kakkotetsu

RFC8910でDHCP option code 114がURLからDHCP Captive-Portalに変わっていた

DHCP Kea

Summary

タイトルの通りなんですが

2020/09にRFC化した"RFC8910 Captive-Portal Identification in DHCP and Router Advertisements (RAs)"で

  • "DHCP Captive-Portal"のDFCP option codeがかつては160だったが114に変わった
  • なのでDHCP option code 114が"URL"から"DHCP Captive-Portal"に変わった
    • DHCPサーバの実装としてISC dhcpdやKeaではdefault-urlとして知られていたもの

以下はRFC8910のAbstractから抜粋

   This document replaces RFC 7710, which used DHCP code point 160.  Due
   to a conflict, this document specifies 114.  Consequently, this
   document also updates RFC 3679.

DHCPサーバ実装の一つとしてISC Keaの場合はversion 2.1.2から設定名が変わってはいるものの、フォーマットとしては変わらずstringでURIを書けば良く、設定ファイルのdefault-urlv4-captive-portalに書き換えれば良いとのことです。
以下はKeaのドキュメントからの抜粋。

The default-url option was replaced with v4-captive-portal in Kea 2.1.2, as introduced by RFC 8910. The new option has exactly the same format as the old one. The general perception is that default-url was seldom used. If you used it and migrating, please replace default-url with v4-captive-portal and your configuration will continue to work as before.

リンク集

本件に関する参考リンク集です。

おまけ ~ Kea Upgrade from 1.6.3 to 2.2.0 ~

今回Keaを1.6.3から2.2.0にupgradeした際に設定ファイルの設定名の問題でisc-kea-dhcp4-server.serviceの起動に失敗したことでこの件を知りました。
そんなわけでUpgradeした時の記録をおまけとしてつけておきます。
公式ドキュメントは Upgrading to a Newer Version of Kea この辺。

事前の環境情報など
Ubuntu 22.04にKea 1.6.3が入っています。

$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy


$ apt show isc-kea-common
Package: isc-kea-common
Version: 1.6.3-isc0044120200730112858
Status: install ok installed
Priority: optional
Section: libs
Source: isc-kea
Maintainer: Kea <isc-kea@packages.debian.org>
Installed-Size: 12.1 MB
Depends: adduser, libboost-system1.65.1, libc6 (>= 2.15), libgcc1 (>= 1:3.0), liblog4cplus-1.1-9, libmysqlclient20 (>= 5.7.11), libpq5 (>= 9.1~), libssl1.1 (>= 1.1.0), libstdc++6 (>= 5.2)
Conflicts: kea-common
Homepage: http://kea.isc.org/
Download-Size: unknown
APT-Manual-Installed: no
APT-Sources: /var/lib/dpkg/status
Description: Common libraries for the ISC Kea DHCP server
 Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
 .
 This package provides common libraries used by ISC Kea servers and utilities.


$ apt show isc-kea-dhcp4-server
Package: isc-kea-dhcp4-server
Version: 1.6.3-isc0044120200730112858
Status: install ok installed
Priority: optional
Section: net
Source: isc-kea
Maintainer: Kea <isc-kea@packages.debian.org>
Installed-Size: 1097 kB
Depends: isc-kea-common (= 1.6.3-isc0044120200730112858), lsb-base, libboost-system1.65.1, libc6 (>= 2.14), libgcc1 (>= 1:3.0), libstdc++6 (>= 5.2)
Recommends: libcap2-bin
Suggests: isc-kea-doc
Conflicts: kea-dhcp4-server
Homepage: http://kea.isc.org/
Download-Size: unknown
APT-Manual-Installed: yes
APT-Sources: /var/lib/dpkg/status
Description: ISC Kea IPv4 DHCP server
 Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium
 providing a very high-performance with PostgreSQL, MySQL and memfile backends.
 .
 This package provides the IPv4 DHCP server.



$ more /etc/apt/sources.list.d/isc-kea-1-6.list*
::::::::::::::
/etc/apt/sources.list.d/isc-kea-1-6.list
::::::::::::::
# Source: Cloudsmith (support@cloudsmith.io)
# Repository: ISC - Internet Systems Consortium / kea-1.6
# Description: Kea 1.6. This is the current STABLE version of the Kea DHCPv4/DHCPv6/DDNS server.

# deb https://dl.cloudsmith.io/public/isc/kea-1-6/deb/ubuntu focal main # disabled on upgrade to focal

# deb-src https://dl.cloudsmith.io/public/isc/kea-1-6/deb/ubuntu bionic main
::::::::::::::
/etc/apt/sources.list.d/isc-kea-1-6.list.distUpgrade
::::::::::::::
# Source: Cloudsmith (support@cloudsmith.io)
# Repository: ISC - Internet Systems Consortium / kea-1.6
# Description: Kea 1.6. This is the current STABLE version of the Kea DHCPv4/DHCPv6/DDNS server.

# deb https://dl.cloudsmith.io/public/isc/kea-1-6/deb/ubuntu focal main # disabled on upgrade to focal

# deb-src https://dl.cloudsmith.io/public/isc/kea-1-6/deb/ubuntu bionic main

これらはUbuntu 18.04の時にCloudsmithのリポジトリを使って入れたものです。OSのパッケージとCloudsmithのパッケージに関しては以下を参照下さい。

2022/10時点のstable版である2.2系のCloudsmithリポジトリを使うことに。

$ curl -1sLf \
  'https://dl.cloudsmith.io/public/isc/kea-2-2/setup.deb.sh' \
  | sudo -E bash
Executing the  setup script for the 'isc/kea-2-2' repository ...

   OK: Checking for required executable 'curl' ...
   OK: Checking for required executable 'apt-get' ...
   OK: Detecting your OS distribution and release using system methods ...
 ^^^^: ... Detected/provided for your OS/distribution, version and architecture:
 >>>>:
 >>>>: ... distro=ubuntu  version=22.04  codename=jammy  arch=x86_64
 >>>>:
   OK: Checking for apt dependency 'apt-transport-https' ...
   OK: Checking for apt dependency 'ca-certificates' ...
   OK: Checking for apt dependency 'gnupg' ...
  RUN: Importing 'isc/kea-2-2' repository GPG key ...gpg: WARNING: unsafe ownership on homedir '/home/kotetsu/.gnupg'
   OK: Checking for apt signed-by key support ...
   OK: Importing 'isc/kea-2-2' repository GPG key ...
   OK: Checking if upstream install config is OK ...
   OK: Installing 'isc/kea-2-2' repository via apt ...
   OK: Updating apt repository metadata cache ...
   OK: The repository has been installed successfully - You're ready to rock!


$ cat /etc/apt/sources.list.d/isc-kea-2-2.list
# Source: ISC - Internet Systems Consortium
# Site: https://www.isc.org
# Repository: ISC - Internet Systems Consortium / kea-2-2
# Description: A certifiably-awesome public package repository curated by ISC - Internet Systems Consortium, hosted by Cloudsmith.


deb [signed-by=/usr/share/keyrings/isc-kea-2-2-archive-keyring.gpg] https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy main

deb-src [signed-by=/usr/share/keyrings/isc-kea-2-2-archive-keyring.gpg] https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy main

どうせコメントアウトされているけど古いのを除外しつつ

$ sudo mv /etc/apt/sources.list.d/isc-kea-1-6.list* ~/work/kea/

$ sudo apt-get clean

$ sudo apt update
Get:1 https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy InRelease [5104 B]
Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [114 kB]
Get:5 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB]
Fetched 219 kB in 4s (60.8 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
4 packages can be upgraded. Run 'apt list --upgradable' to see them.


$ apt list --upgradable
Listing... Done
isc-kea-admin/jammy 2.2.0-isc20220726061131 amd64 [upgradable from: 1.6.3-isc0044120200730112858]
isc-kea-common/jammy 2.2.0-isc20220726061131 amd64 [upgradable from: 1.6.3-isc0044120200730112858]
isc-kea-ctrl-agent/jammy 2.2.0-isc20220726061131 amd64 [upgradable from: 1.6.3-isc0044120200730112858]
isc-kea-dhcp4-server/jammy 2.2.0-isc20220726061131 amd64 [upgradable from: 1.6.3-isc0044120200730112858]


$ sudo apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  libboost-system1.65.1 liblog4cplus-1.1-9 libmysqlclient20
Use 'sudo apt autoremove' to remove them.
Try Ubuntu Pro beta with a free personal subscription on up to 5 machines.
Learn more at https://ubuntu.com/pro
The following NEW packages will be installed:
  liblog4cplus-2.0.5 libmysqlclient21 python3-isc-kea-connector
The following packages will be upgraded:
  isc-kea-admin isc-kea-common isc-kea-ctrl-agent isc-kea-dhcp4-server
4 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 5533 kB of archives.
After this operation, 9501 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y

...

sudo apt upgrade中に確認が入りますが設定ファイルは現行のものを残すようにしました。

Configuration file '/etc/kea/kea-ctrl-agent.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** kea-ctrl-agent.conf (Y/I/N/O/D/Z) [default=N] ? N


...

Configuration file '/etc/kea/kea-dhcp4.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** kea-dhcp4.conf (Y/I/N/O/D/Z) [default=N] ? N

...

後処理して一応reboot

$ sudo apt autoclean -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done


$ sudo apt autoremove -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
  libboost-system1.65.1 liblog4cplus-1.1-9 libmysqlclient20
0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded.
After this operation, 4636 kB disk space will be freed.
(Reading database ... 110648 files and directories currently installed.)
Removing libboost-system1.65.1:amd64 (1.65.1+dfsg-0ubuntu5) ...
Removing liblog4cplus-1.1-9 (1.1.2-3.2build1) ...
Removing libmysqlclient20:amd64 (5.7.39-0ubuntu0.18.04.2) ...
Processing triggers for libc-bin (2.35-0ubuntu3.1) ...


$ sudo reboot

するとisc-kea-dhcp4-server.serviceがfailedになってしまい、この記事の問題を知りました。(先にリリースノートをちゃんと熟読しておらず...)

$ journalctl -u isc-kea-dhcp4-server.service | less
...
ERROR [kea-dhcp4.dhcp4/590] DHCP4_PARSER_FAIL failed to create or run parser for configuration element client-classes: definition for the option 'dhcp4.default-url' does not exist (/etc/kea/kea-dhcp4.conf:2>

で単純に設定ファイルのs/default-url/v4-captive-portal/gで対応

$ sudo sed -ie 's/default-url/v4-captive-portal/g' /etc/kea/kea-dhcp4.conf
$ sudo grep default-url /etc/kea/kea-dhcp4.conf
$ sudo grep v4-captive-portal /etc/kea/kea-dhcp4.conf
        //    "name": "v4-captive-portal",
                    "name": "v4-captive-portal",
                    "name": "v4-captive-portal",
                    "name": "v4-captive-portal",
                #    "name": "v4-captive-portal",


$ sudo systemctl restart isc-kea-dhcp4-server.service

今度は別のエラーで起動失敗
まあ書いてある通りKeaのバックエンドに使っているMySQLのschemaが古い模様

$ journalctl -u isc-kea-dhcp4-server.service | less
...
ERROR [kea-dhcp4.dhcp4/1219.140587984404096] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/etc/kea/kea-dhcp4.conf': Unable to open database: MySQL schema version mismatc>

公式ドキュメント 4.3.2.2. Upgrading a MySQL Database From an Earlier Version of Kea に従いshemaのアップデートします。
が...何やらまたエラーが...。

$ kea-admin db-version mysql -u kea -p password -n kea
mysql: [Warning] Using a password on the command line interface can be insecure.
8.2


$ kea-admin db-upgrade mysql -u kea -p password -n kea
Database version reported before upgrade: mysql: [Warning] Using a password on the command line interface can be insecure.
8.2

Verifying upgrade permissions for kea
mysql: [Warning] Using a password on the command line interface can be insecure.
MySQL Version is: 8.0.30
mysql: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1419 (HY000) at line 1: You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)
ERROR/kea-admin: mysql_can_create cannot trigger, check user permissions, mysql status = 1
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR/kea-admin: Create failed, the user, kea, has insufficient privileges.

公式ドキュメント 4.3.2.1. First-Time Creation of the MySQL Database に対処方法が書いてある通りlog_bin_trust_function_creatorsを1に設定します。

# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 22
Server version: 8.0.30 MySQL Community Server - GPL

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> set @@global.log_bin_trust_function_creators = 1;
Query OK, 0 rows affected (0.00 sec)

mysql> quit
Bye

#

これでschemaのアップデートができました。

$ kea-admin db-upgrade mysql -u kea -p password -n kea
Database version reported before upgrade: mysql: [Warning] Using a password on the command line interface can be insecure.
8.2

Verifying upgrade permissions for kea
mysql: [Warning] Using a password on the command line interface can be insecure.
MySQL Version is: 8.0.30
mysql: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
mysql: [Warning] Using a password on the command line interface can be insecure.
Processing /usr/share/kea/scripts/mysql/upgrade_001.0_to_002.0.sh file...
mysql: [Warning] Using a password on the command line interface can be insecure.
This script upgrades 1.0 to 2.0. Reported version is 8.2. Skipping upgrade.

...

Database version reported after upgrade: mysql: [Warning] Using a password on the command line interface can be insecure.
14.0


$ kea-admin db-version mysql -u kea -p password -n kea
mysql: [Warning] Using a password on the command line interface can be insecure.
14.0

これで正常起動しました。

$ sudo systemctl restart isc-kea-dhcp4-server.service

事後バージョン

$ sudo apt show isc-kea-common
Package: isc-kea-common
Version: 2.2.0-isc20220726061131
Priority: optional
Section: libs
Source: isc-kea
Maintainer: Kea <isc-kea@packages.debian.org>
Installed-Size: 13.0 MB
Depends: adduser, libc6 (>= 2.34), libgcc-s1 (>= 3.3.1), liblog4cplus-2.0.5 (>= 2.0.5), libmysqlclient21 (>= 8.0.11), libpq5 (>= 9.1~), libssl3 (>= 3.0.0~~alpha1), libstdc++6 (>= 12)
Conflicts: kea-common
Homepage: http://kea.isc.org/
Download-Size: 3282 kB
APT-Manual-Installed: no
APT-Sources: https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy/main amd64 Packages
Description: Common libraries for the ISC Kea DHCP server
 Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium.
 .
 This package provides common libraries used by ISC Kea servers and utilities.
 It also contains a base set of hook libraries: bootp, ha, flex_option,
 lease_cmds, mysql_cb, pgsql_cb, stat_cmds and run_script.


$ sudo apt show isc-kea-dhcp4-server
Package: isc-kea-dhcp4-server
Version: 2.2.0-isc20220726061131
Priority: optional
Section: net
Source: isc-kea
Maintainer: Kea <isc-kea@packages.debian.org>
Installed-Size: 1110 kB
Depends: isc-kea-common (= 2.2.0-isc20220726061131), lsb-base, libc6 (>= 2.34), libgcc-s1 (>= 3.3.1), libstdc++6 (>= 12)
Recommends: libcap2-bin
Suggests: isc-kea-doc
Conflicts: kea-dhcp4-server
Homepage: http://kea.isc.org/
Download-Size: 359 kB
APT-Manual-Installed: yes
APT-Sources: https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy/main amd64 Packages
Description: ISC Kea IPv4 DHCP server
 Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium
 providing a very high-performance with PostgreSQL, MySQL and memfile backends.
 .
 This package provides the IPv4 DHCP server.

最後に

僕らがあんなに慣れ親しんだ"DHCP option code 114 = URL"という常識が2年も前に変わっていたこと、それに気付かなかったことに驚いたので記録として残しておきました。では。