RFC8910でDHCP option code 114がURLからDHCP Captive-Portalに変わっていた
Summary
タイトルの通りなんですが
2020/09にRFC化した"RFC8910 Captive-Portal Identification in DHCP and Router Advertisements (RAs)"で
- "DHCP Captive-Portal"のDFCP option codeがかつては160だったが114に変わった
- なのでDHCP option code 114が"URL"から"DHCP Captive-Portal"に変わった
- DHCPサーバの実装としてISC dhcpdやKeaでは
default-url
として知られていたもの
- DHCPサーバの実装としてISC dhcpdやKeaでは
以下はRFC8910のAbstractから抜粋
This document replaces RFC 7710, which used DHCP code point 160. Due to a conflict, this document specifies 114. Consequently, this document also updates RFC 3679.
でDHCPサーバ実装の一つとしてISC Keaの場合はversion 2.1.2から設定名が変わってはいるものの、フォーマットとしては変わらずstringでURIを書けば良く、設定ファイルのdefault-url
をv4-captive-portal
に書き換えれば良いとのことです。
以下はKeaのドキュメントからの抜粋。
The default-url option was replaced with v4-captive-portal in Kea 2.1.2, as introduced by RFC 8910. The new option has exactly the same format as the old one. The general perception is that default-url was seldom used. If you used it and migrating, please replace default-url with v4-captive-portal and your configuration will continue to work as before.
リンク集
本件に関する参考リンク集です。
- 標準
- RFC 8910 / Captive-Portal Identification in DHCP and Router Advertisements (RAs)
- IANA / Dynamic Host Configuration Protocol (DHCP) and Bootstrap Protocol (BOOTP) Parameters
- "BOOTP Vendor Extensions and DHCP Options"のTag 114, 160のところがそれぞれ書き換わっている
- Kea関係
- release notes 2.1.2
- Captive portal option - RFC 8910
- この実装変更のIssues
- Kea 2.1.1 doc / 8.2.10. Standard DHCPv4 Options
- 一覧表でoption 114が"default-url"、160が"v4-captive-portal"になっている
- Kea 2.1.2 doc / 8.2.10. Standard DHCPv4 Options
- 一覧表でoption 114が"v4-captive-portal"になっている
- Noteとしてsummaryに書いた"The default-url option was replaced with v4-captive-portal in Kea 2.1.2, as introduced by RFC 8910. The new option has exactly the same format as the old one. The general perception is that default-url was seldom used. If you used it and migrating, please replace default-url with v4-captive-portal and your configuration will continue to work as before."が書かれている
おまけ ~ Kea Upgrade from 1.6.3 to 2.2.0 ~
今回Keaを1.6.3から2.2.0にupgradeした際に設定ファイルの設定名の問題でisc-kea-dhcp4-server.service
の起動に失敗したことでこの件を知りました。
そんなわけでUpgradeした時の記録をおまけとしてつけておきます。
公式ドキュメントは Upgrading to a Newer Version of Kea この辺。
事前の環境情報など
Ubuntu 22.04にKea 1.6.3が入っています。
$ cat /etc/os-release PRETTY_NAME="Ubuntu 22.04.1 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.1 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy $ apt show isc-kea-common Package: isc-kea-common Version: 1.6.3-isc0044120200730112858 Status: install ok installed Priority: optional Section: libs Source: isc-kea Maintainer: Kea <isc-kea@packages.debian.org> Installed-Size: 12.1 MB Depends: adduser, libboost-system1.65.1, libc6 (>= 2.15), libgcc1 (>= 1:3.0), liblog4cplus-1.1-9, libmysqlclient20 (>= 5.7.11), libpq5 (>= 9.1~), libssl1.1 (>= 1.1.0), libstdc++6 (>= 5.2) Conflicts: kea-common Homepage: http://kea.isc.org/ Download-Size: unknown APT-Manual-Installed: no APT-Sources: /var/lib/dpkg/status Description: Common libraries for the ISC Kea DHCP server Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. . This package provides common libraries used by ISC Kea servers and utilities. $ apt show isc-kea-dhcp4-server Package: isc-kea-dhcp4-server Version: 1.6.3-isc0044120200730112858 Status: install ok installed Priority: optional Section: net Source: isc-kea Maintainer: Kea <isc-kea@packages.debian.org> Installed-Size: 1097 kB Depends: isc-kea-common (= 1.6.3-isc0044120200730112858), lsb-base, libboost-system1.65.1, libc6 (>= 2.14), libgcc1 (>= 1:3.0), libstdc++6 (>= 5.2) Recommends: libcap2-bin Suggests: isc-kea-doc Conflicts: kea-dhcp4-server Homepage: http://kea.isc.org/ Download-Size: unknown APT-Manual-Installed: yes APT-Sources: /var/lib/dpkg/status Description: ISC Kea IPv4 DHCP server Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium providing a very high-performance with PostgreSQL, MySQL and memfile backends. . This package provides the IPv4 DHCP server. $ more /etc/apt/sources.list.d/isc-kea-1-6.list* :::::::::::::: /etc/apt/sources.list.d/isc-kea-1-6.list :::::::::::::: # Source: Cloudsmith (support@cloudsmith.io) # Repository: ISC - Internet Systems Consortium / kea-1.6 # Description: Kea 1.6. This is the current STABLE version of the Kea DHCPv4/DHCPv6/DDNS server. # deb https://dl.cloudsmith.io/public/isc/kea-1-6/deb/ubuntu focal main # disabled on upgrade to focal # deb-src https://dl.cloudsmith.io/public/isc/kea-1-6/deb/ubuntu bionic main :::::::::::::: /etc/apt/sources.list.d/isc-kea-1-6.list.distUpgrade :::::::::::::: # Source: Cloudsmith (support@cloudsmith.io) # Repository: ISC - Internet Systems Consortium / kea-1.6 # Description: Kea 1.6. This is the current STABLE version of the Kea DHCPv4/DHCPv6/DDNS server. # deb https://dl.cloudsmith.io/public/isc/kea-1-6/deb/ubuntu focal main # disabled on upgrade to focal # deb-src https://dl.cloudsmith.io/public/isc/kea-1-6/deb/ubuntu bionic main
これらはUbuntu 18.04の時にCloudsmithのリポジトリを使って入れたものです。OSのパッケージとCloudsmithのパッケージに関しては以下を参照下さい。
2022/10時点のstable版である2.2系のCloudsmithリポジトリを使うことに。
$ curl -1sLf \ 'https://dl.cloudsmith.io/public/isc/kea-2-2/setup.deb.sh' \ | sudo -E bash Executing the setup script for the 'isc/kea-2-2' repository ... OK: Checking for required executable 'curl' ... OK: Checking for required executable 'apt-get' ... OK: Detecting your OS distribution and release using system methods ... ^^^^: ... Detected/provided for your OS/distribution, version and architecture: >>>>: >>>>: ... distro=ubuntu version=22.04 codename=jammy arch=x86_64 >>>>: OK: Checking for apt dependency 'apt-transport-https' ... OK: Checking for apt dependency 'ca-certificates' ... OK: Checking for apt dependency 'gnupg' ... RUN: Importing 'isc/kea-2-2' repository GPG key ...gpg: WARNING: unsafe ownership on homedir '/home/kotetsu/.gnupg' OK: Checking for apt signed-by key support ... OK: Importing 'isc/kea-2-2' repository GPG key ... OK: Checking if upstream install config is OK ... OK: Installing 'isc/kea-2-2' repository via apt ... OK: Updating apt repository metadata cache ... OK: The repository has been installed successfully - You're ready to rock! $ cat /etc/apt/sources.list.d/isc-kea-2-2.list # Source: ISC - Internet Systems Consortium # Site: https://www.isc.org # Repository: ISC - Internet Systems Consortium / kea-2-2 # Description: A certifiably-awesome public package repository curated by ISC - Internet Systems Consortium, hosted by Cloudsmith. deb [signed-by=/usr/share/keyrings/isc-kea-2-2-archive-keyring.gpg] https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy main deb-src [signed-by=/usr/share/keyrings/isc-kea-2-2-archive-keyring.gpg] https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy main
どうせコメントアウトされているけど古いのを除外しつつ
$ sudo mv /etc/apt/sources.list.d/isc-kea-1-6.list* ~/work/kea/ $ sudo apt-get clean $ sudo apt update Get:1 https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy InRelease [5104 B] Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:3 http://archive.ubuntu.com/ubuntu jammy InRelease Get:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [114 kB] Get:5 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [99.8 kB] Fetched 219 kB in 4s (60.8 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 4 packages can be upgraded. Run 'apt list --upgradable' to see them. $ apt list --upgradable Listing... Done isc-kea-admin/jammy 2.2.0-isc20220726061131 amd64 [upgradable from: 1.6.3-isc0044120200730112858] isc-kea-common/jammy 2.2.0-isc20220726061131 amd64 [upgradable from: 1.6.3-isc0044120200730112858] isc-kea-ctrl-agent/jammy 2.2.0-isc20220726061131 amd64 [upgradable from: 1.6.3-isc0044120200730112858] isc-kea-dhcp4-server/jammy 2.2.0-isc20220726061131 amd64 [upgradable from: 1.6.3-isc0044120200730112858] $ sudo apt upgrade Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: libboost-system1.65.1 liblog4cplus-1.1-9 libmysqlclient20 Use 'sudo apt autoremove' to remove them. Try Ubuntu Pro beta with a free personal subscription on up to 5 machines. Learn more at https://ubuntu.com/pro The following NEW packages will be installed: liblog4cplus-2.0.5 libmysqlclient21 python3-isc-kea-connector The following packages will be upgraded: isc-kea-admin isc-kea-common isc-kea-ctrl-agent isc-kea-dhcp4-server 4 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 5533 kB of archives. After this operation, 9501 kB of additional disk space will be used. Do you want to continue? [Y/n] Y ...
sudo apt upgrade
中に確認が入りますが設定ファイルは現行のものを残すようにしました。
Configuration file '/etc/kea/kea-ctrl-agent.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** kea-ctrl-agent.conf (Y/I/N/O/D/Z) [default=N] ? N ... Configuration file '/etc/kea/kea-dhcp4.conf' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. What would you like to do about it ? Your options are: Y or I : install the package maintainer's version N or O : keep your currently-installed version D : show the differences between the versions Z : start a shell to examine the situation The default action is to keep your current version. *** kea-dhcp4.conf (Y/I/N/O/D/Z) [default=N] ? N ...
後処理して一応reboot
$ sudo apt autoclean -y Reading package lists... Done Building dependency tree... Done Reading state information... Done $ sudo apt autoremove -y Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages will be REMOVED: libboost-system1.65.1 liblog4cplus-1.1-9 libmysqlclient20 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. After this operation, 4636 kB disk space will be freed. (Reading database ... 110648 files and directories currently installed.) Removing libboost-system1.65.1:amd64 (1.65.1+dfsg-0ubuntu5) ... Removing liblog4cplus-1.1-9 (1.1.2-3.2build1) ... Removing libmysqlclient20:amd64 (5.7.39-0ubuntu0.18.04.2) ... Processing triggers for libc-bin (2.35-0ubuntu3.1) ... $ sudo reboot
するとisc-kea-dhcp4-server.service
がfailedになってしまい、この記事の問題を知りました。(先にリリースノートをちゃんと熟読しておらず...)
$ journalctl -u isc-kea-dhcp4-server.service | less ... ERROR [kea-dhcp4.dhcp4/590] DHCP4_PARSER_FAIL failed to create or run parser for configuration element client-classes: definition for the option 'dhcp4.default-url' does not exist (/etc/kea/kea-dhcp4.conf:2>
で単純に設定ファイルのs/default-url/v4-captive-portal/g
で対応
$ sudo sed -ie 's/default-url/v4-captive-portal/g' /etc/kea/kea-dhcp4.conf $ sudo grep default-url /etc/kea/kea-dhcp4.conf $ sudo grep v4-captive-portal /etc/kea/kea-dhcp4.conf // "name": "v4-captive-portal", "name": "v4-captive-portal", "name": "v4-captive-portal", "name": "v4-captive-portal", # "name": "v4-captive-portal", $ sudo systemctl restart isc-kea-dhcp4-server.service
今度は別のエラーで起動失敗
まあ書いてある通りKeaのバックエンドに使っているMySQLのschemaが古い模様
$ journalctl -u isc-kea-dhcp4-server.service | less ... ERROR [kea-dhcp4.dhcp4/1219.140587984404096] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/etc/kea/kea-dhcp4.conf': Unable to open database: MySQL schema version mismatc>
公式ドキュメント 4.3.2.2. Upgrading a MySQL Database From an Earlier Version of Kea に従いshemaのアップデートします。
が...何やらまたエラーが...。
$ kea-admin db-version mysql -u kea -p password -n kea mysql: [Warning] Using a password on the command line interface can be insecure. 8.2 $ kea-admin db-upgrade mysql -u kea -p password -n kea Database version reported before upgrade: mysql: [Warning] Using a password on the command line interface can be insecure. 8.2 Verifying upgrade permissions for kea mysql: [Warning] Using a password on the command line interface can be insecure. MySQL Version is: 8.0.30 mysql: [Warning] Using a password on the command line interface can be insecure. mysql: [Warning] Using a password on the command line interface can be insecure. mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1419 (HY000) at line 1: You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable) ERROR/kea-admin: mysql_can_create cannot trigger, check user permissions, mysql status = 1 mysql: [Warning] Using a password on the command line interface can be insecure. ERROR/kea-admin: Create failed, the user, kea, has insufficient privileges.
公式ドキュメント 4.3.2.1. First-Time Creation of the MySQL Database に対処方法が書いてある通りlog_bin_trust_function_creators
を1に設定します。
# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 22 Server version: 8.0.30 MySQL Community Server - GPL Copyright (c) 2000, 2022, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> set @@global.log_bin_trust_function_creators = 1; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye #
これでschemaのアップデートができました。
$ kea-admin db-upgrade mysql -u kea -p password -n kea Database version reported before upgrade: mysql: [Warning] Using a password on the command line interface can be insecure. 8.2 Verifying upgrade permissions for kea mysql: [Warning] Using a password on the command line interface can be insecure. MySQL Version is: 8.0.30 mysql: [Warning] Using a password on the command line interface can be insecure. mysql: [Warning] Using a password on the command line interface can be insecure. mysql: [Warning] Using a password on the command line interface can be insecure. mysql: [Warning] Using a password on the command line interface can be insecure. Processing /usr/share/kea/scripts/mysql/upgrade_001.0_to_002.0.sh file... mysql: [Warning] Using a password on the command line interface can be insecure. This script upgrades 1.0 to 2.0. Reported version is 8.2. Skipping upgrade. ... Database version reported after upgrade: mysql: [Warning] Using a password on the command line interface can be insecure. 14.0 $ kea-admin db-version mysql -u kea -p password -n kea mysql: [Warning] Using a password on the command line interface can be insecure. 14.0
これで正常起動しました。
$ sudo systemctl restart isc-kea-dhcp4-server.service
事後バージョン
$ sudo apt show isc-kea-common Package: isc-kea-common Version: 2.2.0-isc20220726061131 Priority: optional Section: libs Source: isc-kea Maintainer: Kea <isc-kea@packages.debian.org> Installed-Size: 13.0 MB Depends: adduser, libc6 (>= 2.34), libgcc-s1 (>= 3.3.1), liblog4cplus-2.0.5 (>= 2.0.5), libmysqlclient21 (>= 8.0.11), libpq5 (>= 9.1~), libssl3 (>= 3.0.0~~alpha1), libstdc++6 (>= 12) Conflicts: kea-common Homepage: http://kea.isc.org/ Download-Size: 3282 kB APT-Manual-Installed: no APT-Sources: https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy/main amd64 Packages Description: Common libraries for the ISC Kea DHCP server Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium. . This package provides common libraries used by ISC Kea servers and utilities. It also contains a base set of hook libraries: bootp, ha, flex_option, lease_cmds, mysql_cb, pgsql_cb, stat_cmds and run_script. $ sudo apt show isc-kea-dhcp4-server Package: isc-kea-dhcp4-server Version: 2.2.0-isc20220726061131 Priority: optional Section: net Source: isc-kea Maintainer: Kea <isc-kea@packages.debian.org> Installed-Size: 1110 kB Depends: isc-kea-common (= 2.2.0-isc20220726061131), lsb-base, libc6 (>= 2.34), libgcc-s1 (>= 3.3.1), libstdc++6 (>= 12) Recommends: libcap2-bin Suggests: isc-kea-doc Conflicts: kea-dhcp4-server Homepage: http://kea.isc.org/ Download-Size: 359 kB APT-Manual-Installed: yes APT-Sources: https://dl.cloudsmith.io/public/isc/kea-2-2/deb/ubuntu jammy/main amd64 Packages Description: ISC Kea IPv4 DHCP server Kea is an IPv4 and IPv6 DHCP server developed by Internet Systems Consortium providing a very high-performance with PostgreSQL, MySQL and memfile backends. . This package provides the IPv4 DHCP server.
最後に
僕らがあんなに慣れ親しんだ"DHCP option code 114 = URL"という常識が2年も前に変わっていたこと、それに気付かなかったことに驚いたので記録として残しておきました。では。