[kea-dev] Proposed design for DHCP4o6 in Kea

Francis Dupont fdupont at isc.org
Wed Aug 19 19:30:30 UTC 2015 

Tomek Mrugalski writes:
> > BTW Unix sockets are again the worst solution. For ISC DHCP I used a
> > pair of UDP sockets bound to the loopback. As I explained in this list
> > we can use the same format and transport so be able to develop both
> > sides (DHCPv6 and DHCPv4) in parallel...
> But it's also a solution that does not suffer from security problem:
> with UDP sockets open on loopback, any non-root user can send packets
> to.

=> not if the port numbers are low enough (BTW as DHCP uses so called
priviledged ports this has no operational impacts).

> But the approach has more long term implications.
> CommandSocketFactory is expected to be extended with other communication
> methods, not just unix sockets. When this is done, both control channel
> for Kea as well as 4o6 communication channel will be extended to cover it.

=> note I shall extend it for Windows which has no Unix sockets.
I have proposed the code for the previous/obsolete version (90%
of the change is about to parse a port number vs. a path).

> > A final note: it seems the same format should be used in both way,
> > i.e., in DHCPv6 -> DHCPv4 and DHCPv4 -> DHCPv6. And TWO sockets are
> > needed if you don't want to read what you've just written.
> My intention as to use the same format both ways. If the text is unclear
> about it, we need to reword it.

=> the note has 2 points: same format *and* two sockets.

> >> If possible, I'd like this design discussion to conclude no later than
> >> the next Friday, Aug. 14th.
> > => a bit short and BTW I didn't see any contributions...
> We had a discussion in Prague that we'll provide a preliminary design
> within 2 weeks and a final one within 3-4 weeks. That's where the Aug.
> 14th came from. However, since Tsinghua team is now on vacation and is
> expected to come back on Aug. 20th, we still have couple more days.

=> what about to reuse the ISC DHCP design? The 2 processes idea is more
natural in Kea so it is more about the communication between them.

Regards

Francis Dupont <fdupont at isc.org>

More information about the kea-dev mailing list