8.3.2.55. v4.2.16ΒΆ

commit 529b7394147d9f66e0f2b0ae6c36903ab5d53147
Author: Victor Lowther <victor.lowther@gmail.com>
Date:   Fri Jun 12 15:42:09 2020 -0500

    fix(dhcp): Fix a deadlock triggered by high DHCP traffic.

    When checking to see if a read would deadlock, missed a case where we
    could have crossed read/write dependencies that lead to a deadlock in
    unblockRunnable.  Add code to handle that case and a unit test to
    verify that it works properly.

    The Address and ActiveAddress subnet indexes have never worked
    properly.  This updates the index definitions to allow easy searching
    for subnets that have cover addresses and active lease range
    addresses. It has a side effect of making the Address and
    ActiveAddress indexex unordered, but there aren't good ordering
    semantics for picking what is basically an address match in any case.

    Lease validation on a save was being stupid and checking every lease
    one by one to see if there were conflicting strategy/token settings,
    when there are (now) perfectly good indexes that we can query for that
    and avoid having to touch every lease during the transaction.

M   backend/lease.go
M   backend/subnet.go
M   clitest/test-data/output/TestCorePieces/subnets.indexes/stdout.expect
M   go.mod
M   go.sum
M   transact/tx.go
M   transact/tx_test.go

commit 3216836053873cb640db73a336b63f93fbc538c6
Author: Victor Lowther <victor.lowther@gmail.com>
Date:   Tue Jun 9 10:16:43 2020 -0500

    fix(dhcp): DHCP reservations and conflicting IP addresses could cause loop

    If you have a DHCP reservation that conflicts with an invalidated
    lease (due to IP address conflicts, address space exhaustion,
    whatever), that can cause the DHCP server to enter a DISCOVER ->
    REQUEST -> NAK or DISCOVER -> REQUEST -> OFFER -> DECLINE loop that
    quickly chews through and invalidates all the addresses in the subnet.
    This breaks that loop by:

    1. Allowing the DISCOVER phase to continue through when the request is
       covered by both a reservation and an invalidated lease, instead of
       immediatly NAK'ing the request. Instead, the lease will go through
       PROBE state for server-side based ICMP address conflict detection.

    2. Update the OFFER -> ACK codepath allow requests where we have a reservation but
       we know that the reservation cannot be satisfied due to an existing
       non-expired Lease for that address, instead of forcing them to fail
       with a NAK.

M   backend/dhcpUtils.go
M   midlayer/dhcp.go

End of Note