+++ /dev/null
-# Defaults for nfdhcpd initscript
-# sourced by /etc/init.d/nfdhcpd
-# installed at /etc/default/nfdhcpd by the maintainer scripts
-
-#
-# This is a POSIX shell fragment
-#
-
-RUN="yes"
-
-# Additional options that are passed to the Daemon.
-DAEMON_OPTS=""
+++ /dev/null
-#!/bin/sh
-#
-# This is free software; you may redistribute it and/or modify
-# it under the terms of the GNU General Public License as
-# published by the Free Software Foundation; either version 2,
-# or (at your option) any later version.
-#
-# This is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License with
-# the Debian operating system, in /usr/share/common-licenses/GPL; if
-# not, write to the Free Software Foundation, Inc., 59 Temple Place,
-# Suite 330, Boston, MA 02111-1307 USA
-#
-### BEGIN INIT INFO
-# Provides: nfdhcpd
-# Required-Start: $network $local_fs $remote_fs
-# Required-Stop: $remote_fs
-# Should-Start:
-# Should-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: NFQueue DHCP/RA server
-### END INIT INFO
-
-PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-
-DAEMON=/usr/sbin/nfdhcpd
-NAME=nfdhcpd
-DESC="NFQUEUE-based DHCP/RA server"
-LOGDIR=/var/log/nfdhcpd
-
-PIDFILE=/var/run/$NAME.pid
-
-test -x $DAEMON || exit 0
-
-. /lib/lsb/init-functions
-
-# Default options, these can be overriden by the information
-# at /etc/default/$NAME
-DAEMON_OPTS="" # Additional options given to the server
-
-DIETIME=2 # Time to wait for the server to die, in seconds
- # If this value is set too low you might not
- # let some servers to die gracefully and
- # 'restart' will not work
-
-STARTTIME=1 # Time to wait for the server to start, in seconds
- # If this value is set each time the server is
- # started (on start or restart) the script will
- # stall to try to determine if it is running
- # If it is not set and the server takes time
- # to setup a pid file the log message might
- # be a false positive (says it did not start
- # when it actually did)
-
-LOGFILE=$LOGDIR/$NAME.log # Server logfile
-#DAEMONUSER=nfdhcp # Users to run the daemons as. If this value
- # is set start-stop-daemon will chuid the server
-
-# Include defaults if available
-if [ -f /etc/default/$NAME ] ; then
- . /etc/default/$NAME
-fi
-
-# Use this if you want the user to explicitly set 'RUN' in
-# /etc/default/
-if [ "x$RUN" != "xyes" ] ; then
- log_failure_msg "$NAME disabled, please adjust the configuration to your needs "
- log_failure_msg "and then set RUN to 'yes' in /etc/default/$NAME to enable it."
- exit 1
-fi
-
-# Check that the user exists (if we set a user)
-# Does the user exist?
-set -e
-
-running_pid() {
-# Check if a given process pid's cmdline matches a given name
- pid=$1
- name=$2
- [ -z "$pid" ] && return 1
- [ ! -d /proc/$pid ] && return 1
- cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1`
- # Is this the expected server
- [ "$cmd" != "$name" ] && return 1
- return 0
-}
-
-running() {
-# Check if the process is running looking at /proc
-# (works for all users)
-
- # No pidfile, probably no daemon present
- [ ! -f "$PIDFILE" ] && return 1
- pid=`cat $PIDFILE`
- running_pid $pid python || return 1
- return 0
-}
-
-start_server() {
- start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS
- errcode=$?
- return $errcode
-}
-
-stop_server() {
- killproc -p $PIDFILE $DAEMON
- rrcode=$?
- return $errcode
-}
-
-reload_server() {
- [ ! -f "$PIDFILE" ] && return 1
- pid=pidofproc $PIDFILE # This is the daemon's pid
- # Send a SIGHUP
- kill -1 $pid
- return $?
-}
-
-force_stop() {
-# Force the process to die killing it manually
- [ ! -e "$PIDFILE" ] && return
- if running ; then
- kill -15 $pid
- # Is it really dead?
- sleep "$DIETIME"s
- if running ; then
- kill -9 $pid
- sleep "$DIETIME"s
- if running ; then
- echo "Cannot kill $NAME (pid=$pid)!"
- exit 1
- fi
- fi
- fi
- rm -f $PIDFILE
-}
-
-
-case "$1" in
- start)
- log_daemon_msg "Starting $DESC " "$NAME"
- # Check if it's running first
- if running ; then
- log_progress_msg "apparently already running"
- log_end_msg 0
- exit 0
- fi
- if start_server ; then
- # NOTE: Some servers might die some time after they start,
- # this code will detect this issue if STARTTIME is set
- # to a reasonable value
- [ -n "$STARTTIME" ] && sleep $STARTTIME # Wait some time
- if running ; then
- # It's ok, the server started and is running
- log_end_msg 0
- else
- # It is not running after we did start
- log_end_msg 1
- fi
- else
- # Either we could not start it
- log_end_msg 1
- fi
- ;;
- stop)
- log_daemon_msg "Stopping $DESC" "$NAME"
- if running ; then
- # Only stop the server if we see it running
- errcode=0
- stop_server || errcode=$?
- log_end_msg $errcode
- else
- # If it's not running don't do anything
- log_progress_msg "apparently not running"
- log_end_msg 0
- exit 0
- fi
- ;;
- force-stop)
- # First try to stop gracefully the program
- $0 stop
- if running; then
- # If it's still running try to kill it more forcefully
- log_daemon_msg "Stopping (force) $DESC" "$NAME"
- errcode=0
- force_stop || errcode=$?
- log_end_msg $errcode
- fi
- ;;
- restart|force-reload)
- log_daemon_msg "Restarting $DESC" "$NAME"
- errcode=0
- stop_server || errcode=$?
- # Wait some sensible amount, some server need this
- [ -n "$DIETIME" ] && sleep $DIETIME
- start_server || errcode=$?
- [ -n "$STARTTIME" ] && sleep $STARTTIME
- running || errcode=$?
- log_end_msg $errcode
- ;;
- status)
-
- log_daemon_msg "Checking status of $DESC" "$NAME"
- if running ; then
- log_progress_msg "running"
- log_end_msg 0
- else
- log_progress_msg "apparently not running"
- log_end_msg 1
- exit 1
- fi
- ;;
- reload)
- log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon"
- log_warning_msg "cannot re-read the config file (use restart)."
- ;;
- *)
- N=/etc/init.d/$NAME
- echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2
- exit 1
- ;;
-esac
-
-exit 0
--- /dev/null
+#!/bin/bash
+
+source /etc/default/snf-network
+
+
+NETFILE=$SHAREDDIR/networks/$NETWORK
+
+rm $NETFILE
+
+++ /dev/null
-# IP-less inteface, used to route public IPv4
-# for Synnefo VMs
-auto eth0.101
-iface eth0.101 inet manual
- ip-routing-table rt_public
- ip-routes 62.217.123.128/27
- ip-gateway 62.217.123.129
- ip-forwarding 1
- ip-proxy-arp 1
- arp-ip 62.217.123.158
-
-#auto eth0.100
-iface eth0.100 inet manual
- up ip link set eth0.100 up
-
-#auto br100
-iface br100 inet static
- # needed for being the rooter for the VMs
- address 192.168.100.1
- netmask 255.255.255.240
- bridge_ports eth0.100
- # needed by nfdhcpd to make DHCP responses
- up ip route add 192.168.100.0/28 dev br100 table rt_net100
- up ip route add default via 192.168.100.1 dev br100 table rt_net100
- # needed for the VMs to connect to the world
- up iptables -t nat -A POSTROUTING -s 192.168.100.0/28 \! -d 192.168.100.0/28 -j MASQUERADE
- down iptables -t nat -D POSTROUTING -s 192.168.100.0/28 \! -d 192.168.100.0/28 -j MASQUERADE
- bridge_stp off
- bridge_fd 2
-
-#auto br100:1
-iface br100:1 inet static
- # needed for being the rooter for the VMs
- address 192.168.101.1
- netmask 255.255.255.240
- up ip route add 192.168.101.0/28 dev br100 table rt_net101
- up ip route add default via 192.168.101.1 dev br100 table rt_net101
- # needed for the VMs to connect to the world
- up iptables -t nat -A POSTROUTING -s 192.168.101.0/28 \! -d 192.168.101.0/28 -j MASQUERADE
- down iptables -t nat -D POSTROUTING -s 192.168.101.0/28 \! -d 192.168.101.0/28 -j MASQUERADE
-
function routed_setup_ipv4 {
# get the link's default gateway
- gw=$(ip route list table $TABLE | sed -n 's/default via \([^ ]\+\).*/\1/p' | head -1)
+ gw=$GATEWAY
# mangle ARPs to come from the gw's IP
arptables -A OUTPUT -o $INTERFACE --opcode request -j mangle --mangle-ip-s "$gw"
function routed_setup_ipv6 {
# Add a routing entry for the eui-64
- prefix=$(ip -6 route list table $TABLE | awk '/\/64/ {print $1; exit}')
- uplink=$(ip -6 route list table $TABLE | sed -n 's/default via .* dev \([^ ]\+\).*/\1/p' | head -1)
+ prefix=$SUBNET6
+ uplink=$GATEWAY6
eui64=$($MAC2EUI64 $MAC $prefix)
while ip -6 rule del dev $INTERFACE; do :; done
function setup_nfdhcpd {
umask 022
- cat >$NFDHCPD_STATE_DIR/$INTERFACE <<EOF
+ FILE=$NFDHCPD_STATE_DIR/$INTERFACE
+ cat >$FILE <<EOF
IFACE=$1
IP=$IP
MAC=$MAC
HOSTNAME=$INSTANCE
TAGS="$TAGS"
EOF
+if [ -n $GATEWAY ]; then
+ echo GATEWAY=$GATEWAY >> $FILE
+fi
+if [ -n $SUBNET ]; then
+ echo SUBNET=$SUBNET >> $FILE
+fi
+if [ -n $GATEWAY6 ]; then
+ echo GATEWAY6=$GATEWAY6 >> $FILE
+fi
+if [ -n $SUBNET6 ]; then
+ echo SUBNET6=$SUBNET6 >> $FILE
+fi
+
}
function clear_ebtables {
fi
}
-#FIXME: import router mac from the config files
-# must know node group!! how???
-ROUTER_MAC=e4:11:5b:b2:8d:ca
-MAC_MASK=ff:ff:ff:0:0:0
TABLE=rt_$NETWORK
iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP
routed_setup_ipv4
-# routed_setup_ipv6
-# routed_setup_firewall
+ routed_setup_ipv6
+ routed_setup_firewall
setup_nfdhcpd $INTERFACE
clear_ebtables >/dev/null 2>&1
elif [ "$MODE" = "bridged" ]; then
+++ /dev/null
-#!/bin/bash
-
-DIR=/var/lib/snf-network
-NEW_GATEWAY=$1
-NEW_TYPE=$2
-NETWORK=$3
-RT_TABLES=/etc/iproute2/rt_tables
-
-if [ $# -ne 3 ]; then
- echo "$0 <gateway> <private/public> <name>"
- exit 1
-fi
-
-source /etc/default/snf-network
-
-NETWORK_FILE=$DIR/networks/$NETWORK
-
-source $NETWORK_FILE
-
-OLD_GATEWAY=$GATEWAY
-OLD_TYPE=$TYPE
-
-INTERFACES=$(ls $DIR/interfaces/$NETWORK-*)
-
-
-for IFACES in $INTERFACES ; do
-
- NODEGROUP=$(echo $IFACES | sed 's/.*interfaces.*-//')
- source $DIR/nodegroups/$NODEGROUP
-
- read x VLAN MODE BRIDGE < $INTERFACES
-
- if [ $MODE == "routed" ]; then
- if [ $TYPE == "public" ]; then
- ip route replace default via $GATEWAY dev $VLAN table rt_$NETWORK
- fi
- fi
-
- if [ $MODE == "bridged" ]; then
- if [ ! -z $GATEWAY ]; then
- ip route replace default via $GATEWAY dev $BRIDGE table rt_$NETWORK
- if [ $TYPE == "private" ]; then
- if [ ! -z $ROUTER ]; then
- if [ $(hostname) == $ROUTER ]; then
- NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}')
- ip addr del $GATEWAY/$NETMASK dev $BRIDGE
- ip addr add $NEW_GATEWAY/$NETMASK dev $BRIDGE
- fi
- fi
- fi
- fi
- fi
-
- if [ ! -z $NEW_GATEWAY ]; then
- sed -i '/^GATEWAY/ s/=.*/='"$NEW_GATEWAY"'/' $NETWORK_FILE
- fi
-
- if [ ! -z $NEW_TYPE ]; then
- sed -i '/^TYPE/ s/=.*/='"$NEW_TYPE"'/' $NETWORK_FILE
- fi
-
-done
}
-def parse_routing_table(table="main", family=4):
- """ Parse the given routing table to get connected route, gateway and
- default device.
-
- """
- ipro = subprocess.Popen(["ip", "-%d" % family, "ro", "ls",
- "table", table], stdout=subprocess.PIPE)
- routes = ipro.stdout.readlines()
-
- def_gw = None
- def_dev = None
- def_net = None
-
- for route in routes:
- # Find the least-specific connected route
- m = re.match("^([\S]+/[\S]+) dev ([\S]+)", route)
- if not m:
- continue
-
- if family == 6 and m.group(1).startswith("fe80:"):
- # Skip link-local declarations in "main" table
- continue
-
- def_net, def_dev = m.groups()
-
- try:
- def_net = IPy.IP(def_net)
- except ValueError, e:
- logging.warn("Unable to parse default route entry %s: %s",
- def_net, str(e))
-
- for route in routes:
- match = re.match(r'^default.*via ([\S]+).*dev ([\S]+)', route)
- if match:
- def_gw, def_dev = match.groups()
- break
-
- return Subnet(net=def_net, gw=def_gw, dev=def_dev)
-
-
def parse_binding_file(path):
""" Read a client configuration from a tap file
ips = None
link = None
hostname = None
+ subnet = None
+ gateway = None
+ subnet6 = None
+ gateway6 = None
for line in iffile:
if line.startswith("IP="):
hostname = line.strip().split("=")[1]
elif line.startswith("IFACE="):
iface = line.strip().split("=")[1]
-
- return Client(ifname=ifname, mac=mac, ips=ips, link=link, hostname=hostname, iface=iface)
-
+ elif line.startswith("SUBNET="):
+ subnet = line.strip().split("=")[1]
+ elif line.startswith("GATEWAY="):
+ gateway = line.strip().split("=")[1]
+ elif line.startswith("SUBNET6="):
+ subnet6 = line.strip().split("=")[1]
+ elif line.startswith("GATEWAY6="):
+ gatewa6 = line.strip().split("=")[1]
+
+ return Client(ifname=ifname, mac=mac, ips=ips, link=link,
+ hostname=hostname,iface=iface, subnet=subnet,
+ gateway=gateway, subnet6=subnet6, gateway6=gateway6 )
class ClientFileHandler(pyinotify.ProcessEvent):
def __init__(self, server):
class Client(object):
- def __init__(self, ifname=None, mac=None, ips=None, link=None, hostname=None, iface=None):
+ def __init__(self, ifname=None, mac=None, ips=None, link=None,
+ hostname=None, iface=None, subnet=None, gateway=None,
+ subnet6=None, gateway6=None ):
self.mac = mac
self.ips = ips
self.hostname = hostname
self.link = link
self.iface = iface
self.ifname = ifname
+ self.subnet = subnet
+ self.gateway = gateway
+ self.net = Subnet(net=subnet, gw=gateway, dev=ifname)
+ self.subnet6 = subnet6
+ self.gateway6 = gateway6
+ self.net6 = Subnet(net=subnet6, gw=gateway6, dev=ifname)
@property
def ip(self):
self.ipv6_enabled = False
self.clients = {}
- self.subnets = {}
+ #self.subnets = {}
self.ifaces = {}
- self.v6nets = {}
+ #self.v6nets = {}
self.nfq = {}
self.l2socket = socket.socket(socket.AF_PACKET,
socket.SOCK_RAW, ETH_P_ALL)
def build_config(self):
self.clients.clear()
- self.subnets.clear()
for path in glob.glob(os.path.join(self.data_path, "*")):
self.add_iface(path)
else:
if binding.is_valid():
self.clients[binding.mac] = binding
- self.subnets[binding.link] = parse_routing_table(binding.link)
logging.debug("Added client %s on %s", binding.hostname, iface)
self.ifaces[ifindex] = binding.iface
- self.v6nets[iface] = parse_routing_table(binding.link, 6)
def remove_iface(self, ifname):
""" Cleanup clients on a removed interface
"""
- if ifname in self.v6nets:
- del self.v6nets[ifname]
-
for mac in self.clients.keys():
if self.clients[mac].ifname == ifname:
iface = self.client[mac].iface
resp = Ether(dst=mac, src=self.get_iface_hw_addr(iface))/\
IP(src=DHCP_DUMMY_SERVER_IP, dst=binding.ip)/\
UDP(sport=pkt.dport, dport=pkt.sport)/resp
- subnet = self.subnets[binding.link]
+ subnet = binding.net
if not DHCP in pkt:
logging.warn("Invalid request from %s on %s, no DHCP"
return
ifmac = self.get_iface_hw_addr(iface)
- subnet = self.v6nets[iface]
+ binding = self.clients[ifmac]
+ subnet = binding.net6
ifll = subnet.make_ll64(ifmac)
# Signal the kernel that it shouldn't further process the packet
return
ifmac = self.get_iface_hw_addr(iface)
- subnet = self.v6nets[iface]
+ binding = self.clients[ifmac]
+ subnet = binding.net6
ifll = subnet.make_ll64(ifmac)
ns = IPv6(payload.get_data())
if not ifmac:
continue
- subnet = self.v6nets[iface]
+ binding = self.clients[ifmac]
+ subnet = binding.net6
if subnet.net is None:
logging.debug("Skipping periodic RA on interface %s,"
" as it is not IPv6-connected", iface)
## nfdhcpd sample configuration file
## General options
[general]
-pidfile = /var/run/nfdhcpd.pid
+pidfile = /var/run/nfdhcpd/nfdhcpd.pid
datapath = /var/lib/nfdhcpd # Where the client configuration will be read from
logdir = /var/log/nfdhcpd # Where to write our logs
user = nobody # An unprivileged user to run as
server_ip = 192.0.2.1
dhcp_queue = 42 # NFQUEUE number to listen on for DHCP requests
# IPv4 nameservers to include in DHCP responses
-nameservers = 192.0.2.2, 192.0.2.3
+nameservers = 194.177.210.210, 194.177.210.10
## IPv6-related functionality
[ipv6]
+++ /dev/null
-#!/bin/bash
-
-DIR=/var/lib/snf-network
-NAME=$1
-RT_TABLES=/etc/iproute2/rt_tables
-
-
-
-if [ $# -ne 1 ]; then
- echo "$0 <name>"
- exit 1
-fi
-
-# remove old entry
-sed -i '/rt_'"$NAME"'$/ d' $RT_TABLES
-
-rm $DIR/networks/$NAME
--- /dev/null
+#!/bin/bash
+
+function get_value {
+
+ eval def=\$$1
+ read -p "$1? [$def] " x
+ if [ -n "$x" ]; then eval $1="$x"; fi
+
+}
+
+
+DEFAULT=/etc/default/snf-network
+
+CONF=/etc/snf-network/snf-network.conf
+
+source $CONF
+source $DEFAULT
+
+
+if [ ! -e $SHAREDDIR ]; then
+ mkdir $SHAREDDIR
+ mkdir $SHAREDDIR/networks
+ mkdir $SHAREDDIR/infra
+ mkdir $SHAREDDIR/interfaces
+ mkdir $SHAREDDIR/mappings
+fi
+
+#if [ -z "$(grep nfdhcpd.ferm /etc/ferm/ferm.conf)" ]; then
+# echo @include 'nfdhcpd.ferm'; >> /etc/ferm/ferm.conf
+# /etc/init.d/ferm restart
+#fi
+
+
+cd $SHAREDDIR/infra/
+
+for nodegroup in $NODEGROUPS; do
+ source $DEFAULT
+ echo Group: $nodegroup
+ get_value ROUTER
+ get_value ROUTER_MAC
+ get_value MAC_MASK
+ get_value PUBLIC_INTERFACE
+ get_value PUBLIC_BRIDGE
+ get_value PUBLIC_VLAN
+ get_value PRIVATE_VLAN
+ get_value PRIVATE_BRIDGE
+ get_value MASQ_VLAN
+ get_value MASQ_BRIDGE
+ cat > $nodegroup <<EOF
+ROUTER=$ROUTER
+ROUTER_MAC=$ROUTER_MAC
+MAC_MASK=$MAC_MASK
+PUBLIC_INTERFACE=$PUBLIC_INTERFACE
+PUBLIC_BRIDGE=$PUBLIC_BRIDGE
+PUBLIC_VLAN=$PUBLIC_VLAN
+PRIVATE_VLAN=$PRIVATE_VLAN
+PRIVATE_BRIDGE=$PRIVATE_BRIDGE
+MASQ_VLAN=$MASQ_VLAN
+MASQ_BRIDGE=$MASQ_BRIDGE
+EOF
+done
+
+
+for node in $NODES; do
+ echo Node: $node
+ NODEGROUP=default
+ get_value NODEGROUP
+ ln -s $NODEGROUP $node
+done
--- /dev/null
+NODEGROUPS="default"
+
+NODES="dev88 dev89"
+++ /dev/null
-#!/bin/sh
-#
-
-add_vlan() {
- if [ -n "`echo -n "$1" | tr -d '[0-9]'`" ]; then
- echo "Invalid vlan tag $1"
- exit 1
- fi
-
- vlan=$1
- ifce=$2
-
- if [ -d "/sys/class/net/vlan${vlan}/bridge" ]; then
- echo "Vlan $vlan already configured"
- exit 0
- fi
-
- if ( grep -q "iface vlan${vlan}$" /etc/network/interfaces ); then
- echo "Vlan $vlan configured but down, bringing up"
- else
- echo "Adding vlan $vlan to /etc/network/interfaces"
- cat >>/etc/network/interfaces <<EOF
-auto vlan${vlan}
-iface vlan${vlan} inet manual
- bridge_ports ${ifce}.${vlan}
- bridge_stp off
- bridge_maxwait 0
- bridge_fd 0
-
-EOF
- fi
-
- /sbin/ifup "vlan${vlan}" >/dev/null 2>&1
- exit 0
-}
-
-list_vlans() {
- for iface in /sys/class/net/vlan*; do
- if [ -d "$iface/bridge" ]; then
- vlan=`basename "$iface"`
- ( grep -q "iface $vlan$" /etc/network/interfaces )
- if [ $? == 0 ]; then
- echo "${vlan##vlan}"
- else
- echo "${vlan##vlan} (unconfigured)"
- fi
- fi
- done
-
-}
-
-case "$1" in
- add)
- if [ x"$3" != x"" ]; then
- ifce=$3
- else
- ifce="bond0"
- fi
- add_vlan "$2" "$ifce"
- ;;
- remove)
- remove_vlan "$2"
- ;;
- list)
- list_vlans
- ;;
- *)
- echo "Usage: vlan (add number [ifce="bond0"]|remove number|list)"
- ;;
-esac;
-