@vicky said it would be beneficial to do this for Kea.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2217How to delete unused host reservations2023-04-05T13:27:33ZjujuHow to delete unused host reservationsI made some changes to my host reservations and now have a bunch of them that are not going to be used anymore. I can't figure out how to delete them. I see them in stork but don't have an idea how to permanently remove them. I have an ...I made some changes to my host reservations and now have a bunch of them that are not going to be used anymore. I can't figure out how to delete them. I see them in stork but don't have an idea how to permanently remove them. I have an HA setup with 2 kea servers and store the data in a postgresdb. I searched around but cant find any info on how to clean up the host reservations.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2214kea 2.0.0 drop Discover-Offer and Reuqest-ACK2021-12-30T14:27:10ZALOK KUMAR SINGHkea 2.0.0 drop Discover-Offer and Reuqest-ACKI have recently updated my client environment to Kea 2.0.0, in earlier version we faced issues related to packet-parked. Since, I saw that issue is addressed in version 2.0.0, upgraded to it but when performing a load test using perfdhcp...I have recently updated my client environment to Kea 2.0.0, in earlier version we faced issues related to packet-parked. Since, I saw that issue is addressed in version 2.0.0, upgraded to it but when performing a load test using perfdhcp, I see huge drops. Please let me know if I need to make any changes in config or is there any bug with the version?
Also, attaching packet captured while running the test. [haperfdhcp.pcap](/uploads/c972ba0d021b369ca7e47f1391d4a48d/haperfdhcp.pcap)
/usr/local/sbin/perfdhcp -p 60 -r 300
/usr/local/sbin/perfdhcp -I ens192 -r 3000
![Capture1](/uploads/548a2d5439d47924d6533f887234518a/Capture1.PNG)
![capture2](/uploads/65e2478bd4f33e057519572401a5e7dd/capture2.PNG)
[root@xsdclxmdndh001 hscadmin]$ /usr/local/sbin/kea-admin -v
2.0.0
"parked-packet-limit": 128,
Note: I have tried to remove this section, increase value of this section to 128000 but no difference was observed in drop packets. [xs-config-kea-dhcp4.txt](/uploads/3b683cb87474068d478a5bb5ad7af8c6/xs-config-kea-dhcp4.txt)outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2200Format GSS-TSIG code2022-10-06T10:58:58ZAndrei Pavelandrei@isc.orgFormat GSS-TSIG codeNow that GSS-TSIG development has reached maturity, this is a good opportunity to:
* [x] apply code formatting to its code
* [ ] improve .clang-formatNow that GSS-TSIG development has reached maturity, this is a good opportunity to:
* [x] apply code formatting to its code
* [ ] improve .clang-formatoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2180kea-premium: own build system2021-11-10T15:29:18ZAndrei Pavelandrei@isc.orgkea-premium: own build systemKea Premium could have it's own build system that installs required libraries for Kea then to load.
It could be made such that each library has it's own build sub-system which can be triggered as standalone or by the parent system.
Thi...Kea Premium could have it's own build system that installs required libraries for Kea then to load.
It could be made such that each library has it's own build sub-system which can be triggered as standalone or by the parent system.
This makes development & packaging easier and allows for better separation of concerns. Kea won't need to be aware of the premium hook libraries.
And it would be a great candidate for the meson build system.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2171Migrating old style (TXT) guard DNS records to DHCID2021-11-23T16:01:13ZTomek MrugalskiMigrating old style (TXT) guard DNS records to DHCIDDescription TBDDescription TBDoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2140Can't use kea-dhcp6 as Prefix Delegation backend (like previously dibbler)2023-07-31T13:38:18ZLajos KatonaCan't use kea-dhcp6 as Prefix Delegation backend (like previously dibbler)Hi
I would like to use Kea for Openstack Neutron's pd "backend" (https://opendev.org/openstack/neutron ).
Currently we have a driver in Neutron for Dibbler which we use the following way (user workflow: https://docs.openstack.org/neutro...Hi
I would like to use Kea for Openstack Neutron's pd "backend" (https://opendev.org/openstack/neutron ).
Currently we have a driver in Neutron for Dibbler which we use the following way (user workflow: https://docs.openstack.org/neutron/latest/admin/config-ipv6.html#prefix-delegation ):
Neutron l3-agent creates IP namespaces for the routers, and dibbler is started within the ip namespace with a config like this:
_duid-type duid-en 8888 0x0f73d556b8364067bc6b3c2e61367d67
downlink-prefix-ifaces "none"
script
"/opt/stack/data/neutron/pd/877976ab-71c1-4c3f-ab76-281c5f2a61fa:0f73d556-b836-4067-bc6b-3c2e61367d67:qr-58b7a155-28/notify.sh"
iface "qg-f63df9d7-a7" {
bind-to-address fe80::f816:3eff:fe3a:f745
pd 1
}_
sudo ip netns exec qrouter-7dc7553b-b3aa-4782-b534-e4fc61f8b54f dibbler-client start -w /opt/stack/data/neutron/pd/877976ab-71c1-4c3f-ab76-281c5f2a61fa:0f73d556-b836-4067-bc6b-3c2e61367d67:qr-58b7a155-28/client.conf
notify.sh is a hook script to make possible that the prefix is finally stored in db and user can fetch it via REST API.
I tried to use Kea isntead to reach something similar result:
```
_$ cat kea_test.conf
{
# DHCPv6 configuration starts on the next line
"Dhcp6": {
# Next we set up the interfaces to be used by the server.
"interfaces-config": {
"interfaces": [ "qg-f63df9d7-a7" ]
},
# Finally, we list the subnets from which we will be leasing addresses.
"subnet6": [
{
"subnet": "2001:db8:2222::/48",
"pools": [
{"pool": "2001:db8:2222::/64"}
],
"pd-pools": [
{
"prefix": "3000:1::",
"prefix-len": 64,
"delegated-len": 96
}
]
}
]
# DHCPv6 configuration ends with the next line
}}
sudo kea-dhcp6 -c kea_test.conf_
```
but without success.
I saw that Kea has support for hooks (not sure I can use them as those are not in current distros), not sure if I can have similar hook like we have with dibbler.
environment:
Ubuntu 20.04.3 LTS
Linux mykeaenv 5.4.0-88-generic #99-Ubuntu SMP Thu Sep 23 17:29:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ kea-dhcp6 -v
2.0.0outstandingTomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/2131revisit and extend D2 update retry code2022-02-25T12:09:25ZFrancis Dupontrevisit and extend D2 update retry codeThe waiting delay between two attempts is not clear and for GSS-TSIG to be able to set the number of retries is requested.
This ticket should stay in the core code. Note the idea to save and restore the NCR queue is not considered here ...The waiting delay between two attempts is not clear and for GSS-TSIG to be able to set the number of retries is requested.
This ticket should stay in the core code. Note the idea to save and restore the NCR queue is not considered here (it has its own ticket #1801).
Opening a design phaseoutstandingFrancis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2093Follow-up from "Draft: Resolve "add core parking lot limit as congestion reco...2021-09-16T15:34:36ZThomas MarkwalderFollow-up from "Draft: Resolve "add core parking lot limit as congestion recovery for the HA / HTTP service""The following discussion from !1402 should be addressed:
- [ ] @fdupont started a [discussion](https://gitlab.isc.org/isc-projects/kea/-/merge_requests/1402#note_235475): (+2 comments)
> The described behavior is not the best: ins...The following discussion from !1402 should be addressed:
- [ ] @fdupont started a [discussion](https://gitlab.isc.org/isc-projects/kea/-/merge_requests/1402#note_235475): (+2 comments)
> The described behavior is not the best: instead of dropping the query IMHO it is better to drop the response. Of course the response was built so we drop already done work but if the query was retransmitted the response is obsolete so useless. This argument is stronger with slow servers and big parking lots but this case is the one the limit is interesting...outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2090Support for supersede together with dhcp-server-identifier2023-03-08T19:10:29ZVeroniqueSupport for supersede together with dhcp-server-identifierWe need to configure *dhcp-server-identifier* using the supersede hook but the server does not send an ACK. Instead it dropped the DHCP request complaining that "it contains a foreign server identifier".
Here is our configuration:
``` ...We need to configure *dhcp-server-identifier* using the supersede hook but the server does not send an ACK. Instead it dropped the DHCP request complaining that "it contains a foreign server identifier".
Here is our configuration:
```
[...]
"client-classes": [
{
"name": "Windows",
"user-context": {},
},
{
"name": "Desktop",
"user-context": {},
},
[...]
"reservations": [
{
"hw-address": "aa:aa:aa:aa:aa:01",
"ip-address": "111.111.111.111",
"hostname": "client1",
"client-classes": [
"Desktop"
]
},
{
"hw-address": "aa:aa:aa:aa:aa:02",
"ip-address": "111.111.111.222",
"hostname": "client2",
"client-classes": [
"Windows"
]
},
[...]
"hooks-libraries": [
{
"library": "/usr/local/lib/kea/hooks/libdhcp_bootp.so",
"parameters": {}
},
{
"library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so",
"parameters": {}
},
{
"library": "/usr/local/lib/kea/hooks/libdhcp_flex_option.so",
"parameters": {
"options": [
{
"code": 54,
"supersede": "ifelse(substring(option[vendor-class-identifier].text, 0, 9) == 'PXEClient' and member('Desktop'), 'xx.xx.xx.xx', ifelse(substring(option[vendor-class-identifier].text, 0, 9) == 'PXEClient' and member('Windows'), 'yy.yy.yy.yy', 'zz.zz.zz.zz'))"
}
]
}
}
],
```
Could this be supported in a coming release ?
Knowing that we have 100's of 1000's of clients in each class, we cannot test on their mac address in the class definition because it would generate a HUGE configuration file containing HUGE test expressions, so big that the validation takes hours to complete.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2076Move DB-related code out of libprocess2021-09-16T15:12:53ZAndrei Pavelandrei@isc.orgMove DB-related code out of libprocessThis is just a parent issue for !110 which had closed issue #156 as parent.This is just a parent issue for !110 which had closed issue #156 as parent.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2074NAK sent to it's own offer IP2021-09-17T12:04:58ZALOK KUMAR SINGHNAK sent to it's own offer IPUpgraded Kea 1.5 to 1.8.2 version, post upgrade I have observed reserved clients doesn't receive IP address. When did packet capture could see DHCP server sends NAK packet to it's own reserved IP address offered.
Please find the packet...Upgraded Kea 1.5 to 1.8.2 version, post upgrade I have observed reserved clients doesn't receive IP address. When did packet capture could see DHCP server sends NAK packet to it's own reserved IP address offered.
Please find the packet captured attached and let me know if it's a bug in kea1.8.2?
Filter MAC- 10:65:30:FA:76:AC
[hsclab.pcap](/uploads/922e5fae16d79108612088e8348c90d8/hsclab.pcap)outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2029Readonly Mysql configuration backend2023-07-17T13:58:20ZVitalij OsypenkoReadonly Mysql configuration backendHi, it is not possible to set CB as readonly, it breaks using views with data from different database. E.g.:
```
ERROR [kea-dhcp4.dhcp4/87919.139919704906176] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf...Hi, it is not possible to set CB as readonly, it breaks using views with data from different database. E.g.:
```
ERROR [kea-dhcp4.dhcp4/87919.139919704906176] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /etc/kea/kea-dhcp4.conf, reason: during update from config backend database: unable to prepare MySQL statement <INSERT INTO dhcp4_options ( code, value, formatted_value, space, persistent, dhcp_client_class, dhcp4_subnet_id, scope_id, user_context, shared_network_name, pool_id, modification_ts) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)>, reason: The target table dhcp4_options of the INSERT is not insertable-into
```
Kea DHCPv4 server version 1.9.10outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2027Follow-up from "Resolve "dhcp pkt getIndex() and setIndex() should use int64_...2023-03-30T02:33:46ZRazvan BecheriuFollow-up from "Resolve "dhcp pkt getIndex() and setIndex() should use int64_t instead of uint32_t type for ifindex""The following discussion from !1363 should be addressed:
`IfaceCollection::getIfaceInternal` uses uint32_t instead of int32_t/int.
always check the return value of `if_nametoindex` which returns 0 on error.
`ifa->ifa_index` is uint32_...The following discussion from !1363 should be addressed:
`IfaceCollection::getIfaceInternal` uses uint32_t instead of int32_t/int.
always check the return value of `if_nametoindex` which returns 0 on error.
`ifa->ifa_index` is uint32_t instead of int32_t/int.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1995How should structurally-nested MySQL transactions be handled?2021-09-03T04:15:16ZAndrei Pavelandrei@isc.orgHow should structurally-nested MySQL transactions be handled?The [MySQL docs](https://dev.mysql.com/doc/refman/8.0/en/implicit-commit.html) state:
> Transactions cannot be nested. This is a consequence of the implicit commit performed for any current transaction when you issue a START TRANSACTION...The [MySQL docs](https://dev.mysql.com/doc/refman/8.0/en/implicit-commit.html) state:
> Transactions cannot be nested. This is a consequence of the implicit commit performed for any current transaction when you issue a START TRANSACTION statement or one of its synonyms.
Since 1.9.10, Kea no longer relies on this default behavior. Commits 4ba460d0f9f1b4f532da8e13d2aa4109124229ec and 83a5989497ee8831ca55b4c0987ee2fd3a369c56 have made it so that the statements belonging to the inner transactions are re-assigned to the outermost transaction. This is arguably better than the MySQL default, because the statements of the inner transaction keep their atomicity (and probably other properties that transaction ensure), instead of it being split into smaller atomic portions, like in the default scenario.
But... A side effect is that the result of the inner transaction is ignored. I don't see this being a problem in case the inner transaction would have committed. But it might be a problem if the inner transaction had decided to rollback. Post-1.9.10, if the outermost transaction decides to commit, the otherwise rolled back statements will now also be committed.
Better(?) alternatives:
* prioritize rollbacks so that a rolled back inner transaction results in a rolled back outer transaction
* turn inner transactions (decided by an if branch in code) into savepoints:
* turn "START TRANSACTION" into "SAVEPOINT identifier"
* turn "ROLLBACK" into "ROLLBACK [WORK] TO [SAVEPOINT] identifier"
* turn "COMMIT" into "RELEASE SAVEPOINT identifier"outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1981compile warning2022-01-27T13:51:40ZGene Ccompile warningIn case of interest there is compile warning when building with gcc 11.1 on linux for ncr_msg.cc :
```
inlined from ‘void isc::dhcp_ddns::D2Dhcid::fromHWAddr(const HWAddrPtr&, const std::vector<unsigned char>&)’ at ncr_msg.cc:119:23:
/u...In case of interest there is compile warning when building with gcc 11.1 on linux for ncr_msg.cc :
```
inlined from ‘void isc::dhcp_ddns::D2Dhcid::fromHWAddr(const HWAddrPtr&, const std::vector<unsigned char>&)’ at ncr_msg.cc:119:23:
/usr/include/c++/11.1.0/bits/stl_algobase.h:431:30: warning: ‘void* __builtin_memcpy(void*, const void*, long unsigned int)’ reading 1 or more bytes from a region of size 0 [-Wstringop-overread]
431 | __builtin_memmove(__result, __first, sizeof(_Tp) * _Num);
| ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/c++/11.1.0/x86_64-pc-linux-gnu/bits/c++allocator.h:33,
from /usr/include/c++/11.1.0/bits/allocator.h:46,
from /usr/include/c++/11.1.0/string:41,
from ../../../src/lib/cc/data.h:11,
from ../../../src/lib/dhcp_ddns/ncr_msg.h:15,
from ncr_msg.cc:9:
```outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1919ZTP with KEA for Huawei switches2021-07-29T14:50:36ZBranka AndrijasevicZTP with KEA for Huawei switchesHi ISC Support,
In the context of using KEA DHCP for ZTP of Huawei Switches, we’re right now facing an issue within the implementation of RFC Compliance within KEA DHCP.
Based on the documentation of Huawei (see https://support.hu...Hi ISC Support,
In the context of using KEA DHCP for ZTP of Huawei Switches, we’re right now facing an issue within the implementation of RFC Compliance within KEA DHCP.
Based on the documentation of Huawei (see https://support.huawei.com/enterprise/en/doc/EDOC0100533703?section=j004) the Switch Firmware is relying on the overlapping Options 141 + 146 (see https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#id2) which are conflicting in terms of DHCP Option Type.
We would therefore kindly ask ISC to review this issue, as it’s entirely blocking the introduction of ZTP / Autoconfiguration of Huawei Switches within our installation base.
In case no solution exists out of the box, we would further ask ISC to consider a compatibility option for allowing the override of standard RFC-ed options, see e.g. https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#kea-dhcpv4-compatibility-configuration-parameters
Kind Regardsoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1912update lib dns++ python tools2021-06-03T15:37:03ZFrancis Dupontupdate lib dns++ python tools#1880 showed that even they still work the python tools used for the dns++ library should be updated:
- src/lib/dns/gen-rdatacode.py complains about a not existing (BTW for a long time) file in a not existing (this point triggers the er...#1880 showed that even they still work the python tools used for the dns++ library should be updated:
- src/lib/dns/gen-rdatacode.py complains about a not existing (BTW for a long time) file in a not existing (this point triggers the error) src/lib/dns/python directory. IMHO the corresponding code is obsolete i.e. implements a feature which has not been used since a lot of years if it was used one day...
- src/lib/util/python/gen_wiredata.py triggers a warning with python3. I added a comment at the corresponding line of code.
The documentation should be updated too: for the first script it is in the s-rdatacode entry of the Makefile. The second is in a commented entry of the src/lib/dns/tests/testdata Makefile and requires to be called in the UTC timezone when timestamps are generated as for RRSIG or TKEY RRs (I used with success the TZ environment variable).outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1869Design relay daemon in Kea2022-05-24T22:43:14ZTomek MrugalskiDesign relay daemon in KeaAs of June 2021, Kea provides the DHCP server functionality, with relay agent and client functionalities missing. The client likely never going to happen, but with relay there is some possibility. At this time, we would love to get some...As of June 2021, Kea provides the DHCP server functionality, with relay agent and client functionalities missing. The client likely never going to happen, but with relay there is some possibility. At this time, we would love to get some feedback from potential users and customers who are interested in the relay functionality. Please post your thoughts here.
In particular, details about your deployment use cases are most useful. Most people assume that the relay functionality is provided by hardware routers and switches and there's very limited need for software relay. Counter-arguments for this reasoning would be much appreciated.
Steps necessary:
- [ ] decide if there's a need for software relay
- [ ] write down requirements
- [ ] architecture design
- [ ] implement skeleton code
- [ ] implement relay functionality for v4
- [ ] implement relay functionality for v6outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1846sanity checks: v6 unit tests tweaks on macOS2021-10-20T10:16:05ZTomek Mrugalskisanity checks: v6 unit tests tweaks on macOSAs reported by @fdupont [here](https://gitlab.isc.org/isc-projects/kea/-/issues/1827#note_209771):
macOS 11.2.3 Xcode 12.4 I got twice on three attempts this error:
```
[ RUN ] RunScriptTest.lease6Recover
../../../../../../../src/h...As reported by @fdupont [here](https://gitlab.isc.org/isc-projects/kea/-/issues/1827#note_209771):
macOS 11.2.3 Xcode 12.4 I got twice on three attempts this error:
```
[ RUN ] RunScriptTest.lease6Recover
../../../../../../../src/hooks/dhcp/run_script/tests/run_script_unittests.cc:731: Failure
Expected: (time(__null)) < (now + 3), actual: 1619475859 vs 1619475859
timeout
[ FAILED ] RunScriptTest.lease6Recover (2355 ms)
```
and
```
[ RUN ] RunScriptTest.lease6Decline
../../../../../../../src/hooks/dhcp/run_script/tests/run_script_unittests.cc:731: Failure
Expected: (time(__null)) < (now + 3), actual: 1619520686 vs 1619520686
timeout
[ FAILED ] RunScriptTest.lease6Decline (2127 ms)
```
Two comments:
- NULL does not exist in C++: please change time(NULL) by time(0)
- the checkScriptResult code obviously requires some rewritesoutstanding