kea-dev Digest, Vol 85, Issue 1

[kea-dev-request]

Send kea-dev mailing list submissions to
        kea-dev@lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.isc.org/mailman/listinfo/kea-dev
or, via email, send a message with subject or body 'help' to
        kea-dev-requ...@lists.isc.org

You can reach the person managing the list at
        kea-dev-ow...@lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of kea-dev digest..."


Today's Topics:

   1. Re:  boot-unknown-clients equivalent? (Philip Prindeville)
   2. Re:  boot-unknown-clients equivalent? (Peter Davies)


----------------------------------------------------------------------

Message: 1
Date: Tue, 2 May 2023 09:45:29 -0600
From: Philip Prindeville <philipp_s...@redfish-solutions.com>
To: Peter Davies <pet...@isc.org>
Cc: kea-dev@lists.isc.org
Subject: Re: [kea-dev] boot-unknown-clients equivalent?
Message-ID:
        <4050e717-fda2-4822-9558-8379ff2c0...@redfish-solutions.com>
Content-Type: text/plain;       charset=us-ascii

In this case, the local configuration was already using "boot-unknown-clients 
false;" so I don't think there's any (additional) risk.

How does one invoke that inside a subnet section?



> On Apr 30, 2023, at 4:48 AM, Peter Davies <pet...@isc.org> wrote:
> 
> Hi Philip,
> 
>   If you only employ host reservations, then the built-in "KNOW" class may be 
> use to restrict clients.
> 
> For example:
> 
>    "client-classes": [{
>            "name": "DROP",
>            "test": "not member('KNOWN')"} ],
> 
> ...
> 
> I advise caution, as this will drop all packet that are not associated with a 
> host reservation.
> 
> /Peter
> 
> 
> On 25/04/2023 03.46, Philip Prindeville wrote:
>> Hi,
>> 
>> I'm trying to port the isc-dhcp support in OpenWrt to migrate to Kea 
>> transparently.
>> 
>> I've tried to use keama to show me what the synthesized configs should look 
>> like, but there's a lot that keama doesn't handle that seems to be in the 
>> scope of what Kea is capable of.
>> 
>> For instance, "boot-unknown-clients false;" can be handled using the DROP 
>> class an not(member(KNOWN)) but I can't figure out the exact notation.
>> 
>> Can someone point me at an example?  I couldn't turn one up via google.
>> 
>> BTW, the existing code to take UCI config blocks and synthesize dhcpd.conf 
>> lives here:
>> 
>> https://github.com/openwrt/packages/blob/master/net/isc-dhcp/files/dhcpd.init
>> 
>> Thanks,
>> 
>> -Philip
>> 
> -- 
> kea-dev mailing list
> kea-dev@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-dev



------------------------------

Message: 2
Date: Wed, 3 May 2023 11:40:12 +0200
From: Peter Davies <pet...@isc.org>
To: Philip Prindeville <philipp_s...@redfish-solutions.com>
Cc: kea-dev@lists.isc.org
Subject: Re: [kea-dev] boot-unknown-clients equivalent?
Message-ID: <6c09a6e0-1e30-8269-e31c-8ff5d9987...@isc.org>
Content-Type: text/plain; charset=UTF-8; format=flowed

Hi Phillip,
 ?? This will only work if you define it globally.

If you only want to allow clients with reservations in a certain subnet 
then you
should create the subnet with no pool definitions.

Kind Regards Peter

On 02/05/2023 17.45, Philip Prindeville wrote:
> In this case, the local configuration was already using "boot-unknown-clients 
> false;" so I don't think there's any (additional) risk.
>
> How does one invoke that inside a subnet section?
>
>
>
>> On Apr 30, 2023, at 4:48 AM, Peter Davies <pet...@isc.org> wrote:
>>
>> Hi Philip,
>>
>>    If you only employ host reservations, then the built-in "KNOW" class may 
>> be use to restrict clients.
>>
>> For example:
>>
>>     "client-classes": [{
>>             "name": "DROP",
>>             "test": "not member('KNOWN')"} ],
>>
>> ...
>>
>> I advise caution, as this will drop all packet that are not associated with 
>> a host reservation.
>>
>> /Peter
>>
>>
>> On 25/04/2023 03.46, Philip Prindeville wrote:
>>> Hi,
>>>
>>> I'm trying to port the isc-dhcp support in OpenWrt to migrate to Kea 
>>> transparently.
>>>
>>> I've tried to use keama to show me what the synthesized configs should look 
>>> like, but there's a lot that keama doesn't handle that seems to be in the 
>>> scope of what Kea is capable of.
>>>
>>> For instance, "boot-unknown-clients false;" can be handled using the DROP 
>>> class an not(member(KNOWN)) but I can't figure out the exact notation.
>>>
>>> Can someone point me at an example?  I couldn't turn one up via google.
>>>
>>> BTW, the existing code to take UCI config blocks and synthesize dhcpd.conf 
>>> lives here:
>>>
>>> https://github.com/openwrt/packages/blob/master/net/isc-dhcp/files/dhcpd.init
>>>
>>> Thanks,
>>>
>>> -Philip
>>>
>> -- 
>> kea-dev mailing list
>> kea-dev@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/kea-dev

-- 
Peter Davies
Support Engineer
Internet Systems Corporation
pet...@isc.org
001 650-423-1460



------------------------------

Subject: Digest Footer

_______________________________________________
kea-dev mailing list
kea-dev@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-dev


------------------------------

End of kea-dev Digest, Vol 85, Issue 1
**************************************