mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-22 01:49:48 +00:00
Code Issues Releases Wiki Activity

[#2827] fixed all json examples in arm

Browse Source
This commit is contained in:
Razvan Becheriu 2023-05-05 15:04:16 +03:00
parent 96a63eb754
commit 50abca6f3f
49 changed files with 707 additions and 447 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/examples/ddns/gss-tsig.json
View File

@ -22,11 +22,13 @@
"comment": "DdnsDomain example",
"dns-servers":
[
{ // This server has an entry in gss/servers and
{
// This server has an entry in gss/servers and
// thus will use GSS-TSIG.
"ip-address": "192.0.2.1"
},
{ // This server also has an entry there, so will
{
// This server also has an entry there, so will
// use GSS-TSIG, too.
"ip-address": "192.0.2.2",
"port": 5300
@ -74,7 +76,6 @@
// store client keys. As credentials cache is more flexible,
// it is recommended to use it. Typically, using both at the
// same time may cause problems.
//
// "client-keytab": "FILE:/etc/dhcp.keytab", // toplevel only
"credentials-cache": "FILE:/etc/ccache", // toplevel only

13
doc/examples/ddns/sample1.json
View File

@ -4,12 +4,10 @@
{
// ------------------ DHCP-DDNS ---------------------
//
"DhcpDdns":
{
// -------------- Global Parameters ----------------
//
// D2 will listen for update requests for Kea DHCP servers at 127.0.0.1
// on port 53001. Maximum time to we will wait for a DNS server to
// respond to us is 1000 ms.
@ -29,9 +27,7 @@
"user-context": { "version": 1 },
//
// ----------------- Control Socket -----------------
//
"control-socket":
{
@ -39,9 +35,7 @@
"socket-name": "/tmp/kea-ddns-ctrl-socket"
},
//
// ----------------- Hooks Libraries -----------------
//
"hooks-libraries":
[
@ -60,14 +54,11 @@
}
],
//
// ----------------- Forward DDNS ------------------
//
// 1. Zone - "four.example.com.
// It uses TSIG, key name is "d2.md5.key"
// It is served by one DNS server which listens for DDNS requests at
// 172.16.1.1 on the default port 53 (standard DNS port)
//
// 2. Zone - "six.example.com."
// It does not use TSIG.
// It is server by one DNS server at "2001:db8:1::10" on port 7802
@ -104,11 +95,9 @@
},
// ----------------- Reverse DDNS ------------------
//
// We will update Reverse DNS for one zone "2.0.192.in-addr-arpa". It
// uses TSIG with key "d2.sha1.key" and is served by two DNS servers:
// one listening at "172.16.1.1" on 53001 and the other at "192.168.2.10".
//
"reverse-ddns":
{
"ddns-domains":
@ -131,10 +120,8 @@
},
// ------------------ TSIG keys ---------------------
//
// Each key has a name, an algorithm (HMAC-MD5, HMAC-SHA1, HMAC-SHA224...)
// and a base-64 encoded shared secret.
//
"tsig-keys":
[
{

12
doc/examples/ddns/template.json
View File

@ -1,26 +1,20 @@
// This file may be used a template for constructing DHCP-DDNS JSON
// configuration.
//
// It must start with a left-curly-bracket.
{
"DhcpDdns" :
{
//
// -------------- Global Parameters ----------------
//
// All of the global parameters have default values as shown. If these
// are satisfactory you may omit them.
//
// "ip-address" : "127.0.0.1",
// "port" : 53001,
// "dns-server-timeout" : 100,
// "ncr-protocol" : "UDP"
// "ncr-format" : "JSON"
//
// ----------------- Control Socket -----------------
//
// "control-socket":
// {
@ -28,9 +22,7 @@
// "socket-name": "/tmp/kea-ddns-ctrl-socket"
// },
//
// ----------------- Forward DDNS ------------------
//
"forward-ddns" :
{
"ddns-domains" :
@ -59,9 +51,7 @@
]
},
//
// ----------------- Reverse DDNS ------------------
//
"reverse-ddns" :
{
"ddns-domains" :
@ -89,9 +79,7 @@
// :
]
},
//
// ------------------ TSIG keys ---------------------
//
"tsig-keys" :
[
// {

10
doc/examples/kea4/all-keys-netconf.json
View File

@ -478,11 +478,11 @@
// PostgreSQL backends do support this mode.
"ip-reservations-unique": true,
/// Boolean parameter which controls whether host reservations lookup
/// should be performed before lease lookup. This parameter has effect
/// only when multi-threading is disabled. When multi-threading is
/// enabled, host reservations lookup is always performed first to avoid
/// lease-lookup resource locking.
// Boolean parameter which controls whether host reservations lookup
// should be performed before lease lookup. This parameter has effect
// only when multi-threading is disabled. When multi-threading is
// enabled, host reservations lookup is always performed first to avoid
// lease-lookup resource locking.
"reservations-lookup-first": true,
// Specifies credentials to access lease database.

10
doc/examples/kea4/all-keys.json
View File

@ -528,11 +528,11 @@
// PostgreSQL backends do support this mode.
"ip-reservations-unique": true,
/// Boolean parameter which controls whether host reservations lookup
/// should be performed before lease lookup. This parameter has effect
/// only when multi-threading is disabled. When multi-threading is
/// enabled, host reservations lookup is always performed first to avoid
/// lease-lookup resource locking.
// Boolean parameter which controls whether host reservations lookup
// should be performed before lease lookup. This parameter has effect
// only when multi-threading is disabled. When multi-threading is
// enabled, host reservations lookup is always performed first to avoid
// lease-lookup resource locking.
"reservations-lookup-first": true,
// Specifies credentials to access lease database.

20
doc/examples/kea4/all-options.json
View File

@ -13,7 +13,9 @@
{
"Dhcp4": {
/* Data for all standard option definitions */
/*
Data for all standard option definitions
*/
// Option data defined globally
"option-data": [
/*
@ -1381,8 +1383,8 @@
"name": "vivso-suboptions"
},
// Option codes 126-127 are unassigned.
// Option codes 128-135 are not defined in Kea.
// Option codes 126-127 are unassigned.
// Option codes 128-135 are not defined in Kea.
/*
0 1
@ -1657,7 +1659,9 @@
// Option codes 220-221 are not defined in Kea.
// Option codes 222-254 are unassigned
/* Custom option data */
/*
Custom option data
*/
// See "option-def" below for the definitions.
{
"code": 1,
@ -1683,7 +1687,9 @@
}
],
/* Custom option definitions */
/*
Custom option definitions
*/
// For kea-dhcp4, custom option definitions can be global or in a client
// class.
"option-def": [
@ -1740,7 +1746,9 @@
],
"subnet4": [
/* DOCSIS3 option data */
/*
DOCSIS3 option data
*/
// Headers are as defined in CL-SP-CANN-DHCP-Reg-I16-200715.
// "space" is required to be explicitly defined as "docsis3-v4"
{

4
doc/examples/kea4/classify.json
View File

@ -1,7 +1,9 @@
// This is an example configuration file for the DHCPv4 server in Kea.
// The purpose of this example is to showcase how clients can be classified.
{ "Dhcp4": {
{ "Dhcp4":
{
// Kea is told to listen on eth0 interface only.
"interfaces-config": {

4
doc/examples/kea4/classify2.json
View File

@ -2,7 +2,9 @@
// The purpose of this example is to showcase how clients can be classified
// with advanced features.
{ "Dhcp4": {
{ "Dhcp4":
{
// Kea is told to listen on eth0 interface only.
"interfaces-config": {

6
doc/examples/kea4/config-backend.json
View File

@ -66,9 +66,9 @@
// configuration in the database. If this library is not loaded,
// the configuration can be managed directly using available
// tools that work directly with the MySQL database.
//,{
// "library": "/usr/local/lib/kea/hooks/libdhcp_cb_cmds.so"
//}
// ,{
// "library": "/usr/local/lib/kea/hooks/libdhcp_cb_cmds.so"
// }
],
// The following configures logging. It assumes that messages with at

2
doc/examples/kea4/shared-network.json
View File

@ -149,7 +149,7 @@
// It is likely that in your network you'll have a mix of regular,
// "plain" subnets and shared networks. It is perfectly valid to mix
// them in the same config file.
//
// This is regular subnet. It's not part of any shared-network.
"subnet4": [
{

4
doc/examples/kea6/advanced.json
View File

@ -56,12 +56,12 @@
// is an alias for client-link-addr-option), remote-id, rfc4649 (which is an
// alias for remote-id, subscriber-id, rfc4580 (which is an alias for
// subscriber-id) and docsis.
//
// Note that the order matters. Methods are attempted one by one in the
// order specified until hardware address is obtained. If you don't care
// which method is used, using 'any' is marginally faster than enumerating
// them all.
//
// If mac-sources are not specified, a default value of 'any' is used.
"mac-sources": [ "client-link-addr-option", "duid", "ipv6-link-local" ],

10
doc/examples/kea6/all-keys-netconf.json
View File

@ -416,11 +416,11 @@
// support this mode.
"ip-reservations-unique": true,
/// Boolean parameter which controls whether host reservations lookup
/// should be performed before lease lookup. This parameter has effect
/// only when multi-threading is disabled. When multi-threading is
/// enabled, host reservations lookup is always performed first to avoid
/// lease-lookup resource locking.
// Boolean parameter which controls whether host reservations lookup
// should be performed before lease lookup. This parameter has effect
// only when multi-threading is disabled. When multi-threading is
// enabled, host reservations lookup is always performed first to avoid
// lease-lookup resource locking.
"reservations-lookup-first": true,
// Specifies credentials to access lease database.

10
doc/examples/kea6/all-keys.json
View File

@ -454,11 +454,11 @@
// support this mode.
"ip-reservations-unique": true,
/// Boolean parameter which controls whether host reservations lookup
/// should be performed before lease lookup. This parameter has effect
/// only when multi-threading is disabled. When multi-threading is
/// enabled, host reservations lookup is always performed first to avoid
/// lease-lookup resource locking.
// Boolean parameter which controls whether host reservations lookup
// should be performed before lease lookup. This parameter has effect
// only when multi-threading is disabled. When multi-threading is
// enabled, host reservations lookup is always performed first to avoid
// lease-lookup resource locking.
"reservations-lookup-first": true,
// Specifies credentials to access lease database.

16
doc/examples/kea6/all-options.json
View File

@ -18,7 +18,9 @@
{
"Dhcp6": {
/* Data for all standard option definitions */
/*
Data for all standard option definitions
*/
// Option data defined globally
"option-data": [
/*
@ -1794,7 +1796,9 @@
// Option codes 145-65535 are unassigned.
/* Custom option data */
/*
Custom option data
*/
// See "option-def" below for the definitions.
{
"code": 111,
@ -1825,7 +1829,9 @@
}
],
/* Custom option definitions */
/*
Custom option definitions
*/
// For kea-dhcp6, custom option definitions are always global. Even when
// data for said options is then configured at subnet level.
"option-def": [
@ -1897,7 +1903,9 @@
],
"subnet6": [
/* DOCSIS3 option data */
/*
DOCSIS3 option data
*/
// Headers are as defined in CL-SP-CANN-DHCP-Reg-I16-200715.
// "space" is required to be explicitly defined as "docsis3-v6"
{

6
doc/examples/kea6/config-backend.json
View File

@ -66,9 +66,9 @@
// configuration in the database. If this library is not loaded,
// the configuration can be managed directly using available
// tools that work directly with the MySQL database.
//,{
// "library": "/usr/local/lib/kea/hooks/libdhcp_cb_cmds.so"
//}
// ,{
// "library": "/usr/local/lib/kea/hooks/libdhcp_cb_cmds.so"
// }
],
// The following configures logging. It assumes that messages with at

2
doc/examples/kea6/iPXE.json
View File

@ -16,7 +16,7 @@
// substring(option dhcp6.user-class, 2, 4) = "iPXE" {
// option dhcp6.bootfile-url "http://[2001:db8::1]/ubuntu.cfg";
// }
//
// In example shown below incoming packet will receive value
// http://[2001:db8::1]/ubuntu.cfg if incoming packet will include user
// class option with "iPXE" in it and value http://[2001:db8::1]/ipxe.efi

2
doc/examples/kea6/reservations.json
View File

@ -139,7 +139,7 @@
// Expression can be specified either as hex or plain text using single
// quotes.
// Note: flexible identifier requires flex_id hook library to be
//loaded to work.
// loaded to work.
{
"flex-id": "'somevalue'",
"ip-addresses": [ "2001:db8:1:cafe::2" ]

4
doc/examples/kea6/shared-network.json
View File

@ -23,7 +23,7 @@
// It is likely that in your network you'll have a mix of regular,
// "plain" subnets and shared networks. It is perfectly valid to mix
// them in the same config file.
//
// This is regular subnet. It's not part of any shared-network.
"subnet6": [
{
@ -56,7 +56,7 @@
// values inserted by relays, which are only used for
// remote traffic. A shared network cannot be both direct
// and relayed.
//"interface-id": "content of the option",
// "interface-id": "content of the option",
// Other parameters defined here will be inherited by the
// subnets.

10
doc/examples/netconf/simple-dhcp4.json
View File

@ -68,15 +68,15 @@
// Netconf is able to load hook libraries that augment its operation.
// The primary functionality is the ability to add new commands.
//
// Uncomment this section to load a hook library.
//
// "hooks-libraries": [
// // Hook libraries list may contain more than one library.
// {
// // The only necessary parameter is the library filename.
// "library": "/opt/local/netconf-commands.so",
//
// // Some libraries may support parameters. Make sure you
// // type this section carefully, as the CA does not validate
// // it (because the format is library-specific).
@ -84,7 +84,7 @@
// "param1": "foo"
// }
// }
//]
// ]
// Similar to other Kea components, Netconf also uses logging.
"loggers": [
@ -92,7 +92,7 @@
"name": "kea-netconf",
"output_options": [
{
//"output": "/var/log/kea-netconf.log",
// "output": "/var/log/kea-netconf.log",
"output": "stdout",
// Several additional parameters are possible in addition
// to the typical output. Flush determines whether logger

12
doc/examples/netconf/simple-dhcp6.json
View File

@ -24,7 +24,7 @@
// Eventually, the kea-netconf will be able to handle multiple
// models. However, for the time being the choices for
// DHCPv6 server are kea-dhcp6-server and
/// ietf-dhcpv6-server models but only the first is usable.
// ietf-dhcpv6-server models but only the first is usable.
"model": "kea-dhcp6-server",
// The three control flags can be defined in this scope too
@ -69,15 +69,15 @@
// Netconf is able to load hook libraries that augment its operation.
// The primary functionality is the ability to add new commands.
//
// Uncomment this section to load a hook library.
//
// "hooks-libraries": [
// // Hook libraries list may contain more than one library.
// {
// // The only necessary parameter is the library filename.
// "library": "/opt/local/netconf-commands.so",
//
// // Some libraries may support parameters. Make sure you
// // type this section carefully, as the CA does not validate
// // it (because the format is library-specific).
@ -85,7 +85,7 @@
// "param1": "foo"
// }
// }
//]
// ]
// Similar to other Kea components, Netconf also uses logging.
"loggers": [
@ -93,7 +93,7 @@
"name": "kea-netconf",
"output_options": [
{
//"output": "/var/log/kea-netconf.log",
// "output": "/var/log/kea-netconf.log",
"output": "stdout",
// Several additional parameters are possible in addition
// to the typical output. Flush determines whether logger

6
doc/sphinx/arm/classify.rst
View File

@ -996,7 +996,7 @@ this subnet. Such a configuration can be achieved in the following way:
"client-class": "Client_foo"
},
...
],,
],
...
}
@ -1078,8 +1078,8 @@ to use this pool. Such a configuration can be achieved in the following way:
]
},
...
],,
],
...
}
The following example shows how to restrict access to an address pool. This

10
doc/sphinx/arm/config.rst
View File

@ -200,14 +200,16 @@ to an existing subnet.
::
{
"subnet4": [ {
"id": 1,
"subnet": "10.20.30.0/24",
"user-context": {
"building": "Main"
"building": "Main",
"floor": 1
}
} ]
}
The same can be done with many other commands like lease6-add etc.
@ -232,7 +234,7 @@ Example of relay information stored in a lease:
"ip-address": "192.0.2.1",
"state": 0,
"subnet-id": 44,
"valid-lft": 3600
"valid-lft": 3600,
"user-context": {
"ISC": {
"relays": [
@ -250,6 +252,7 @@ Example of relay information stored in a lease:
}
}
}
}
User context can store configuration for multiple hooks and comments at once.
@ -314,6 +317,7 @@ where the content of "subnets.json" may be:
::
{
"subnet4": [
{
"id": 123,
@ -328,3 +332,5 @@ where the content of "subnets.json" may be:
"subnet": "10.0.0.0/8"
}
],
...
}

10
doc/sphinx/arm/congestion-handling.rst
View File

@ -69,9 +69,9 @@ servers through an optional, top-level, configuration element,
::
"dhcp-queue-control": {
"enable-queue": true|false,
"enable-queue": true, // true|false
"queue-type": "queue type",
"capacity" : n
"capacity" : 256 // n packets
}
where:
@ -100,8 +100,7 @@ with a queue capacity of 250 packets:
"Dhcp4":
{
...
"dhcp-queue-control": {
"dhcp-queue-control": {
"enable-queue": true,
"queue-type": "kea-ring4",
"capacity" : 250
@ -116,8 +115,7 @@ with a queue capacity of 300 packets:
"Dhcp6":
{
...
"dhcp-queue-control": {
"dhcp-queue-control": {
"enable-queue": true,
"queue-type": "kea-ring6",
"capacity" : 300

42
doc/sphinx/arm/ctrl-channel.rst
View File

@ -69,7 +69,7 @@ send JSON commands structured as follows:
{
"command": "foo",
"service": [ "dhcp4" ]
"service": [ "dhcp4" ],
"arguments": {
"param1": "value1",
"param2": "value2",
@ -87,7 +87,7 @@ following structure:
Content-Length: 147\r\n\r\n
{
"command": "foo",
"service": [ "dhcp4" ]
"service": [ "dhcp4" ],
"arguments": {
"param1": "value1",
"param2": "value2",
@ -95,8 +95,8 @@ following structure:
}
}
``command`` is the name of the command to execute and is mandatory.
``arguments`` is a map of the parameters required to carry out the given
The ``command`` is the name of the command to execute and is mandatory.
The ``arguments`` is a map of the parameters required to carry out the given
command. The exact content and format of the map are command-specific.
``service`` is a list of the servers at which the control command is
@ -141,7 +141,7 @@ form:
::
{
"result": 0|1|2|3|4,
"result": 0, // 0|1|2|3|4
"text": "textual description",
"arguments": {
"argument1": "value1",
@ -193,12 +193,15 @@ that depends on the specific command.
{
"command": "foo",
// service is a list
"service": [ "dhcp4" ]
"service": [ "dhcp4" ],
# command arguments are here.
"arguments": {
"param1": "value1"/*,
"param1": "value1",
...
/*
"param2": "value2",
...*/
...
*/
}
}
@ -218,12 +221,13 @@ to one service would be structured as follows:
[
{
"result": 0|1|2|3|4,
"result": 0, // 0|1|2|3|4
"text": "textual description",
"arguments": {
"argument1": "value1",
"argument2": "value2",
...
...
}
}
]
@ -235,20 +239,22 @@ contain responses from each service, in the order they were requested:
[
{
"result": 0|1|2|3|4,
"result": 0, // 0|1|2|3|4
"text": "textual description",
"arguments": {
"argument1": "value1",
"argument2": "value2",
...
...
}
},
{
"result": 0|1|2|3|4,
"result": 0, // 0|1|2|3|4
"text": "textual description",
"arguments": {
"argument1": "value1",
"argument2": "value2",
...
...
}
},
...
]
@ -424,7 +430,7 @@ as "Dhcp4" or "Dhcp6". For example:
"command": "config-test",
"arguments": {
"Dhcp6": {
:
...
}
}
}
@ -565,7 +571,7 @@ as "Dhcp4" or "Dhcp6". For example:
"command": "config-set",
"arguments": {
"Dhcp6": {
:
...
}
}
}
@ -605,7 +611,7 @@ may look like this:
::
{
"command": "shutdown"
"command": "shutdown",
"arguments": {
"exit-value": 3
}
@ -632,7 +638,7 @@ An example command may look like this:
::
{
"command": "shutdown"
"command": "shutdown",
"arguments": {
"exit-value": 3,
"type": "drain_first"

14
doc/sphinx/arm/ddns.rst
View File

@ -251,7 +251,6 @@ illustrates how to change D2's global parameters so it will listen at
"ip-address": "192.168.1.10",
"port": 900,
...
}
}
.. warning::
@ -339,7 +338,7 @@ An example command may look like this:
::
{
"command": "shutdown"
"command": "shutdown",
"arguments": {
"exit-value": 3,
"type": "drain_first"
@ -583,7 +582,7 @@ domains, which is a list of structures.
"DhcpDdns": {
"reverse-ddns": {
"ddns-domains": [ ]
}
},
...
}
@ -867,7 +866,7 @@ The following example configuration specifies the forward DDNS domains.
],
"user-context": { "backup": false }
},
...
]
}
}
@ -905,21 +904,22 @@ These reverse DDNS domains are specified as follows:
{ "ip-address": "172.16.1.5" },
{ "ip-address": "172.16.2.5" }
]
}
},
{
"name": "1.0.0.0.8.B.D.0.1.0.0.2.ip6.arpa.",
"key-name": "",
"dns-servers": [
{ "ip-address": "2001:db8::1" }
]
}
},
{
"name": "0.192.in-addr.arpa.",
"key-name": "",
"dns-servers": [
{ "ip-address": "172.16.2.5" }
]
}
},
...
]
}
}

200
doc/sphinx/arm/dhcp4-srv.rst
View File

@ -260,9 +260,12 @@ this:
::
{
"interfaces-config": {
"interfaces": [ "eth0", "eth1" ]
},
...
}
The next lines define the lease database, the place where the
server stores its lease information. This particular example tells the
@ -295,6 +298,7 @@ syntax would be used:
::
{
"subnet4": [
{
"pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
@ -308,7 +312,9 @@ syntax would be used:
"pools": [ { "pool": "192.0.4.1 - 192.0.4.254" } ],
"subnet": "192.0.4.0/24"
}
]
],
...
}
Note that indentation is optional and is used for aesthetic purposes
only. In some cases it may be preferable to use more compact notation.
@ -574,10 +580,14 @@ access the database should be set:
::
"Dhcp4": { "lease-database": { "user": "user-name",
"password": "password",
... },
... }
"Dhcp4": {
"lease-database": {
"user": "user-name",
"password": "password",
...
},
...
}
If there is no password to the account, set the password to the empty
string ``""``. (This is the default.)
@ -790,10 +800,14 @@ access the database should be set:
::
"Dhcp4": { "hosts-database": { "user": "user-name",
"password": "password",
... },
... }
"Dhcp4": {
"hosts-database": {
"user": "user-name",
"password": "password",
...
},
...
}
If there is no password to the account, set the password to the empty
string ``""``. (This is the default.)
@ -868,7 +882,7 @@ server to listen on all available interfaces:
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "*" ]
}
},
...
}
@ -2190,7 +2204,8 @@ Such an option can be defined by putting the following entry in the configuratio
"record-types": "",
"space": "dhcp4",
"encapsulate": ""
}, ...
},
...
],
...
}
@ -2227,7 +2242,8 @@ global value that applies to all subnets.
"space": "dhcp4",
"csv-format": true,
"data": "12345"
}, ...
},
...
],
...
}
@ -2253,7 +2269,8 @@ defined in the following way:
"array": false,
"record-types": "ipv4-address, uint16, boolean, string",
"encapsulate": ""
}, ...
},
...
],
...
}
@ -2280,7 +2297,7 @@ The option's values are set in an ``option-data`` statement as follows:
...
}
``csv-format`` is set to ``true`` to indicate that the ``data`` field
The ``csv-format`` is set to ``true`` to indicate that the ``data`` field
comprises a comma-separated list of values. The values in ``data``
must correspond to the types set in the ``record-types`` field of the
option definition.
@ -2300,7 +2317,8 @@ last field is an array, i.e. it can contain more than one value, as in:
"array": true,
"record-types": "ipv4-address, uint16",
"encapsulate": ""
}, ...
},
...
],
...
}
@ -2346,7 +2364,8 @@ PXEClient vendor:
}
],
...
}, ...
},
...
],
...
}
@ -2520,9 +2539,9 @@ The first step is to define the format of the option:
...
}
(Note that the option space is set to
``"vendor-encapsulated-options-space"``.) Once the option format is defined,
the next step is to define actual values for that option:
Note that the option space is set to ``"vendor-encapsulated-options-space"``.
Once the option format is defined, the next step is to define actual values
for that option:
::
@ -2800,7 +2819,6 @@ and specify that it should include options from the new option space:
"Dhcp4": {
"option-def": [
...,
{
"name": "container",
"code": 222,
@ -2809,7 +2827,8 @@ and specify that it should include options from the new option space:
"array": false,
"record-types": "",
"encapsulate": "isc"
}
},
...
],
...
}
@ -2912,6 +2931,7 @@ options and sub-options, using the respective option code.
::
{
"option-def": [
{
"array": false,
@ -2945,7 +2965,9 @@ options and sub-options, using the respective option code.
}
]
}
]
],
...
}
.. note::
@ -2990,7 +3012,7 @@ configuration looks like this:
"Dhcp4": {
"subnet4": [
{
"subnet": "192.0.2.0/24"
"subnet": "192.0.2.0/24",
"option-data": [ {
"name": "domain-name-servers",
"code": 6,
@ -3141,7 +3163,7 @@ client documentation for specific values.
...
],
...
}
}
If an incoming packet is matched to multiple classes, then the
value used for each field will come from the first class that
@ -3413,7 +3435,7 @@ The default configuration and values would appear as follows:
"ddns-update-on-renew": false,
"ddns-use-conflict-resolution": true,
"hostname-char-set": "",
"hostname-char-replacement": ""
"hostname-char-replacement": "",
...
}
@ -3497,7 +3519,7 @@ conflict with existing entries owned by other DHCPv4 clients.
to generate DNS removal requests to D2.
The DNS entries Kea creates contain a value for TTL (time to live).
``kea-dhcp4`` calculates that value based on
The ``kea-dhcp4`` calculates that value based on
`RFC 4702, Section 5 <https://tools.ietf.org/html/rfc4702#section-5>`__,
which suggests that the TTL value be 1/3 of the lease's lifetime, with
a minimum value of 10 minutes.
@ -3575,7 +3597,7 @@ following configuration is required:
When Does the ``kea-dhcp4`` Server Generate a DDNS Request?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
``kea-dhcp4`` follows the behavior prescribed for DHCP servers in `RFC
The ``kea-dhcp4`` follows the behavior prescribed for DHCP servers in `RFC
4702 <https://tools.ietf.org/html/rfc4702>`__. It is important to keep in
mind that ``kea-dhcp4`` makes the initial decision of when and what to
update and forwards that information to D2 in the form of NCRs. Carrying
@ -3654,7 +3676,6 @@ configuration file:
::
"Dhcp4": {
...
"ddns-override-client-update": true,
...
}
@ -3672,12 +3693,11 @@ To override client delegation, issue the following commands:
::
"Dhcp4": {
...
"ddns-override-no-update": true,
...
}
``kea-dhcp4`` always generates DDNS update requests if the client
The ``kea-dhcp4`` always generates DDNS update requests if the client
request only contains the Host Name option. In addition, it includes
an FQDN option in the response to the client with the FQDN N-S-O flags
set to 0-1-0, respectively. The domain name portion of the FQDN option
@ -3738,7 +3758,6 @@ follows:
::
"Dhcp4": {
...
"ddns-replace-client-name": "always",
...
}
@ -3750,7 +3769,6 @@ its value, simply set it to the desired string:
::
"Dhcp4": {
...
"ddns-generated-prefix": "another.host",
...
}
@ -3764,7 +3782,6 @@ meaningful default.
::
"Dhcp4": {
...
"ddns-qualifying-suffix": "foo.example.org",
...
}
@ -3809,7 +3826,6 @@ digit, dot, or hyphen with the letter "x":
::
"Dhcp4": {
...
"hostname-char-set": "[^A-Za-z0-9.-]",
"hostname-char-replacement": "x",
...
@ -3885,7 +3901,6 @@ handled the same way as ``next-server``.
"Dhcp4": {
"next-server": "192.0.2.123",
"boot-file-name": "/dev/null",
...,
"subnet4": [
{
"next-server": "192.0.2.234",
@ -3893,7 +3908,8 @@ handled the same way as ``next-server``.
"boot-file-name": "bootfile.efi",
...
}
]
],
...
}
.. _dhcp4-echo-client-id:
@ -4288,11 +4304,15 @@ Or with remote and relay sub-options:
::
{ "ISC": { "relay-agent-info": {
"sub-options": "0x02030102030C03AABBCC",
"remote-id": "03010203",
"relay-id": "AABBCC"
} } }
{
"ISC": {
"relay-agent-info": {
"sub-options": "0x02030102030C03AABBCC",
"remote-id": "03010203",
"relay-id": "AABBCC"
}
}
}
.. note::
@ -4358,7 +4378,7 @@ An example configuration that sets these parameters looks as follows:
"enable-multi-threading": true,
"thread-pool-size": 4,
"packet-queue-size": 16
}
},
...
}
@ -4424,6 +4444,7 @@ enable the option for the whole subnet, the following configuration can be used:
::
{
"subnet4": [
{
"pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
@ -4438,6 +4459,8 @@ enable the option for the whole subnet, the following configuration can be used:
]
}
],
...
}
Lease Caching
-------------
@ -4459,6 +4482,7 @@ as a last resort. For example:
::
{
"subnet4": [
{
"pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
@ -4469,6 +4493,8 @@ as a last resort. For example:
...
}
],
...
}
When an already-assigned lease can fulfill a client query:
@ -4536,6 +4562,7 @@ An example subnet configuration is shown below:
::
{
"subnet4": [
{
"pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
@ -4545,6 +4572,8 @@ An example subnet configuration is shown below:
...
}
],
...
}
Here ``offer-lifetime`` has been configured to be 60 seconds, with a ``valid-lifetime``
of 2000 seconds. This instructs ``kea-dhcp4`` to persist leases for 60 seconds when
@ -4598,6 +4627,7 @@ in a subnet:
::
{
"subnet4": [
{
"pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
@ -4623,7 +4653,9 @@ in a subnet:
}
]
}
]
],
...
}
The first entry reserves the 192.0.2.202 address for the client that
uses a MAC address of 1a:1b:1c:1d:1e:1f. The second entry reserves the
@ -5401,13 +5433,16 @@ example of a ``host-reservation-identifiers`` configuration looks as follows:
::
{
"host-reservation-identifiers": [ "circuit-id", "hw-address", "duid", "client-id" ],
"subnet4": [
{
"subnet": "192.0.2.0/24",
...
}
]
],
...
}
If not specified, the default value is:
@ -5546,7 +5581,7 @@ within the subnet as follows:
"subnet4": [
{
"subnet": "192.0.2.0/24",
"reservations": [{"
"reservations": [{
"hw-address": "aa:bb:cc:dd:ee:fe",
"client-classes": [ "reserved_class" ]
}],
@ -5594,11 +5629,11 @@ following example:
"name": "reserved_class"
},
{
"name: "unreserved_class",
"name": "unreserved_class",
"test": "not member('reserved_class')"
}
],
"reservations": [{"
"reservations": [{
"hw-address": "aa:bb:cc:dd:ee:fe",
"client-classes": [ "reserved_class" ]
}],
@ -5827,7 +5862,7 @@ redirects those customers to a captive portal urging them to bring their account
"data": "192.0.2.251"
}
]
},
}
],
"reservations": [
// Clients on this list will be added to the KNOWN class. Some
@ -5916,10 +5951,8 @@ introduced:
::
{
"Dhcp4": {
"shared-networks": [
{
"shared-networks": [ {
# Name of the shared network. It may be an arbitrary string
# and it must be unique among all shared networks.
"name": "my-secret-lair-level-1",
@ -5941,7 +5974,8 @@ introduced:
"pools": [ { "pool": "192.0.2.100 - 192.0.2.199" } ]
}
]
} ], # end of shared-networks
} ],
# end of shared-networks
# It is likely that in the network there will be a mix of regular,
# "plain" subnets and shared networks. It is perfectly valid to mix
@ -5955,8 +5989,6 @@ introduced:
"interface": "eth1"
}
]
} # end of Dhcp4
}
As demonstrated in the example, it is possible to mix shared and regular
@ -5980,6 +6012,7 @@ then override its value in the subnet scope. For example:
::
{
"shared-networks": [
{
"name": "lab-network3",
@ -6027,7 +6060,10 @@ then override its value in the subnet scope. For example:
} ]
}
]
} ]
}
],
...
}
In this example, there is a ``log-servers`` option defined that is available
to clients in both subnets in this shared network. Also, the valid
@ -6055,6 +6091,7 @@ example of what **NOT** to do:
::
{
"shared-networks": [
{
"name": "office-floor-2",
@ -6074,7 +6111,10 @@ example of what **NOT** to do:
"interface": "eth1"
}
]
} ]
}
],
...
}
To minimize the chance of configuration errors, it is often more convenient
to simply specify the interface name once, at the shared-network level, as
@ -6082,6 +6122,7 @@ shown in the example below.
::
{
"shared-networks": [
{
"name": "office-floor-2",
@ -6100,7 +6141,10 @@ shown in the example below.
"pools": [ { "pool": "192.0.2.100 - 192.0.2.199" } ]
}
]
} ]
}
],
...
}
With relayed traffic, subnets are typically selected using
@ -6115,6 +6159,7 @@ of what **NOT** to do:
::
{
"shared-networks": [
{
"name": "kakapo",
@ -6139,7 +6184,9 @@ of what **NOT** to do:
}
]
}
]
],
...
}
Again, it is better to specify the relay address at the shared-network
level; this value will be inherited by all subnets belonging to the
@ -6147,6 +6194,7 @@ shared network.
::
{
"shared-networks": [
{
"name": "kakapo",
@ -6165,7 +6213,9 @@ shared network.
}
]
}
]
],
...
}
Even though it is technically possible to configure two (or more) subnets
within the shared network to use different relay addresses, this will almost
@ -6385,6 +6435,7 @@ for a subnet:
::
{
"subnet4": [
{
"subnet": "192.0.2.0/24",
@ -6396,7 +6447,9 @@ for a subnet:
],
...
}
]
],
...
}
.. _dhcp4-subnet-selection:
@ -6515,9 +6568,9 @@ everything connected behind the modems should get addresses from the
{
"subnet": "10.1.1.0/24",
"pools": [ { "pool": "10.1.1.2 - 10.1.1.20" } ],
"client-class" "docsis3.0",
"client-class": "docsis3.0",
"relay": {
"ip-addresses": [ "10.1.1.1 ]"
"ip-addresses": [ "10.1.1.1" ]
}
},
{
@ -6567,9 +6620,14 @@ default, the following syntax can be used:
::
"Dhcp4": {
"Dhcp4": {
"decline-probation-period": 3600,
"subnet4": [ ... ],
"subnet4": [
{
...
},
...
],
...
}
@ -7086,9 +7144,14 @@ the default maximum sample count to 1 so only one sample is kept:
::
"Dhcp4": {
"Dhcp4": {
"statistic-default-sample-count": 1,
"subnet4": [ ... ],
"subnet4": [
{
...
},
...
],
...
}
@ -7117,6 +7180,9 @@ in the configuration file can be used:
},
"subnet4": [
{
...
},
...
],
...
@ -7744,7 +7810,7 @@ Consider the following example:
},
{
"id": 2,
"subnet": "192.0.2.0/24",
"subnet": "192.0.2.0/24"
}
]
}

271
doc/sphinx/arm/dhcp6-srv.rst
View File

@ -221,9 +221,12 @@ this:
::
{
"interfaces-config": {
"interfaces": [ "eth0", "eth1" ]
},
...
}
The next lines define the lease database, the place where the
server stores its lease information. This particular example tells the
@ -256,6 +259,7 @@ syntax would be used:
::
{
"subnet6": [
{
"pools": [ { "pool": "2001:db8:1::/112" } ],
@ -265,7 +269,9 @@ syntax would be used:
"pools": [ { "pool": "2001:db8:2::1-2001:db8:2::ffff" } ],
"subnet": "2001:db8:2::/64"
}
]
],
...
}
Note that indentation is optional and is used for aesthetic purposes
only. In some cases it may be preferable to use more compact notation.
@ -531,10 +537,14 @@ access the database should be set:
::
"Dhcp6": { "lease-database": { "user": "user-name",
"password": "password",
... },
... }
"Dhcp6": {
"lease-database": {
"user": "user-name",
"password": "password",
...
},
...
}
If there is no password to the account, set the password to the empty
string ``""``. (This is the default.)
@ -747,10 +757,14 @@ access the database should be set:
::
"Dhcp6": { "hosts-database": { "user": "user-name",
"password": "password",
... },
... }
"Dhcp6": {
"hosts-database": {
"user": "user-name",
"password": "password",
...
},
...
}
If there is no password to the account, set the password to the empty
string ``""``. (This is the default.)
@ -825,7 +839,7 @@ server to listen on all available interfaces:
"Dhcp6": {
"interfaces-config": {
"interfaces": [ "*" ]
}
},
...
}
@ -1029,7 +1043,6 @@ ff02::1:2 address. The sample configuration below shows how to listen on
"interfaces-config": {
"interfaces": [ "eth1/2001:db8::1" ]
},
...
"option-data": [
{
"name": "unicast",
@ -1142,8 +1155,7 @@ second subnet, use a command similar to the following:
{ "pool": "2001:db8:2::/64" }
]
},
...
...
]
}
@ -1876,7 +1888,6 @@ server configuration as shown below:
::
"Dhcp6": {
...
"option-data": [
{
"name": "s46-cont-mape"
@ -2029,7 +2040,8 @@ in the configuration file:
"record-types": "",
"space": "dhcp6",
"encapsulate": ""
}, ...
},
...
],
...
}
@ -2066,7 +2078,8 @@ global value that applies to all subnets.
"space": "dhcp6",
"csv-format": true,
"data": "12345"
}, ...
},
...
],
...
}
@ -2092,7 +2105,8 @@ defined in the following way:
"array": false,
"record-types": "ipv6-address, uint16, boolean, string",
"encapsulate": ""
}, ...
},
...
],
...
}
@ -2120,7 +2134,7 @@ follows:
...
}
``csv-format`` is set to ``true`` to indicate that the ``data`` field
The ``csv-format`` is set to ``true`` to indicate that the ``data`` field
comprises a comma-separated list of values. The values in ``data``
must correspond to the types set in the ``record-types`` field of the
option definition.
@ -2140,7 +2154,8 @@ last field is an array, i.e. it can contain more than one value, as in:
"array": true,
"record-types": "ipv6-address, uint16",
"encapsulate": ""
}, ...
},
...
],
...
}
@ -2216,9 +2231,9 @@ The first step is to define the format of the option:
...
}
(Note that the option space is set to ``"vendor-12345"``.) Once the
option format is defined, the next step is to define actual values for
that option:
Note that the option space is set to ``"vendor-12345"``.
Once the option format is defined, the next step is to define actual values
for that option:
::
@ -2241,11 +2256,11 @@ Vendor-Specific Information option, to convey the option ``foo``.
"Dhcp6": {
"option-data": [
...,
{
"name": "vendor-opts",
"data": "12345"
}
},
...
],
...
}
@ -2256,11 +2271,11 @@ Alternatively, the option can be specified using its code.
"Dhcp6": {
"option-data": [
...,
{
"code": 17,
"data": "12345"
}
},
...
],
...
}
@ -2314,7 +2329,7 @@ define the new sub-options:
"space": "isc",
"type": "string",
"record-types": "",
"array": false
"array": false,
"encapsulate": ""
}
],
@ -2331,7 +2346,6 @@ and specify that it should include options from the new option space:
"Dhcp6": {
"option-def": [
...,
{
"name": "container",
"code": 102,
@ -2340,7 +2354,8 @@ and specify that it should include options from the new option space:
"array": false,
"record-types": "",
"encapsulate": "isc"
}
},
...
],
...
}
@ -2875,12 +2890,12 @@ specified subnet is used:
],
"subnet6": [
{
"subnet": "2001:db8:1::/64"
"subnet": "2001:db8:1::/64",
"pools": [
{
"pool": "2001:db8:1::-2001:db8:1::ffff"
}
],
],
"require-client-classes": [ "Client_foo" ],
...
},
@ -2996,7 +3011,7 @@ The default configuration and values would appear as follows:
"ddns-update-on-renew": false,
"ddns-use-conflict-resolution": true,
"hostname-char-set": "",
"hostname-char-replacement": ""
"hostname-char-replacement": "",
...
}
@ -3158,7 +3173,7 @@ configuration is required:
When Does the ``kea-dhcp6`` Server Generate a DDNS Request?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
``kea-dhcp6`` follows the behavior prescribed for DHCP servers in `RFC
The ``kea-dhcp6`` follows the behavior prescribed for DHCP servers in `RFC
4704 <https://tools.ietf.org/html/rfc4704>`__. It is important to keep in
mind that ``kea-dhcp6`` makes the initial decision of when and what to
update and forwards that information to D2 in the form of NCRs. Carrying
@ -3240,7 +3255,6 @@ configuration file:
::
"Dhcp6": {
...
"ddns-override-client-update": true,
...
}
@ -3258,11 +3272,16 @@ To override client delegation, issue the following commands:
::
"Dhcp6": {
...
"ddns-override-no-update": true,
...
}
The ``kea-dhcp6`` always generates DDNS update requests if the client
request only contains the Host Name option. In addition, it includes
an FQDN option in the response to the client with the FQDN N-S-O flags
set to 0-1-0, respectively. The domain name portion of the FQDN option
is the name submitted to D2 in the DDNS update request.
.. _dhcpv6-fqdn-name-generation:
``kea-dhcp6`` Name Generation for DDNS Update Requests
@ -3318,7 +3337,6 @@ follows:
::
"Dhcp6": {
...
"ddns-replace-client-name": "always",
...
}
@ -3330,7 +3348,6 @@ its value, simply set it to the desired string:
::
"Dhcp6": {
...
"ddns-generated-prefix": "another.host",
...
}
@ -3343,7 +3360,6 @@ are enabled. To set its value simply set it to the desired string:
::
"Dhcp6": {
...
"ddns-qualifying-suffix": "foo.example.org",
...
}
@ -3400,7 +3416,6 @@ digit, dot, or hyphen with the letter "x":
::
"Dhcp6": {
...
"hostname-char-set": "[^A-Za-z0-9.-]",
"hostname-char-replacement": "x",
...
@ -3647,7 +3662,7 @@ pretty-printed for clarity):
"peer": "2001:db8::4"
},
{
"hop": 1",
"hop": 1,
"link": "2001:db8::5",
"options": "0x00250006010203040506003500086464646464646464",
"remote-id": "010203040506",
@ -3725,7 +3740,7 @@ An example configuration that sets these parameters looks as follows:
"enable-multi-threading": true,
"thread-pool-size": 4,
"packet-queue-size": 16
}
},
...
}
@ -3789,6 +3804,7 @@ as a last resort. For example:
::
{
"subnet6": [
{
"subnet": "2001:db8:1:1::/64",
@ -3799,6 +3815,8 @@ as a last resort. For example:
...
}
],
...
}
When an already-assigned lease can fulfill a client query:
@ -3868,6 +3886,7 @@ specific hosts:
::
{
"subnet6": [
{
"subnet": "2001:db8:1::/48",
@ -3896,7 +3915,9 @@ specific hosts:
}
]
}
]
],
...
}
This example includes reservations for three different clients. The
first reservation is for the address 2001:db8:1::100, for a client using
@ -4064,6 +4085,7 @@ configuration:
::
{
"subnet6": [
{
"subnet": "2001:db8:1::/48",
@ -4080,6 +4102,8 @@ configuration:
],
"dhcp-ddns": {
"enable-updates": true
},
...
}
will result the "alice-laptop.example.isc.org." hostname being assigned to
@ -4129,27 +4153,34 @@ example demonstrates how standard options can be defined.
::
{
"reservations": [
{
"duid": "01:02:03:05:06:07:08",
"ip-addresses": [ "2001:db8:1::2" ],
"duid": "01:02:03:05:06:07:08",
"ip-addresses": [ "2001:db8:1::2" ],
"option-data": [
{
"option-data": [ {
"name": "dns-servers",
"data": "3000:1::234"
},
{
"name": "nis-servers",
"data": "3000:1::234"
}
} ]
} ]
"name": "dns-servers",
"data": "3000:1::234"
},
{
"name": "nis-servers",
"data": "3000:1::234"
},
...
],
...
},
...
],
...
}
Vendor-specific options can be reserved in a similar manner:
::
{
"reservations": [
{
"duid": "aa:bb:cc:dd:ee:ff",
@ -4163,8 +4194,15 @@ Vendor-specific options can be reserved in a similar manner:
"name": "tftp-servers",
"space": "vendor-4491",
"data": "3000:1::234"
} ]
} ]
},
...
],
...
},
...
],
...
}
Options defined at the host level have the highest priority. In other words,
if there are options defined with the same type on global, subnet,
@ -4636,13 +4674,16 @@ example of a ``host-reservation-identifiers`` configuration looks as follows:
::
{
"host-reservation-identifiers": [ "duid", "hw-address" ],
"subnet6": [
{
"subnet": "2001:db8:1::/64",
...
}
]
],
...
}
If not specified, the default value is:
@ -4774,7 +4815,7 @@ within the subnet as follows:
"subnet6": [
{
"subnet": "2001:db8:1::/64",
"reservations": [{"
"reservations": [{
"hw-address": "aa:bb:cc:dd:ee:fe",
"client-classes": [ "reserved_class" ]
}],
@ -4822,11 +4863,11 @@ following example:
"name": "reserved_class"
},
{
"name: "unreserved_class",
"name": "unreserved_class",
"test": "not member('reserved_class')"
}
],
"reservations": [{"
"reservations": [{
"hw-address": "aa:bb:cc:dd:ee:fe",
"client-classes": [ "reserved_class" ]
}],
@ -5049,7 +5090,7 @@ their accounts up to date.
"data": "2001:db8::2"
}
]
},
}
],
"reservations": [
// Clients on this list will be added to the KNOWN class. Some
@ -5143,7 +5184,7 @@ introduced:
::
"Dhcp6": {
"shared-networks": [{
"shared-networks": [ {
# Name of the shared network. It may be an arbitrary string
# and it must be unique among all shared networks.
"name": "ipv6-lab-1",
@ -5158,28 +5199,34 @@ introduced:
# This starts a list of subnets in this shared network.
# There are two subnets in this example.
"subnet6": [{
"subnet": "2001:db8::/48",
"pools": [{ "pool": "2001:db8::1 - 2001:db8::ffff" }]
}, {
"subnet": "3ffe:ffe::/64",
"pools": [{ "pool": "3ffe:ffe::/64" }]
}]
}], # end of shared-networks
"subnet6": [
{
"subnet": "2001:db8::/48",
"pools": [{ "pool": "2001:db8::1 - 2001:db8::ffff" }]
},
{
"subnet": "3ffe:ffe::/64",
"pools": [{ "pool": "3ffe:ffe::/64" }]
}
]
} ],
# end of shared-networks
# It is likely that in the network there will be a mix of regular,
# "plain" subnets and shared networks. It is perfectly valid
# to mix them in the same configuration file.
#
# This is a regular subnet. It is not part of any shared-network.
"subnet6": [{
"subnet": "2001:db9::/48",
"pools": [{ "pool": "2001:db9::/64" }],
"relay": {
"ip-addresses": [ "2001:db8:1:2::1" ]
"subnet6": [
{
"subnet": "2001:db9::/48",
"pools": [{ "pool": "2001:db9::/64" }],
"relay": {
"ip-addresses": [ "2001:db8:1:2::1" ]
}
}
}]
} # end of Dhcp6
]
}
As demonstrated in the example, it is possible to mix shared and regular
("plain") subnets. Each shared network must have a unique name. This is
@ -5202,6 +5249,7 @@ then override its value in the subnet scope. For example:
::
{
"shared-networks": [
{
"name": "lab-network3",
@ -5250,7 +5298,10 @@ then override its value in the subnet scope. For example:
} ]
}
]
} ]
}
],
...
}
In this example, there is a ``dns-servers`` option defined that is available
to clients in both subnets in this shared network. Also, the valid
@ -5305,6 +5356,7 @@ of what **NOT** to do:
::
{
"shared-networks": [
{
"name": "office-floor-2",
@ -5317,14 +5369,17 @@ of what **NOT** to do:
{
"subnet": "3ffe:abcd::/64",
"pools": [ { "pool": "3ffe:abcd::1 - 3ffe:abcd::ffff" } ],
# Specifying the different interface name is a configuration
...
# Specifying a different interface name is a configuration
# error. This value should rather be "eth0" or the interface
# name in the other subnet should be "eth1".
# "interface": "eth1"
}
]
} ]
}
],
...
}
To minimize the chance of configuration errors, it is often more convenient
to simply specify the interface name once, at the shared-network level, as
@ -5332,6 +5387,7 @@ shown in the example below.
::
{
"shared-networks": [
{
"name": "office-floor-2",
@ -5350,7 +5406,10 @@ shown in the example below.
"pools": [ { "pool": "3ffe:abcd::1 - 3ffe:abcd::ffff" } ]
}
]
} ]
}
],
...
}
With relayed traffic, subnets are typically selected using
@ -5365,6 +5424,7 @@ of what **NOT** to do:
::
{
"shared-networks": [
{
"name": "kakapo",
@ -5389,7 +5449,9 @@ of what **NOT** to do:
}
]
}
]
],
...
}
Again, it is better to specify the relay address at the shared-network
level; this value will be inherited by all subnets belonging to the
@ -5397,6 +5459,7 @@ shared network.
::
{
"shared-networks": [
{
"name": "kakapo",
@ -5415,7 +5478,9 @@ shared network.
}
]
}
]
],
...
}
Even though it is technically possible to configure two (or more) subnets
within the shared network to use different relay addresses, this will almost
@ -5572,7 +5637,7 @@ similar to regular subnets:
{
"subnet": "2001:db8:1::/64",
"id": 100,
"pools": [ { "2001:db8:1::1 - 2001:db8:1::64" } ],
"pools": [ { "pool": "2001:db8:1::1 - 2001:db8:1::64" } ],
"reservations": [
{
"duid": "00:03:00:01:11:22:33:44:55:66",
@ -6078,10 +6143,19 @@ Here is an example:
::
"Dhcp6": {
"mac-sources": [ "method1", "method2", "method3", ... ],
"subnet6": [ ... ],
"mac-sources": [
"method1",
"method2",
"method3",
...
],
"subnet6": [
{
...
},
...
],
...
}
@ -6204,9 +6278,14 @@ default, the following syntax can be used:
::
"Dhcp6": {
"Dhcp6": {
"decline-probation-period": 3600,
"subnet6": [ ... ],
"subnet6": [
{
...
},
...
],
...
}
@ -6792,9 +6871,14 @@ the default maximum sample count to 1 so only one sample is kept:
::
"Dhcp6": {
"Dhcp6": {
"statistic-default-sample-count": 1,
"subnet6": [ ... ],
"subnet6": [
{
...
},
...
],
...
}
@ -6823,6 +6907,9 @@ in the configuration file can be used:
},
"subnet6": [
{
...
},
...
],
...

1
doc/sphinx/arm/ext-gss-tsig.rst
View File

@ -549,7 +549,6 @@ An excerpt from a D2 server configuration is provided below; more examples are a
// store client keys. As credentials cache is more flexible,
// it is recommended to use it. Typically, using both at the
// same time may cause problems.
//
// "client-keytab": "FILE:/etc/dhcp.keytab", // toplevel only
"credentials-cache": "FILE:/etc/ccache", // toplevel only
"gss-replay-flag": true, // GSS anti replay service

1
doc/sphinx/arm/ext-netconf.rst
View File

@ -554,7 +554,6 @@ Kea sources.
// This map specifies how each server is managed. For each server there
// is a name of the YANG model to be used and the control channel.
//
// Currently three control channel types are supported:
// "stdout" which outputs the configuration on the standard output,
// "unix" which uses the local control channel supported by the

34
doc/sphinx/arm/hooks-cb-cmds.rst
View File

@ -222,7 +222,7 @@ The following is the successful response to the ``remote-server4-del`` command:
{
"result": 0,
"text": "1 DHCPv4 server(s) deleted."
"text": "1 DHCPv4 server(s) deleted.",
"arguments": {
"count": 1
}
@ -250,7 +250,7 @@ from the configuration database. For example:
.. code-block:: json
{
"command": "remote-server6-get"
"command": "remote-server6-get",
"arguments": {
"servers": [
{
@ -297,7 +297,7 @@ database. The command structure is very simple:
.. code-block:: json
{
"command": "remote-server4-get-all"
"command": "remote-server4-get-all",
"arguments": {
"remote": {
"type": "mysql"
@ -349,7 +349,7 @@ database:
.. code-block:: json
{
"command": "remote-server6-set"
"command": "remote-server6-set",
"arguments": {
"servers": [
{
@ -615,7 +615,7 @@ integer, real, or boolean. For example:
.. code-block:: json
{
"command": "remote-global-parameter4-set"
"command": "remote-global-parameter4-set",
"arguments": {
"parameters": {
"boot-file-name": "/dev/null",
@ -734,7 +734,7 @@ The following command retrieves all shared networks to be used by
.. code-block:: json
{
"command": "remote-network4-list"
"command": "remote-network4-list",
"arguments": {
"remote": {
"type": "mysql"
@ -752,7 +752,7 @@ networks, i.e. the networks which are associated with no servers. For example:
.. code-block:: json
{
"command": "remote-network4-list"
"command": "remote-network4-list",
"arguments": {
"remote": {
"type": "mysql"
@ -953,7 +953,7 @@ servers, having the code of 1 and belonging to the option space "isc":
.. code-block:: json
{
"command": "remote-option-def4-get"
"command": "remote-option-def4-get",
"arguments": {
"option-defs": [
{
@ -984,7 +984,7 @@ for the given server or all servers. For example:
.. code-block:: json
{
"command": "remote-option-def6-get-all"
"command": "remote-option-def6-get-all",
"arguments": {
"remote": {
"type": "mysql"
@ -1086,7 +1086,7 @@ For example:
"arguments": {
"options": [
{
"code": 5
"code": 5,
"space": "dhcp4"
}
],
@ -1097,7 +1097,7 @@ For example:
}
}
"dhcp4" is the top-level option space where the standard DHCPv4 options
The "dhcp4" is the top-level option space where the standard DHCPv4 options
belong. The ``server-tags`` parameter is mandatory and must include a
single option tag or the keyword "all". If the explicit server tag is specified,
this command attempts to delete a global option associated with this
@ -1296,7 +1296,7 @@ network "fancy".
}
}
"dhcp4" is the top-level option space where the standard DHCPv4 options
The "dhcp4" is the top-level option space where the standard DHCPv4 options
belong. The ``server-tags`` parameter cannot be specified for this command.
.. _command-remote-option4-network-set:
@ -1382,7 +1382,7 @@ option. To delete a subnet level option, the
}
}
"dhcp6" is the top-level option space where the standard DHCPv6 options
The "dhcp6" is the top-level option space where the standard DHCPv6 options
belong. The ``server-tags`` parameter cannot be specified for this command.
.. _command-remote-option6-pd-pool-set:
@ -1475,7 +1475,7 @@ pool:
}
}
"dhcp4" is the top-level option space where the standard DHCPv4 options
The "dhcp4" is the top-level option space where the standard DHCPv4 options
belong. The ``server-tags`` parameter cannot be specified for this command.
.. _command-remote-option4-pool-set:
@ -1564,7 +1564,7 @@ having an identifier of 123.
}
}
"dhcp4" is the top-level option space where the standard DHCPv4 options
The "dhcp4" is the top-level option space where the standard DHCPv4 options
belong. The ``server-tags`` parameter cannot be specified for this command.
.. _command-remote-option4-subnet-set:
@ -1740,7 +1740,7 @@ be used by "server1" and "server2":
.. code-block:: json
{
"command": "remote-subnet4-list"
"command": "remote-subnet4-list",
"arguments": {
"remote": {
"type": "mysql"
@ -1759,7 +1759,7 @@ For example:
.. code-block:: json
{
"command": "remote-subnet4-list"
"command": "remote-subnet4-list",
"arguments": {
"remote": {
"type": "mysql"

4
doc/sphinx/arm/hooks-class-cmds.rst
View File

@ -135,9 +135,7 @@ The following is a sample command removing the ``ipxe_efi_x64`` class:
{
"command": "class-del",
"arguments": {
{
"name": "ipxe_efi_x64"
}
"name": "ipxe_efi_x64"
}
}

25
doc/sphinx/arm/hooks-ddns-tuning.rst
View File

@ -18,16 +18,15 @@ server's configuration:
{
"hooks-libraries": [
:
,
{
"library": "/usr/local/lib/libdhcp_ddns_tuning.so",
"parameters": {
:
...
}
},
:
]
...
],
...
}
Procedural Host-Name Generation
@ -43,17 +42,16 @@ expression is shown below:
{
"hooks-libraries": [
:
,
{
"library": "/usr/local/lib/libdhcp_ddns_tuning.so",
"parameters": {
:
"hostname-expr": "'host-'+hexstring(pkt4.mac,'-')"
"hostname-expr": "'host-'+hexstring(pkt4.mac,'-')",
...
}
},
:
]
...
],
...
}
It is also possible to define this parameter in a subnet, using the user-context mechanism.
@ -63,6 +61,7 @@ global expression for that subnet. An example subnet expression is shown below:
.. code-block:: javascript
{
"subnet4": [{
"subnet": "192.0.2.0/24",
"pools": [{
@ -83,7 +82,9 @@ global expression for that subnet. An example subnet expression is shown below:
"devices-registered": 42,
"billing": false
}
}]
}],
...
}
.. note::

44
doc/sphinx/arm/hooks-flex-id.rst
View File

@ -74,13 +74,22 @@ can be achieved by using the following configuration:
::
"Dhcp6": {
"subnet6": [{ ..., # subnet definition starts here
"reservations": [
"flex-id": "'port1234'", # value of the first 8 bytes of the interface-id
"subnet6": [{
# subnet definition starts here
"reservations": [{
"flex-id": "'port1234'",
# value of the first 8 bytes of the interface-id
"ip-addresses": [ "2001:db8::1" ]
},
...
],
}], # end of subnet definitions
"host-reservation-identifiers": ["duid", "flex-id"], # add "flex-id" to reservation identifiers
...
},
...
],
# end of subnet definitions
"host-reservation-identifiers": ["duid", "flex-id"],
# add "flex-id" to reservation identifiers
"hooks-libraries": [
{
"library": "/path/libdhcp_flex_id.so",
@ -89,7 +98,8 @@ can be achieved by using the following configuration:
}
},
...
]
],
...
}
.. note::
@ -113,13 +123,22 @@ for non-printable characters and do not require the use of the
::
"Dhcp6": {
"subnet6": [{ ..., # subnet definition starts here
"reservations": [
"flex-id": "01:02:03:04:05:06", # value of the first 8 bytes of the interface-id
"subnet6": [{
# subnet definition starts here
"reservations": [{
"flex-id": "01:02:03:04:05:06",
# value of the first 8 bytes of the interface-id
"ip-addresses": [ "2001:db8::1" ]
},
...
],
}], # end of subnet definitions
"host-reservation-identifiers": ["duid", "flex-id"], # add "flex-id" to reservation identifiers
...
},
...
],
# end of subnet definitions
"host-reservation-identifiers": ["duid", "flex-id"],
# add "flex-id" to reservation identifiers
"hooks-libraries": [
{
"library": "/path/libdhcp_flex_id.so",
@ -128,7 +147,8 @@ for non-printable characters and do not require the use of the
}
},
...
]
],
...
}
The ``replace-client-id`` Flag

48
doc/sphinx/arm/hooks-ha.rst
View File

@ -1254,11 +1254,7 @@ default to ``true``:
::
{
"Dhcp4": {
...
"hooks-libraries": [
{
"library": "/usr/lib/kea/hooks/libdhcp_lease_cmds.so",
@ -1288,9 +1284,7 @@ default to ``true``:
}
}
],
...
}
In the most typical use case, both parameters are set to the same value, i.e.
@ -1353,11 +1347,7 @@ single page of leases from 60 seconds to 90 seconds:
::
{
"Dhcp4": {
...
"hooks-libraries": [
{
"library": "/usr/lib/kea/hooks/libdhcp_lease_cmds.so",
@ -1386,9 +1376,7 @@ single page of leases from 60 seconds to 90 seconds:
}
}
],
...
}
It is important to note that extending this ``sync-timeout`` value may sometimes
@ -1439,9 +1427,6 @@ the HA state machine to pause in the ``waiting`` state after server startup.
::
"Dhcp4": {
...
"hooks-libraries": [
{
"library": "/usr/lib/kea/hooks/libdhcp_lease_cmds.so",
@ -1477,9 +1462,7 @@ the HA state machine to pause in the ``waiting`` state after server startup.
}
}
],
...
}
The ``pause`` parameter value ``once`` denotes that the state machine should be
@ -1500,9 +1483,6 @@ Consider the following configuration:
::
"Dhcp4": {
...
"hooks-libraries": [
{
"library": "/usr/lib/kea/hooks/libdhcp_lease_cmds.so",
@ -1542,9 +1522,7 @@ Consider the following configuration:
}
}
],
...
}
This configuration instructs the server to pause the state machine every time it
@ -1674,8 +1652,6 @@ as illustrated below:
::
"Dhcp4": {
...
"hooks-libraries": [
{
"library": "/usr/lib/kea/hooks/libdhcp_lease_cmds.so",
@ -1686,14 +1662,12 @@ as illustrated below:
"parameters": {
"high-availability": [ {
"this-server-name": "server1",
...
"multi-threading": {
"enable-multi-threading": true,
"http-dedicated-listener": true,
"http-listener-threads": 4,
"http-client-threads": 4
},
...
"peers": [
// This is the configuration of this server instance.
{
@ -1721,8 +1695,19 @@ as illustrated below:
// primary as specified in the previous "peers"
// entry and in "this-server-name" before that.
"role": "secondary"
}
},
...
],
...
},
...
]
}
},
...
],
...
}
In the example above, HA+MT is enabled with four threads for the listener and
@ -1781,8 +1766,6 @@ fewer drops but with longer response times. Currently, the default value for
::
"Dhcp6": {
...
// Limit the number of concurrently parked packets to 128.
"parked-packet-limit": 128,
"hooks-libraries": [
@ -1796,6 +1779,13 @@ fewer drops but with longer response times. Currently, the default value for
"high-availability": [ {
"this-server-name": "server1",
...
} ]
}
},
...
],
...
}
.. note::

4
doc/sphinx/arm/hooks-host-cache.rst
View File

@ -41,7 +41,9 @@ any other hook library; for example, this configuration could be used:
"maximum": 1000
}
} ]
} ],
...
}
Once loaded, the Host Cache hook library provides a number of new
commands which can be used either over the control channel (see

36
doc/sphinx/arm/hooks-host-cmds.rst
View File

@ -71,7 +71,7 @@ servers.
"hooks-libraries": [
{
"library": "/path/libdhcp_host_cmds.so"
}
},
...
]
}
@ -269,7 +269,7 @@ follows:
}
}
``reservation-get`` typically returns the result 0 when a query was
The ``reservation-get`` typically returns the result 0 when a query was
conducted properly. In particular, 0 is returned when the host was not
found. If the query was successful, the host parameters are
returned. An example of a query that did not find the host looks as
@ -307,8 +307,7 @@ An example result returned when the query was malformed might look like this:
::
{ "result": 1, "text": "No 'ip-address' provided and 'identifier-type'
is either missing or not a string." }
{ "result": 1, "text": "No 'ip-address' provided and 'identifier-type' is either missing or not a string." }
.. _command-reservation-get-all:
@ -349,7 +348,6 @@ returns some IPv4 hosts:
"server-hostname": "server-hostname.example.org",
"subnet-id": 1
},
...
{
"boot-file-name": "bootfile.efi",
"client-classes": [ ],
@ -360,7 +358,8 @@ returns some IPv4 hosts:
"option-data": [ ],
"server-hostname": "server-hostname.example.org",
"subnet-id": 1
}
},
...
]
},
"result": 0,
@ -446,7 +445,6 @@ Some hosts are returned with information to get the next page:
"option-data": [ ],
"server-hostname": "server-hostname.example.org"
},
...
{
"boot-file-name": "bootfile.efi",
"client-classes": [ ],
@ -456,7 +454,8 @@ Some hosts are returned with information to get the next page:
"next-server": "192.0.0.2",
"option-data": [ ],
"server-hostname": "server-hostname.example.org"
}
},
...
],
"next": {
"from": 1234567,
@ -496,7 +495,7 @@ page is received. Its response will look like this:
"hosts": [ ]
},
"result": 3,
"0 IPv4 host(s) found."
"text": "0 IPv4 host(s) found."
}
This command is more complex than ``reservation-get-all``, but lets
@ -545,7 +544,6 @@ returns some IPv4 hosts:
"option-data": [ ],
"server-hostname": "server-hostname.example.org"
},
...
{
"boot-file-name": "bootfile.efi",
"client-classes": [ ],
@ -555,7 +553,8 @@ returns some IPv4 hosts:
"next-server": "192.0.0.2",
"option-data": [ ],
"server-hostname": "server-hostname.example.org"
}
},
...
]
},
"result": 0,
@ -617,7 +616,6 @@ returns some IPv4 hosts:
"server-hostname": "server-hostname.example.org",
"subnet-id": 123
},
...
{
"boot-file-name": "bootfile.efi",
"client-classes": [ ],
@ -628,7 +626,8 @@ returns some IPv4 hosts:
"option-data": [ ],
"server-hostname": "server-hostname.example.org",
"subnet-id": 345
}
},
...
]
},
"result": 0,
@ -679,14 +678,14 @@ follows:
{
"command": "reservation-del",
"arguments":
"arguments": {
"subnet-id": 4,
"identifier-type": "hw-address",
"identifier": "01:02:03:04:05:06"
}
}
``reservation-del`` returns a result of 0 when the host deletion was
The ``reservation-del`` returns a result of 0 when the host deletion was
successful, or 1 if it failed. Descriptive text is provided in the event of
an error. Here are some examples of possible results:
@ -697,6 +696,8 @@ an error. Here are some examples of possible results:
"text": "Host not deleted (not found)."
}
or
::
{
@ -704,12 +705,13 @@ an error. Here are some examples of possible results:
"text": "Host deleted."
}
or
::
{
"result": 1,
"text": "Unable to delete a host because there is no hosts-database
configured."
"text": "Unable to delete a host because there is no hosts-database configured."
}
.. _command-reservation-update:

25
doc/sphinx/arm/hooks-lease-cmds.rst
View File

@ -113,7 +113,7 @@ servers.
"hooks-libraries": [
{
"library": "/path/libdhcp_lease_cmds.so"
}
},
...
]
}
@ -166,7 +166,7 @@ subnet. For example:
}
}
``lease6-add`` can also be used to add leases for IPv6 prefixes. In this
The ``lease6-add`` can also be used to add leases for IPv6 prefixes. In this
case there are three additional parameters that must be specified:
``subnet-id``, ``type`` (set to "IA_PD"), and prefix length. The actual
prefix is set using the ``ip-address`` field. Note that Kea cannot guess
@ -355,7 +355,7 @@ listed in the response. For example:
{
"result": 0,
"text": "Bulk apply of 2 IPv6 leases completed".
"text": "Bulk apply of 2 IPv6 leases completed",
"arguments": {
"failed-deleted-leases": [
{
@ -681,7 +681,7 @@ The response has the following structure:
{
"ip-address": "2001:db8:5::3",
...
}
},
{
"ip-address": "2001:db8:4::1",
...
@ -689,8 +689,8 @@ The response has the following structure:
{
"ip-address": "2001:db8:2::7",
...
}
},
...
],
"count": 6
},
@ -840,10 +840,10 @@ This parameter defaults to ``false``. An example of its use is shown below:
}
``lease4-del`` and ``lease6-del`` return a result that indicates the outcome of the
operation. It has one of the following values: 0 (success), 1 (error),
or 3 (empty). The empty result means that a query has been completed
properly, but the object (a lease, in this case) has not been found.
The ``lease4-del`` and ``lease6-del`` return a result that indicates the outcome
of the operation. It has one of the following values: 0 (success), 1 (error),
or 3 (empty). The empty result means that a query has been completed properly,
but the object (a lease, in this case) has not been found.
.. _command-lease4-update:
@ -1000,8 +1000,9 @@ An example of the ``lease6-resend-ddns`` query is:
}
}
``lease4-resend-ddns`` and ``lease6-resend-ddns`` return an indication of the result of the operation.
It has one of the following values: 0 (success), 1 (error), or 3 (empty). An empty
The ``lease4-resend-ddns`` and ``lease6-resend-ddns`` return an indication of the
result of the operation.
it has one of the following values: 0 (success), 1 (error), or 3 (empty). An empty
result means that a query has been completed properly, but the object (a lease in
this case) has not been found.

20
doc/sphinx/arm/hooks-lease-query.rst
View File

@ -134,7 +134,7 @@ addresses:
::
:
{
"hooks-libraries": [
{
"library": "lib/kea/hooks/libdhcp_lease_query.so",
@ -143,7 +143,8 @@ addresses:
}
}
],
:
...
}
.. note::
@ -319,7 +320,7 @@ addresses:
::
:
{
"hooks-libraries": [
{
"library": "lib/kea/hooks/libdhcp_lease_query.so",
@ -329,7 +330,8 @@ addresses:
}
}
],
:
...
}
.. note::
@ -541,7 +543,7 @@ For instance, for DHCPv4:
::
:
{
"hooks-libraries": [
{
"library": "lib/kea/hooks/libdhcp_lease_query.so",
@ -563,13 +565,14 @@ For instance, for DHCPv4:
}
}
],
:
...
}
or for DHCPv6:
::
:
{
"hooks-libraries": [
{
"library": "lib/kea/hooks/libdhcp_lease_query.so",
@ -593,4 +596,5 @@ or for DHCPv6:
}
}
],
:
...
}

8
doc/sphinx/arm/hooks-legal-log.rst
View File

@ -474,6 +474,8 @@ Examples:
"response-parser-format": "ifelse(pkt4.msgtype == 5, 'Address: ' + addrtotext(pkt4.yiaddr) + ' has been assigned for ' + uint32totext(option[51].hex) + ' seconds to a device with hardware address: hwtype=' + substring(hexstring(pkt4.htype, ''), 7, 1) + ' ' + hexstring(pkt4.mac, ':') + ifelse(option[61].exists, ', client-id: ' + hexstring(option[61].hex, ':'), '') + ifelse(pkt4.giaddr == 0.0.0.0, '', ' connected via relay at address: ' + addrtotext(pkt4.giaddr) + ifelse(option[82].option[1].exists, ', circuit-id: ' + hexstring(option[82].option[1].hex, ':'), '') + ifelse(option[82].option[2].exists, ', remote-id: ' + hexstring(option[82].option[2].hex, ':'), '') + ifelse(option[82].option[6].exists, ', subscriber-id: ' + hexstring(option[82].option[6].hex, ':'), '')), '')"
}
Details:
.. raw:: html
<details><summary>Expand here!</summary>
@ -545,6 +547,8 @@ Examples:
"request-parser-format": "ifelse(pkt4.msgtype == 3, 'Address: ' + ifelse(option[50].exists, addrtotext(option[50].hex), addrtotext(pkt4.ciaddr)) + ' has been assigned' + ifelse(option[51].exists, ' for ' + uint32totext(option[51].hex) + ' seconds', '') + ' to a device with hardware address: hwtype=' + substring(hexstring(pkt4.htype, ''), 7, 1) + ' ' + hexstring(pkt4.mac, ':') + ifelse(option[61].exists, ', client-id: ' + hexstring(option[61].hex, ':'), '') + ifelse(pkt4.giaddr == 0.0.0.0, '', ' connected via relay at address: ' + addrtotext(pkt4.giaddr) + ifelse(option[82].option[1].exists, ', circuit-id: ' + hexstring(option[82].option[1].hex, ':'), '') + ifelse(option[82].option[2].exists, ', remote-id: ' + hexstring(option[82].option[2].hex, ':'), '') + ifelse(option[82].option[6].exists, ', subscriber-id: ' + hexstring(option[82].option[6].hex, ':'), '')), ifelse(pkt4.msgtype == 4 or pkt4.msgtype == 7, 'Address: ' + ifelse(option[50].exists, addrtotext(option[50].hex), addrtotext(pkt4.ciaddr)) + ' has been released from a device with hardware address: hwtype=' + substring(hexstring(pkt4.htype, ''), 7, 1) + ' ' + hexstring(pkt4.mac, ':') + ifelse(option[61].exists, ', client-id: ' + hexstring(option[61].hex, ':'), '') + ifelse(pkt4.giaddr == 0.0.0.0, '', ' connected via relay at address: ' + addrtotext(pkt4.giaddr) + ifelse(option[82].option[1].exists, ', circuit-id: ' + hexstring(option[82].option[1].hex, ':'), '') + ifelse(option[82].option[2].exists, ', remote-id: ' + hexstring(option[82].option[2].hex, ':'), '') + ifelse(option[82].option[6].exists, ', subscriber-id: ' + hexstring(option[82].option[6].hex, ':'), '')), ''))"
}
Details:
.. raw:: html
<details><summary>Expand here!</summary>
@ -804,6 +808,8 @@ Examples:
"response-parser-format": "ifelse(pkt6.msgtype == 7, ifelse(option[3].option[5].exists and not (substring(option[3].option[5].hex, 20, 4) == 0), 'Address: ' + addrtotext(substring(option[3].option[5].hex, 0, 16)) + ' has been assigned for ' + uint32totext(substring(option[3].option[5].hex, 20, 4)) + ' seconds to a device with DUID: ' + hexstring(option[1].hex, ':') + ifelse(relay6[0].peeraddr == '', '', ' connected via relay at address: ' + addrtotext(relay6[0].peeraddr) + ' for client on link address: ' + addrtotext(relay6[0].linkaddr) + ifelse(relay6[0].option[37].exists, ', remote-id: ' + hexstring(relay6[0].option[37].hex, ':'), '') + ifelse(relay6[0].option[38].exists, ', subscriber-id: ' + hexstring(relay6[0].option[38].hex, ':'), '') + ifelse(relay6[0].option[18].exists, ', connected at location interface-id: ' + hexstring(relay6[0].option[18].hex, ':'), '')), '') + ifelse(option[25].option[26].exists and not (substring(option[25].option[26].hex, 4, 4) == 0), 'Prefix: ' + addrtotext(substring(option[25].option[26].hex, 9, 16)) + '/' + uint8totext(substring(option[25].option[26].hex, 8, 1)) + ' has been assigned for ' + uint32totext(substring(option[25].option[26].hex, 4, 4)) + ' seconds to a device with DUID: ' + hexstring(option[1].hex, ':') + ifelse(relay6[0].peeraddr == '', '', ' connected via relay at address: ' + addrtotext(relay6[0].peeraddr) + ' for client on link address: ' + addrtotext(relay6[0].linkaddr) + ifelse(relay6[0].option[37].exists, ', remote-id: ' + hexstring(relay6[0].option[37].hex, ':'), '') + ifelse(relay6[0].option[38].exists, ', subscriber-id: ' + hexstring(relay6[0].option[38].hex, ':'), '') + ifelse(relay6[0].option[18].exists, ', connected at location interface-id: ' + hexstring(relay6[0].option[18].hex, ':'), '')), ''), '')"
}
Details:
.. raw:: html
<details><summary>Expand here!</summary>
@ -911,6 +917,8 @@ Examples:
"request-parser-format": "ifelse(pkt6.msgtype == 3 or pkt6.msgtype == 5 or pkt6.msgtype == 6, ifelse(option[3].option[5].exists, 'Address: ' + addrtotext(substring(option[3].option[5].hex, 0, 16)) + ' has been assigned for ' + uint32totext(substring(option[3].option[5].hex, 20, 4)) + ' seconds to a device with DUID: ' + hexstring(option[1].hex, ':') + ifelse(relay6[0].peeraddr == '', '', ' connected via relay at address: ' + addrtotext(relay6[0].peeraddr) + ' for client on link address: ' + addrtotext(relay6[0].linkaddr) + ifelse(relay6[0].option[37].exists, ', remote-id: ' + hexstring(relay6[0].option[37].hex, ':'), '') + ifelse(relay6[0].option[38].exists, ', subscriber-id: ' + hexstring(relay6[0].option[38].hex, ':'), '') + ifelse(relay6[0].option[18].exists, ', connected at location interface-id: ' + hexstring(relay6[0].option[18].hex, ':'), '')), '') + ifelse(option[25].option[26].exists, 'Prefix: ' + addrtotext(substring(option[25].option[26].hex, 9, 16)) + '/' + uint8totext(substring(option[25].option[26].hex, 8, 1)) + ' has been assigned for ' + uint32totext(substring(option[25].option[26].hex, 4, 4)) + ' seconds to a device with DUID: ' + hexstring(option[1].hex, ':') + ifelse(relay6[0].peeraddr == '', '', ' connected via relay at address: ' + addrtotext(relay6[0].peeraddr) + ' for client on link address: ' + addrtotext(relay6[0].linkaddr) + ifelse(relay6[0].option[37].exists, ', remote-id: ' + hexstring(relay6[0].option[37].hex, ':'), '') + ifelse(relay6[0].option[38].exists, ', subscriber-id: ' + hexstring(relay6[0].option[38].hex, ':'), '') + ifelse(relay6[0].option[18].exists, ', connected at location interface-id: ' + hexstring(relay6[0].option[18].hex, ':'), '')), ''), ifelse(pkt6.msgtype == 8 or pkt6.msgtype == 9, ifelse(option[3].option[5].exists, 'Address: ' + addrtotext(substring(option[3].option[5].hex, 0, 16)) + ' has been released from a device with DUID: ' + hexstring(option[1].hex, ':') + ifelse(relay6[0].peeraddr == '', '', ' connected via relay at address: ' + addrtotext(relay6[0].peeraddr) + ' for client on link address: ' + addrtotext(relay6[0].linkaddr) + ifelse(relay6[0].option[37].exists, ', remote-id: ' + hexstring(relay6[0].option[37].hex, ':'), '') + ifelse(relay6[0].option[38].exists, ', subscriber-id: ' + hexstring(relay6[0].option[38].hex, ':'), '') + ifelse(relay6[0].option[18].exists, ', connected at location interface-id: ' + hexstring(relay6[0].option[18].hex, ':'), '')), '') + ifelse(option[25].option[26].exists, 'Prefix: ' + addrtotext(substring(option[25].option[26].hex, 9, 16)) + '/' + uint8totext(substring(option[25].option[26].hex, 8, 1)) + ' has been released from a device with DUID: ' + hexstring(option[1].hex, ':') + ifelse(relay6[0].peeraddr == '', '', ' connected via relay at address: ' + addrtotext(relay6[0].peeraddr) + ' for client on link address: ' + addrtotext(relay6[0].linkaddr) + ifelse(relay6[0].option[37].exists, ', remote-id: ' + hexstring(relay6[0].option[37].hex, ':'), '') + ifelse(relay6[0].option[38].exists, ', subscriber-id: ' + hexstring(relay6[0].option[38].hex, ':'), '') + ifelse(relay6[0].option[18].exists, ', connected at location interface-id: ' + hexstring(relay6[0].option[18].hex, ':'), '')), ''), ''))"
}
Details:
.. raw:: html
<details><summary>Expand here!</summary>

6
doc/sphinx/arm/hooks-radius.rst
View File

@ -327,10 +327,12 @@ takes many parameters. For example, this configuration could be used:
# Specify which address to use to communicate with RADIUS servers
"bindaddr": "*",
...
# more RADIUS parameters here
}
} ]
} ],
...
}
RADIUS is a complicated environment. As such, it is not feasible
to provide a default configuration that works for everyone.

65
doc/sphinx/arm/hooks-rbac.rst
View File

@ -356,20 +356,22 @@ and hook name:
.. code-block:: javascript
...
{
"commands": [
{
"name": "my-new-command",
"access": "write",
"hook": "my-custom-hook"
}
]
],
...
}
The new command can then be specified in ``roles``:
.. code-block:: javascript
...
{
"roles": [
{
"name": "user1",
@ -380,11 +382,13 @@ The new command can then be specified in ``roles``:
},
{
"name": "user2",
"accept-commands": { "hook": "my-custom-hook" }
"accept-commands": { "hook": "my-custom-hook" },
"reject-commands": "ALL",
"list-match-first": "accept"
}
]
],
...
}
The second method is to create a custom file in ``.../share/kea/api`` and define
the access type of the custom command(s).
@ -394,7 +398,7 @@ file from ``.../share/kea/api`` and defining it in the ``commands`` global param
.. code-block:: javascript
...
{
"commands": [
{
"name": "dhcp-disable",
@ -402,6 +406,7 @@ file from ``.../share/kea/api`` and defining it in the ``commands`` global param
"hook": "my-custom-hook-3"
}
]
}
With this approach, an administrator can put the configurations of all existing
commands inside the Control Agent's configuration file.
@ -418,7 +423,7 @@ list and to reject anything else:
.. code-block:: javascript
...
{
"roles": [
{
"name": "user1",
@ -435,17 +440,18 @@ list and to reject anything else:
// This is the default but as the config relies on it
// it is explicitly set.
"list-match-first": "accept"
},
...
],
...
},
...
],
...
}
A common alternative is not to set the "reject-commands" list, i.e. leave
it empty and rely on "other-commands" to reject anything else.
.. code-block:: javascript
...
{
"roles": [
{
"name": "user2",
@ -461,16 +467,17 @@ it empty and rely on "other-commands" to reject anything else.
// This is the default but as the config relies on it
// it is explicitly set.
"other-commands": "reject"
},
...
],
...
},
...
],
...
}
It is also possible to do the opposite, i.e. to set only the "reject-commands" list:
.. code-block:: javascript
...
{
"roles": [
{
"name": "user3",
@ -482,27 +489,29 @@ It is also possible to do the opposite, i.e. to set only the "reject-commands" l
]
},
"other-commands": "accept"
},
...
],
...
},
...
],
...
}
Or use both lists with the exception in the "reject-commands" list,
which must be checked first as "config-get" has the read-access right.
.. code-block:: javascript
...
{
"roles": [
{
"name": "user4",
"accept-commands": "READ",
"reject-commands": { "commands": [ "config-get" ] },
"list-match-first": "reject"
},
...
],
...
},
...
],
...
}
To check any configuration, it is a good idea to use the "list-commands"
response filter, which shows errors such as missing (rejected) commands
@ -513,7 +522,7 @@ and later reused in ``roles``:
.. code-block:: javascript
...
{
"access-control-lists":[
{
"my-list-one":{
@ -566,4 +575,6 @@ and later reused in ``roles``:
"unknown-role":{
"accept-commands":"my-list-three",
"reject-commands":"ALL"
},
...
}

14
doc/sphinx/arm/hooks-stat-cmds.rst
View File

@ -45,7 +45,7 @@ parameters:
"hooks-libraries": [
{
"library": "/path/libdhcp_stat_cmds.so"
}
},
...
]
}
@ -118,7 +118,7 @@ in the range 10 through 50 from a ``kea-dhcp4`` server:
{
"command": "stat-lease4-get",
"arguments": {
"subnet-range" {
"subnet-range": {
"first-subnet-id": 10,
"last-subnet-id": 50
}
@ -210,12 +210,12 @@ The response to a DHCPv4 command might look as follows:
"text": "stat-lease4-get: 2 rows found",
"arguments": {
"result-set": {
"columns": [ "subnet-id", "total-addresses", "cumulative-assigned-addresses", "assigned-addresses", "declined-addresses" ]
"columns": [ "subnet-id", "total-addresses", "cumulative-assigned-addresses", "assigned-addresses", "declined-addresses" ],
"rows": [
[ 10, 256, 300, 111, 0 ],
[ 20, 4098, 2034, 2034, 4 ]
],
"timestamp": "2018-05-04 15:03:37.000000"
"timestamp": "2018-05-04 15:03:37.000000"
}
}
}
@ -231,13 +231,13 @@ PD pools:
"text": "stat-lease6-get: 2 rows found",
"arguments": {
"result-set": {
"columns": [ "subnet-id", "total-nas", "cumulative-assigned-nas", "assigned-nas", "declined-nas", "total-pds", "cumulative-assigned-pds", "assigned-pds" ]
"columns": [ "subnet-id", "total-nas", "cumulative-assigned-nas", "assigned-nas", "declined-nas", "total-pds", "cumulative-assigned-pds", "assigned-pds" ],
"rows": [
[ 10, 4096, 5000, 2400, 3, 0, 0, 0],
[ 20, 0, 0, 0, 0, 1048, 300, 233 ]
[ 20, 0, 0, 0, 0, 1048, 300, 233 ],
[ 30, 256, 60, 60, 0, 1048, 15, 15 ]
],
"timestamp": "2018-05-04 15:03:37.000000"
"timestamp": "2018-05-04 15:03:37.000000"
}
}
}

30
doc/sphinx/arm/hooks-subnet-cmds.rst
View File

@ -96,6 +96,7 @@ The list of subnets is returned in the following format:
"subnet": "192.0.2.0/24"
}
]
}
}
If no IPv4 subnets are found, an error code is returned along with the
@ -137,6 +138,7 @@ The list of subnets is returned in the following format:
"subnet": "3000::/16"
}
]
}
}
If no IPv6 subnets are found, an error code is returned along with the
@ -186,8 +188,11 @@ If the subnet exists, the response will be similar to this:
"subnet": "10.0.0.0/8",
"id": 1,
"option-data": [
....
]
{
...
},
...
],
...
}
]
@ -238,9 +243,12 @@ If the subnet exists, the response will be similar to this:
"subnet": "2001:db8:1::/64",
"id": 1,
"option-data": [
{
...
},
...
]
....
],
...
}
]
}
@ -785,14 +793,14 @@ to the default 'dhcp4' space.
"valid-lifetime": 0,
"id": 123,
"subnet": "10.20.30.0/24",
"option-data" [
"option-data": [
{ "name": "routers" }
]
],
"pools": [
{
"option-data": [
{ "code": 4 }
]
],
"pool": "10.20.30.11-10.20.30.20"
},
{
@ -862,9 +870,9 @@ option belongs to the default 'dhcp6' space.
"valid-lifetime": 0,
"id": 234,
"subnet": "2001:db8:1::/64",
"option-data" [
"option-data": [
{ "name": "dns-servers" }
]
],
"pd-pools": [
{
"prefix": "2001:db8:3::",
@ -884,7 +892,7 @@ option belongs to the default 'dhcp6' space.
{
"option-data": [
{ "code": 31 }
]
],
"pool": "2001:db8:1::11-2001:db8:1::20"
},
{
@ -1015,11 +1023,13 @@ An example response could look as follows:
{
"subnet": "192.0.2.0/24",
"id": 5,
...
# many other subnet-specific details here
},
{
"id": 6,
"subnet": "192.0.3.0/31",
...
# many other subnet-specific details here
}
],

3
doc/sphinx/arm/lease-expiration.rst
View File

@ -282,14 +282,11 @@ Consider the following configuration:
::
"Dhcp4": {
...
"expired-leases-processing": {
"reclaim-timer-wait-time": 3,
"hold-reclaimed-time": 1800,
"flush-reclaimed-timer-wait-time": 5
},
...
}

2
doc/sphinx/arm/logging.rst
View File

@ -825,7 +825,7 @@ logfile grows to 2MB, it should be renamed and a new file should be created.
"output": "/var/log/kea-debug.log",
"maxver": 8,
"maxsize": 204800,
"flush": true
"flush": true,
"pattern": "%d{%j %H:%M:%S.%q} %c %m\n"
}
],

2
src/share/api/config-test.json
View File

@ -19,7 +19,7 @@
"description": "See <xref linkend=\"command-config-test\"/>",
"name": "config-test",
"resp-syntax": [
"{ \"result\": 0, \"text\": \"Configuration seems sane...\" }",
"{ \"result\": 0, \"text\": \"Configuration seems sane.\" }",
"",
"or",
"",

4
src/share/api/network4-get.json
View File

@ -37,12 +37,12 @@
" {",
" \"subnet\": \"192.0.2.0/24\",",
" \"id\": 5,",
" // many other subnet specific details here",
" ...",
" },",
" {",
" \"subnet\": \"192.0.3.0/31\",",
" \"id\": 6,",
" // many other subnet specific details here",
" ...",
" }",
" ],",
" \"valid-lifetime\": 120",

4
src/share/api/network6-get.json
View File

@ -37,12 +37,12 @@
" {",
" \"subnet\": \"2003:db8:1::/64\",",
" \"id\": 5,",
" // many other subnet specific details here",
" ...",
" },",
" {",
" \"subnet\": \"2003:db8:2::/71\",",
" \"id\": 6,",
" // many other subnet specific details here",
" ...",
" }",
" ],",
" \"valid-lifetime\": 120",

57
tools/check-for-json-errors-in-doc.sh Executable file
View File

@ -0,0 +1,57 @@
#!/bin/bash
work_file=`mktemp`
for file in `find ./ | grep -v "\.git" | grep -v "_build" | grep -v "\/man\/" | grep "\.rst\|\.json" | grep -v "api\.rst" | sort`; do
json=0
comment=0
line_num=0
echo "processing: $file"
while read line; do
line_num=$((line_num+1))
if [ $comment -eq 0 -a $json -eq 0 -a `echo "$line" | grep -e "^\[A-Za-z]+" | wc -l` -eq 1 ]; then
continue
elif [ $comment -eq 0 -a `echo "$line" | grep -e "\/\*" | grep -v -e "\*\/" | wc -l` -eq 1 ]; then
comment=1
echo "" >> $work_file
continue
elif [ $comment -eq 1 -a `echo "$line" | grep "\*\/" | wc -l` -eq 1 ]; then
comment=0
echo "" >> $work_file
continue
elif [ $comment -eq 0 -a $json -eq 0 -a `echo "$line" | grep "^\s*{\|^\s*\".*{" | grep -v "}" | grep -v "key\|pre" | wc -l` -eq 1 ]; then
json=1
# ignore any map name before top level map
line=`echo "$line" | sed "s/.*{/{/g"`
echo "" > $work_file
elif [ $comment -eq 0 -a $json -eq 1 -a `echo "$line" | grep -e "^\s*[A-Za-z]" | wc -l` -eq 1 ]; then
json=0
cat $work_file | jq . > /dev/null
if [ $? -ne 0 ]; then
echo "file $file contains invalid JSON near line $line_num"
echo "===start of JSON block==="
cat $work_file
echo "====end of JSON block===="
fi
fi
if [ $comment -eq 0 -a $json -eq 1 ]; then
if [ `echo "$line" | grep -e "^\s*\.\.\s" | wc -l` -eq 1 ]; then
echo "" >> $work_file
else
if [ `echo "$file" | grep "\.json" | wc -l` -eq 0 ]; then
echo "$line" | cut -d "#" -f 1 | sed "s/\.\.\./\"placeholder\": 0/g" | sed "s/\/\/ .*//g" | sed "s/<?.*?>//g" >> $work_file
else
echo "$line" | cut -d "#" -f 1 | sed "s/\/\/ .*//g" | sed "s/<?.*?>//g" >> $work_file
fi
fi
fi
done <<< $(cat $file | sed ':a;N;$!ba;s/,\s*\n\s*\.\.\.//g' | sed 's/\\\"/\\\\\"/g' | sed 's/\\\\,/\\\\\\\\,/g')
if [ $comment -eq 0 -a $json -eq 1 ]; then
cat $work_file | jq . > /dev/null
if [ $? -ne 0 ]; then
echo "file $file contains invalid JSON near line $line_num"
echo "===start of JSON block==="
cat $work_file
echo "====end of JSON block===="
fi
fi
done
rm $work_file