pool/kea
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

merge into: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main jcronenberg:infiniband-test jcronenberg:master jcronenberg:main jcronenberg:factory jcronenberg:devel
...
pull from: jcronenberg:infiniband-test
Branches Tags
jcronenberg:infiniband-test jcronenberg:master jcronenberg:main jcronenberg:factory jcronenberg:devel pool:factory pool:slfo-1.2 pool:slfo-main

22 Commits
slfo-main ... infiniband

Author SHA256 Message Date
Jorik Cronenberg
68d0628044 TESTING: Infiniband patch 2026-01-13 15:38:23 +01:00
Arvin Schnell
cc404c7351 Fix building with Boost 1.90 Beta 1 2025-11-20 12:09:15 +01:00
Jan Engelhardt
562095dfa4 Heed syntax requirements for changelog files 2025-10-29 17:46:52 +01:00
Jorik Cronenberg
e9ef44663f Update to 3.0.2 2025-10-29 16:58:25 +01:00
Jan Engelhardt
3d92e5a8c0 New kea-boost1_89.patch 2025-10-29 00:05:55 +01:00
Arjen de Korte
b034c6cd53 Add kea-boost1_89.patch 2025-10-26 16:44:38 +01:00
Jorik Cronenberg
1c290fe1c4 Update to 3.0.1 2025-08-28 11:07:06 +02:00
Jorik Cronenberg
a2a2658827 Remove meson-info dir because it contains non reproducible files 2025-07-29 12:49:32 +02:00
Jorik Cronenberg
159d3c3287 Use meson install_umask to set binaries and libraries permissions 2025-07-07 17:16:23 +02:00
Jorik Cronenberg
79ac13d422 Use chmod in %install instead of %attr 2025-07-03 16:46:44 +02:00
Jorik Cronenberg
484b988d04 Update to release 3.0.0 2025-07-01 14:06:10 +02:00
Jorik Cronenberg
3de0d1f50c Use network-online.target for systemd services 2025-06-16 14:35:08 +02:00
Jorik Cronenberg
6b30b46d60 Update to version 2.6.3 2025-05-28 19:03:45 +02:00
Jorik Cronenberg
92ab1af6af Update owner and perms in %post on modified config files 2025-04-30 16:00:13 +02:00
Jan Engelhardt
4b0d6125ef %post logic for switching from kea.service to kea-*.service 2025-04-15 21:42:36 +02:00
Jorik Cronenberg
c32b9b08fa Update services, user, group and dir access 
- Split off services into separate ones to allow more fine grained
  control for e.g. capabilities.
- Tighten access to state and log directories
 2025-04-15 14:01:51 +02:00
Jan Engelhardt
59f1a3766a Dummy commit to test scmsync 2025-03-27 11:18:09 +01:00
Jorik Cronenberg
08da159db5 Update to version 2.6.2 2025-03-26 17:11:07 +01:00
Jorik Cronenberg
f28bceea66 Fix for latest boost version 1.87 and sphinx changes 2025-03-13 14:53:30 +01:00
Jorik Cronenberg
9912ef67c7 Remove leading zeros from %if %{with ...} 2024-10-08 16:47:30 +02:00
Jorik Cronenberg
c3078ecd5f Update to release 2.6.1 2024-10-08 15:12:23 +02:00
Jan Engelhardt
ddf20505c7 kea 2.6.0 (synchronize with OBS) 2024-07-23 05:09:58 +02:00
13 changed files with 1348 additions and 167 deletions
Expand all files Collapse all files

BIN
kea-2.4.1.tar.gz LFS
View File

Binary file not shown.

16
kea-2.4.1.tar.gz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE2mo1COZypJ3Tgq/ZW49NkbiO2QkFAmVlt28ACgkQW49NkbiO
2QmI3g/8DRsJRa85qqDuWNcfE5qv3Aj0BWZwqv2pM60vGBHCcXRbsfIEMOd7boww
OvehccLJ5ybpBAFWEh6LyKfllX8xbnY8u4Hio8RiwyFgycKASLn9xYoQisq30wxW
iNNS7Ep+mCrkjNXvVP7W3bvcwMPpRrkVaTGFva/4zeTv+8hKU62y3ltxKL6BZG+4
2vCqBQ2g4jfecHzigQJx2fV1epJ2XyG6hjXtoMqziEZ7nvhyG7sZowhLK/QZXl2u
ja4EdmRAZBXcsCXzBN7W42K5P2damH+mde4W0b71WlrHZQVouNvLDyMIsn3CTU7q
84qfUNpz0i1hnofLRAMIoLUepXZiwcMdX6MCL7R8u0HIcNy4xj7giPIRndVUORCf
r2be7vr8MFkOZ/em2t5vv8FaJkq/9AK4b7qISyOvYoRB0GKyWcdbex0l+yJAhc1K
tFX6lyLOUIBToJ7xNE5W1xBCUoblVqZ2eLLUV844HPFNRzVb33+Pl+oL2h7MVpTs
KY5frHIH1sV+SK/oxEcrfjXsTQwFImmzuTwJK5/ucZtnl97TEikq6lwI6QG/DbiL
KhDJXouJP4yMAN7z59PXZKXMSH+iscqiNGlN+XXGm/fUwNt4Ennosj+ElRh7bk+H
AwGTjUh6ZtoMgSCAPcn5yvfXB6Fn2ZpmLBiu6Vhl91kb1/qdxsw=
=C/w0
-----END PGP SIGNATURE-----

BIN
kea-3.0.2.tar.xz LFS Normal file
View File

Binary file not shown.

16
kea-3.0.2.tar.xz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE2mo1COZypJ3Tgq/ZW49NkbiO2QkFAmj4qUEACgkQW49NkbiO
2QkHHw/8C8PLMJfc9JjLWskS8sgI0H8kT2Vs8qMx+oJUWAkOrIcnrVlkC0/PfWkk
KnZ2UFST+etmZfNySjRgQ5BdSovYQPx570LMsB2Jv/p2npMTvS6zPwPFDjrO/67D
e4izzzS2cx3fK7uTigq8CZCkMVf0slX6v0arWsa8WHo8OePh+5TF1x0LDfFZLJvJ
clr0xTVcKLuQs4VjxGlkHZsA69h6/7nXVksFkuzWwkQqNWj5Bfq4mWYXcNF0MK32
jECgxcsquvPYEw9D7JGXr7Ty8CyuWok+va4PrA/XOQTlxvKaJbl1ljpocplPQgyL
de73QxmyNmviv6DMMkwo0R2NJnaHMOGzbZef0ps/4aPyuSISOujT/Mef9lb0ifM8
WdgLWdusmHyYaWnu3MLau923e7tH07Hrofre0yMl9LkLJwPrj1nRsdXuuea5a4LN
p6YrYECRfNE2JW3xp5aLIhcZe7ouofzkYgdx1DK1UKU7GWlUfWCxImNQ5ZpWdfhT
kkpWf72/K9mqQFNwvJmcGWg2qlWlel/My0rKh9z/gG+f543WK14gEP34pvQySIJ/
PZRZDeu8YFYUMujWysuzJ6hDsAX3Q4yAWR8dCb9opfv1wAV94WnUQMMuXjk3MrUQ
bFcw2dPGSonKP4HPMrbMRpWcq/3W3FG4gpE0lKX8DkaPHtG1fiU=
=v6zd
-----END PGP SIGNATURE-----

39
kea-boost1_89.patch Normal file
View File

@@ -0,0 +1,39 @@
From: Arjen de Korte <suse+build@de-korte.org>
Date: 2025-10-28 20:05:15 +0100
boost 1.89 does not have boost_system anymore.
diff -purN a/meson.build b/meson.build
--- a/meson.build 2025-08-20 10:14:44.000000000 +0200
+++ b/meson.build 2025-10-26 13:56:44.801656560 +0100
@@ -189,7 +189,7 @@ message(f'Detected system "@SYSTEM@".')
#### Dependencies
-boost_dep = dependency('boost', version: '>=1.66', modules: ['system'])
+boost_dep = dependency('boost', version: '>=1.66', modules: ['system'], required: false)
dl_dep = dependency('dl')
threads_dep = dependency('threads')
add_project_dependencies(boost_dep, dl_dep, threads_dep, language: ['cpp'])
diff -purN a/src/lib/asiodns/io_fetch.h b/src/lib/asiodns/io_fetch.h
--- a/src/lib/asiodns/io_fetch.h 2025-08-20 10:14:44.000000000 +0200
+++ b/src/lib/asiodns/io_fetch.h 2025-10-26 13:52:05.461445874 +0100
@@ -16,6 +16,7 @@
#include <util/buffer.h>
#include <boost/asio/coroutine.hpp>
+#include <boost/asio/deadline_timer.hpp>
#include <boost/shared_array.hpp>
#include <boost/shared_ptr.hpp>
#include <boost/date_time/posix_time/posix_time_types.hpp>
diff -purN a/src/lib/asiolink/interval_timer.h b/src/lib/asiolink/interval_timer.h
--- a/src/lib/asiolink/interval_timer.h 2025-08-20 10:14:44.000000000 +0200
+++ b/src/lib/asiolink/interval_timer.h 2025-10-26 12:29:18.357562324 +0100
@@ -7,6 +7,7 @@
#ifndef ASIOLINK_INTERVAL_TIMER_H
#define ASIOLINK_INTERVAL_TIMER_H 1
+#include <boost/asio/deadline_timer.hpp>
#include <boost/shared_ptr.hpp>
#include <functional>

10
kea-boost1_90.patch Normal file
View File

@@ -0,0 +1,10 @@
--- a/src/lib/log/logger_level_impl.cc.orig 2025-11-13 15:04:21.704582532 +0100
+++ b/src/lib/log/logger_level_impl.cc 2025-11-13 15:04:36.005019042 +0100
@@ -10,6 +10,7 @@
#include <string.h>
#include <iostream>
#include <boost/lexical_cast.hpp>
+#include <boost/static_assert.hpp>
#include <log4cplus/logger.h>

18
kea-ctrl-agent.service Normal file
View File

@@ -0,0 +1,18 @@
[Unit]
Description=ISC Kea Control Agent
Before=multi-user.target
Wants=network-online.target
After=remote-fs.target network-online.target nss-lookup.target time-sync.target ldap.service ndsd.service
[Service]
User=keadhcp
Environment=KEA_PIDFILE_DIR=/run/kea
RuntimeDirectory=kea
RuntimeDirectoryMode=0750
RuntimeDirectoryPreserve=yes
ExecStart=/usr/sbin/kea-ctrl-agent -c /etc/kea/kea-ctrl-agent.conf
ExecReload=kill -HUP $MAINPID
ProtectSystem=full
[Install]
WantedBy=multi-user.target

19
kea-dhcp-ddns.service Normal file
View File

@@ -0,0 +1,19 @@
[Unit]
Description=ISC Kea DHCP-DDNS server
Before=multi-user.target
Wants=network-online.target
After=remote-fs.target network-online.target nss-lookup.target time-sync.target ldap.service ndsd.service
[Service]
User=keadhcp
AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment=KEA_PIDFILE_DIR=/run/kea
RuntimeDirectory=kea
RuntimeDirectoryMode=0750
RuntimeDirectoryPreserve=yes
ExecStart=/usr/sbin/kea-dhcp-ddns -c /etc/kea/kea-dhcp-ddns.conf
ExecReload=kill -HUP $MAINPID
ProtectSystem=full
[Install]
WantedBy=multi-user.target

19
kea-dhcp4.service Normal file
View File

@@ -0,0 +1,19 @@
[Unit]
Description=ISC Kea DHCPv4 server
Before=multi-user.target
Wants=network-online.target
After=remote-fs.target network-online.target nss-lookup.target time-sync.target ldap.service ndsd.service
[Service]
User=keadhcp
AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_RAW
Environment=KEA_PIDFILE_DIR=/run/kea
RuntimeDirectory=kea
RuntimeDirectoryMode=0750
RuntimeDirectoryPreserve=yes
ExecStart=/usr/sbin/kea-dhcp4 -c /etc/kea/kea-dhcp4.conf
ExecReload=kill -HUP $MAINPID
ProtectSystem=full
[Install]
WantedBy=multi-user.target

19
kea-dhcp6.service Normal file
View File

@@ -0,0 +1,19 @@
[Unit]
Description=ISC Kea DHCPv6 server
Before=multi-user.target
Wants=network-online.target
After=remote-fs.target network-online.target nss-lookup.target time-sync.target ldap.service ndsd.service
[Service]
User=keadhcp
AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment=KEA_PIDFILE_DIR=/run/kea
RuntimeDirectory=kea
RuntimeDirectoryMode=0750
RuntimeDirectoryPreserve=yes
ExecStart=/usr/sbin/kea-dhcp6 -c /etc/kea/kea-dhcp6.conf
ExecReload=kill -HUP $MAINPID
ProtectSystem=full
[Install]
WantedBy=multi-user.target

713
kea-infiniband.patch Normal file
View File

@@ -0,0 +1,713 @@
From adce212eac5453214dc347734682c807f1b2f61a Mon Sep 17 00:00:00 2001
From: Timo Rothenpieler <timo.rothenpieler@uni-bremen.de>
Date: Tue, 6 Feb 2024 18:42:13 +0100
Subject: [PATCH 1/4] Add L2 bcast addr to Iface
---
src/lib/dhcp/dhcp4.h | 4 ++--
src/lib/dhcp/iface_mgr.cc | 33 +++++++++++++++++++++++++++++++--
src/lib/dhcp/iface_mgr.h | 28 ++++++++++++++++++++++++++++
src/lib/dhcp/iface_mgr_bsd.cc | 28 ++++++++++++++++++++++++++++
src/lib/dhcp/iface_mgr_linux.cc | 22 ++++++++++++++++++++++
src/lib/dhcp/iface_mgr_sun.cc | 28 ++++++++++++++++++++++++++++
6 files changed, 139 insertions(+), 4 deletions(-)
Index: kea-3.0.2/src/lib/dhcp/dhcp4.h
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/dhcp4.h
+++ kea-3.0.2/src/lib/dhcp/dhcp4.h
@@ -60,8 +60,8 @@ enum HType {
/// arp-parameters/arp-parameters.xhtml suggest that
/// Ethernet (1) should be used in DOCSIS environment.
HTYPE_IEEE802 = 6, ///< IEEE 802.2 Token Ring
- HTYPE_FDDI = 8 ///< FDDI
- /// TODO Add infiniband here
+ HTYPE_FDDI = 8, ///< FDDI
+ HTYPE_INFINIBAND = 32 ///< InfiniBand
};
/* DHCP Option codes: */
Index: kea-3.0.2/src/lib/dhcp/iface_mgr.cc
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/iface_mgr.cc
+++ kea-3.0.2/src/lib/dhcp/iface_mgr.cc
@@ -62,7 +62,7 @@ IfaceMgr::instancePtr() {
}
Iface::Iface(const std::string& name, unsigned int ifindex)
- : name_(name), ifindex_(ifindex), mac_len_(0), hardware_type_(0),
+ : name_(name), ifindex_(ifindex), mac_len_(0), bcast_mac_len_(0), hardware_type_(0),
flag_loopback_(false), flag_up_(false), flag_running_(false),
flag_multicast_(false), flag_broadcast_(false), flags_(0),
inactive4_(false), inactive6_(false) {
@@ -142,6 +142,21 @@ Iface::getPlainMac() const {
return (tmp.str());
}
+std::string
+Iface::getPlainBcastMac() const {
+ ostringstream tmp;
+ tmp.fill('0');
+ tmp << hex;
+ for (int i = 0; i < bcast_mac_len_; i++) {
+ tmp.width(2);
+ tmp << static_cast<int>(bcast_mac_[i]);
+ if (i < bcast_mac_len_-1) {
+ tmp << ":";
+ }
+ }
+ return (tmp.str());
+}
+
void Iface::setMac(const uint8_t* mac, size_t len) {
if (len > MAX_MAC_LEN) {
isc_throw(OutOfRange, "Interface " << getFullName()
@@ -155,6 +170,19 @@ void Iface::setMac(const uint8_t* mac, s
}
}
+void Iface::setBcastMac(const uint8_t* mac, size_t len) {
+ if (len > MAX_MAC_LEN) {
+ isc_throw(OutOfRange, "Interface " << getFullName()
+ << " was detected to have link address of length "
+ << len << ", but maximum supported length is "
+ << MAX_MAC_LEN);
+ }
+ bcast_mac_len_ = len;
+ if (len > 0) {
+ memcpy(bcast_mac_, mac, len);
+ }
+}
+
bool Iface::delAddress(const isc::asiolink::IOAddress& addr) {
for (AddressCollection::iterator a = addrs_.begin(); a != addrs_.end(); ++a) {
if (a->get() == addr) {
@@ -791,7 +819,8 @@ IfaceMgr::printIfaces(std::ostream& out
out << "Detected interface " << iface->getFullName()
<< ", hwtype=" << iface->getHWType()
- << ", mac=" << iface->getPlainMac();
+ << ", mac=" << iface->getPlainMac()
+ << ", bcast=" << iface->getPlainBcastMac();
out << ", flags=" << hex << iface->flags_ << dec << "("
<< (iface->flag_loopback_?"LOOPBACK ":"")
<< (iface->flag_up_?"UP ":"")
Index: kea-3.0.2/src/lib/dhcp/iface_mgr.h
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/iface_mgr.h
+++ kea-3.0.2/src/lib/dhcp/iface_mgr.h
@@ -204,6 +204,28 @@ public:
/// that returned it.
const uint8_t* getMac() const { return mac_; }
+ /// @brief Returns broadcast MAC address a plain text.
+ ///
+ /// @return MAC address as a plain text (string)
+ std::string getPlainBcastMac() const;
+
+ /// @brief Sets broadcast MAC address of the interface.
+ ///
+ /// @param mac pointer to bcast MAC address buffer
+ /// @param macLen length of bcast mac address
+ void setBcastMac(const uint8_t* bcastMac, size_t bcastMacLen);
+
+ /// @brief Returns broadcast MAC length.
+ ///
+ /// @return length of bcast MAC address
+ size_t getBcastMacLen() const { return bcast_mac_len_; }
+
+ /// @brief Returns pointer to broadcast MAC address.
+ ///
+ /// Note: Returned pointer is only valid as long as the interface object
+ /// that returned it.
+ const uint8_t* getBcastMac() const { return bcast_mac_; }
+
/// @brief Sets flag_*_ fields based on bitmask value returned by OS
///
/// @note Implementation of this method is OS-dependent as bits have
@@ -430,6 +452,12 @@ protected:
/// Length of link-layer address (usually 6).
size_t mac_len_;
+ /// Link-layer braodcast address.
+ uint8_t bcast_mac_[MAX_MAC_LEN];
+
+ /// Length of link-layer broadcast address (usually 6).
+ size_t bcast_mac_len_;
+
/// Hardware type.
uint16_t hardware_type_;
Index: kea-3.0.2/src/lib/dhcp/iface_mgr_bsd.cc
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/iface_mgr_bsd.cc
+++ kea-3.0.2/src/lib/dhcp/iface_mgr_bsd.cc
@@ -25,6 +25,22 @@ using namespace isc;
using namespace isc::asiolink;
using namespace isc::dhcp;
+namespace {
+
+static const uint8_t default_ib_bcast_addr[20] = {
+ 0x00, 0xff, 0xff, 0xff,
+ 0xff, 0x12, 0x40, 0x1b,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff
+};
+
+static const uint8_t default_ether_bcast_addr[6] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+
+}
+
namespace isc {
namespace dhcp {
@@ -92,6 +108,18 @@ IfaceMgr::detectIfaces(bool update_only)
iface_iter->second->setHWType(ldata->sdl_type);
iface_iter->second->setMac(ptr, ldata->sdl_alen);
+
+ //TODO: I don't have BSD, this needs tested
+ if (ifptr->ifa_flags & IFF_BROADCAST) {
+ ldata = reinterpret_cast<struct sockaddr_dl *>(ifptr->ifa_broadaddr);
+ ptr = reinterpret_cast<uint8_t *>(LLADDR(ldata));
+
+ iface_iter->second->setBcastMac(ptr, ldata->sdl_alen);
+ } else if (interface_info->ifi_type == HTYPE_INFINIBAND) {
+ iface_iter->second->setBcastMac(default_ib_bcast_addr, sizeof(default_ib_bcast_addr));
+ } else if (interface_info->ifi_type == HTYPE_ETHER) {
+ iface_iter->second->setBcastMac(default_ether_bcast_addr, sizeof(default_ether_bcast_addr));
+ }
} else if (ifptr->ifa_addr->sa_family == AF_INET6) {
// IPv6 Addr
struct sockaddr_in6 * adata =
Index: kea-3.0.2/src/lib/dhcp/iface_mgr_linux.cc
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/iface_mgr_linux.cc
+++ kea-3.0.2/src/lib/dhcp/iface_mgr_linux.cc
@@ -403,6 +403,18 @@ void Netlink::release_list(NetlinkMessag
messages.clear();
}
+static const uint8_t default_ib_bcast_addr[20] = {
+ 0x00, 0xff, 0xff, 0xff,
+ 0xff, 0x12, 0x40, 0x1b,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff
+};
+
+static const uint8_t default_ether_bcast_addr[6] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+
} // end of anonymous namespace
namespace isc {
@@ -504,6 +516,16 @@ void IfaceMgr::detectIfaces(bool update_
// try to dereference it in this manner
}
+ // Does interface have an L2 broadcast address?
+ if ((interface_info->ifi_flags & IFF_BROADCAST) && attribs_table[IFLA_BROADCAST]) {
+ iface->setBcastMac(static_cast<const uint8_t*>(RTA_DATA(attribs_table[IFLA_BROADCAST])),
+ RTA_PAYLOAD(attribs_table[IFLA_BROADCAST]));
+ } else if (interface_info->ifi_type == HTYPE_INFINIBAND) {
+ iface->setBcastMac(default_ib_bcast_addr, sizeof(default_ib_bcast_addr));
+ } else if (interface_info->ifi_type == HTYPE_ETHER) {
+ iface->setBcastMac(default_ether_bcast_addr, sizeof(default_ether_bcast_addr));
+ }
+
nl.ipaddrs_get(*iface, addr_info);
// addInterface can now throw so protect against memory leaks.
Index: kea-3.0.2/src/lib/dhcp/iface_mgr_sun.cc
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/iface_mgr_sun.cc
+++ kea-3.0.2/src/lib/dhcp/iface_mgr_sun.cc
@@ -24,6 +24,22 @@ using namespace isc;
using namespace isc::asiolink;
using namespace isc::dhcp;
+namespace {
+
+static const uint8_t default_ib_bcast_addr[20] = {
+ 0x00, 0xff, 0xff, 0xff,
+ 0xff, 0x12, 0x40, 0x1b,
+ 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0xff, 0xff, 0xff
+};
+
+static const uint8_t default_ether_bcast_addr[6] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
+};
+
+}
+
namespace isc {
namespace dhcp {
@@ -92,6 +108,18 @@ IfaceMgr::detectIfaces(bool update_only)
iface_iter->second->setHWType(ldata->sdl_type);
iface_iter->second->setMac(ptr, ldata->sdl_alen);
+
+ //TODO: I don't have SUN, this needs tested
+ if (ifptr->ifa_flags & IFF_BROADCAST) {
+ ldata = reinterpret_cast<struct sockaddr_dl *>(ifptr->ifa_broadaddr);
+ ptr = reinterpret_cast<uint8_t *>(LLADDR(ldata));
+
+ iface_iter->second->setBcastMac(ptr, ldata->sdl_alen);
+ } else if (ldata->sdl_type == HTYPE_INFINIBAND) {
+ iface_iter->second->setBcastMac(default_ib_bcast_addr, sizeof(default_ib_bcast_addr));
+ } else if (ldata->sdl_type == HTYPE_ETHER) {
+ iface_iter->second->setBcastMac(default_ether_bcast_addr, sizeof(default_ether_bcast_addr));
+ }
} else if (ifptr->ifa_addr->sa_family == AF_INET6) {
// IPv6 Addr
struct sockaddr_in6 * adata =
Index: kea-3.0.2/src/lib/dhcp/hwaddr.h
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/hwaddr.h
+++ kea-3.0.2/src/lib/dhcp/hwaddr.h
@@ -23,6 +23,9 @@ public:
/// @brief Size of an ethernet hardware address.
static const size_t ETHERNET_HWADDR_LEN = 6;
+ /// @brief Size of an infiniband hardware address.
+ static const size_t INFINIBAND_HWADDR_LEN = 20;
+
/// @brief Maximum size of a hardware address.
static const size_t MAX_HWADDR_LEN = 20;
Index: kea-3.0.2/src/lib/dhcp/pkt_filter_lpf.cc
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/pkt_filter_lpf.cc
+++ kea-3.0.2/src/lib/dhcp/pkt_filter_lpf.cc
@@ -121,6 +121,98 @@ struct sock_filter dhcp_sock_filter [] =
BPF_STMT(BPF_RET + BPF_K, 0),
};
+/// The following structure defines a Berkeley Packet Filter program to perform
+/// packet filtering. The program operates on IPoIB pseudo packets. To help with
+/// interpretation of the program, for the types of packets we are interested
+/// in, the header layout is:
+///
+/// 20 bytes Source Interface Address
+/// 2 bytes Packet Type
+/// 2 bytes Reserved/Unused
+///
+/// The rest is identical to aboves Ethernet-Based packets
+///
+/// Each instruction is preceded with the comments giving the instruction
+/// number within a BPF program, in the following format: #123.
+
+struct sock_filter dhcp_sock_filter_ib [] = {
+ // Make sure this is an IP packet: check the half-word (two bytes)
+ // at offset 20 in the packet (the IPoIB pseudo packet type). If it
+ // is, advance to the next instruction. If not, advance 11
+ // instructions (which takes execution to the last instruction in
+ // the sequence: "drop it").
+ // #0
+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, IPOIB_PACKET_TYPE_OFFSET),
+ // #1
+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 11),
+
+ // Make sure it's a UDP packet. The IP protocol is at offset
+ // 9 in the IP header so, adding the IPoIB packet header size
+ // of 24 bytes gives an absolute byte offset in the packet of 33.
+ // #2
+ BPF_STMT(BPF_LD + BPF_B + BPF_ABS,
+ IPOIB_HEADER_LEN + IP_PROTO_TYPE_OFFSET),
+ // #3
+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 9),
+
+ // Make sure this isn't a fragment by checking that the fragment
+ // offset field in the IP header is zero. This field is the
+ // least-significant 13 bits in the bytes at offsets 6 and 7 in
+ // the IP header, so the half-word at offset 30 (6 + size of
+ // IPoIB header) is loaded and an appropriate mask applied.
+ // #4
+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, IPOIB_HEADER_LEN + IP_FLAGS_OFFSET),
+ // #5
+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 7, 0),
+
+ // Check the packet's destination address. The program will only
+ // allow the packets sent to the broadcast address or unicast
+ // to the specific address on the interface. By default, this
+ // address is set to 0 and must be set to the specific value
+ // when the raw socket is created and the program is attached
+ // to it. The caller must assign the address to the
+ // prog.bf_insns[8].k in the network byte order.
+ // #6
+ BPF_STMT(BPF_LD + BPF_W + BPF_ABS,
+ IPOIB_HEADER_LEN + IP_DEST_ADDR_OFFSET),
+ // If this is a broadcast address, skip the next check.
+ // #7
+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0xffffffff, 1, 0),
+ // If this is not broadcast address, compare it with the unicast
+ // address specified for the interface.
+ // #8
+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, 0x00000000, 0, 4),
+
+ // Get the IP header length. This is achieved by the following
+ // (special) instruction that, given the offset of the start
+ // of the IP header (offset 24) loads the IP header length.
+ // #9
+ BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, IPOIB_HEADER_LEN),
+
+ // Make sure it's to the right port. The following instruction
+ // adds the previously extracted IP header length to the given
+ // offset to locate the correct byte. The given offset of 26
+ // comprises the length of the IPoIB header (24) plus the offset
+ // of the UDP destination port (2) within the UDP header.
+ // #10
+ BPF_STMT(BPF_LD + BPF_H + BPF_IND, IPOIB_HEADER_LEN + UDP_DEST_PORT),
+ // The following instruction tests against the default DHCP server port,
+ // but the action port is actually set in PktFilterBPF::openSocket().
+ // N.B. The code in that method assumes that this instruction is at
+ // offset 11 in the program. If this is changed, openSocket() must be
+ // updated.
+ // #11
+ BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, DHCP4_SERVER_PORT, 0, 1),
+
+ // If we passed all the tests, ask for the whole packet.
+ // #12
+ BPF_STMT(BPF_RET + BPF_K, (u_int)-1),
+
+ // Otherwise, drop it.
+ // #13
+ BPF_STMT(BPF_RET + BPF_K, 0),
+};
+
}
using namespace isc::util;
@@ -169,16 +261,30 @@ PktFilterLPF::openSocket(Iface& iface,
struct sock_fprog filter_program;
memset(&filter_program, 0, sizeof(filter_program));
- filter_program.filter = dhcp_sock_filter;
- filter_program.len = sizeof(dhcp_sock_filter) / sizeof(struct sock_filter);
+ if (iface.getHWType() == HTYPE_INFINIBAND) {
+ filter_program.filter = dhcp_sock_filter_ib;
+ filter_program.len = sizeof(dhcp_sock_filter_ib) / sizeof(struct sock_filter);
+
+ // Configure the filter program to receive unicast packets sent to the
+ // specified address. The program will also allow packets sent to the
+ // 255.255.255.255 broadcast address.
+ dhcp_sock_filter_ib[8].k = addr.toUint32();
+
+ // Override the default port value.
+ dhcp_sock_filter_ib[11].k = port;
+ } else {
+ filter_program.filter = dhcp_sock_filter;
+ filter_program.len = sizeof(dhcp_sock_filter) / sizeof(struct sock_filter);
+
+ // Configure the filter program to receive unicast packets sent to the
+ // specified address. The program will also allow packets sent to the
+ // 255.255.255.255 broadcast address.
+ dhcp_sock_filter[8].k = addr.toUint32();
- // Configure the filter program to receive unicast packets sent to the
- // specified address. The program will also allow packets sent to the
- // 255.255.255.255 broadcast address.
- dhcp_sock_filter[8].k = addr.toUint32();
+ // Override the default port value.
+ dhcp_sock_filter[11].k = port;
+ }
- // Override the default port value.
- dhcp_sock_filter[11].k = port;
// Apply the filter.
if (setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &filter_program,
sizeof(filter_program)) < 0) {
@@ -315,7 +421,21 @@ PktFilterLPF::receive(Iface& iface, cons
Pkt4Ptr dummy_pkt = Pkt4Ptr(new Pkt4(DHCPDISCOVER, 0));
// Decode ethernet, ip and udp headers.
- decodeEthernetHeader(buf, dummy_pkt);
+ if (iface.getHWType() == HTYPE_INFINIBAND) {
+ decodeIPoIBHeader(buf, dummy_pkt);
+
+ // The IPoIB header does not contain the local address.
+ // Set it from the interface instead.
+ if (iface.getMacLen() != HWAddr::INFINIBAND_HWADDR_LEN) {
+ isc_throw(SocketReadError,
+ "Invalid local hardware address size for IPoIB interface.");
+ }
+ HWAddrPtr hwaddr(new HWAddr(iface.getMac(), iface.getMacLen(),
+ iface.getHWType()));
+ dummy_pkt->setLocalHWAddr(hwaddr);
+ } else {
+ decodeEthernetHeader(buf, dummy_pkt);
+ }
decodeIpUdpHeader(buf, dummy_pkt);
auto v4_len = buf.getLength() - buf.getPosition();
@@ -379,11 +499,14 @@ PktFilterLPF::send(const Iface& iface, u
pkt->setLocalHWAddr(hwaddr);
}
-
- // Ethernet frame header.
- // Note that we don't validate whether HW addresses in 'pkt'
- // are valid because they are checked by the function called.
- writeEthernetHeader(pkt, buf);
+ if (iface.getHWType() == HTYPE_INFINIBAND) {
+ writeIPoIBHeader(iface, pkt, buf);
+ } else {
+ // Ethernet frame header.
+ // Note that we don't validate whether HW addresses in 'pkt'
+ // are valid because they are checked by the function called.
+ writeEthernetHeader(pkt, buf);
+ }
// IP and UDP header
writeIpUdpHeader(pkt, buf);
Index: kea-3.0.2/src/lib/dhcp/protocol_util.cc
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/protocol_util.cc
+++ kea-3.0.2/src/lib/dhcp/protocol_util.cc
@@ -17,6 +17,14 @@
using namespace isc::asiolink;
using namespace isc::util;
+using namespace isc::dhcp;
+
+namespace {
+
+static HWAddr zero_ib_hwaddr(&std::vector<uint8_t>(HWAddr::INFINIBAND_HWADDR_LEN)[0],
+ HWAddr::INFINIBAND_HWADDR_LEN, HTYPE_INFINIBAND);
+
+}
namespace isc {
namespace dhcp {
@@ -59,6 +67,39 @@ decodeEthernetHeader(InputBuffer& buf, P
}
void
+decodeIPoIBHeader(InputBuffer& buf, Pkt4Ptr& pkt) {
+ // The size of the buffer to be parsed must not be lower
+ // then the size of the IPoIB frame header.
+ if (buf.getLength() - buf.getPosition() < IPOIB_HEADER_LEN) {
+ isc_throw(InvalidPacketHeader, "size of ethernet header in received "
+ << "packet is invalid, expected at least "
+ << IPOIB_HEADER_LEN << " bytes, received "
+ << buf.getLength() - buf.getPosition() << " bytes");
+ }
+ // Packet object must not be NULL. We want to output some values
+ // to this object.
+ if (!pkt) {
+ isc_throw(BadValue, "NULL packet object provided when parsing ethernet"
+ " frame header");
+ }
+
+ // The size of the single address is always lower then the size of
+ // the header that holds this address. Otherwise, it is a programming
+ // error that we want to detect in the compilation time.
+ BOOST_STATIC_ASSERT(IPOIB_HEADER_LEN > HWAddr::INFINIBAND_HWADDR_LEN);
+
+ // Remember initial position.
+ size_t start_pos = buf.getPosition();
+
+ // Read the source HW address.
+ std::vector<uint8_t> src_addr;
+ buf.readVector(src_addr, HWAddr::INFINIBAND_HWADDR_LEN);
+ pkt->setRemoteHWAddr(HWTYPE_INFINIBAND, HWAddr::INFINIBAND_HWADDR_LEN, src_addr);
+ // Move the buffer read pointer to the end of the Ethernet frame header.
+ buf.setPosition(start_pos + IPOIB_HEADER_LEN);
+}
+
+void
decodeIpUdpHeader(InputBuffer& buf, Pkt4Ptr& pkt) {
// The size of the buffer must be at least equal to the minimal size of
// the IPv4 packet header plus UDP header length.
@@ -162,6 +203,51 @@ writeEthernetHeader(const Pkt4Ptr& pkt,
}
void
+writeIPoIBHeader(const Iface& iface, const Pkt4Ptr& pkt, OutputBuffer& out_buf) {
+ // Set destination HW address.
+ HWAddrPtr remote_addr = pkt->getRemoteHWAddr();
+ if (remote_addr) {
+ if (remote_addr->hwaddr_.size() != HWAddr::INFINIBAND_HWADDR_LEN) {
+ isc_throw(BadValue, "invalid size of the remote HW address "
+ << remote_addr->hwaddr_.size() << " when constructing"
+ << " an ethernet frame header; expected size is"
+ << " " << HWAddr::INFINIBAND_HWADDR_LEN);
+ } else if ((!pkt->isRelayed() &&
+ (pkt->getFlags() & Pkt4::FLAG_BROADCAST_MASK)) ||
+ *remote_addr == zero_ib_hwaddr) {
+ // We also broadcast if the received hwaddr is full zero.
+ // This happens on some IB drivers which don't provide the remote
+ // hwaddr to userspace.
+ // Generally, according to the RFC, all IPoIB clients MUST request
+ // broadcast anyway, but better to be safe and handle non-compliant
+ // clients.
+ if (iface.getBcastMacLen() != HWAddr::INFINIBAND_HWADDR_LEN) {
+ isc_throw(BadValue, "invalid size of the bcast HW address "
+ << iface.getBcastMacLen() << " when constructing"
+ << " an ethernet frame header; expected size is"
+ << " " << HWAddr::INFINIBAND_HWADDR_LEN);
+ }
+ out_buf.writeData(iface.getBcastMac(),
+ HWAddr::INFINIBAND_HWADDR_LEN);
+ } else {
+ out_buf.writeData(&remote_addr->hwaddr_[0],
+ HWAddr::INFINIBAND_HWADDR_LEN);
+ }
+ } else {
+ // HW address has not been specified. This is possible when receiving
+ // packet through a logical interface (e.g. lo). In such cases, we
+ // don't want to fail but rather provide a default HW address, which
+ // consists of zeros.
+ out_buf.writeData(&zero_ib_hwaddr.hwaddr_[0], HWAddr::INFINIBAND_HWADDR_LEN);
+ }
+
+ // Type IP.
+ out_buf.writeUint16(ETHERNET_TYPE_IP);
+ // Reserved
+ out_buf.writeUint16(0);
+}
+
+void
writeIpUdpHeader(const Pkt4Ptr& pkt, util::OutputBuffer& out_buf) {
out_buf.writeUint8(0x45); // IP version 4, IP header length 5
Index: kea-3.0.2/src/lib/dhcp/protocol_util.h
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/protocol_util.h
+++ kea-3.0.2/src/lib/dhcp/protocol_util.h
@@ -8,6 +8,7 @@
#define PROTOCOL_UTIL_H
#include <dhcp/pkt4.h>
+#include <dhcp/iface_mgr.h>
#include <util/buffer.h>
#include <stdint.h>
@@ -39,6 +40,12 @@ static const size_t ETHERNET_PACKET_TYPE
/// and locations on different OSes.
static const uint16_t ETHERNET_TYPE_IP = 0x0800;
+/// Size of the IPoIB pseude frame header.
+static const size_t IPOIB_HEADER_LEN = 24;
+/// Offset of the 2-byte word in the IPoIB pseudo packet which
+/// holds the type of the protocol it encapsulates.
+static const size_t IPOIB_PACKET_TYPE_OFFSET = 20;
+
/// Minimal IPv4 header length.
static const size_t MIN_IP_HEADER_LEN = 20;
/// Offset in the IP header where the flags field starts.
@@ -75,6 +82,25 @@ static const size_t UDP_DEST_PORT = 2;
/// @throw BadValue if pkt object is NULL.
void decodeEthernetHeader(util::InputBuffer& buf, Pkt4Ptr& pkt);
+/// @brief Decode the IPoIB pseudo header.
+///
+/// This function reads IPoIB pesudo frame header from the provided
+/// buffer at the current read position. The source HW address
+/// is read from the header and assigned as client address in
+/// the pkt object. The buffer read pointer is set to the end
+/// of the IPoIB frame header if read was successful.
+///
+/// @warning This function does not check that the provided 'pkt'
+/// pointer is valid. Caller must make sure that pointer is
+/// allocated.
+///
+/// @param buf input buffer holding header to be parsed.
+/// @param [out] pkt packet object receiving HW source address read from header.
+///
+/// @throw InvalidPacketHeader if packet header is truncated
+/// @throw BadValue if pkt object is NULL.
+void decodeIPoIBHeader(util::InputBuffer& buf, Pkt4Ptr& pkt);
+
/// @brief Decode IP and UDP header.
///
/// This function reads IP and UDP headers from the provided buffer
@@ -105,6 +131,17 @@ void decodeIpUdpHeader(util::InputBuffer
void writeEthernetHeader(const Pkt4Ptr& pkt,
util::OutputBuffer& out_buf);
+/// @brief Writes IPoIB pseudo frame header into a buffer.
+///
+/// @warning This function does not check that the provided 'pkt'
+/// pointer is valid. Caller must make sure that pointer is
+/// allocated.
+///
+/// @param pkt packet object holding source and destination HW address.
+/// @param [out] out_buf buffer where a header is written.
+void writeIPoIBHeader(const Iface& iface, const Pkt4Ptr& pkt,
+ util::OutputBuffer& out_buf);
+
/// @brief Writes both IP and UDP header into output buffer
///
/// This utility function assembles IP and UDP packet headers for the
Index: kea-3.0.2/src/lib/dhcp/pkt4.cc
===================================================================
--- kea-3.0.2.orig/src/lib/dhcp/pkt4.cc
+++ kea-3.0.2/src/lib/dhcp/pkt4.cc
@@ -84,6 +84,15 @@ Pkt4::pack() {
try {
size_t hw_len = hwaddr_->hwaddr_.size();
+ size_t hw_offset = 0;
+
+ if (hwaddr_->htype_ == HTYPE_INFINIBAND && hw_len == HWAddr::INFINIBAND_HWADDR_LEN) {
+ // According to RFC4390, hlen MUST be zero and chaddr zeroed out.
+ // However, at least dhclient can't handle that and fails.
+ // Instead, return the last 8 bytes, which contain the actual unique hw part.
+ hw_len = 8;
+ hw_offset = HWAddr::INFINIBAND_HWADDR_LEN - 8;
+ }
buffer_out_.writeUint8(op_);
buffer_out_.writeUint8(hwaddr_->htype_);
@@ -101,7 +110,7 @@ Pkt4::pack() {
if ((hw_len > 0) && (hw_len <= MAX_CHADDR_LEN)) {
// write up to 16 bytes of the hardware address (CHADDR field is 16
// bytes long in DHCPv4 message).
- buffer_out_.writeData(&hwaddr_->hwaddr_[0],
+ buffer_out_.writeData(&hwaddr_->hwaddr_[hw_offset],
(hw_len < MAX_CHADDR_LEN ?
hw_len : MAX_CHADDR_LEN) );
hw_len = MAX_CHADDR_LEN - hw_len;
@@ -473,13 +482,7 @@ void
Pkt4::setHWAddrMember(const uint8_t htype, const uint8_t hlen,
const std::vector<uint8_t>& mac_addr,
HWAddrPtr& hw_addr) {
- /// @todo Rewrite this once support for client-identifier option
- /// is implemented (ticket 1228?)
- if (hlen > MAX_CHADDR_LEN) {
- isc_throw(OutOfRange, "Hardware address (len=" << static_cast<uint32_t>(hlen)
- << ") too long. Max " << MAX_CHADDR_LEN << " supported.");
-
- } else if (mac_addr.empty() && (hlen > 0) ) {
+ if (mac_addr.empty() && (hlen > 0) ) {
isc_throw(OutOfRange, "Invalid HW Address specified");
}
Index: kea-3.0.2/doc/sphinx/arm/dhcp4-srv.rst
===================================================================
--- kea-3.0.2.orig/doc/sphinx/arm/dhcp4-srv.rst
+++ kea-3.0.2/doc/sphinx/arm/dhcp4-srv.rst
@@ -8356,9 +8356,11 @@ are clearly marked as such.
headers (including data link layer, IP, and UDP headers) are created
and parsed by Kea, rather than by the system kernel. Currently, Kea
can only parse the data-link layer headers with a format adhering to
- the IEEE 802.3 standard, and assumes this data-link-layer header
+ the IEEE 802.3 (Ethernet) standard, and assumes this data-link-layer header
format for all interfaces. Thus, Kea does not work on interfaces
- which use different data-link-layer header formats (e.g. Infiniband).
+ which use different data-link-layer header formats, with the exception of
+ LPF being able to handle InfiniBand framing, thus enabling Kea to serve
+ these kind of interfaces on Linux.
.. _dhcp4-srv-examples:

291
kea.changes
View File

@@ -1,3 +1,294 @@
-------------------------------------------------------------------
Thu Nov 13 15:16:39 CET 2025 - aschnell@suse.com
- Fix building with Boost 1.90 Beta 1
(add 'kea-boost1_90.patch')
-------------------------------------------------------------------
Wed Oct 29 15:48:22 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Update to release 3.0.2
* Security Fixes:
* When a hostname or FQDN received from a client is reduced to an
empty string by hostname sanitizing, kea-dhcp4 and kea-dhcp6
will now drop the option.
[CVE-2025-11232, bsc#1252863]
* Bug fixes:
* Removed logging an error in ping check hook library if using
lease cache treshold.
* Fixed deadlock in ping-check hooks library.
* Fixed a data race in ping-check hooks library.
-------------------------------------------------------------------
Tue Oct 28 22:43:30 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- New shorter version of kea-boost1_89.patch
-------------------------------------------------------------------
Sun Oct 26 13:08:05 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- Fix building with Boost >= 1.89
(add 'kea-boost1_89.patch')
-------------------------------------------------------------------
Thu Aug 28 09:03:21 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Update to release 3.0.1
Security Fixes:
* Corrected an issue in kea-dhcp4 that caused the server to abort
if a client sent a unicast request with a particular options,
and Kea failed to find an appropriate subnet for that client.
(CVE-2025-40779)
[bsc#1248801]
Changes:
* Moved Botan crypto backend support to version 3.
* Avoid adding the qualifying-suffix to fully qualified host
names specified in host reservations.
-------------------------------------------------------------------
Tue Jul 29 09:44:04 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Remove `/usr/share/kea/meson-info` directory because it contains
non reproducible files.
[bsc#1246670]
-------------------------------------------------------------------
Mon Jul 7 14:40:57 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Use meson install_umask to set binaries and libraries
permissions.
-------------------------------------------------------------------
Tue Jul 1 09:28:14 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Update to release 3.0.0
Noteworthy changes:
* Lease caching is now enabled by default.
* The control-socket.socket-name and control-socket.socket-type
parameters have been removed from the CB.
* Kea now rejects certain default passwords. If you copied your
Kea configuration from the examples in our documentation using
our sample password, change your password to a unique value.
* The kea-control-agent is now deprecated. The individual Kea
services support HTTP/HTTPS control channels, so the Control
Agent (CA) is no longer needed. The CA is still available but
will be removed in a future release.
* The precedence of options specified in a template class and its
spawned classes has been reversed. An option specified in a
spawned class now takes precedence over the same option
specified in the template class.
* The only-if-required and require-client-classes were renamed to
only-in-additional-list and evaluate-additional-classes.
* Classes included in require-client-classes (now called
evaluate-additional-classes) that do not have test expressions
will now be unconditionally added to a client's list of
matching classes; previously, they were ignored.
* Additional classes are now evaluated in the same order as
option-data, i.e. pools, subnets, and shared networks. In
earlier versions, the order was reversed.
* It is now possible to define multiple client classes when
limiting access to networks, subnets, and pools. The parameter
client-class (a single class name) has been replaced with
client-classes (a list of one or more class names). The older
syntax is still accepted but is now deprecated and will be
removed in the future. You cannot specify both client-class and
client-classes within the same scope.
* Options name value pairs specified in option-data have a new
parameter available: client-classes. This allows the
administrator to place a guard on the option requiring
membership in a class or classes before that particular option
data will be added to the packet. This is intended as a
powerful mechanism to bring back some of the functionality from
the conditional (if) statements that were widely used in ISC
DHCP. See Option Class-Tagging in the ARM for further
information.
* The build system has been switched to meson.
Further detailed information of all changes is available at
https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes/release-notes-3.0.0
and
https://kb.isc.org/docs/things-to-be-aware-of-when-upgrading-to-kea-300
- Set RuntimeDirectoryPreserve=yes in services to prevent deletion
of RuntimeDirectory when one service gets stopped.
-------------------------------------------------------------------
Mon Jun 16 12:27:37 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Change After= from network.target to network-online.target and
add Wants=network-online.target to systemd services to prevent
starting up before ip setup is finished.
-------------------------------------------------------------------
Mon May 26 15:07:13 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Update to release 2.6.3
Security Fixes:
* The default configuration for the Kea Control Agent (CA) has
been updated to enable basic HTTP authentication. Access to
the Kea API will thus require a password.
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
[bsc#1243240]
* `kea-dhcp4`, `kea-dhcp6`, `kea-dhcp-ddns`, and
`kea-ctrl-agent` now only load hook libraries from the
default installation directory. For ease of use, the path may
be omitted.
(CVE-2025-32801)
[bsc#1243240]
* The API command `config-write` will now only write to the same
directory as the configuration file used when Kea was started
(passed as a `-c` argument).
(CVE-2025-32802)
[bsc#1243240]
* Lease files can now only be loaded from the data directory
`/var/lib/kea`. This path may be overridden at startup by
setting the environment variable `KEA_DHCP_DATA_DIR` to the
desired path. If a path outside the defined data directory is
used in `lease-database.name`, Kea returns an error and refuses
to start or, if already running, aborts and exits. For ease of
use in specifying a custom file name, simply omit the path
component from `name`.
(CVE-2025-32802)
[bsc#1243240]
* Log files can now only be written to a defined output directory
`/var/log/kea`. This path may be overridden at startup by
setting the environment variable `KEA_LOG_FILE_DIR` to the
desired path. If a path outside the defined output directory is
used in `loggers.output_options.output`, Kea returns an error
and refuses to start or, if already running, aborts and exits.
For ease of use, simply omit the path component from `output`
and specify only the file name.
(CVE-2025-32802)
[bsc#1243240]
* Files created by Kea now have more restrictive file
permissions. Write access by group and any access by others is
now forbidden.
(CVE-2025-32803)
[bsc#1243240]
* Sockets can no longer be created in a world-writable directory,
such as `/tmp`. Sockets must now be created in the more
restricted `/var/run/kea`.
(CVE-2025-32802)
[bsc#1243240]
* Many sample configuration files have been updated to reflect
changes introduced in this release. In the ARM, the Kea
Security section has been moved to a more prominent location,
and a new section concerning securing the Kea Control Agent has
been added.
(CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
[bsc#1243240]
Other changes:
* Fix build with the latest Boost 1.87.
(Obsoletes patch `kea-2.6.1-boost_1.87-compat.patch`)
* Backported a clarification in the ARM about subnet4-delta-add.
- Remove /run/kea from systemd tmpfiles as the creation of this
directory is handled by the services.
- Replace 'chmod -h' and 'chown -h' with 'find' as the '-h' isn't
present in Leap/SLE.
- /run/kea now has mode 0750 for all services.
-------------------------------------------------------------------
Wed Apr 30 13:21:39 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Update owner and perms in %post on modified config files
-------------------------------------------------------------------
Tue Apr 15 11:01:25 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
- Add logic to %post for switching from kea.service to the new
split units, kea-*.service.
(Inspiration taken from strongswan.spec.)
-------------------------------------------------------------------
Wed Apr 2 15:29:59 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Split off services into separate ones to allow more fine grained
control for e.g. capabilities.
- Tighten access to state and log directories.
-------------------------------------------------------------------
Wed Mar 26 16:01:54 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Update to release 2.6.2
Bug fixes:
* Fix for inaccurate statistics: Kea was miscalculating
declined and assigned leases.
* Fix for lease conflicts and NAK: Conflicting entries were
created when two relayed HA instances tried to update a shared
lease DB at the same time.
* Fix for `subnetX-del` not removing subnets completely:
`subnetX-del` was not correctly deleting the subnet declaration
from the shared network configuration section.
* Fix for `config-write` and `retry-on-startup` parameter:
`config-write` was improperly storing the `retry-on-startup`
parameter in the config file, causing Kea to fail when
restarting.
* Fix for incorrect DB schema entry: A typo prevented the
upgrade script from working in certain circumstances.
* Fix for mishandling malformed DISCOVER packets:
* Fix for excessive memory utilization when receiving frequent
SIGHUP: Kea was storing a history of configs in memory with
each restart.
* Fix for `config-set` with `output_options`: `config-set` was
omitting the `output_options` section when spelled with "_".
* Fix for store-extended-info breaking lease limits: A specific
combination of vendor classes and storing extended info caused
limits to not be applied.
* Fix for DB connection recovery
* DB upgrade scripts: DB upgrade could fail on some
distributions.
-------------------------------------------------------------------
Thu Mar 13 13:26:28 UTC 2025 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Add patch to fix build with boost 1.87
(kea-2.6.1-boost_1.87-compat.patch)
- Add BuildRequires for python3-sphinx_rtd_theme to fix docs build
-------------------------------------------------------------------
Tue Oct 8 11:47:33 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
- Update to release 2.6.1
Bug fixes:
* Corrected an issue in MySQL config back end that causes
preferred life time values to be overwritten when updating
client classes via remote-set-class6. command.
* Corrected an issue with overlapping enum values for option
definition data type. This was causing option definitions of
type "record", created via config backend commands, to not load
properly when fetched from the back end.
* Corrected a bug in storing and fetching the encapsulated DHCP
options from the configuration backend. These options were
sometimes not returned when they were specified at the subnet,
shared network or client class level.
* Fixed a file descriptor leak in the High Availability hook
library.
- Only require bison for build and enable regen_files on Tumbleweed
and SLFO, because bison is too old in SLES/Leap
- Remove leading zeros from %if %{with ...}
-------------------------------------------------------------------
Tue Jun 18 09:37:04 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.6.0
* New features:
* Hub-and-spoke model in High Availability (HA)
* Ping Check hook, RADIUS hook, Performance Monitoring hook
* Database connection retry on startup
* Classless static route option
* Discovery of Network-designated Resolvers (DNR) options
* Stash Agent options: ISC DHCP provided a
`stash-agent-options` mechanism that, when enabled, caused
the server to remember options inserted by a relay agent
during the initial exchange with a client.
* Removals/Changes:
* Removed autogeneration of subnet-ids
* `output_options` was renamed to `output-options`
-------------------------------------------------------------------
Sat Feb 3 12:40:17 UTC 2024 - Jan Engelhardt <jengelh@inai.de>

349
kea.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package kea
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,36 +16,33 @@
#
%define asiodns_sover 35
%define asiolink_sover 56
%define cc_sover 54
%define cfgclient_sover 51
%define cryptolink_sover 38
%define d2srv_sover 30
%define database_sover 48
%define dhcppp_sover 74
%define dhcp_ddns_sover 41
%define dhcpsrv_sover 90
%define dnspp_sover 42
%define eval_sover 52
%define exceptions_sover 23
%define hooks_sover 78
%define http_sover 56
%define log_sover 48
%define mysql_sover 53
%define pgsql_sover 53
%define process_sover 57
%define stats_sover 29
%define tcp_sover 5
%define util_io_sover 0
%define util_sover 68
%if 0%{?suse_version} >= 1500
%bcond_without regen_files
%else
%bcond_with regen_files
%endif
%define asiodns_sover 62
%define asiolink_sover 88
%define cc_sover 82
%define cfgrpt_sover 3
%define config_sover 83
%define cryptolink_sover 64
%define d2srv_sover 63
%define database_sover 76
%define dhcp_sover 109
%define dhcp_ddns_sover 68
%define dhcpsrv_sover 131
%define dns_sover 71
%define eval_sover 84
%define exceptions_sover 45
%define hooks_sover 120
%define http_sover 87
%define log_interprocess_sover 3
%define log_sover 75
%define mysql_sover 88
%define pgsql_sover 88
%define process_sover 90
%define stats_sover 53
%define tcp_sover 33
%define util_io_sover 12
%define util_sover 101
Name: kea
Version: 2.4.1
Version: 3.0.2
Release: 0
Summary: Dynamic Host Configuration Protocol daemon
License: MPL-2.0
@@ -53,36 +50,39 @@ Group: Productivity/Networking/Boot/Servers
URL: https://kea.isc.org/
#Git-Clone: https://gitlab.isc.org/isc-projects/kea
#Github is out of date / abandoned(?)
Source: https://ftp.isc.org/isc/kea/%version/kea-%version.tar.gz
Source2: https://ftp.isc.org/isc/kea/%version/kea-%version.tar.gz.asc
Source: https://ftp.isc.org/isc/kea/%version/kea-%version.tar.xz
Source2: https://ftp.isc.org/isc/kea/%version/kea-%version.tar.xz.asc
# https://www.isc.org/pgpkey/
Source3: kea.keyring
BuildRequires: autoconf >= 2.59
BuildRequires: automake
BuildRequires: bison >= 3.3
Source4: kea-dhcp4.service
Source5: kea-dhcp6.service
Source6: kea-dhcp-ddns.service
Source7: kea-ctrl-agent.service
Patch1: kea-boost1_89.patch
Patch2: kea-boost1_90.patch
Patch3: kea-infiniband.patch
BuildRequires: fdupes
BuildRequires: freeradius-server-devel
BuildRequires: gcc-c++
BuildRequires: libmysqlclient-devel
BuildRequires: libtool >= 2
BuildRequires: log4cplus-devel
BuildRequires: meson
BuildRequires: pkg-config >= 0.23
BuildRequires: postgresql-server-devel
BuildRequires: python-rpm-macros
BuildRequires: python3
BuildRequires: python3-Sphinx
BuildRequires: python3-sphinx_rtd_theme
BuildRequires: sysuser-tools
BuildRequires: xz
BuildRequires: pkgconfig(libcrypto)
%sysusers_requires
Suggests: %name-hooks = %version
%if 0%{with regen_files}
BuildRequires: flex
%endif
%if 0%{?suse_version} >= 1500
BuildRequires: libboost_system-devel
%else
BuildRequires: boost-devel
BuildRequires: (libboost_system-devel if boost-devel < 1.89)
%endif
BuildRequires: boost-devel
BuildRequires: systemd-rpm-macros
%description
@@ -133,11 +133,20 @@ Group: System/Libraries
libkea-cc is used for the control channel protocol between keactrl
and the server.
%package -n libkea-cfgclient%cfgclient_sover
%package -n libkea-cfgrpt%cfgrpt_sover
Summary: Kea DHCP server config report library
Group: System/Libraries
%description -n libkea-cfgrpt%cfgrpt_sover
The cfgrpt library is used for generating configuration reports for Kea,
providing detailed JSON-formatted summaries of the server's current
configuration.
%package -n libkea-config%config_sover
Summary: Kea DHCP server configuration client library
Group: System/Libraries
%description -n libkea-cfgclient%cfgclient_sover
%description -n libkea-config%config_sover
The Kea DHCP server can be managed at runtime via the Control
Channel. The CC allows an external entity (e.g. a tool run by a
sysadmin or a script) to issue commands to the server which can
@@ -170,12 +179,12 @@ Group: System/Libraries
%description -n libkea-database%database_sover
Kea's database abstraction library.
%package -n libkea-dhcp++%dhcppp_sover
%package -n libkea-dhcp%dhcp_sover
Summary: Kea DHCP library
Group: System/Libraries
%description -n libkea-dhcp++%dhcppp_sover
libdhcp++ is an all-purpose DHCP-manipulation library, written in
%description -n libkea-dhcp%dhcp_sover
libdhcp is an all-purpose DHCP-manipulation library, written in
C++. It offers packet parsing and assembly, DHCPv4 and DHCPv6 options
parsing and assembly, interface detection, and socket operations It
can be used by server, client, relay, performance tools and other
@@ -201,11 +210,11 @@ operations, including the "Lease Manager" that manages information
about leases and the "Configuration Manager" that stores the servers'
configuration etc.
%package -n libkea-dns++%dnspp_sover
%package -n libkea-dns%dns_sover
Summary: Kea DHCP server component library
Group: System/Libraries
%description -n libkea-dns++%dnspp_sover
%description -n libkea-dns%dns_sover
One of the many libraries the Kea DHCP server is composed of.
%package -n libkea-eval%eval_sover
@@ -249,6 +258,14 @@ receive messages and send responses over HTTP. This library uses
boost ASIO for creating TCP connections and asynchronously receive
and send the data over the sockets.
%package -n libkea-log-interprocess%log_interprocess_sover
Summary: Kea DHCP log interprocess library
Group: System/Libraries
%description -n libkea-log-interprocess%log_interprocess_sover
The log-interprocess library facilitates the transfer of logging messages
between the different Kea processes.
%package -n libkea-log%log_sover
Summary: Kea DHCP logging system library
Group: System/Libraries
@@ -321,19 +338,21 @@ Group: Development/Libraries/C and C++
Requires: libkea-asiodns%asiodns_sover = %version
Requires: libkea-asiolink%asiolink_sover = %version
Requires: libkea-cc%cc_sover = %version
Requires: libkea-cfgclient%cfgclient_sover = %version
Requires: libkea-cfgrpt%cfgrpt_sover = %version
Requires: libkea-config%config_sover = %version
Requires: libkea-cryptolink%cryptolink_sover = %version
Requires: libkea-d2srv%d2srv_sover = %version
Requires: libkea-database%database_sover = %version
Requires: libkea-dhcp++%dhcppp_sover = %version
Requires: libkea-dhcp%dhcp_sover = %version
Requires: libkea-dhcp_ddns%dhcp_ddns_sover = %version
Requires: libkea-dhcpsrv%dhcpsrv_sover = %version
Requires: libkea-dns++%dnspp_sover = %version
Requires: libkea-dns%dns_sover = %version
Requires: libkea-eval%eval_sover = %version
Requires: libkea-exceptions%exceptions_sover = %version
Requires: libkea-hooks%hooks_sover = %version
Requires: libkea-http%http_sover = %version
Requires: libkea-log%log_sover = %version
Requires: libkea-log-interprocess%log_interprocess_sover = %version
Requires: libkea-mysql%mysql_sover = %version
Requires: libkea-pgsql%pgsql_sover = %version
Requires: libkea-process%process_sover = %version
@@ -349,46 +368,24 @@ Development files for the Kea DHCP server
%prep
%autosetup -p1 -n kea-%version
%if 0%{?suse_version} < 1600
%patch -R -P 1 -p1
%endif
%build
export FREERADIUS_INCLUDE="%_includedir/freeradius"
export FREERADIUS_LIB=""
export FREERADIUS_DICTIONARY=""
autoreconf -fi
%configure \
--disable-rpath --disable-static \
%if 0%{with regen_files}
--enable-generate-docs --enable-generate-parser \
%endif
--enable-logger-checks \
--with-dhcp-mysql --with-dhcp-pgsql \
--enable-perfdhcp --enable-shell
make %{?_smp_mflags}
%meson --install-umask 022 -D netconf=disabled
%meson_build
%meson_build doc
%install
b=%buildroot
%make_install
%meson_install
find %buildroot -type f -name "*.la" -delete -print
mkdir -p "$b/%_unitdir" "$b/%_tmpfilesdir" "$b/%_sysusersdir"
cat <<-EOF >"$b/%_unitdir/kea.service"
[Unit]
Description=ISC Kea DHCP server
Before=multi-user.target
After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.service ndsd.service
[Service]
Type=forking
Environment=KEA_PIDFILE_DIR=%_rundir/%name
RuntimeDirectory=kea
ExecStart=%_sbindir/keactrl start
ExecReload=%_sbindir/keactrl reload
ExecStop=%_sbindir/keactrl stop
[Install]
WantedBy=multi-user.target
Alias=dhcp-server.service
EOF
cat <<-EOF >"$b/%_tmpfilesdir/kea.conf"
d /run/kea 0775 keadhcp keadhcp -
EOF
mkdir -p "$b/%_unitdir" "$b/%_sysusersdir"
cp %_sourcedir/*.service "$b/%_unitdir/"
echo 'u keadhcp - "Kea DHCP server" /var/lib/kea' >system-user-keadhcp.conf
cp -a system-user-keadhcp.conf "$b/%_sysusersdir/"
%sysusers_generate_pre system-user-keadhcp.conf random system-user-keadhcp.conf
@@ -397,85 +394,106 @@ perl -i -pe 's{%_localstatedir/log/kea-}{%_localstatedir/log/kea/}' \
"$b/%_sysconfdir/kea"/*.conf
mkdir -p "$b%_localstatedir/log/kea"
ln -s "%_sbindir/service" "%buildroot/%_sbindir/rc%name"
# Remove unnecessary files
find "%buildroot/%_libdir" -name "*.so.*" -type l -delete
rm -Rf "%buildroot/%python3_sitelib/kea/__pycache__"
# Remove meson-info directory as it contains non reproducable files
rm -Rf "%{buildroot}/%{_datadir}/kea/meson-info"
%fdupes %{buildroot}/%{_datadir}/doc/kea
%pre -f random.pre
systemd-tmpfiles --create kea.conf || :
%service_add_pre kea.service
%service_add_pre kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service kea-ctrl-agent.service
%post
%service_add_post kea.service
%service_add_post kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service kea-ctrl-agent.service
if [ "$1" -gt 1 ]; then
chown -R keadhcp:keadhcp "%_localstatedir/lib/kea"
chown -R keadhcp:keadhcp "%_localstatedir/log/kea"
find %_sysconfdir/kea/ -type f -name '*.conf' -exec chown root:keadhcp {} +
find %_sysconfdir/kea/ -type f -name '*.conf' -exec chmod 640 {} +
fi
bigkea_enabled=$(/usr/bin/systemctl is-enabled kea.service 2>/dev/null || :)
bigkea_active=$(/usr/bin/systemctl is-active kea.service 2>/dev/null || :)
use_dhcp4=$(grep -ie ^dhcp4=yes /etc/kea/keactrl.conf 2>/dev/null || :)
use_dhcp6=$(grep -ie ^dhcp6=yes /etc/kea/keactrl.conf 2>/dev/null || :)
use_ddns=$(grep -ie ^dhcp_ddns=yes /etc/kea/keactrl.conf 2>/dev/null || :)
use_agent=$(grep -ie ^ctrl_agent=yes /etc/kea/keactrl.conf 2>/dev/null || :)
if [ "$bigkea_enabled" = "enabled" ]; then
echo "Transferring enablement of kea.service to new split units..."
/usr/bin/systemctl disable kea.service || :
if [ -n "$use_dhcp4" ]; then
/usr/bin/systemctl enable kea-dhcp4.service || :
fi
if [ -n "$use_dhcp6" ]; then
/usr/bin/systemctl enable kea-dhcp6.service || :
fi
if [ -n "$use_ddns" ]; then
/usr/bin/systemctl enable kea-dhcp-ddns.service || :
fi
if [ -n "$use_agent" ]; then
/usr/bin/systemctl enable kea-ctrl-agent.service || :
fi
fi
if [ "$bigkea_active" = "active" ]; then
echo "Transferring active state of kea.service to new split units..."
/usr/bin/systemctl disable --now kea.service || :
if [ -n "$use_dhcp4" ]; then
/usr/bin/systemctl start kea-dhcp4.service || :
fi
if [ -n "$use_dhcp6" ]; then
/usr/bin/systemctl start kea-dhcp6.service || :
fi
if [ -n "$use_ddns" ]; then
/usr/bin/systemctl start kea-dhcp-ddns.service || :
fi
if [ -n "$use_agent" ]; then
/usr/bin/systemctl start kea-ctrl-agent.service || :
fi
fi
%preun
%service_del_preun kea.service
%service_del_preun kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service kea-ctrl-agent.service
%postun
%service_del_postun kea.service
%service_del_postun kea-dhcp4.service kea-dhcp6.service kea-dhcp-ddns.service kea-ctrl-agent.service
%post -n libkea-asiodns%asiodns_sover -p /sbin/ldconfig
%postun -n libkea-asiodns%asiodns_sover -p /sbin/ldconfig
%post -n libkea-asiolink%asiolink_sover -p /sbin/ldconfig
%postun -n libkea-asiolink%asiolink_sover -p /sbin/ldconfig
%post -n libkea-cc%cc_sover -p /sbin/ldconfig
%postun -n libkea-cc%cc_sover -p /sbin/ldconfig
%post -n libkea-cfgclient%cfgclient_sover -p /sbin/ldconfig
%postun -n libkea-cfgclient%cfgclient_sover -p /sbin/ldconfig
%post -n libkea-cryptolink%cryptolink_sover -p /sbin/ldconfig
%postun -n libkea-cryptolink%cryptolink_sover -p /sbin/ldconfig
%post -n libkea-d2srv%d2srv_sover -p /sbin/ldconfig
%postun -n libkea-d2srv%d2srv_sover -p /sbin/ldconfig
%post -n libkea-database%database_sover -p /sbin/ldconfig
%postun -n libkea-database%database_sover -p /sbin/ldconfig
%post -n libkea-dhcp++%dhcppp_sover -p /sbin/ldconfig
%postun -n libkea-dhcp++%dhcppp_sover -p /sbin/ldconfig
%post -n libkea-dhcp_ddns%dhcp_ddns_sover -p /sbin/ldconfig
%postun -n libkea-dhcp_ddns%dhcp_ddns_sover -p /sbin/ldconfig
%post -n libkea-dhcpsrv%dhcpsrv_sover -p /sbin/ldconfig
%postun -n libkea-dhcpsrv%dhcpsrv_sover -p /sbin/ldconfig
%post -n libkea-dns++%dnspp_sover -p /sbin/ldconfig
%postun -n libkea-dns++%dnspp_sover -p /sbin/ldconfig
%post -n libkea-eval%eval_sover -p /sbin/ldconfig
%postun -n libkea-eval%eval_sover -p /sbin/ldconfig
%post -n libkea-exceptions%exceptions_sover -p /sbin/ldconfig
%postun -n libkea-exceptions%exceptions_sover -p /sbin/ldconfig
%post -n libkea-hooks%hooks_sover -p /sbin/ldconfig
%postun -n libkea-hooks%hooks_sover -p /sbin/ldconfig
%post -n libkea-http%http_sover -p /sbin/ldconfig
%postun -n libkea-http%http_sover -p /sbin/ldconfig
%post -n libkea-log%log_sover -p /sbin/ldconfig
%postun -n libkea-log%log_sover -p /sbin/ldconfig
%post -n libkea-mysql%mysql_sover -p /sbin/ldconfig
%postun -n libkea-mysql%mysql_sover -p /sbin/ldconfig
%post -n libkea-pgsql%pgsql_sover -p /sbin/ldconfig
%postun -n libkea-pgsql%pgsql_sover -p /sbin/ldconfig
%post -n libkea-process%process_sover -p /sbin/ldconfig
%postun -n libkea-process%process_sover -p /sbin/ldconfig
%post -n libkea-stats%stats_sover -p /sbin/ldconfig
%postun -n libkea-stats%stats_sover -p /sbin/ldconfig
%post -n libkea-tcp%tcp_sover -p /sbin/ldconfig
%postun -n libkea-tcp%tcp_sover -p /sbin/ldconfig
%post -n libkea-util-io%util_io_sover -p /sbin/ldconfig
%postun -n libkea-util-io%util_io_sover -p /sbin/ldconfig
%post -n libkea-util%util_sover -p /sbin/ldconfig
%postun -n libkea-util%util_sover -p /sbin/ldconfig
%ldconfig_scriptlets -n libkea-asiodns%asiodns_sover
%ldconfig_scriptlets -n libkea-asiolink%asiolink_sover
%ldconfig_scriptlets -n libkea-cc%cc_sover
%ldconfig_scriptlets -n libkea-cfgrpt%cfgrpt_sover
%ldconfig_scriptlets -n libkea-config%config_sover
%ldconfig_scriptlets -n libkea-cryptolink%cryptolink_sover
%ldconfig_scriptlets -n libkea-d2srv%d2srv_sover
%ldconfig_scriptlets -n libkea-database%database_sover
%ldconfig_scriptlets -n libkea-dhcp%dhcp_sover
%ldconfig_scriptlets -n libkea-dhcp_ddns%dhcp_ddns_sover
%ldconfig_scriptlets -n libkea-dhcpsrv%dhcpsrv_sover
%ldconfig_scriptlets -n libkea-dns%dns_sover
%ldconfig_scriptlets -n libkea-eval%eval_sover
%ldconfig_scriptlets -n libkea-exceptions%exceptions_sover
%ldconfig_scriptlets -n libkea-hooks%hooks_sover
%ldconfig_scriptlets -n libkea-http%http_sover
%ldconfig_scriptlets -n libkea-log-interprocess%log_interprocess_sover
%ldconfig_scriptlets -n libkea-log%log_sover
%ldconfig_scriptlets -n libkea-mysql%mysql_sover
%ldconfig_scriptlets -n libkea-pgsql%pgsql_sover
%ldconfig_scriptlets -n libkea-process%process_sover
%ldconfig_scriptlets -n libkea-stats%stats_sover
%ldconfig_scriptlets -n libkea-tcp%tcp_sover
%ldconfig_scriptlets -n libkea-util-io%util_io_sover
%ldconfig_scriptlets -n libkea-util%util_sover
%files
%dir %_sysconfdir/kea
%config(noreplace) %_sysconfdir/kea/*.conf
%dir %attr(0755,root,root) %_sysconfdir/kea
%config(noreplace) %attr(0640,root,keadhcp) %_sysconfdir/kea/*.conf
%_mandir/man8/*.8%{?ext_man}
%_sbindir/rckea
%_sbindir/kea*
%_sbindir/perfdhcp
%_datadir/kea/
%_unitdir/*.service
%dir %_localstatedir/lib/kea
%_tmpfilesdir/
%_sysusersdir/
%attr(0775,keadhcp,keadhcp) %_localstatedir/log/kea/
%dir %attr(0750,keadhcp,keadhcp) %_localstatedir/lib/kea
%_sysusersdir/*
%attr(0750,keadhcp,keadhcp) %_localstatedir/log/kea/
%files doc
%doc %_datadir/doc/kea/
@@ -484,74 +502,107 @@ systemd-tmpfiles --create kea.conf || :
%files hooks
%dir %_libdir/kea
%_libdir/kea/hooks/
%dir %{_sysconfdir}/kea/radius
%{_sysconfdir}/kea/radius/dictionary
%files -n libkea-asiodns%asiodns_sover
%_libdir/libkea-asiodns.so.%asiodns_sover
%_libdir/libkea-asiodns.so.%asiodns_sover.*
%files -n libkea-asiolink%asiolink_sover
%_libdir/libkea-asiolink.so.%asiolink_sover
%_libdir/libkea-asiolink.so.%asiolink_sover.*
%files -n libkea-cc%cc_sover
%_libdir/libkea-cc.so.%cc_sover
%_libdir/libkea-cc.so.%cc_sover.*
%files -n libkea-cfgclient%cfgclient_sover
%_libdir/libkea-cfgclient.so.%cfgclient_sover.*
%files -n libkea-cfgrpt%cfgrpt_sover
%_libdir/libkea-cfgrpt.so.%cfgrpt_sover
%_libdir/libkea-cfgrpt.so.%cfgrpt_sover.*
%files -n libkea-config%config_sover
%_libdir/libkea-config.so.%config_sover
%_libdir/libkea-config.so.%config_sover.*
%files -n libkea-cryptolink%cryptolink_sover
%_libdir/libkea-cryptolink.so.%cryptolink_sover
%_libdir/libkea-cryptolink.so.%cryptolink_sover.*
%files -n libkea-d2srv%d2srv_sover
%_libdir/libkea-d2srv.so.%d2srv_sover
%_libdir/libkea-d2srv.so.%d2srv_sover.*
%files -n libkea-database%database_sover
%_libdir/libkea-database.so.%database_sover
%_libdir/libkea-database.so.%database_sover.*
%files -n libkea-dhcp++%dhcppp_sover
%_libdir/libkea-dhcp++.so.%dhcppp_sover.*
%files -n libkea-dhcp%dhcp_sover
%_libdir/libkea-dhcp.so.%dhcp_sover
%_libdir/libkea-dhcp.so.%dhcp_sover.*
%files -n libkea-dhcp_ddns%dhcp_ddns_sover
%_libdir/libkea-dhcp_ddns.so.%dhcp_ddns_sover
%_libdir/libkea-dhcp_ddns.so.%dhcp_ddns_sover.*
%files -n libkea-dhcpsrv%dhcpsrv_sover
%_libdir/libkea-dhcpsrv.so.%dhcpsrv_sover
%_libdir/libkea-dhcpsrv.so.%dhcpsrv_sover.*
%files -n libkea-dns++%dnspp_sover
%_libdir/libkea-dns++.so.%dnspp_sover.*
%files -n libkea-dns%dns_sover
%_libdir/libkea-dns.so.%dns_sover
%_libdir/libkea-dns.so.%dns_sover.*
%files -n libkea-eval%eval_sover
%_libdir/libkea-eval.so.%eval_sover
%_libdir/libkea-eval.so.%eval_sover.*
%files -n libkea-exceptions%exceptions_sover
%_libdir/libkea-exceptions.so.%exceptions_sover
%_libdir/libkea-exceptions.so.%exceptions_sover.*
%files -n libkea-hooks%hooks_sover
%_libdir/libkea-hooks.so.%hooks_sover
%_libdir/libkea-hooks.so.%hooks_sover.*
%files -n libkea-http%http_sover
%_libdir/libkea-http.so.%http_sover
%_libdir/libkea-http.so.%http_sover.*
%files -n libkea-log-interprocess%log_interprocess_sover
%_libdir/libkea-log-interprocess.so.%log_interprocess_sover
%_libdir/libkea-log-interprocess.so.%log_interprocess_sover.*
%files -n libkea-log%log_sover
%_libdir/libkea-log.so.%log_sover
%_libdir/libkea-log.so.%log_sover.*
%files -n libkea-mysql%mysql_sover
%_libdir/libkea-mysql.so.%mysql_sover
%_libdir/libkea-mysql.so.%mysql_sover.*
%files -n libkea-pgsql%pgsql_sover
%_libdir/libkea-pgsql.so.%pgsql_sover
%_libdir/libkea-pgsql.so.%pgsql_sover.*
%files -n libkea-process%process_sover
%_libdir/libkea-process.so.%process_sover
%_libdir/libkea-process.so.%process_sover.*
%files -n libkea-stats%stats_sover
%_libdir/libkea-stats.so.%stats_sover
%_libdir/libkea-stats.so.%stats_sover.*
%files -n libkea-tcp%tcp_sover
%_libdir/libkea-tcp.so.%tcp_sover
%_libdir/libkea-tcp.so.%tcp_sover.*
%files -n libkea-util-io%util_io_sover
%_libdir/libkea-util-io.so.%util_io_sover
%_libdir/libkea-util-io.so.%util_io_sover.*
%files -n libkea-util%util_sover
%_libdir/libkea-util.so.%util_sover
%_libdir/libkea-util.so.%util_sover.*
%files -n python3-kea
@@ -560,5 +611,7 @@ systemd-tmpfiles --create kea.conf || :
%files devel
%_includedir/kea/
%_libdir/libkea*.so
%{_libdir}/pkgconfig/*.pc
%{_bindir}/kea-msg-compiler
%changelog