[kea-announce] ISC is pleased to announce the release of Kea 2.4.0
Peter Davies
peterd at isc.org
Wed Jul 5 12:40:44 UTC 2023
Kea 2.4.0 is the first release version of the Kea 2.4 stable branch.
As a reminder: Internet Systems Consortium uses an alternating branch scheme for
our releases. Branches that have an odd number in the digit after the first "."
(for example: Kea 2.1, Kea 2.3) are experimental development branches, while
branches that are even-numbered are intended for stable production use
(for example: Kea 2.2, Kea 2.4.)
Please note that with the release of stable branch Kea 2.4, the Kea 2.3 branch
has now reached the end of its life and is no longer supported. The Kea 2.0 stable
branch has been succeeded by Kea 2.2; the most recent release is Kea 2.2.0 (July 2022).
What's new in Kea 2.4.0?
------------------------
The 2.4.0 release contains the results of a year's worth of development
effort, previously previewed in the 2.3 development branch.
Highlights include:
- Alternative allocation strategies
- Bulk Leasequery
- DoH and DoT options (draft-ietf-add-dnr-16)
- Template classes
- New command: reservation-update
- Per-pool statistics
- New option setting "never-send"
Kea 2.4.0 can be downloaded from: https://dl.cloudsmith.io/public/isc/kea-2-4/raw/versions/2.4.0/kea-2.4.0.tar.gz
Kea 2.2.0 can be downloaded from: https://dl.cloudsmith.io/public/isc/kea-2-2/raw/versions/2.2.0/kea-2.2.0.tar.gz
Both versions are also available via the ISC downloads page: https://www.isc.org/download
Kea 2.4.0 release notes can be found here: https://downloads.isc.org/isc/kea/2.4.0/Kea-2.4.0-ReleaseNotes.txt
Kea 2.2.0 release notes can be found here: https://downloads.isc.org/isc/kea/2.2.0/Kea-2.2.0-ReleaseNotes.txt
A blog post with some more details about the new release is available at: https://www.isc.org/blogs/kea-2-4-0/
We thank you for using ISC's software.
ISC Support
----
# Kea 2.4.0, July 5th 2023, Release Notes
Welcome to Kea 2.4.0, a new stable branch. Kea is a DHCP implementation
developed by Internet Systems Consortium (ISC) that features DHCPv4 and
DHCPv6 servers with DNS update and a REST API; optional database support
(MySQL and PostgreSQL); optional RADIUS, Kerberos, YANG/NETCONF, and
GSS-TSIG support; and much more. Kea provides extensive management
capabilities, including but not limited to: TLS support, Role-Based
Access Control, run-time configuration monitoring and updates via a REST
API, host reservations, and client classification.
The text below references issue numbers. For more details, visit the Kea
GitLab page at https://gitlab.isc.org/isc-projects/kea/issues.
The following major features have been implemented since the 2.2 series:
1. **Multi-threading (MT) enabled by default**: Multi-threading was
implemented several years ago in Kea, but starting with this release, MT
is enabled by default. If you still prefer to use single-threaded mode,
it is easy to flip the `enable-multi-threading` switch back to `false`;
see "Multi-Threading Settings" in the DHCPv4 and DHCPv6 sections of the
Kea ARM for details [#2402]. Multi-threading is now also enabled by
default for High Availability (HA) mode [#2749].
2. **Alternative allocation strategies**: With the introduction of Free
Leases Queue (FLQ, described below), Kea now supports three allocation
strategies: iterative, random, and FLQ. These can now be configured via
a config file [#2348, #969] and the Configuration Backend [#2823].
3. **Random allocation strategy**: Since its inception in 2011, Kea has
been using an iterative allocation strategy, which means it iterates
through the address space and allocates available addresses
sequentially. This is a simple, fast, and easy-to-understand allocation
strategy that works for most use cases. However, we have now introduced
a new random allocator, not to replace the iterative allocator but to
provide an alternative. It is somewhat slower but provides great
resistance against scanning attacks, in particular when vast address
space is available, such as in IPv6. The choice of an allocation
strategy is now a configuration decision depending on the deployment
requirements [#969, #1313, #2316].
4. **Free Leases Queue allocation strategy**: FLQ is a new allocation
strategy. When selected, Kea generates a list of all possible leases on
startup and keeps it in memory; it uses this list to assign the first
available lease from a pool. This allocator is suitable when DHCP
servers are working with nearly depleted pools, and the time to find an
available lease via other allocators becomes too long. This new
allocator, however, slows down the server startup and reconfiguration,
and it also uses more memory, so users may wish to experiment with it in
their specific configuration. It can be used for address assignment in
DHCPv4 and prefix delegation in DHCPv6. This feature is considered
experimental [#2764, #1126, #2780].
5. **Bulk Leasequery**: The subscriber-only Leasequery hook has been
extended to support Bulk Leasequery (BLQ) for DHCPv4 and DHCPv6. BLQ
allows rebooting routers and switches to reacquire their lost state by
querying the DHCP server. BLQ differs from the typical DHCP protocol in
several fundamental ways: first, it uses TCP, and therefore is
connection-oriented; second, it does not follow the "one query, one
response" paradigm. The "bulk" in BLQ means that devices can send a
single query and receive many (possibly millions) of answers. We have
done extensive internal testing and the feature appears to be stable,
but we advise caution with its use. We are eager to get feedback on this
topic, especially with regards to interoperability with other vendors.
The DHCPv4 BLQ is currently available for all backends (memfile, MySQL,
PostgreSQL). The DHCPv6 BLQ is currently available for memfile, with
some very limited functionality for MySQL and PostgreSQL backends
[#2713, #2634, #2691, #2687, #2689, #2680, #2685, #2662, #2679, #2681,
#2684, #979, #2674, #2675, #2678, #2673, #2663, #2668, #2665, #2645,
#2655, #2647, #2639, #2644].
6. **Multiple vendor options**: The Kea DHCPv4 server can now handle
multiple `vivco-suboptions` options with different enterprise IDs [#467]
and multiple vendor options with different enterprise IDs and multiple
vivso suboptions. The vendor options handling has been updated [#1518,
#2694]. Support has been added for multiple instances of the DHCPv6
vendor-class (code 16) and vendor-opts (code 17) options. Kea now
supports specifying multiple options with different enterprise numbers
[#2517].
7. **DNS-over-TLS/HTTPS/... options**: The Discovery of
Network-designated Resolvers (DNR) options have been implemented for
both DHCPv4 and DHCPv6. This is an implementation of the
draft-ietf-add-dnr-16 IETF Internet Draft, which is expected to be
published as an RFC soon. The options allow configuration of DNS over
various transports, such as TLS (DNS-over-TLS or DoT), HTTPS
(DNS-over-HTTPS or DoH), and others. As this implementation is based on
a draft that has not yet reached RFC publication, use it with caution
[#2536].
8. **Template classes**: Template classes mechanism, similar to spawning
classes in ISC DHCP, has been implemented. The code for this
functionality has been merged, and it has only been very lightly tested.
As such, the feature's status is currently experimental. It is now
possible to define an expression using `template-test` in a class. The
expression should evaluate to a string; if evaluated to a non-empty
value, the packet is assigned to a
`SPAWN_<class-name>_<value-of-the-evaluated-expression>` class.
Documentation is available in the ARM and in our knowledgebase at
https://kb.isc.org/docs/facilitating-classification-with-template-classes
[#2568].
9. **NETCONF and Sysrepo**: The support for NETCONF/Yang received a
major overhaul; the Kea code has been migrated to libyang 2.x/Sysrepo
2.x from the previously supported 1.x versions. Both the libyang and
Sysrepo dependencies continue to evolve substantially, so this update
required over 2500 lines of code to be changed. **Be advised that the
recent libyang 2 and Sysrepo 2.x require a compiler that supports the
c++20 standard.** However, this is only required if you compile Kea with
NETCONF support [#2311]. In addition, the interaction with Sysrepo has
been updated: instead of retrieving configuration elements one by one,
the whole configuration is retrieved in one step and then dissected by
Kea. The larger your configuration is, the greater this performance
improvement should be: for our test configuration with 60,000 entries,
the configuration took 9 minutes and 30 seconds with the older code and
just 3 seconds with this new change. For more details, see issue [#2400]
and its merge request [!1824]. The YANG modules have been updated with
new configuration nodes: `extended-info-checks`,
`ignore-rai-link-selection`, and `template-test`. The `keatest-module`
has also gained a few missing node types. The code has been refactored
to accommodate changes more easily in the future [#2601]. The YANG
modules were updated with recent configuration changes. The added
parameters are: `allocator`, `ddns-ttl-percent`,
`exclude-first-last-24`, `ignore-dhcp-server-identifier`,
`offer-lifetime`, `pd-allocator`, `read-timeout`, `tcp-user-timeout`,
and `write-timeout`. We also removed these now-obsolete parameters:
`contact-points` and `keyspace` [#2832].
10. **Per-pool statistics**: Several improvements made it into this
release, including the introduction of a new type of statistics that can
be observed on a per-pool basis. A plethora of new statistics were
introduced: `subnet[id].pool[id].assigned-addresses`,
`subnet[id].pool[id].cumulative-assigned-addresses`,
`subnet[id].pool[id].declined-addresses`,
`subnet[id].pool[id].reclaimed-declined-addresses`,
`subnet[id].pool[id].reclaimed-leases`, and
`subnet[id].pool[id].total-addresses` for DHCPv4, and even more for
DHCPv6: `subnet[id].pool[id].assigned-nas`,
`subnet[id].pd-pool[id].assigned-pds`,
`subnet[id].pool[id].cumulative-assigned-nas`,
`subnet[id].pd-pool[id].cumulative-assigned-pds`,
`subnet[id].pool[id].declined-addresses`,
`subnet[id].pool[id].reclaimed-declined-addresses`,
`subnet[id].pool[id].reclaimed-leases`,
`subnet[id].pd-pool[id].reclaimed-leases`,
`subnet[id].pool[id].total-nas`, and `subnet[id].pd-pool[id].total-pds`
[#145]. The statistics type for the total number of available addresses
and prefixes for DHCPv6 has been changed from 64 bits to 128, to account
for the enormous address space in IPv6 [#2658]. New statistics were
added to keep track of leases that have their Client Last Transmission
Time (CLTT) increased in memory and their expiration time left unchanged
in persistent storage, as part of the lease-caching feature. Those new
statistics are: `v4-lease-reuse`, `subnet[id].v4-lease-reuse`,
`v6-ia-na-lease-reuse`, `subnet[id].v6-ia-na-lease-reuse`,
`v6-ia-pd-lease-reuse`, and `subnet[id].v6-ia-pd-lease-reuse` [#2797].
11. **Broadcast MAC address in DHCPv4 reply**: If the broadcast flag is
set in the DHCPREPLY, the MAC address is also set to the broadcast value
[#2211, #2542].
12. **Affinity for released leases**: Unless specifically told not to,
Kea now keeps leases for a period of time after they are released. This
is useful for devices that send RELEASE on reboot; they are now very
likely to get the same lease after their reboot is complete. This
behavior is controlled by `flush-reclaimed-timer-wait-time` and
`hold-reclaimed-time`. If both are non-zero, when the client sends a
release message the lease is expired; previously, it was deleted from
lease storage. The default values are 25 and 3600 respectively,
effectively changing the default server behavior [#2548].
13. **Global reservation improvements**: Global reservations are
generally not recommended to be used with address reservations. However,
when they are, an additional safety net is required and it has now been
implemented. An address reserved in a global reservation must now lie
within the range of the subnet or shared-network selected by Kea; if it
does not, the server attempts to allocate an address dynamically. This
change applies to both kea-dhcp4 and kea-dhcp6. Previously, the servers
would grant a lease for any globally reserved address without regard to
its inclusion in the selected subnet. Thanks to Kyle Birkeland for
reporting the issue and contributing the patch [#2631, #2632].
14. **Empty host reservations**: It is now possible to add an "empty"
host reservation without any attribute (e.g. no address, no options, no
hostname, no client classes, etc.). This is useful to determine the
KNOWN class [#2723].
15. **Never-send**: With earlier Kea versions, it was difficult to
configure an option that was supposed to be present everywhere except a
small number of locations. A new flag, `never-send`, allows users to
configure a given option globally and then suppress sending it in a
particular subnet or shared network [#719].
16. **DDNS improvements**: kea-dhcp4 and kea-dhcp6 support a new
parameter, `ddns-ttl-percent`, which allows setting the DNS time-to-live
(TTL) as a percentage of a lease lifetime [#225].
17. **Accepting all traffic**: Earlier Kea versions followed an RFC2131
rule that checked whether the `server-identifier` matched Kea's; if it
did not, Kea assumed the packet was intended for some other DHCP server
and it was dropped. However, in certain advanced scenarios it is useful
to be able to force Kea to accept everything. A new parameter,
`ignore-dhcp-server-identifier` for kea-dhcp4, allows enabling this
behavior [#2785].
18. **Early allocation**: RFC2131 states that leases are supposed to be
allocated when the server receives a REQUEST message. However, that
means that in certain situations, particularly when the server is almost
out of addresses, the client can get a DISCOVER with an address, but
when it actually requests the address, it does not get it. This is a
conformant behavior, but it differs from ISC DHCP, which assigned a
short-lived (120-second) lease when receiving DISCOVER. kea-dhcp4 now
supports the `offer-lifetime` parameter to allow the temporary
allocation of leases during DHCPOFFER [#2719].
19. **RFC8572 compatibility:** We have added support for Secure Zero
Touch Provisioning options, per RFC8572. Kea can now handle DHCPv4
Option code \#143 and DHCPv6 Option code \#136 [#939].
20. **Prefix delegation (PD) hints**: Kea now understands when a DHCPv6
client prefers a prefix of a certain length. If Kea is configured to
hand out /64, /60, and /56 prefixes and the client requests /56, it will
get it. Previously, Kea ignored the hint and assigned prefixes in the
order the pools appeared in the config file [#1958]. The `prefix-len`
and `pd-pools` list now checks the prefix lengths correctly [#2612].
21. **Preferred lifetime for DHCPv6**: Earlier Kea versions had the
preferred lifetime timer set to a default fixed value, if it was not
explicitly specified. This could have led, in some cases, to incorrect
configuration if the valid lifetime was configured to a lower value than
the preferred one. Starting with this release, the preferred lifetime is
calculated as 0.625 * `valid-lifetime` unless explicitly specified, or
if the specified value is higher than the valid lifetime. This should
avoid situations where Kea sends configurations that are rejected by
clients [#2835].
22. **Forensic Logging hook traceability**: The High Availability (HA)
mechanism uses lease commands to add, update, and delete leases. The
same mechanism can now be used by an administrator to manage lease
state. Previously, the forensic logging hook logged both automated HA
and manual updates in the same manner. Starting with this release, the
forensic logging hook now records whether the lease change is an
administrative action or an automated HA update [#2629].
23. **Logger inheritance**: If using multiple loggers that have a
relationship, e.g. `kea-dhcp4` and `kea-dhcp4.packets`, the omitted
logger configuration entries in the child are now properly inherited
from the root logger, as stated in the ARM [#2537].
24. **New lease capabilities**: The lease_cmds hook library supports two
new commands, `lease4-write` and `lease6-write`. These should help
recovery in emergency situations, e.g. when the disk is full, by writing
the memory-lease database into a CSV file. They are supported by the
memfile backend only. The lease_cmds hook library returns a new
"conflict" status code, indicating an issue with a lease update
due to a mismatch between the received lease and the server's
configuration or state. The HA hook library differentiates between this
new status and a general error and avoids transitioning to the
partner-down state when conflicts occur. The new
`max-rejected-lease-updates` parameter sets a limit for the maximum
number of conflicts before the server terminates the HA service
[#1654][#2408].
25. **Hashed configuration**: A new command `config-hash-get` returns a
SHA-256 hash of the existing configuration. This can be used to easily
detect whether a configuration has changed. Existing `config-set` and
`config-get` calls return the hash as well [#2707].
26. **New command: reservation-get-by-address**: A new command,
`reservation-get-by-address`, is now available in the host_cmds hook
library. It returns all host reservations for a given IP address, either
in all subnets or in a given subnet [#2795].
27. **New command: reservation-update**: A new command,
`reservation-update` has been added that allows an existing host
reservation to be updated. It is implemented as part of the Host
Commands premium hook [#549].
28. **Package improvements**: Kea's official APK, Debian, and RPM
packages have been restructured and made to follow a consistent
packaging standard. Some of the package names have been modified, and
some packages have been consolidated into larger packages due to these
changes. Kea now runs under a service user on RPM systems. Upgrading Kea
on Debian and Ubuntu systems should be done with `apt dist-upgrade` when
upgrading to this release or later, as some packages must be removed
before reinstalling. Depending on how Kea was previously installed,
upgrading to this release or later on Debian or Ubuntu systems could
cause the DHCPv6 and/or the DDNS server, as well as the open source
hooks, to be removed. To ensure they are properly installed, either
install the `isc-kea` metapackage, or install the packages explicitly by
name. Further details can be found in [#2220] and [#2398]. The Debian
package names have changed: `isc-kea-dhcp4-server` was changed to
`isc-kea-dhcp4`, `isc-kea-dhcp6-server` to `isc-kea-dhcp6`, and
`isc-kea-dhcp-ddns-server` to `isc-kea-dhcp-ddns`. This change was
required to use `dist-upgrade` to install new packages. All package
types (rpm, deb, and apk) now have the meta package `isc-kea` that
contains all components, making it easier to install while retaining the
flexibility to install individual packages separately. The Control Agent
service is no longer started every time when dhcp4, dhcp6, or ddns is
started, but when active it will start on system boot-up.
29. **Packages**: Native Deb, RPM, and APK packages are available for
Alpine 3.15, 3.16, 3.17; CentOS 7; Debian 10, 11, 12; Fedora 36, 37, 38;
RHEL 8, 9; and Ubuntu 18.04, 20.04, 22.04. All packages are built for
amd64 architecture. For details, see https://cloudsmith.io/~isc/repos/.
30. **Database improvements**: New database connection parameters,
`read-timeout` and `write-timeout`, control the timeouts in
communication with a MySQL database. The `tcp-user-timeout` parameter
controls the timeout in communication with a PostgreSQL database.
Setting these timeouts can prevent occasional Kea hangs due to issues
with database connectivity, and are expected to improve compatibility
with HAProxy [#2688]. Compatibility with recently published PostgreSQL
15 has been improved [#2724]. Kea can now detect a bug in MariaDB, which
incorrectly rejects certain valid constructs as invalid JSON. This has
been reported to and confirmed by the MariaDB team [#2654].
Compatibility with MySQL 5.5 (very old, but still used by CentOS 7) has
been improved [#2727]. A bug in the logic to set DB parameters no longer
confuses DHCPv4 with DHCPv6 [#2672].
31. **Optional link selection suboption**: The link selection suboption
is now optional; previously, Kea always tried to use it when it was
present in a packet. Right now, its use is enabled by default, but it
can be disabled using the `ignore-rai-link-selection` parameter [#2543].
32. **Compatibility**: We added a new `exclude-first-last-24` DHCPv4
compatibility flag, which skips addresses in .0 and .255 in subnets
larger than /24 [#720].
See https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes for a
complete list of all changes from versions 2.2.0-2.3.8 that are included
in this release.
The following bug fixes and features have been implemented since the Kea
2.3.8 release:
1. **Hashed configuration**: A new command `config-hash-get` returns a
SHA-256 hash of the existing configuration. This can be used to easily
detect whether a configuration has changed. Existing `config-set` and
`config-get` calls return the hash as well [#2707].
2. **New command: reservation-get-by-address**: A new command,
`reservation-get-by-address`, is now available in the host_cmds hook
library. It returns all host reservations for a given IP address, either
in all subnets or in a given subnet [#2795].
3. **Deprecated auto-generated subnet-id**: A warning is now issued when
the configuration contains subnets without explicit subnet identifiers
(without an "id" entry). Auto-generated subnet identifiers are now
deprecated [#2866].
4. **Logging drop packets**: The debug levels for packets being dropped
have been altered to be easier to spot [#2865].
5. **Build improvements**: Hammer, the internal building tool, now
supports Debian 12 [#2916]. Added support for Fedora 37 [#2935], 38
[#2937] and PostgreSQL 15 [#2950]. Missing header files are now
installed; this might be useful for external developers who build their
own hooks [#2608].
6. **Documentation**: Many parameter names in the ARM are now clickable
[#2554]. Many broken URLs and typos were fixed in the ARM [#2833].
Documentation regarding installing FreeRADIUS packages was updated
[#1452]. A non-existent statistic was referenced in the ARM [#2864]. A
typo was fixed in Section 8.2.10 of the ARM [#2913]. The documentation
for `ip-reservations-unique` was clarified [#2900]. The documentation
for vendor options was improved [#2793]. The documentation for prefix
hints, empty reservations, template classes, and `exclude-fist-last-24`
option improved [#2892].
7. **Bug fixes**: We fixed several undefined behaviors as reported by
UBSan [#2830]. The vendor options retrieved from a configuration backend
are now encapsulated properly. This issue affected both MySQL and
PostgreSQL [#2881]. Options with space are now encapsulated properly
when retrieved from a Config Backend [#2826]. A problem with the host
commands returning partial data for some options has been fixed [#2931].
The `kea-admin lease-upload` command no longer prints a misleading error
if no `-4` or `-6` options are used [#2855]. A rare race condition when
encapsulated options are used was fixed [#2942].
## Incompatible Changes
There are several changes that can be considered backward-incompatible.
1. Many of the native packages have been substantially updated and in
some cases renamed. See above for a brief overview, and the new
[Installation From Cloudsmith
Packages](https://kea.readthedocs.io/en/latest/arm/install.html?highlight
=cloudsmith#installation-from-cloudsmith-packages) and [Caveats for
Upgrading Kea
Packages](https://kea.readthedocs.io/en/latest/arm/install.html?highlight
=cloudsmith#caveats-for-upgrading-kea-packages) sections in the Kea ARM
for more details.
2. **MySQL and PostgreSQL schema updates**. Both database schemas were
updated to accommodate upcoming Bulk Leasequery support in DHCPv6. Both
schemas were also updated to use dedicated types for storing IPv6
addresses rather than using plain text fields.
3. **YANG module updated**. The YANG modules were updated to incorporate
the latest changes.
3. **New preferred-lifetime calculation**. Kea now operates in a safer
manner and behaves in an RFC-conformant way in some corner cases where
it previously sent invalid configuration. Nevertheless, you should
review your configuration if you have unusual settings with scenarios
where `preferred-lifetime` was greater than `valid-lifetime`. This
affects DHCPv6 only. See [#2835] for details.
4. **Deprecating libreload**: The API `libreload` command is now
deprecated. The command was implemented a long time ago, in Kea 1.2.0,
when the hooks framework was still being implemented and there were no
hooks. The original idea - to reload just the hooks and not the whole
server configuration - never gained any traction. Starting with this
release and for this stable branch (Kea 2.4.x), the command prints a
deprecation warning, but otherwise functions normally. It will be
removed completely from the Kea 2.5 and 2.6 branches [#2693].
5. **Deprecated auto-generated subnet-id**: A warning is now issued when
the configuration contains subnets without explicit subnet identifiers
(without an "id" entry). Auto-generated subnet identifiers are now
deprecated. They still work but will be removed in future releases
[#2866].
6. **Python 2 is no longer supported**: To use `kea-shell`, Python 3 is
required [#2467].
7. **Values for `operation-target` updated**: The values accepted by
recently introduced parameter `operation-target` used in `reservation-*`
commands have been renamed. The "primary" was renamed to "memory", and
the "alternate" was renamed to "database" [#2901].
8. **CentOS 7 no longer supported**: CentOS 7 distribution is no longer
supported. It is increasingly difficult to maintain compatibility with
ancient compiler and dependencies. The g++ 4.8 was released in 2013 and
lacks support for many modern features. Unit tests compilation fails.
It's still possible to compile Kea binaries. Also, a determined user
could install more recent g++ and make the compilation succeed, but that
is not supported anymore. To run Kea 2.4, please migrate to a more
modern OS.
## License
This version of Kea is released under the Mozilla Public License,
version 2.0.
https://www.mozilla.org/en-US/MPL/2.0
Some Kea hooks are provided under the MPL 2.0; others are licensed with
the Kea Hooks Basic Commercial End User License. The source for each
hook includes the applicable license.
## Download
Pre-built ISC packages for current versions of the most popular Linux
operating systems are available at:
https://cloudsmith.io/~isc/repos/
The Kea source and PGP signature for this release may be downloaded from:
https://www.isc.org/download
The signature was generated with the ISC code signing key, which is
available at:
https://www.isc.org/pgpkey
ISC provides detailed documentation, including installation instructions
and usage tutorials, in the Kea Administrator Reference Manual.
Documentation is included with the installation or at
https://kea.readthedocs.io/en/latest/index.html in HTML, plain text, or
PDF formats. ISC maintains a public open source code tree, wiki, issue
tracking system, milestone planner, and roadmap at
https://gitlab.isc.org//isc-projects/kea.
Limitations and known issues with this release can be found at
https://gitlab.isc.org/isc-projects/kea/wikis/known-issues-list.
We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the Kea Users mailing list
(https://lists.isc.org/mailman/listinfo/kea-users). We would also like
to hear whether the documentation is adequate and accurate. Please open
tickets in the Kea GitLab project for bugs, documentation omissions and
errors, and enhancement requests. We want to hear from you even if
everything worked.
## Support
Professional support for Kea is available from ISC. We encourage all
professional users to consider this option; Kea maintenance is funded
with support subscriptions. For more information on ISC's Kea and DHCP
software support see https://www.isc.org/support/.
Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/community/mailing-list. If you have any comments or
questions about working with Kea, please share them to the Kea Users
list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and
feature requests may be submitted via GitLab at
https://gitlab.isc.org/isc-projects/kea/issues.
## Changes
The following summarizes changes and important upgrades since the 2.2.0
release.
2166. [build] mgodzina
The library version numbers have been bumped up for the Kea 2.4.0
stable release.
(Gitlab #2939)
2165. [bug] marcin
DHCP options configured in the host database are now returned
with their encapsulated options to the clients.
(Gitlab #2826)
2164. [bug] razvan
Added checks to catch invalid prefix/prefix-len combinations in
commands that create or update pools, leases, and reservations.
(Gitlab #2725)
2163. [build] slawek
Dropped the Kea connector for Python 2.
(Gitlab #2467)
2162. [doc] marcin
Documented renaming operation-target values in host_cmds hook
library. The "primary" was renamed to "memory", and the
"alternate" was renamed to "database".
(Gitlab #2901)
2161. [doc] fdupont
Clarified how Kea treats situations where there are multiple
reservations for the same host.
(Gitlab #2745)
2160. [doc] tomek
Added clarification about RFC3046 (Relay agent option) support,
with some examples how to use its content.
(Gitlab #2887)
2159. [bug] razvan
Fixed a crash when splitting long options or sending user defined
options when multi-threading is enabled. Also fixed some cases
when options are not properly split if the serialized data
reaches the end of the 255 bytes long boundary.
(Gitlab #2942)
2158. [func] piotrek
A new command named "reservation-get-by-address" is now available
in the host_cmds hook library. It returns all host reservations
for given IP address either in all subnets or in a given subnet.
(Gitlab #2795)
2157. [func]* fdupont
Added a warning issued when the configuration contains subnets
without explicit subnet identifiers (without "id" entry). The
auto-generated subnet identifiers are now deprecated.
(Gitlab #2866)
2156. [func] razvan
Added an optional 'pool-id' parameter that can be used to enable
per-pool statistics. Supported by kea-dhcp4 and kea-dhcp6 for all
pool types.
(Gitlab #2898)
2155. [func] fdupont, tomek
Added the config-hash-get command which returns the
SHA-256 hash of the current configuration, helping
in detecting changes. Updated config-get, config-set
commands to also return SHA-256 hash.
(Gitlab #2707)
2154. [doc] darren
Corrected minor typo in table in section 8.2.10 of the ARM where
type was shown as ipv6-address and should have said ipv4-address.
(Gitlab #2913)
2153. [doc] darren
Changed wording of documentation of ip-reservations-unique
flag to clarify which host reservation backends support false.
(Gitlab #2900)
2152. [doc] razvan
Added documentation and unittests for counters by pool ID.
(Gitlab #145, #2883)
2151. [bug] marcin
Corrected a bug in the host manager that affected getting a host
by an IPv6 address or delegated prefix. This query returned only
partial host information. It lacked other IPv6 reservations and
some DHCP options.
(Gitlab #2931)
2150. [bug] marcin
Fixed a bug in encapsulating DHCP options fetched from the config
backend. The suboptions are now included in the top-level options
they belong to.
(Gitlab #2881)
2149. [doc] andrei
The vendor options documentation has been improved.
(Gitlab #2793)
2148. [build] tmark
The include file, cfg_globals.h, has been added to the
to dhcpsrv/Makefile.am such that it now gets installed.
Prior to this it was omitted from installation.
(GitLab #2608)
2147. [doc] andrei
There are now more cross-references in the ARM. Commands and hook
libraries link to their own section. Programs link to their
manual pages.
(Gitlab #2554)
2146. [func] piotrek
Making DHCP4_PACKET_DROP_* and DHCP6_PACKET_DROP_* debug prints
more verbose. The prints are including now hwaddr for DHCP4 and
duid for DHCP6.
(Gitlab #2865)
2145. [bug] piotrek
Fixed a bug in kea-admin script where lack of lease type argument
was not caught correctly and kea-lfc was called without -4 or -6
DHCP version.
(Gitlab #2855)
Kea 2.3.8 (development) released on May 31, 2023
2144. [build] razvan
The library version numbers have been bumped up for the Kea 2.3.8
development release.
(Gitlab #2885)
2143. [func] razvan
Added v4 statistic counters per pool:
subnet[id].pool[id].assigned-addresses
subnet[id].pool[id].cumulative-assigned-addresses
subnet[id].pool[id].declined-addresses
subnet[id].pool[id].reclaimed-declined-addresses
subnet[id].pool[id].reclaimed-leases
subnet[id].pool[id].total-addresses
Added v6 statistic counters per pool:
subnet[id].pool[id].assigned-nas
subnet[id].pd-pool[id].assigned-pds
subnet[id].pool[id].cumulative-assigned-nas
subnet[id].pd-pool[id].cumulative-assigned-pds
subnet[id].pool[id].declined-addresses
subnet[id].pool[id].reclaimed-declined-addresses
subnet[id].pool[id].reclaimed-leases
subnet[id].pd-pool[id].reclaimed-leases
subnet[id].pool[id].total-nas
subnet[id].pd-pool[id].total-pds
Counters are stored in the lease storage and after schema
upgrade all existing leases are considered to be part of pool
ID 0. On lease update, the counters will be updated accordingly
including pool IDs and statistics will converge to real values
over time.
(Gitlab #145)
2142. [func] piotrek
New command option was added to perfdhcp: --or.
It allows to insert extra option(s) to relayed DHCPv6 message
at given level of encapsulation. For now only the first level of
encapsulation is supported.
(Gitlab #2834)
2141. [bug] razvan
The High Availability hook library is sending the 'origin'
parameter set to 'ha-partner' when sending lease update
commands which enables the forensic log hook library to
distinguish between administrator commands and HA partner
commands.
(Gitlab #2629)
2140. [func] slawek
Implemented functions to delete the host reservations from the
JSON configuration. Updated the host manager to fully support
altering the primary source (JSON configuration). Its methods
accept a new argument ("operation target") to specify the data
source (JSON configuration and/or hosts database) to query or
alter. Fixed a function that retrieves IPv6 host reservations
from the configuration by address.
(Gitlab #2815)
2139. [bug] marcin
Fixed a bug in the delegated prefix permutations that caused
allocating prefixes in the same order by the random and FLQ
allocators.
(Gitlab #2860)
2138. [bug] marcin
Fixed a bug in the DHCPv4 server that sent DHCPNAK to a client
in the INIT-REBOOT state when the server had no matching subnet
configuration for that client.
(Gitlab #2858)
2137. [func] fdupont
A new command "extended-info4-upgrade" makes old leases
from SQL DHCPV4 lease database visible to Bulk Lease Queries.
(Gitlab #2757)
2136. [func] tmark
The default value, in kea-dhcp6, for preferred-lifetime is
now calculated as: 0.625 * valid-lifetime. This calculation
is also used in the event that the specified value for
preferred-lifetime is greater than valid-lifetime. Prior to
this, the default value was 3600 seconds, and there was no
check against sending values greater than valid-lifetime.
(Gitlab #2835)
2135. [build] tomek
The CodeQL pipeline has been enabled on github. Developer's guide
updated with details.
(Gitlab #2760)
2134. [func] andrei
Statistics total-nas and total-pds were increased from 64-bit
values to 128-bit values to accurately represent large pools.
(Gitlab #2658)
2133. [func] andrei
Added missing YANG nodes: allocator, ddns-ttl-percent,
exclude-first-last-24, ignore-dhcp-server-identifier,
offer-lifetime, pd-allocator, read-timeout, tcp-user-timeout,
write-timeout.
Removed obsolete YANG nodes: contact-points, keyspace.
(Gitlab #2832)
2132. [bug] marcin
Fixed a bug in the allocation engine that could cause an invalid
lease assignment in the shared networks using subnets with
different allocator types.
(Gitlab #2843)
2131. [bug] razvan
Added support for 255 bytes long client-id and 130 bytes long
duid (2 bytes for type and at most 128 bytes for value).
(Gitlab #2786)
2130. [func] piotrek
Added support of DHCP Options for the Discovery of
Network-designated Resolvers (DNR) as per draft-ietf-add-dnr.
Kea can now handle DHCPv4 Option code 162 and DHCPv6 Option
code 144.
(Gitlab #2536)
2129. [func] andrei
New statistics were added to keep track of leases that have their
CLTT increased in memory and their expiration time left unchanged
in persistent storage as part of the lease caching feature. The
statistics are: v4-lease-reuse, subnet[id].v4-lease-reuse,
v6-ia-na-lease-reuse, subnet[id].v6-ia-na-lease-reuse,
v6-ia-pd-lease-reuse, subnet[id].v6-ia-pd-lease-reuse.
(Gitlab #2797)
2128. [bug]* razvan
In addition to logging them, the server now sets the
CalloutHandle status to DROP to indicate an error occurred when
it catches unhandled exceptions thrown by a callout.
(Gitlab #2805)
Kea 2.3.7 (development) released on April 26, 2023
2127. [build] razvan
The library version numbers have been bumped up for the Kea 2.3.7
development release.
(Gitlab #2837)
2126. [func] andrei
A new command named reservation-update is now available in the
host_cmds hook library. It updates an existing reservation.
(Gitlab #549)
2125. [func] marcin
Allocators can now be configured in the configuration backend.
(Gitlab #2823)
2124. [perf] andrei
When not explicitly configured, multi-threading mode and the HTTP
dedicated listener are enabled by default for the
high-availability hook library ("enable-multi-threading" and
"http-dedicated-listener" set to true).
(Gitlab #2749)
2123. [bug] razvan
Fixed a bug which was truncating relay suboptions (circuit-id
code 1 and remote-id code 2) if the data ended in 0x0. The
option definitions have been updated from OPT_STRING_TYPE to
OPT_BINARY_TYPE.
(Gitlab #2794)
2122. [bug] marcin
Fixed a bug in the HA hook library whereby the HA service could
sometimes terminate even after the partner's clock has been
corrected. The last clock skew is now ignored when a
communication failure with the partner occurs.
(Gitlab #2754)
2121. [func] marcin
Implemented Free Lease Queue allocator. It can be used for
address assignment in DHCPv4 and prefix delegation in DHCPv6.
The allocator is suitable when the DHCP servers work with
nearly depleted pools, and the time to find an available
lease becomes long with other allocators. The new allocator,
however, slows down the server startup and reconfiguration.
It also uses more memory.
(Gitlab #2780, #2764)
Kea 2.3.6 (development) released on March 29, 2023
2120. [build] razvan
The library version numbers have been bumped up for the Kea 2.3.6
development release.
(Gitlab #2807)
2119. [func] tmark
Added a new parameter, ddns-ttl-percent, to kea-dhcp4
and kea-dhcp6, that may be used to calculate DNS TTL
as a simple percentage of the lease life time.
(Gitlab #225)
2118. [bug] razvan
Fixed a bug which was changing the multi-threading settings when
running config-test command and the settings were different from
the server's configuration. This also fixes the rollback on the
multi-threading settings if there is a configuration error
detected. Also hooks now set DROP flag on the
dhcp4_srv_configured and dhcp6_srv_configured callouts if the
configuration is invalid or an error occured. Proper shutdown
of the HTTP listener is performed now instead of generating a
server crash if the provided address is not valid.
(Gitlab #2799)
2117. [func] fdupont
Added a new ignore-dhcp-server-identifier DHCPv4 compatibility
flag which when set to true (default is false) makes any query
to be accepted even when the address in the DHCP Server
Identifier option belongs to another server (standard behavior
is to drop such queries).
(Gitlab #2785)
2116. [func] piotrek
Added support of Secure Zero Touch Provisioning options as per
RFC8572. Kea can now handle DHCPv4 Option code #143 and DHCPv6
Option code #136.
(Gitlab #939)
2115. [func] tmark
Added the parameter, offer-lifetime, to kea-dhcp4. When
greater than zero, the server temporarily allocates and
persists leases during DHCPOFFER processing.
(Gitlab #2719)
2114. [func] razvan
Added the -T command line parameter to kea-dhcp4 and kea-dhcp6
for testing configuration files, similar to -t, but with extra
checks like checking database connections, checking hook
libraries parameters, and others.
(Gitlab #1671)
2113. [bug] razvan
The reload functionality (by sending SIGHUP) of the kea-dhcp4
and kea-dhcp6 servers has been enhanced to rollback to
previously working configuration if the new configuration is
invalid. There are still cases that can leave the server in an
unrecoverable state, and such case is indicated by a FATAL
log message. The same logic applies to the "config-set" command
available to the server through the control channel.
(Gitlab #2722)
2112. [doc] fdupont
Added in the ARM security a section explaining how
to tune the OpenSSL configuration file for Kea service
accepting commands over HTTPS.
(Gitlab #2784)
2111. [bug] fdupont
Fixed a bug which advertised re-assigned released leases
with zero lifetimes.
(Gitlab #2766)
2110. [func] fdupont
A new boolean configuration flag called "never-send" has been
added to the option data scope. When enabled, the option is not
sent in a response to the client, even if the client explicitly
requests it.
(Gitlab #719)
2109. [bug] fdupont
Compatibility flags e.g. lenient-option-parsing were not
saved by config-get and similar commands.
(Gitlab #2790)
2108. [func] fdupont
Added a new exclude-first-last-24 DHCPv4 compatibility flag
which when set to true (default is false) skips addresses
in .0 and .255 in subnets with prefix length less than 24
in the allocation engine routine picking a free address.
(Gitlab #720)
2107. [func] fdupont
The Kea DHCPv4 server can now handle multiple vivco-suboptions
options with different enterprise IDs.
(Gitlab #467)
2106. [bug] tmark
Corrected code that allowed lease6-get-* commands to return
IA_NA leases with prefix length values of zero and logic in
kea-dhcp6 that was incorrectly generating duplicate iaaddr
options with lifetimes of zero for such leases in REPLYs to
RENEWs.
(Gitlab #2660)
2105. [bug] tmark
kea-dhcp6 now consistently uses valid and preferred lifetime
values provided via classes. Prior to this it was not
utilizing class-supplied lifetimes when renewing existing
leases or when reusing expired leases.
(Gitlab #2739)
Kea 2.3.5 (development) released on February 22, 2023
2104. [build] andrei
The library version numbers have been bumped up for the Kea 2.3.5
development release.
(Gitlab #2768)
2103. [perf] andrei
When not explicitly configured, multi-threading is now enabled by
default for the core Kea DHCP service ("enable-multi-threading"
set to true). For now, HA+MT is still disabled by default
("enable-multi-threading" and "http-dedicated-listener" both
still set to false in the high-availability library parameters).
(Gitlab #2402)
2102. [func]* tmark
The logger to which kea-dhcp4 now logs EVAL_RESULT log
messages issued during packet classification has been
changed from "options4" to "dhcp4". This corrects an
inconsistency between kea-dhcp6 and kea-dhcp4 behavior.
(Gitlab #2720)
2101. [build] andrei
Shell tests and python tests no longer run if gtest is disabled.
This provides the ability to run distcheck without tests.
(Gitlab #2742)
2100. [doc] Kevin P. Fleming
Fixed several JSON examples in the Kea ARM.
(Gitlab #2494)
2099. [func]* tmark
An address reserved in a global reservation must now lie
within the range of the subnet or shared-network selected
by Kea. If it does not, the server will attempt to allocate an
address dynamically. This change applies to both kea-dhcp4 and
kea-dhcp6. Previously, the servers would grant a lease for any
globally reserved address without regard for its feasibility
within the selected subnet. Thanks to Kyle Birkeland for
reporting the issue and contributing the patch.
(Gitlab #2631, #2632)
2098. [doc] razvan
Updated client classification examples in the ARM with a case
where both operands of the evaluated expression are computed at
runtime.
(Gitlab #2664)
2097. [func] tmark
kea-dhcp4 and kea-dhcp6 will now accept renew-timer values that
exceed rebind-timer values but will ignore them and issue a
warning. Previously, the servers treated those values as a fatal
configuration error.
(Gitlab #2677)
2096. [bug] tmark
Corrected a bug which allowed options to be added to themselves
as suboptions.
(Gitlab #2538)
2095. [bug] marcin, tmark
Added a compile-time check of whether the PostgreSQL version
supports the "tcp-user-timeout" parameter. This parameter
is available in PostgreSQL version 12 and later. It is now
ignored for earlier versions and a suitable warning message
is issued.
(Gitlab #2734)
2094. [bug] razvan
Fixed a bug which caused the Kea server to crash when
using the high-availability hooks library and running reconfigure
commands. Thanks to Caciano Machado for reporting this bug and
providing detailed steps on how to replicate it.
(Gitlab #2575)
2093. [func] fdupont
It is now possible to add an "empty" host reservation without any
attribute (e.g. no address, no hostname, no client classes,
etc.). This is useful for determining the KNOWN class.
(Gitlab #2723)
2092. [bug] fdupont
Added logic to kea-dhcp4 and kea-dhcp6 to catch and log
database connection errors that occur during lease
reclamation. Previously, such errors caused the
reclamation timer to not get rescheduled.
(Gitlab #2682)
2091. [bug] marcin
Fixed a bug that caused a response to a config-get command
to lack the configured read-timeout, write-timeout, and
tcp-user-timeout parameters.
(Gitlab #2741)
2090. [build] andrei
Fixed the --with-site-packages configure flag, which previously
had no effect.
(Gitlab #2669)
Kea 2.3.4 (development) released on January 25, 2023
2089. [build] razvan
The library version numbers have been bumped for the Kea 2.3.4
development release.
(Gitlab #2726)
2088. [func]* tomek
The libreload command is now deprecated. The code is still there,
but it will be removed in the future versions.
(Gitlab #2693)
2087. [func] razvan
The Kea DHCPv4 server can now handle multiple vendor options
with different enterprise IDs and multiple vivso-suboptions.
(Gitlab #1518)
2086. [bug] andrei
A spacing issue in a prepared statement that prevented Config
Backend from working with PostgreSQL 15 and above has been fixed.
(Gitlab #2724)
2085. [func] tmark
kea-dhcp-ddns uses new log messages to clearly distinguish
between timeouts and other IO errors when communicating with
DNS servers.
(Gitlab #2589)
2084. [func] razvan
When the client adds a prefix length in the hint, the server
will try to select a pool with the delegated prefix length
equal to the respective value. If no pool is found, the server
will try to select a pool with a lower delegated prefix length
(a larger address space) and if none is found, it will try to
select a pool with a higher delegated prefix length (a smaller
address space).
(Gitlab #1958)
2083. [func] marcin
New database connection parameters, "read-timeout" and
"write-timeout", control the timeouts in communication with the
MySQL database. The "tcp-user-timeout" controls the timeout in
communication with the PostgreSQL database. Setting these
timeouts can prevent occasional Kea hangs due to issues with
the database connectivity.
(Gitlab #2688)
2082. [bug] razvan
The prefix address provided in the prefix and prefix length pair
from the pool configuration is now checked to match the first
address in the pool.
(Gitlab #2612)
2081. [func] tmark
The default value for the kea-dhcp-ddns parameter,
dns-server-timeout, has been increased from 100 ms to
500 ms. This was done to improve the out-of-the-box
user experience.
(Gitlab #2590)
2080. [func] tmark
Bulk Lease Query results can now include delegated prefixes.
Memfile queries used by Bulk Lease Query (BLQ) were modified
to include delegated prefixes when appropriate. Prior to
this they were returning only address leases.
(Gitlab #2713)
2079. [func] marcin
The lease allocation strategy is now configurable. It is possible
to select between iterative and random lease selection for the
address assignment and prefix delegation, respectively, at the
global, shared network, and subnet levels.
(Gitlab #2348, #969)
Kea 2.3.3 (development) released on November 30, 2022
2078. [build] andrei
The library version numbers have been bumped for the Kea 2.3.3
development release.
(Gitlab #2650)
2077. [func] andrei
YANG modules have been updated with three configuration nodes:
extended-info-checks, ignore-rai-link-selection, template-test.
keatest-module has also gained empty, leafref and union nodes for
proper testing of all YANG leaf types.
Additionally, stable libyang and sysrepo versions are recommended
for use in the ARM in place of the previous development versions.
(Gitlab #2601)
2076. [doc] razvan
Add documentation for template classes and the new parameter
'template-test' which evaluates to a string value. This indicates
if the class is spawning classes with the name containing the
evaluated value: 'SPAWN_<template-class-name>_<evaluated-value>'
only if the value is not empty string. This will also add the
packet to the <template-class-name> class.
(Gitlab #2606)
2075. [bug] razvan
The builtin client class ALL can now be used again to apply lease
limits and rate limits.
(Gitlab #2615)
2074. [func] tmark
Added a new library, libkea_tcp, that provides support for a
generic TCP listener. Initially, this library will be used
for Bulk LeaseQuery
(Gitlab #2583)
Kea 2.3.2 (development) released on October 26, 2022
2073. [build] razvan
The library version numbers have been bumped for the Kea 2.3.2
development release.
(Gitlab #2607)
2072. [func] razvan
If both "flush-reclaimed-timer-wait-time" and
"hold-reclaimed-time" are non-zero, when the client sends a
release message the lease is expired. Previously it was deleted
from the lease storage. The default values are 25 and 3600
respectively, effectively changing the default server behavior.
(Gitlab #2548)
2071. [perf] andrei
Significantly improved the performance of editing configuration
with kea-netconf. Instead of making a request to the sysrepo
datastore for each leaf and leaf-list node, a single request is
done and the config is translated from the received data node.
This approach is considered experimental.
(Gitlab #2400)
2070. [func] andrei
kea-netconf now requires libyang v2 and sysrepo v2 to compile and
run. Support for libyang v1 and sysrepo v1 has been dropped.
(Gitlab #2311)
2069. [func] fdupont
Added a new sanity checker named "extended-info-checks"
which checks and eventually upgrades lease extended
info which store into lease user context in DHCPv4
the dhcp-agent-options content and in DHCPv6 the
relay-msg fields and options.
(Gitlab #2595)
2068. [func] djt
Kea's official APK, Deb, and RPM packages have been restructured
and made to follow a consistent packaging standard. Some of the
package names have been modified, and some packages have been
consolidated into larger packages as a result of these changes.
Kea now runs under a service user on RPM systems. Upgrading Kea
on Debian and Ubuntu systems should be done with ``apt
dist-upgrade`` when upgrading to this release or later, as some
packages need to be removed before being reinstalled. Depending
on how Kea was installed, upgrading to this release or later on
Debian or Ubuntu systems could cause the DHCPv6 and/or the DDNS
server, as well as the open-source hooks to be removed. In order
to ensure they are properly installed, either install the
``isc-kea`` metapackage, or install the packages explicitly by
name. Further details can be found in the Gitlab issue.
(Gitlab #2220)
2067. [func] fdupont
Updated the layout of extended information optionally
stored in lease user context to add remote and relay
identifier (sub-)options.
(Gitlab #2587)
2066. [bug] fdupont
Fixed lease reuse process to clear the user context
when the lease expired and was reclaimed.
(Gitlab #2588)
2065. [func] djt
A compatibility config option called ignore-rai-link-selection
has been added to the DHCPv4 config allow operators to ignore
Link Selection suboption data in Relay Agent information options.
When this configuration value is set to true, Kea will no longer
use data provided in the suboption for subnet selection.
(Gitlab #2543)
Kea 2.3.1 (development) released on September 28, 2022
2064. [build] mgodzina
The library version numbers have been bumped for the Kea 2.3.1
development release.
(Gitlab #2576)
2063. [bug] fdupont
Fixed 32 bit compatibility issue with PostgreSQL time.
(Gitlab #2532)
2062. [func] fdupont
The lease_cmds hook library supports two new commands
"lease4-write" and "lease6-write" which should help
to recover emergency situations e.g. full disk space
by writing the memory lease database into a CSV file.
They are supported only by the memfile backend.
(Gitlab #1654)
2061. [bug]* fdupont
Enforce length limits on host identifier (20 bytes for
hardware address, 128 bytes for DUID and other types).
(Gitlab #2557)
2060. [build] andrei
Two scripts that are used for checking YANG modules now
automatically detect the location of the yanglint tool and its
libraries based on the values passed to the configure script.
"make check" should now pass uninterrupted on some delicate
systems like Alpine and RPM-based. Also, reinstall.sh, used to
install YANG modules, now detects sysrepoctl automatically.
(Gitlab #2558)
2059. [func] marcin
The lease_cmds hook library returns a new "conflict" status
code indicating an issue with a lease update due to a mismatch
between the received lease and the server's configuration or
state. The HA hook library differentiates between this new
status and a general error and avoids transitioning to the
partner-down state when conflicts occur. The new
"max-rejected-lease-updates" parameter sets a limit for the
maximum number of conflicts before the server terminates the
HA service.
(Gitlab #2408)
2058. [build] fdupont
kea-lfc is now built just after libraries.
(Gitlab #2526)
2057. [doc] marcin
Fixed broken example and documentation for long DHCPv4 options
in the ARM.
(Gitlab #2545)
2056. [build] andrei
Improved build compatibility in Kea between g++ and Boost
libraries. The compilation error that was fixed was reported to
occur with g++ 8 and boost 1.75. The fix consists of passing
callbacks directly to boost::asio::io_service::post and not
indirectly through a functor. Thanks to rski for reporting the
error and suggesting the fix!
(Gitlab #2519)
2055. [func] andrei
When Kea starts with an erroneous file configuration, if the
logging is viable and is configured to log at least at ERROR
level, it will log the errors according to the configured
logging. Previously, it would log them in stderr which made
gathering of the errors more difficult. A final log message is
still logged at stderr just as before.
(Gitlab #1955)
Kea 2.3.0 (development) released on August 31, 2022
2054. [build] razvan
The library version numbers have been bumped for the Kea 2.3.0
development release.
(Gitlab #2546)
2053. [doc] razvan
A new appendix for configuration templates added to Kea ARM.
which include High Availability with multi-threading and secure
connections using TLS.
(Gitlab #2441)
2052. [func] andrei
Omitted logger configuration entries are now properly inherited
from the root logger as the ARM suggests.
(Gitlab #2537)
2051. [func] razvan
Added support for bulk lease query options defined in RFC 6926.
The bulk lease query functionality has not been implemented yet.
(Gitlab #2527)
2050. [build] andrei, tomek
Fixed problem with preparing system using hammer on FreeBSD
13.0. The available sphinx and python versions are now detected
dynamically. This should prevent future package upgrades (e.g.
to python 3.10) from breaking our builds again.
(Gitlab #2534)
2049. [build] razvan, fdupont
The distcheck rule is able to compile and run unittests for
database backends, GSS-TSIG and Sysrepo/NETCONF.
(Gitlab #2071)
2048. [bug] fdupont
Set broadcast MAC destination address in DHCPv4 replies
when the IP address is broadcast. Thanks to Joost Bekkers
for reporting the issue and contributing the patch. This
improves Kea's compatibility with Cisco Small Business
switches.
(Gitlab #2211)
2047. [func] fdupont
Added support of multiple instances of the DHCPv6
"vendor-class" (code 16) and "vendor-opts" (code 17)
options: specifying multiple options with different
enterprise numbers is now supported by Kea.
2046. [doc] andrei
Disabled smart quotes in Sphinx configuration to leave quotes
unchanged. Prior to this change, quotes were converted into
left-quotes and right-quotes. This made it difficult for users to
copy and use chunks of configuration directly from the ARM.
(Gitlab #2513)
The following summarizes changes in the premium hooks since the 2.2.0
release:
175. [bug] marcin
DHCP options inserted into a database by the host_cmds and
cb_cmds hooks are not encapsulated. Previously, encapsulated
options were sometimes appended to the parent options which
was confusing and could lead to parsing errors. Now, the
encapsulated options are returned separately and associated
with appropriate option space (i.e., an option space of a
parent option).
(Gitlab #2826)
174. [bug] razvan
Added checks to catch invalid prefix/prefix-len combinations in
commands that create or update pools, leases, and reservations.
(Gitlab #2725)
173. [func]* marcin
Renamed operation-target values in host_cmds hook library. The
"primary" was renamed to "memory", and the "alternate" was
renamed to "database".
(Gitlab #2901)
172. [func] piotrek
A new command named "reservation-get-by-address" is now available
in the host_cmds hook library. It returns all host reservations
for given IP address either in all subnets or in a given subnet.
(Gitlab #2795)
Kea-premium hooks package 2.3.8 (development) released on May 31, 2023
171. [bug] razvan
The High Availability hook library is sending the 'origin'
parameter set to 'ha-partner' when sending lease update
commands which enables the forensic log hook library to
distinguish between administrator commands and HA partner
commands.
(Gitlab #2629)
170. [func] slawek
The host_cmds has been updated to fully support altering (add,
update, delete) host reservations in JSON configuration. The host
commands accept a new argument ("operation-target") that defines
the data source (JSON configuration and/or hosts database) to
query or alter.
(Gitlab #2815)
169. [func] fdupont
A new command "extended-info4-upgrade" makes old leases
from SQL DHCPV4 lease database visible to Bulk Lease Queries.
(Gitlab #2757)
Kea-premium hooks package 2.3.7 (development) released on April 26, 2023
168. [bug] tmark
The lease query hook library can now find a delegated prefix
that contains an DHCPv6 IP address in response to a query by
IP address.
(Gitlab #1275)
167. [func] andrei
A new command named reservation-update is now available in the
host_cmds hook library. It updates an existing reservation.
(Gitlab #549)
166. [func] marcin
The subnet_cmds hook has been updated to support using the Free
Lease Queue (FLQ) allocator. This allocator can be selected at
the subnet or shared network level using the commands from this
hook library.
(Gitlab #2780)
Kea-premium hooks package 2.3.6 (development) released on March 29, 2023
165. [bug] razvan
Hooks now set DROP flag on the dhcp4_srv_configured and
dhcp6_srv_configured callouts if the configuration is invalid
or an error occured. Proper shutdown of the HTTP listener is
performed now instead of generating a server crash if the
provided address is not valid.
(Gitlab #2799)
164. [bug] razvan
Added missing log messages for host commands hooks library.
There are three messages that can be logged when any command is
issued: one INFO message when the hook starts processing the
command and one INFO message when it finishes with no error or
one ERROR message then an error occurs.
(Gitlab #2783)
Kea-premium hooks package 2.3.5 (development) released on February 22,
2023
163. [func] fdupont
The lease_query hook library now supports most bulk
lease query requirements for DHCPv4 (RFC 6926). It is
currently only supported with memfile lease storage.
(Gitlab #2746)
Kea-premium hooks package 2.3.4 (development) released on January 25,
2023
162. [bug] razvan
The prefix address provided in the prefix and prefix length pair
from the pool configuration is now checked to match the first
address in the pool.
(Gitlab #2612)
161. [build] andrei
Building without the forensic log source files is now possible.
Previously, it would complain about files not existing. Those
file declarations were moved from a generic m4 file to a m4 file
that is dedicated to forensic logging.
(Gitlab #2633)
160. [func] fdupont, tmark
The lease_query hook library now supports bulk lease query
for DHCPv6 (RFC 5460). It is currently only supported with
memfile lease storage.
(Gitlab #2673)
Kea-premium hooks package 2.3.3 (development) released on November 30,
2022
159. [func] razvan
Added "ignore-iaid" configuration flag in flex-id hooks library
which enables the server to ignore incoming IAID value if the
packet contains at most one IA_NA or one IA_PD. The IAID value is
stored as 0 in the lease storage, but it is restored to its
initial value in the response back to the client.
(Gitlab #2472)
Kea-premium hooks package 2.3.2 (development) released on October 26,
2022
158. [func] razvan
Added support for template classes. The limits hooks library is
able to handle restrictions on subclasses spawned at runtime by
template classes.
(Gitlab #248)
157. [bug] fdupont
Updated the RADIUS code to no longer throw on methods returning
host collections: instead it does not contribute to the final
result. For instance the command "reservation-get-all" no
longer fails but it still can't be used to retrieve RADIUS
or host cache content.
(Gitlab #2566)
Kea-premium hooks package 2.3.1 (development) released on September 28,
2022
156. [bug] fdupont
Reservation get commands no longer throw on host entries
with too long host identifiers.
(Gitlab #2557)
Kea-premium hooks package 2.3.0 (development) released on August 31, 2022
155. [bug] fdupont
A subnet-id is returned in response to the
reservation-get and reservation-get-all commands.
(Gitlab #2471)
Thank you again to everyone who assisted us in making this release
possible.
We look forward to receiving your feedback.
More information about the kea-announce
mailing list