#5390 closed defect (complete)

kea dhcp4/6 refuses to listen on loopback

Reported by: goya Owned by: fdupont
Priority: medium Milestone: Kea1.4
Component: libdhcp Version: 1.2.0
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 1
Total Hours: 0 Internal?: no

Description

Kea dhcp server refuses to listen on a loopback interface (in IfaceMgr::openSockets6 and IfaceMgr::openSockets4), but i think that it should be able to bind to loopback if dhcp-socket-type is set to udp in kea.conf.

I'd like to run kea in a FreeBSD jail having only a loopback interface, serving only relayed DHCP requests.

Subtickets

Change History (10)

comment:1 Changed 15 months ago by fdupont

If it does not work for DHCPv6 it should not work for DHCPv4 in UDP (BTW for DHCPv4 using BPF and co the loopback interface does not provide MAC address so it should fail).

comment:2 Changed 15 months ago by tomek

  • Milestone changed from Kea-proposed to Kea1.4

comment:3 Changed 12 months ago by fdupont

  • Owner set to fdupont
  • Status changed from new to accepted

comment:4 Changed 12 months ago by fdupont

  • Add Hours to Ticket changed from 0 to 3
  • Owner changed from fdupont to UnAssigned
  • Status changed from accepted to reviewing

Done. I am not convinced it is really useful but at the other hand the core change is very small.

comment:5 Changed 12 months ago by fdupont

Can someone provide a setup for tests using FreeBSD jails?

  • ezjail config
  • host DHCP relay config
  • jail Kea config (I can help for this one).

Thanks

comment:6 Changed 12 months ago by tomek

  • Owner changed from UnAssigned to tomek

comment:7 follow-up: Changed 12 months ago by tomek

  • Owner changed from tomek to fdupont

You changes are good in general, but I think the logic should
be tweaked slightly.

cfg_iface.cc
I don't agree with the logic in openSockets here. I think the
conditions should be far simpler:

allow loopback if the following two conditions are met:

  • socket type is udp
  • loopback is explicitly mentioned

I don't see a reason why we should prevent user from listening
on loopback if he happens to also listen on other intefaces.

cfg_iface_unittest.cc
There should be a case checked when the loopback interface is
rejected. Added. Please pull and review. Those new tests
will probably need to be updated once the logic is simplified.

The code builds and unit test pass on Ubuntu 17.04 x64.

This needs a changelog entry. Here's my proposal:

13xx.	[func]		fdupont
	Both DHCPv4 and DHCPv6 servers can now listen on loopback
	interfaces. This capability requires setting socket type to UDP in
	DHCPv4. Note the feature has not been thoroughly tested.
	(Trac #5390, git abcd)

comment:8 in reply to: ↑ 7 Changed 12 months ago by fdupont

  • Add Hours to Ticket changed from 3 to 1
  • Owner changed from fdupont to tomek

Replying to tomek:

You changes are good in general, but I think the logic should
be tweaked slightly.

cfg_iface.cc
I don't agree with the logic in openSockets here. I think the
conditions should be far simpler:

allow loopback if the following two conditions are met:

  • socket type is udp
  • loopback is explicitly mentioned

I don't see a reason why we should prevent user from listening
on loopback if he happens to also listen on other intefaces.

=> relaxed the logic, updated doc and tests.

cfg_iface_unittest.cc
There should be a case checked when the loopback interface is
rejected.

=> there was already one. And the new loopback6 is both incorrect
and already included so when I updated the tests I simply removed these
new tests. BTW tests are explicitLoopbackV[46] and I left the previous
cases reversing expected results (so now the V4 has only one negative
for the raw socket, and V6 none). Of course the no configured loopback
case was already checked so I did't add new code for this.

The code builds and unit test pass on Ubuntu 17.04 x64.

This needs a changelog entry. Here's my proposal:

13xx.	[func]		fdupont
	Both DHCPv4 and DHCPv6 servers can now listen on loopback
	interfaces. This capability requires setting socket type to UDP in
	DHCPv4. Note the feature has not been thoroughly tested.
	(Trac #5390, git abcd)

=> seems fine.

comment:9 Changed 11 months ago by tomek

  • Owner changed from tomek to fdupont

Your changes are good, but I tweaked couple comments and docs. Please pull and review.
If the changes are good, please merge.

comment:10 Changed 11 months ago by fdupont

  • Resolution set to complete
  • Status changed from reviewing to closed

Merged. Closing.

Note: See TracTickets for help on using tickets.