diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 14:53:22 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 14:53:22 +0000 |
commit | 52c021ee0b0c6ad2128ed550c694aad0d11d4c3f (patch) | |
tree | 83cf8627b94336cf4bee7479b9749263bbfd3a06 /doc/examples/kea4/classify.json | |
parent | Initial commit. (diff) | |
download | isc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.tar.xz isc-kea-52c021ee0b0c6ad2128ed550c694aad0d11d4c3f.zip |
Adding upstream version 2.5.7.upstream/2.5.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/examples/kea4/classify.json')
-rw-r--r-- | doc/examples/kea4/classify.json | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/doc/examples/kea4/classify.json b/doc/examples/kea4/classify.json new file mode 100644 index 0000000..9af06d8 --- /dev/null +++ b/doc/examples/kea4/classify.json @@ -0,0 +1,147 @@ +// This is an example configuration file for the DHCPv4 server in Kea. +// The purpose of this example is to showcase how clients can be classified. + +{ "Dhcp4": + +{ + +// Kea is told to listen on eth0 interface only. + "interfaces-config": { + "interfaces": [ "eth0" ] + }, + +// Let's use the simplest backend: memfile and use some reasonable values +// for timers. They are of no concern for the classification demonstration. + "lease-database": { "type": "memfile" }, + "renew-timer": 1000, + "rebind-timer": 2000, + "valid-lifetime": 4000, + +// This list defines several classes that incoming packets can be assigned to. +// One packet can belong to zero or more classes. + "client-classes": [ + +// The first class attempts to match the whole hardware address to a specific +// value. All incoming packets with that MAC address will get a special +// value of the option. If there are many hosts that require special +// treatment, it is much better to use host reservations. However, doing +// tricks with MAC addresses may prove useful in some cases, e.g. +// by matching OUI to known values we can detect certain vendors. + { + "name": "special_snowflake", + "test": "pkt4.mac == 0x010203040506", + "option-data": [{ + "name": "domain-name-servers", + "data": "127.0.0.1" + }] + }, + +// Let's classify all incoming DISCOVER (message type 1) to a separate +// class. + { + "name": "discovers", + "test": "pkt4.msgtype == 1" + }, + +// Clients are supposed to set the transaction-id field to a random value. +// Clients that send it with 0 are most likely broken. Let's mark them +// as such. + { + "name": "broken", + "test": "pkt4.transid == 0" + }, + +// Let's pick VoIP phones. Those that send their class identifiers +// as Aastra, should belong to VoIP class. For a list of all options, +// see www.iana.org/assignments/bootp-dhcp-parameters/. +// In this particular class, we want to set specific values +// of certain DHCPv4 fields. If the incoming packet matches the +// test, those fields will be set in outgoing responses. +// The option 43 is defined to encapsulate suboption in the aastra space. + { + "name": "VoIP", + "test": "substring(option[60].hex,0,6) == 'Aastra'", + "next-server": "192.0.2.254", + "server-hostname": "hal9000", + "boot-file-name": "/dev/null", + "option-def": [ { + "name": "vendor-encapsulated-options", + "code": 43, + "type": "empty", + "encapsulate": "aastra" } ] + } + + ], + +// The following list defines subnets. For some subnets we defined +// a class that is allowed in that subnet. If not specified, +// everyone is allowed. When a class is specified, only packets belonging +// to that class are allowed for that subnet. + "subnet4": [ + // This one is for VoIP devices only. + { + "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ], + "id": 1, + "subnet": "192.0.2.0/24", + "client-class": "VoIP", + "interface": "eth0" + }, + + // This one doesn't have any client-class specified, so everyone + // is allowed in. The normal subnet selection rules still apply, + // though. There is also a static class reservation for a client + // using MAC address 1a:1b:1c:1d:1e:1f. This client will always + // be assigned to this class. + { + "pools": [ { "pool": "192.0.3.1 - 192.0.3.200" } ], + "id": 2, + "subnet": "192.0.3.0/24", + "reservations": [ + { + "hw-address": "1a:1b:1c:1d:1e:1f", + "client-classes": [ "VoIP" ] + } ], + "interface": "eth0" + }, + + // The following list defines a subnet with pools. For some pools + // we defined a class that is allowed in that pool. If not specified + // everyone is allowed. When a class is specified, only packets belonging + // to that class are allowed for that pool. + { + "pools": [ + // This one is for VoIP devices only. + { + "pool": "192.0.4.1 - 192.0.4.200", + "client-class": "VoIP" + }, + + // This one doesn't have any client-class specified, + // so everyone is allowed in. + { + "pool": "192.0.5.1 - 192.0.5.200" + } ], + + "subnet": "192.0.4.0/23", + "id": 3, + "interface": "eth1" + } + ], + +// The following configures logging. It assumes that messages with at +// least informational level (info, warn, error and fatal) should be +// logged to stdout. + "loggers": [ + { + "name": "kea-dhcp4", + "output-options": [ + { + "output": "stdout" + } + ], + "severity": "INFO" + } + ] +} + +} |