ISC Consortium DHCP server kuburitswa , kutsiva yekare ISC DHCP. Project sources pasi rezinesi , panzvimbo yeISC License yaimboshandiswa kuISC DHCP.
Kea DHCP server yakavakirwa paBIND 10 uye uchishandisa modular architecture, zvinoreva kupatsanura mashandiro kuita akasiyana processor maitiro. Chigadzirwa chacho chinosanganisira yakazara-inoratidzwa sevha yekumisikidzwa nerutsigiro rweDHCPv4 uye DHCPv6 protocol, inokwanisa kutsiva ISC DHCP. Kea ine maturusi akavakirwa-mukati ekugadzirisa zvine simba nzvimbo dzeDNS (Dynamic DNS), inotsigira nzira dzekuwanikwa kweseva, kero yekupihwa, kuvandudza nekubatanidzazve, kusevha ruzivo zvikumbiro, kuchengetedza kero dzevagamuchiri, uye PXE booting. Kuitwa kweDHCPv6 kunopawo kugona kugovera prefixes. Yakakosha API inopihwa yekudyidzana neyekunze maapplication. Izvo zvinogoneka kugadzirisa iyo gadziriso pane nhunzi pasina kutangazve server.
Ruzivo nezve kero dzakagoverwa uye maparamendi evatengi anogona kuchengetwa mumhando dzakasiyana dzekuchengetera - parizvino backends dzakapihwa kuchengetwa mumafaira eCSV, MySQL DBMS, Apache Cassandra uye PostgreSQL. Host reservation parameters inogona kutsanangurwa mufaira rekugadzirisa muJSON fomati kana setafura muMySQL nePostgreSQL. Inosanganisira perfdhcp chishandiso chekuyera DHCP server kuita uye zvikamu zvekuunganidza manhamba. Kea inoratidza kuita kwakanaka, semuenzaniso, kana uchishandisa MySQL backend, sevha inogona kuita 1000 kero migove pasekondi (inenge 4000 mapaketi pasekondi), uye kana uchishandisa memfile backend, kuita kunosvika 7500 assignments pasekondi.
Key muKea 1.6:
- A configuration backend (CB, Configuration Backend) yakaitwa, ichikutendera kuti utarise nepakati marongero emaseva akati wandei eDHCPv4 uye DHCPv6. Iyo yekumashure inogona kushandiswa kuchengetedza akawanda Kea marongero, anosanganisira epasi rose, akagovaniswa network, subnets, sarudzo, madziva, uye sarudzo tsananguro. Panzvimbo pekuchengetedza ese aya marongero mune yemuno faira yekumisikidza, ivo zvino vanogona kuiswa mune yekunze dhatabhesi. Muchiitiko ichi, zvinokwanisika kuona kwete ese, asi mamwe ezvigadziriso kuburikidza neCB, akafukidza maparameter kubva kune yekunze dhatabhesi uye emunharaunda magadzirirwo mafaera (semuenzaniso, network interface marongero anogona kusiiwa mumafaira emunharaunda).
PamaDBMS ekuchengetedza zvigadziriso, MySQL chete ndiyo iri kutsigirwa parizvino (MySQL, PostgreSQL neCassandra inogona kushandiswa kuchengeta kero yekupihwa dhatabhesi (lease), uye MySQL nePostgreSQL inogona kushandiswa kuchengetedza mauto. Kugadziriswa mudhatabhesi kunogona kuchinjwa kana kuburikidza nekusvika kwakananga kuDBMS kana kuburikidza neakagadzirirwa akagadzirirwa maraibhurari anopa chiyero chemirairo yekugadziriswa kwekugadzirisa, zvakadai sekuwedzera nekudzima parameters, bindings, DHCP sarudzo uye subnets;
- Yakawedzera kirasi itsva ye "DROP" yekubata (mapakiti ose akabatanidzwa nekirasi yeDROP anobva angodonhedzwa), iyo inogona kushandiswa kudonhedza traffic isingadikanwi, semuenzaniso, mamwe marudzi eDHCP mameseji;
- New paramita max-lease-time uye min-lease-nguva yakawedzerwa, zvichikutendera kuti uone hupenyu hwekero inosunga kumutengi (rease) kwete muchimiro cheiyo hard-coded value, asi muchimiro che inogamuchirika range;
- Yakavandudzwa kuenderana nemidziyo isingaenderane zvizere neDHCP zviyero. Kuti agadzirise nyaya, Kea zvino anotumira DHCPv4 ruzivo rwemhando yemeseji pakutanga chaipo pesarudzo runyorwa, inobata mamiririro akasiyana emazita evatambi, inoziva kutumirwa kwezita risina chinhu, uye inobvumira suboption codes 0 kuburikidza ne255 kuti itsanangurwe;
- Iyo yakaparadzana yekudzora socket yakawedzerwa kune iyo DDNS daemon, kuburikidza iyo iwe unogona kutumira zvakananga mirairo uye kuita shanduko yekuchinja. Iyi mirairo inotevera inotsigirwa: kuvaka-report, config-get, config-reload, config-set, config-test, config-write, list-commands, shutdown uye shanduro-tora;
- Yakabviswa (CVE-2019-6472, CVE-2019-6473, CVE-2019-6474), iyo inogona kushandiswa kukonzera kurambwa kwebasa (zvichikonzera kuparara kweDHCPv4 uye DHCPv6 sevanobata) nekutumira zvikumbiro nesarudzo dzisina kururama uye maitiro. Ngozi huru idambudziko , iyo, kana memfile kuchengetedza inoshandiswa pakusungirirwa, inoita kuti zvibvirire kutangazve sevhavha yega yega, saka kupindira kwemanyore nemutungamiri (kuchenesa dhatabhesi yekubatanidza) kunodiwa kuti udzorere kushanda.
Source: opennet.ru