ISC Consortium
Kea DHCP server yakavakirwa paBIND 10 uye
Ruzivo nezve kero dzakagoverwa uye maparamendi evatengi anogona kuchengetwa mumhando dzakasiyana dzekuchengetera - parizvino backends dzakapihwa kuchengetwa mumafaira eCSV, MySQL DBMS, Apache Cassandra uye PostgreSQL. Host reservation parameters inogona kutsanangurwa mufaira rekugadzirisa muJSON fomati kana setafura muMySQL nePostgreSQL. Inosanganisira perfdhcp chishandiso chekuyera DHCP server kuita uye zvikamu zvekuunganidza manhamba. Kea inoratidza kuita kwakanaka, semuenzaniso, kana uchishandisa MySQL backend, sevha inogona kuita 1000 kero migove pasekondi (inenge 4000 mapaketi pasekondi), uye kana uchishandisa memfile backend, kuita kunosvika 7500 assignments pasekondi.
Key
- A configuration backend (CB, Configuration Backend) yakaitwa, ichikutendera kuti utarise nepakati marongero emaseva akati wandei eDHCPv4 uye DHCPv6. Iyo yekumashure inogona kushandiswa kuchengetedza akawanda Kea marongero, anosanganisira epasi rose, akagovaniswa network, subnets, sarudzo, madziva, uye sarudzo tsananguro. Panzvimbo pekuchengetedza ese aya marongero mune yemuno faira yekumisikidza, ivo zvino vanogona kuiswa mune yekunze dhatabhesi. Muchiitiko ichi, zvinokwanisika kuona kwete ese, asi mamwe ezvigadziriso kuburikidza neCB, akafukidza maparameter kubva kune yekunze dhatabhesi uye emunharaunda magadzirirwo mafaera (semuenzaniso, network interface marongero anogona kusiiwa mumafaira emunharaunda).
PamaDBMS ekuchengetedza zvigadziriso, MySQL chete ndiyo iri kutsigirwa parizvino (MySQL, PostgreSQL neCassandra inogona kushandiswa kuchengeta kero yekupihwa dhatabhesi (lease), uye MySQL nePostgreSQL inogona kushandiswa kuchengetedza mauto. Kugadziriswa mudhatabhesi kunogona kuchinjwa kana kuburikidza nekusvika kwakananga kuDBMS kana kuburikidza neakagadzirirwa akagadzirirwa maraibhurari anopa chiyero chemirairo yekugadziriswa kwekugadzirisa, zvakadai sekuwedzera nekudzima parameters, bindings, DHCP sarudzo uye subnets;
- Yakawedzera kirasi itsva ye "DROP" yekubata (mapakiti ose akabatanidzwa nekirasi yeDROP anobva angodonhedzwa), iyo inogona kushandiswa kudonhedza traffic isingadikanwi, semuenzaniso, mamwe marudzi eDHCP mameseji;
- New paramita max-lease-time uye min-lease-nguva yakawedzerwa, zvichikutendera kuti uone hupenyu hwekero inosunga kumutengi (rease) kwete muchimiro cheiyo hard-coded value, asi muchimiro che inogamuchirika range;
- Yakavandudzwa kuenderana nemidziyo isingaenderane zvizere neDHCP zviyero. Kuti agadzirise nyaya, Kea zvino anotumira DHCPv4 ruzivo rwemhando yemeseji pakutanga chaipo pesarudzo runyorwa, inobata mamiririro akasiyana emazita evatambi, inoziva kutumirwa kwezita risina chinhu, uye inobvumira suboption codes 0 kuburikidza ne255 kuti itsanangurwe;
- Iyo yakaparadzana yekudzora socket yakawedzerwa kune iyo DDNS daemon, kuburikidza iyo iwe unogona kutumira zvakananga mirairo uye kuita shanduko yekuchinja. Iyi mirairo inotevera inotsigirwa: kuvaka-report, config-get, config-reload, config-set, config-test, config-write, list-commands, shutdown uye shanduro-tora;
- Yakabviswa
vulnerabilities (CVE-2019-6472, CVE-2019-6473, CVE-2019-6474), iyo inogona kushandiswa kukonzera kurambwa kwebasa (zvichikonzera kuparara kweDHCPv4 uye DHCPv6 sevanobata) nekutumira zvikumbiro nesarudzo dzisina kururama uye maitiro. Ngozi huru idambudzikoSVE-2019-6474 , iyo, kana memfile kuchengetedza inoshandiswa pakusungirirwa, inoita kuti zvibvirire kutangazve sevhavha yega yega, saka kupindira kwemanyore nemutungamiri (kuchenesa dhatabhesi yekubatanidza) kunodiwa kuti udzorere kushanda.
Source: opennet.ru