Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2021-05-23T12:47:50Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/1843simpify shared libraries by removing versions2021-05-23T12:47:50ZGene Csimpify shared libraries by removing versionsA thought to run by you all. Remove library versioning from the build system.
I may well be missing something but it seems to me we can remove unneeded complexity.
From the perspective of a packager.
Since the shared libraries in kea a...A thought to run by you all. Remove library versioning from the build system.
I may well be missing something but it seems to me we can remove unneeded complexity.
From the perspective of a packager.
Since the shared libraries in kea are only used by kea itself, and packagers always build and package the entire kea suite, it would be cleaner / simpler to remove versioned shared libraries and simply have the freshly build un-versioned libraries.
There is no sensible way to have multiple binary versions installed anyway, so there is no value to having multiple versions of libraries as fart as I can tell. I never ever see more than the one version of any kea library installed - so see no point in having the versions (plus links) at all.
From developer perspective:
There can certainly be need to have multiple versions of binaries and their associated libs during dev and testing, but this can easily be managed in many ways for (run/test in the build tree, change root prefix of install, run in container, run in chroot etc etc). Anyway, this has to be happening now anyway with or without versioned shared libs
This would simplify the build toolkit quite a bit (its pretty complex as is already) and would also eliminate issues such as #1780 :)outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1803Inheritance for DHCPv6 options to work like DHCPv4 (shared network vs global HR)2021-05-13T15:09:49ZVicky Riskvicky@isc.orgInheritance for DHCPv6 options to work like DHCPv4 (shared network vs global HR)**Problem**
DHCP options for host reservations in a backend database can be specified by “shared-network-name” to override a global host reservation, however this does not appear to work for V6.
**Desired Solution**
V6 options for share...**Problem**
DHCP options for host reservations in a backend database can be specified by “shared-network-name” to override a global host reservation, however this does not appear to work for V6.
**Desired Solution**
V6 options for shared network name should override any definition that may be present in the global host reservation, as is currently the case for v4.
I tried to find related issues - possibly #39, #1253 might be relatedoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1802Allow multiple levels of nested sub-options in custom option space2022-09-14T08:26:49ZVicky Riskvicky@isc.orgAllow multiple levels of nested sub-options in custom option space**Problem**
A single level of sub options can be specified in custom option definition “spaces”, however multiple levels of nesting are not supported. For example, option 125.<4491>.123.1 + 2, or option 125.1.1, or CableLabs V6 options ...**Problem**
A single level of sub options can be specified in custom option definition “spaces”, however multiple levels of nesting are not supported. For example, option 125.<4491>.123.1 + 2, or option 125.1.1, or CableLabs V6 options 17.<4491>.2170 + 2171.
Sub option 2171 (CL_OPTION_CCCV6) is particularly difficult because it has its own 9 sub options that are normally under V4 Option 122.
**Desired Solution**
The custom option spaces allow the definition of multiple levels of nesting.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1800possible race on lease_update_backlog_2021-04-15T15:31:05ZRazvan Becheriupossible race on lease_update_backlog_I am not sure if this can happen when calling HAService::communicationRecoveryHandler (main thread) which calls lease_update_backlog_.clear() and HAService::asyncSendLeaseUpdates (processing threads) which calls lease_update_backlog_.pus...I am not sure if this can happen when calling HAService::communicationRecoveryHandler (main thread) which calls lease_update_backlog_.clear() and HAService::asyncSendLeaseUpdates (processing threads) which calls lease_update_backlog_.push(...).
Main thread also calls HAService::asyncSendLeaseUpdatesFromBacklog which does lease_update_backlog_.pop() which can race with processing threads but can only end up postponing the exit from HAService::asyncSendLeaseUpdatesFromBacklog (maybe forever)?
The race might not be possible because of different transition states but it is not obvious from the code. A state diagram might be useful.
To note that operations on lease_update_backlog_ are thread safe.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1797create smart pointer for parking lot - RAII handling of parking/unparking/drop2023-08-20T18:48:51ZRazvan Becheriucreate smart pointer for parking lot - RAII handling of parking/unparking/dropAny parking lot needs to either be parked and unparked or dropped.
To achieve this we need a smart pointer (to reuse the reference count), but also the following functionality:
ready() - mark that the processing of the hook point was s...Any parking lot needs to either be parked and unparked or dropped.
To achieve this we need a smart pointer (to reuse the reference count), but also the following functionality:
ready() - mark that the processing of the hook point was successful (only if the drop flag has not been set)
the destructor should check if the ready flag has been set
the constructor should set an internal dirty flag which can only be cleared by calling ready()
this is similar to the MySql/PgSql transactions.
each destructor should check if the dirty flag has been cleared. if the flag has not been cleared for the current instance, set the drop flag.
if any of the instances has not been able to clear the dirty flag resulting in the drop flag to be set, will result in dropping the packet.
```
ParkingLot {
...
bool drop_; // initialized to false on constructor
};
ParkingLotPtr : public boost::shared_ptr<ParkingLot> {
private:
ParkingLotPtr(const ParkingLotPtr&);
const ParkingLotPtr operator=(const ParkingLotPtr&);
bool dirty_;
ParkingLotPtr() : dirty_(true) {
}
~ParkingLotPtr() {
if (dirty_) {
get()->drop_ = true;
}
if (get()->drop_ && use_count() == 1) {
// drop packet
} else if (use_count() == 1) {
// ready to unpark
}
}
void ready() {
if (!get->drop_) {
dirty_ = false;
}
}
}
```
hook point:
```
{
...
ParkingLotPtr& parking_lot = callout_handle.getParkingLotPtr();
...
parking_lot->ready();
}
```
This way we can guarantee that the handling of the parking lot is always handled, and all exceptions in any hook point will drop the packet. The only thing that needs to be done by every hook point is to mark the ready flag before exiting.
This is similar to reference/dereference, but the reference count is handled by the base smart pointer.
Each hook library that creates/accesses the parking log must call getParkingLotPtr() which will generate a new ParkingLotPtr that needs to call ready before exiting scope (should be the last operation in the hook point).
We might need to protect the dirty and drop flags to be MT ready.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1794TLS shutdown2022-05-30T11:29:08ZFrancis DupontTLS shutdownRelated to #1661 and #1706: TLS has a notion of orderly named TLS shutdown we can use or not.Related to #1661 and #1706: TLS has a notion of orderly named TLS shutdown we can use or not.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1722get rid of macros2021-03-08T19:42:24ZAndrei Pavelandrei@isc.orgget rid of macrosIt seems macros are used to overcome some difficult-to-write code in Kea, but they also introduce problems like the one in #1719. After experimenting a bit in the same Gitlab issue, I think C++11 is perfectly capable of writing complex l...It seems macros are used to overcome some difficult-to-write code in Kea, but they also introduce problems like the one in #1719. After experimenting a bit in the same Gitlab issue, I think C++11 is perfectly capable of writing complex logic without them.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1687Batch lease insertion for database lease backend2021-10-20T11:53:14ZVicky Riskvicky@isc.orgBatch lease insertion for database lease backendThe DHCP service might receive thousands of requests per second under peak loads. If each granted lease executes a COMMIT in the database, object contention may occur in rows, tables or indexes. A batch insert provides a mechanism where ...The DHCP service might receive thousands of requests per second under peak loads. If each granted lease executes a COMMIT in the database, object contention may occur in rows, tables or indexes. A batch insert provides a mechanism where the DHCP delays lease insertion for a configurable period of time (in seconds) and then inserts leases in batches using a single database transaction. To avoid data loss in case the DHCP service crashes all queued leases should be persisted to a local on-disk database for a configurable period of time, for example 5 seconds.
This feature should also support configuring the max number of database connections and the number of threads Kea should use to insert leases in the database.
```
# kea config batch lease insertion
batch-lease-insertion-interval-ms = 5000
# if database enabled
batch-lease-insertion-db-connections = 5
batch-lease-insertion-threads = 5
```outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1679Change reuseable_* to reusable_* .2021-02-11T16:40:18ZRazvan BecheriuChange reuseable_* to reusable_* .Currently only the Lease* structure has 2 parameters using the wrong spelling of reusable_:
uint32_t reuseable_valid_lft_;
uint32_t reuseable_preferred_lft_;
As the Lease is internal to Kea, this should be easy to do without im...Currently only the Lease* structure has 2 parameters using the wrong spelling of reusable_:
uint32_t reuseable_valid_lft_;
uint32_t reuseable_preferred_lft_;
As the Lease is internal to Kea, this should be easy to do without impacting clients.
The only affected 'external' functionality could be the user hook libraries.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1669formatting tools vs line length limits2021-02-04T16:55:45ZFrancis Dupontformatting tools vs line length limitsWe need hard and soft line limits in the formatting tools to match the code guide lines and keep the code readable... It seems the current tools do not provide soft/hard limits and tuning is a bit hard so #1455 was merged leaving this is...We need hard and soft line limits in the formatting tools to match the code guide lines and keep the code readable... It seems the current tools do not provide soft/hard limits and tuning is a bit hard so #1455 was merged leaving this issue not yet addressed.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1607Investigate whether Boost.log could replace log4cplus2020-12-21T14:42:43ZTomek MrugalskiInvestigate whether Boost.log could replace log4cplusKea has few core dependencies - boost, log4cplus and one of either OpenSSL or Botan. The log4cplus has been in use since the very beginning and was inherited from BIND10 days a decade ago. We never seriously looked at alternatives.
Depe...Kea has few core dependencies - boost, log4cplus and one of either OpenSSL or Botan. The log4cplus has been in use since the very beginning and was inherited from BIND10 days a decade ago. We never seriously looked at alternatives.
Dependency on log4cplus is sometimes a problem, especially in newer systems. Here's an [example of problems on CentOS8](https://lists.isc.org/pipermail/kea-users/2020-December/002954.html).
The goal of this ticket is to:
- investigate if boost.log can possibly be used as a replacement
- provide an estimate of how much work would it take to do it
This ticket is not about doing the migration itself.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1595Does Kea support the option 90 (Authentication)2023-08-24T11:52:27ZvarsrajaDoes Kea support the option 90 (Authentication)I would like to know if Kea DHCP servers support the option 90/ Authentication.
https://tools.ietf.org/html/rfc3118.
From the list of dhcp options supported as per Kea documentation
https://kea.readthedocs.io/en/kea-1.8.1/arm/dhcp4-srv....I would like to know if Kea DHCP servers support the option 90/ Authentication.
https://tools.ietf.org/html/rfc3118.
From the list of dhcp options supported as per Kea documentation
https://kea.readthedocs.io/en/kea-1.8.1/arm/dhcp4-srv.html#dhcp4-std-options-list , don't find option 90 specified.
If it does support, what should i configure in the dhclient and kea dhcp server to get it working.
Thank you
Varsrajaoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1586Fix TSIG server code2020-12-02T10:30:21ZFrancis DupontFix TSIG server codeSince RFC 8945 was published we should:
- fix the server code
- update old references to RFC 2845 and if exist to RFC 4635
- update the ARM
Note as the server code is not used by Kea this ticket will be in the Outstanding milestone.Since RFC 8945 was published we should:
- fix the server code
- update old references to RFC 2845 and if exist to RFC 4635
- update the ARM
Note as the server code is not used by Kea this ticket will be in the Outstanding milestone.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1575warnings on raspian2020-12-21T14:05:18ZFrancis Dupontwarnings on raspianhttps://gitlab.isc.org/isc-projects/kea/-/issues/1568#note_178684https://gitlab.isc.org/isc-projects/kea/-/issues/1568#note_178684outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1573fix warnings when compiling with -pedantic or -Wpedantic2021-09-28T09:40:55ZAndrei Pavelandrei@isc.orgfix warnings when compiling with -pedantic or -Wpedanticonly if the problem that the compiler reports is real and if an agreeable fix can be done, of course
shouldn't be too big of an effort
i think we already are warning-free for `-Wall` and `-Wextra`
```
export CXXFLAGS='-pedantic'
./con...only if the problem that the compiler reports is real and if an agreeable fix can be done, of course
shouldn't be too big of an effort
i think we already are warning-free for `-Wall` and `-Wextra`
```
export CXXFLAGS='-pedantic'
./configure
make
```outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1571make uninstall leaves manuals and sample configuration files behind2021-06-18T09:56:20ZAndrei Pavelandrei@isc.orgmake uninstall leaves manuals and sample configuration files behind```
$ find /opt/kea -type f
/opt/kea/share/man/man8/kea-admin.8
/opt/kea/share/man/man8/kea-ctrl-agent.8
/opt/kea/share/man/man8/kea-dhcp4.8
/opt/kea/share/man/man8/kea-dhcp6.8
/opt/kea/share/man/man8/kea-dhcp-ddns.8
/opt/kea/share/man/m...```
$ find /opt/kea -type f
/opt/kea/share/man/man8/kea-admin.8
/opt/kea/share/man/man8/kea-ctrl-agent.8
/opt/kea/share/man/man8/kea-dhcp4.8
/opt/kea/share/man/man8/kea-dhcp6.8
/opt/kea/share/man/man8/kea-dhcp-ddns.8
/opt/kea/share/man/man8/kea-lfc.8
/opt/kea/share/man/man8/kea-netconf.8
/opt/kea/share/man/man8/kea-shell.8
/opt/kea/share/man/man8/keactrl.8
/opt/kea/share/man/man8/perfdhcp.8
/opt/kea/etc/kea/keactrl.conf
/opt/kea/etc/kea/kea-dhcp4.conf
/opt/kea/etc/kea/kea-dhcp6.conf
/opt/kea/etc/kea/kea-dhcp-ddns.conf
/opt/kea/etc/kea/kea-ctrl-agent.conf
```
is this intended?outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1569link warnings on MacOs2020-12-21T13:53:04ZRazvan Becheriulink warnings on MacOsfound during #1565
```
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_linux.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(lib...found during #1565
```
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_linux.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_sun.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_linux.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_sun.o) has no symbols
```outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1566host entry conflict: same identifier, identifier type and subnet id2022-10-25T13:27:59ZFrancis Duponthost entry conflict: same identifier, identifier type and subnet idThis comes from the test_v4_host_reservation_conflicts_duplicate_reservations forge test.
The question is what happens with 2 host reservations using the same identifier, identifier type and subnet id.
In the config the host container ...This comes from the test_v4_host_reservation_conflicts_duplicate_reservations forge test.
The question is what happens with 2 host reservations using the same identifier, identifier type and subnet id.
In the config the host container uses 3 different not unique indexes for the identifier+type, subnet id v4 and v6. As far I know there is no conflict check at config time. The get methods throw DuplicateHost.
MySQL database since schema 5.0 (Kea 1.1.0) uses unique key_dhcp[46]_identifier_subnet_id indexes so does not allow the same identifier + type with the same not null subnet id. The not null matters because the host reservation table is shared between v4 and v6 so same identier and type is allowed with for instance different v4 subnet ids even both v6 subnet ids are null.
MySQL backend get methods do not check: they return the first host if the query returns at least one.
PostgreSQL database is very close to MySQL with a small difference introduced in schema 3.2 (Kea 1.4.0): the unique constraint does not apply when the subnet id is 0.
Cassanda/CQL schema has no constaint. The get methods check if more than one host is found and throw MultipleRecords.
On the forge side:
- test_v4_host_reservation_conflicts_duplicate_reservations verifies that the configuration case allows conflicts
- test_v4_host_reservation_conflicts_duplicate_reservations_mysql verifies that the MySQL case allows conflicts and fails because it is not allowed
There is no check for PostgreSQL but it should fail if reservations are not global.
Note a similar constraint was removed on the same address and subnet id by #1428 in 1.9.1 (search for ip-reservations-unique).
Proposed action: reverse forge tests, add a PgSQL one and consider to add a check for the configuration case: at least an unit test should verify an incorrect configuration giving failures at run time is rejected.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1562command_processed hook not tested or documented in CA2022-08-01T13:27:57ZTomek Mrugalskicommand_processed hook not tested or documented in CAThis was discovered in #1421 that the `command_processed` hook point is not documented and not tested.
With the upcoming RBAC, we need to improve the testing situation.This was discovered in #1421 that the `command_processed` hook point is not documented and not tested.
With the upcoming RBAC, we need to improve the testing situation.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1544user-class filtering per reservation (Microsoft DHCP)2020-12-21T13:11:08ZTomek Mrugalskiuser-class filtering per reservation (Microsoft DHCP)Some time ago there was [a discussion on kea-users](https://lists.isc.org/pipermail/kea-users/2019-April/002333.html) (note: the discussion continued in May). Here's what the user was trying to do:
> What mkangelo and I are trying to do...Some time ago there was [a discussion on kea-users](https://lists.isc.org/pipermail/kea-users/2019-April/002333.html) (note: the discussion continued in May). Here's what the user was trying to do:
> What mkangelo and I are trying to do is to replace Microsoft DHCP server which has a feature to create host reservations with
two option 67 values which are served to the client based on the class (type) of the client - for example return undionly.kpxe when client is pxe return https://api.example.com/customurl/ when client is gpxe
Here's an expression they're trying to achieve:
```
Client class is extracted from DHCP Discover packets:
IF Option [77] == gPXE
then second value is being returned
ELSEIF Option [60] == "PXEClient:Arch:00000:UNDI:002001"
then first value is returned
```
This seems like a useful feature that's provided by some other implementations.outstanding