From: Thomas Markwalder Date: Thu, 4 Sep 2025 19:51:15 +0000 (-0400) Subject: {#3961] Added warn log and updated ARM X-Git-Tag: Kea-3.1.2~62 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65cf56044bbfbb8a6fa69ee3e719ff30ce925b72;p=thirdparty%2Fkea.git {#3961] Added warn log and updated ARM /doc/sphinx/arm/hooks-cb-cmds.rst Updated definition delete command /src/lib/dhcpsrv/cfg_option.cc Added WARN log when an option fails to create /src/lib/dhcpsrv/dhcpsrv_messages.mes DHCPSRV_CFGMGR_OPTION_DEFINITION_MISMATCH --- diff --git a/doc/sphinx/arm/hooks-cb-cmds.rst b/doc/sphinx/arm/hooks-cb-cmds.rst index c345682f2b..216f12fa55 100644 --- a/doc/sphinx/arm/hooks-cb-cmds.rst +++ b/doc/sphinx/arm/hooks-cb-cmds.rst @@ -990,10 +990,43 @@ option space. For example: deletes the definition of the option associated with "server1", having the code of 1 and belonging to the option space "isc". The default option spaces are "dhcp4" and "dhcp6" for the DHCPv4 and DHCPv6 top-level options, respectively. If -there is no such option explicitly associated with "server1", no option is -deleted. To delete an option belonging to "all" servers, the keyword -"all" must be used as the server tag. The ``server-tags`` list must contain exactly -one tag and cannot include the ``null`` value. +there is no such option definition explicitly associated with "server1", no option +definition is deleted. To delete an option definition belonging to "all" servers, +the keyword "all" must be used as the server tag. The ``server-tags`` list must +contain exactly one tag and cannot include the ``null`` value. + +As of Kea 3.1.2, before deleting an option definition, the server will first +check if there are any options specified that depend upon that defintion. If +so the delete command will be rejected with an error message explaining why. +This default behavior may be overridden by ihcluding an optional ``force`` +parameter as shown below: + +.. code-block:: json + + { + "command": "remote-option-def6-del", + "arguments": { + "option-defs": [ + { + "code": 1, + "space": "isc", + "force": true + } + ], + "remote": { + "type": "mysql" + }, + "server-tags": [ "server1" ] + } + } + +.. note:: + + The ``force`` parameter should only be used after careful consideration. + Removing an option definition while a dependent option specfication exists + will cause that option to be excluded from the running configuration. + This parameter is provided to handle use cases where a definition may + need to be corrected while leaving the option in place. .. isccmd:: remote-option-def4-get .. _command-remote-option-def4-get: diff --git a/src/lib/dhcpsrv/cfg_option.cc b/src/lib/dhcpsrv/cfg_option.cc index 9a6b07e022..213a748115 100644 --- a/src/lib/dhcpsrv/cfg_option.cc +++ b/src/lib/dhcpsrv/cfg_option.cc @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -19,6 +20,7 @@ #include using namespace isc::data; +using namespace isc::log; namespace isc { namespace dhcp { @@ -189,9 +191,14 @@ CfgOption::createOptions(CfgOptionDefPtr cfg_def) { // based on the given definitions. for (auto const& space : getOptionSpaceNames()) { for (auto opt_desc : *(getAll(space))) { - if (createDescriptorOption(cfg_def, space, opt_desc)) { - // Option was recreated, let's replace the descriptor. - replace(opt_desc, space); + try { + if (createDescriptorOption(cfg_def, space, opt_desc)) { + // Option was recreated, let's replace the descriptor. + replace(opt_desc, space); + } + } catch (const InvalidOperation& ex) { + LOG_WARN(dhcpsrv_logger, DHCPSRV_CFGMGR_OPTION_DEFINITION_MISMATCH) + .arg(ex.what()); } } } diff --git a/src/lib/dhcpsrv/dhcpsrv_messages.cc b/src/lib/dhcpsrv/dhcpsrv_messages.cc index e2695f9417..9dea368556 100644 --- a/src/lib/dhcpsrv/dhcpsrv_messages.cc +++ b/src/lib/dhcpsrv/dhcpsrv_messages.cc @@ -27,6 +27,7 @@ extern const isc::log::MessageID DHCPSRV_CFGMGR_IP_RESERVATIONS_UNIQUE_DUPLICATE extern const isc::log::MessageID DHCPSRV_CFGMGR_IP_RESERVATIONS_UNIQUE_DUPLICATES_POSSIBLE = "DHCPSRV_CFGMGR_IP_RESERVATIONS_UNIQUE_DUPLICATES_POSSIBLE"; extern const isc::log::MessageID DHCPSRV_CFGMGR_NEW_SUBNET4 = "DHCPSRV_CFGMGR_NEW_SUBNET4"; extern const isc::log::MessageID DHCPSRV_CFGMGR_NEW_SUBNET6 = "DHCPSRV_CFGMGR_NEW_SUBNET6"; +extern const isc::log::MessageID DHCPSRV_CFGMGR_OPTION_DEFINITION_MISMATCH = "DHCPSRV_CFGMGR_OPTION_DEFINITION_MISMATCH"; extern const isc::log::MessageID DHCPSRV_CFGMGR_OPTION_DUPLICATE = "DHCPSRV_CFGMGR_OPTION_DUPLICATE"; extern const isc::log::MessageID DHCPSRV_CFGMGR_RENEW_GTR_REBIND = "DHCPSRV_CFGMGR_RENEW_GTR_REBIND"; extern const isc::log::MessageID DHCPSRV_CFGMGR_SOCKET_RAW_UNSUPPORTED = "DHCPSRV_CFGMGR_SOCKET_RAW_UNSUPPORTED"; @@ -206,6 +207,7 @@ const char* values[] = { "DHCPSRV_CFGMGR_IP_RESERVATIONS_UNIQUE_DUPLICATES_POSSIBLE", "setting \"ip-reservations-unique\" from false to true poses a risk that some host backends may still contain multiple reservations for the same IP address", "DHCPSRV_CFGMGR_NEW_SUBNET4", "a new subnet has been added to configuration: %1", "DHCPSRV_CFGMGR_NEW_SUBNET6", "a new subnet has been added to configuration: %1", + "DHCPSRV_CFGMGR_OPTION_DEFINITION_MISMATCH", "failed to create option: %1", "DHCPSRV_CFGMGR_OPTION_DUPLICATE", "multiple options with the code: %1 added to the subnet: %2", "DHCPSRV_CFGMGR_RENEW_GTR_REBIND", "in %1, the value of renew-timer %2 is greater than the value of rebind-timer %3, ignoring renew-timer", "DHCPSRV_CFGMGR_SOCKET_RAW_UNSUPPORTED", "use of raw sockets is unsupported on this OS, UDP sockets will be used", diff --git a/src/lib/dhcpsrv/dhcpsrv_messages.h b/src/lib/dhcpsrv/dhcpsrv_messages.h index 6598a9c364..926efc9bb6 100644 --- a/src/lib/dhcpsrv/dhcpsrv_messages.h +++ b/src/lib/dhcpsrv/dhcpsrv_messages.h @@ -28,6 +28,7 @@ extern const isc::log::MessageID DHCPSRV_CFGMGR_IP_RESERVATIONS_UNIQUE_DUPLICATE extern const isc::log::MessageID DHCPSRV_CFGMGR_IP_RESERVATIONS_UNIQUE_DUPLICATES_POSSIBLE; extern const isc::log::MessageID DHCPSRV_CFGMGR_NEW_SUBNET4; extern const isc::log::MessageID DHCPSRV_CFGMGR_NEW_SUBNET6; +extern const isc::log::MessageID DHCPSRV_CFGMGR_OPTION_DEFINITION_MISMATCH; extern const isc::log::MessageID DHCPSRV_CFGMGR_OPTION_DUPLICATE; extern const isc::log::MessageID DHCPSRV_CFGMGR_RENEW_GTR_REBIND; extern const isc::log::MessageID DHCPSRV_CFGMGR_SOCKET_RAW_UNSUPPORTED; diff --git a/src/lib/dhcpsrv/dhcpsrv_messages.mes b/src/lib/dhcpsrv/dhcpsrv_messages.mes index e258042bdb..a9083a52dd 100644 --- a/src/lib/dhcpsrv/dhcpsrv_messages.mes +++ b/src/lib/dhcpsrv/dhcpsrv_messages.mes @@ -1021,3 +1021,11 @@ disabled and the path specified for forensic logging output does not comply with the supported path. The server will still use the specified path but is warning that doing so may pose a security risk. + +% DHCPSRV_CFGMGR_OPTION_DEFINITION_MISMATCH failed to create option: %1 +This warning message is issued when an option has been specified for which +there is no suitable option definition. Either there is no defintion at all +or the option contents do not fit the option defintion. The argument will +provide a detailed reason for the failure. The server will continue to +operate but it will exclude the option from packet processing until the +situation is corrected. This is considered a configuration error.