summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Dimitris Aragiorgis [Tue, 18 Feb 2014 13:18:38 +0000 (15:18 +0200)]
Bump version to 0.12.2
Dimitris Aragiorgis [Tue, 18 Feb 2014 13:18:28 +0000 (15:18 +0200)]
Merge branch 'develop'
Dimitris Aragiorgis [Tue, 18 Feb 2014 12:52:58 +0000 (14:52 +0200)]
Print eui64 too while printing clients
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Tue, 18 Feb 2014 12:46:46 +0000 (14:46 +0200)]
ra: Set O=1 in periodic RA too
..so that rs responses (RA) and periodic ra are identical. Otherwise
some OSes seem to lose already obtained DNS configuration after
receiving an RA with O flag unset.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Tue, 18 Feb 2014 12:43:52 +0000 (14:43 +0200)]
dhcp6: return if no IPv6 network attached to tap
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Wed, 12 Feb 2014 16:23:30 +0000 (18:23 +0200)]
Add doc section
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Thu, 6 Feb 2014 15:51:47 +0000 (17:51 +0200)]
Bump version to 0.12.1
Dimitris Aragiorgis [Thu, 6 Feb 2014 15:51:14 +0000 (17:51 +0200)]
Merge branch 'develop'
Dimitris Aragiorgis [Wed, 5 Feb 2014 14:01:28 +0000 (16:01 +0200)]
Provide DNS Search List in DHCH6_Reply
In case of an IPv6 only VM we have to serve a Domain Search List
so that Windows VM can find the kms server by issuing:
nslookup -type=srv _vlmcs._tcp
An extra config option in ipv6 section is added; domains
This is a list of search domains included in DHCP6_Reply.
Since we validate it with force_list() there is no need for a
trailing comma.
This info could be passed in RAs but DNSSL options is not currently
supported by scapy's inet6.py.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Fri, 17 Jan 2014 17:56:01 +0000 (19:56 +0200)]
Bump version to 0.12.0
Dimitris Aragiorgis [Fri, 17 Jan 2014 17:55:23 +0000 (19:55 +0200)]
Merge branch 'develop'
Dimitris Aragiorgis [Fri, 17 Jan 2014 17:45:59 +0000 (19:45 +0200)]
Introduce a helper script to analyze tcpdumps
1) # tcpdump -i tap10 -vvv -w tcpdump.pcap to save capture in a tmp file
2) # python analyze_pcap.py tcpdump.pcap to see on-liner logs
3) # python analyze_pcap.py tcpdump.pcap -n 14 to see a packet's details
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Fri, 17 Jan 2014 17:32:45 +0000 (19:32 +0200)]
Support ra-stateless IPv6 configuration
This means that IPv6 will be auto-configured but DNS info
will be obtained via DHCPv6 requests.
With other words our router advertisements have the "O" flag set
and we add another handler that serves DHCPv6 requests by
passing DNS info.
Use a separate NFQUEUE to mangle the DHCPv6 traffic. Add another
ferm rule to achieve that.
This is done because Windows do not support RFC 6101:
http://tools.ietf.org/search/rfc6106
http://social.technet.microsoft.com/Forums/windowsserver/en-US/
5757980a-5983-4efc-a5f3-
27687b90fe41/does-win7-or-w2k8-server-support-rfc-6106?forum=ipv6
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Mon, 16 Dec 2013 09:15:52 +0000 (11:15 +0200)]
Bump version to 0.11.8
Dimitris Aragiorgis [Mon, 16 Dec 2013 09:14:40 +0000 (11:14 +0200)]
Merge branch 'develop'
Dimitris Aragiorgis [Mon, 16 Dec 2013 01:11:05 +0000 (03:11 +0200)]
Allow binding files without IP entry
This is needed for NIC that obtain only IPv6.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Wed, 2 Oct 2013 15:11:16 +0000 (18:11 +0300)]
Bump version to 0.11.7
Dimitris Aragiorgis [Wed, 2 Oct 2013 15:10:57 +0000 (18:10 +0300)]
Merge branch 'develop'
Conflicts:
version
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Wed, 2 Oct 2013 10:51:08 +0000 (13:51 +0300)]
Some pylint fixes
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Wed, 2 Oct 2013 10:04:16 +0000 (13:04 +0300)]
Support nfqueue of squeeze and wheezy
Support both callback function signatures.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Christos Stavrakakis [Fri, 30 Aug 2013 14:31:48 +0000 (17:31 +0300)]
Bump version to 0.11.6next
Christos Stavrakakis [Fri, 30 Aug 2013 14:28:53 +0000 (17:28 +0300)]
Bump version to 0.11.6
Christos Stavrakakis [Fri, 30 Aug 2013 10:37:13 +0000 (13:37 +0300)]
Use devflow
* add devflow.conf
* add base version file
Christos Stavrakakis [Fri, 30 Aug 2013 10:37:13 +0000 (13:37 +0300)]
Use devflow
* add devflow.conf
* add base version file
Vangelis Koukis [Tue, 6 Aug 2013 10:08:54 +0000 (13:08 +0300)]
Revert "Change nameservers in nfdhcpd.conf"
This reverts commit
be1030abdbce3fb12eb9682c7260b55c31786fa2.
All IPv4 and IPv6 examples should use the documentation/test
ranges, see
https://tools.ietf.org/html/rfc5737 and
https://tools.ietf.org/html/rfc3849.
Conflicts:
nfdhcpd.conf
Signed-off-by: Vangelis Koukis <vkoukis@grnet.gr>
Dimitris Aragiorgis [Thu, 4 Oct 2012 20:06:40 +0000 (23:06 +0300)]
One socket per client and few logging fixes
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Thu, 4 Oct 2012 13:33:47 +0000 (16:33 +0300)]
process_pending(num) depending on nfqueue
dhcp - process_pending(5000)
rs - process_pending(10)
ns - process_pending(10)
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Thu, 4 Oct 2012 12:19:22 +0000 (15:19 +0300)]
Minor changes in logging and process_pending(10)
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Wed, 3 Oct 2012 14:59:15 +0000 (17:59 +0300)]
Add handler for SIGUSR1 to show current state
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Wed, 3 Oct 2012 10:35:24 +0000 (13:35 +0300)]
Add logrotate file
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Wed, 3 Oct 2012 10:27:58 +0000 (13:27 +0300)]
Change RotatingFileHAndler to WatchedFileHandler
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Thu, 20 Sep 2012 13:40:46 +0000 (16:40 +0300)]
Change id before becoming a daemon
This will create a logfile with proper permitions and the RotatingFileHandler
will not produce any error when bytes exceed maxBytes.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Vangelis Koukis [Fri, 21 Sep 2012 10:03:36 +0000 (13:03 +0300)]
Only set executable name with python-setproctitle
Cannot set individual values for arguments using python-setproctitle.
See https://code.google.com/p/py-setproctitle/issues/detail?id=23&can=1.
Vangelis Koukis [Fri, 21 Sep 2012 09:24:09 +0000 (12:24 +0300)]
Change process title to simplify 'ps' display
Use python-setproctitle to change the process title
of the running daemon. Make it appear as a native executable
to simplify administration.
Dimitris Aragiorgis [Sun, 16 Sep 2012 21:41:22 +0000 (00:41 +0300)]
Fix a bug related to capng_update()
We need to update CAP_NET_RAW, CAP_NET_ADMIN separetly.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Sun, 16 Sep 2012 21:23:33 +0000 (00:23 +0300)]
Nice logging
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Vangelis Koukis [Wed, 12 Sep 2012 10:40:42 +0000 (13:40 +0300)]
Fix two minor typos in debug messages
Dimitris Aragiorgis [Tue, 11 Sep 2012 14:35:42 +0000 (17:35 +0300)]
Fix bug that causes nfdhcpd to freeze
nfdhcpd opens a socket during init. socket.send() blocks in case
SO_SNDBUF is full. This might happen when packages are pushed to
buffer but never consumed (e.g. VM is shuting down).
To fix this we use non-blocking send with MSG_DONTWAIT and catch
the error when the resource is not available.
In order to empty the socket buffer we close the socket and re-open it.
To this end we need CAP_NET_RAW capability otherwise operation
(socket.socket()) is not permitted.
Add various logging messages (during client creation, opening a
socket, etc.)
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Christos Stavrakakis [Thu, 6 Sep 2012 14:19:13 +0000 (17:19 +0300)]
Fix two more logs
Christos Stavrakakis [Thu, 6 Sep 2012 13:42:28 +0000 (16:42 +0300)]
Fix bug in log msg
Christos Stavrakakis [Thu, 6 Sep 2012 12:57:49 +0000 (15:57 +0300)]
Improve log msgs
Christos Stavrakakis [Thu, 6 Sep 2012 12:28:02 +0000 (15:28 +0300)]
Add umask inside daemon context
Dimitris Aragriorgs [Thu, 6 Sep 2012 11:58:58 +0000 (14:58 +0300)]
Add try-except in DaemonContext.open()
It catches locking exceptions.
Signed-off-by: Dimitris Aragriorgs <dimara@grnet.gr>
Dimitris Aragriorgs [Wed, 5 Sep 2012 12:02:53 +0000 (15:02 +0300)]
Fix previous commit concerning pidfile
Signed-off-by: Dimitris Aragriorgs <dimara@grnet.gr>
Stratos Psomadakis [Wed, 5 Sep 2012 11:31:11 +0000 (14:31 +0300)]
Catch IPy exceptions for invalid networks/subnets
Signed-off-by: Stratos Psomadakis <psomas@grnet.gr>
Dimitris Aragriorgs [Thu, 30 Aug 2012 19:32:54 +0000 (22:32 +0300)]
Remove stale pid lock file
Signed-off-by: Dimitris Aragriorgs <dimara@grnet.gr>
Dimitris Aragiorgis [Tue, 7 Aug 2012 17:35:23 +0000 (20:35 +0300)]
In case of make_ll64 fails return
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Tue, 7 Aug 2012 15:15:47 +0000 (18:15 +0300)]
Add try: except: in places of possible exceptions
pkt.lladdr
ns.lladdr
sendp
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Tue, 7 Aug 2012 14:38:11 +0000 (17:38 +0300)]
Refactor nfdhcpd to support get_physindev()
If get_physindev is supported in nfqueue then the clients are indexed
by their tap ifindex. If not then clients are indexed by their macs.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Mon, 6 Aug 2012 13:41:42 +0000 (16:41 +0300)]
Add nice debug messages for nfdhcpd clients
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Sat, 21 Jul 2012 09:18:34 +0000 (12:18 +0300)]
Change ferm
Mangle packets comming from tap+ and prv+ devices
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Thu, 19 Jul 2012 16:18:51 +0000 (19:18 +0300)]
Reapply option for serving domain
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Tue, 3 Jul 2012 10:18:17 +0000 (13:18 +0300)]
Change nfdhcpd.ferm to support bridged clients
Mangle packets comming from all interfaces and not only from taps
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Tue, 3 Jul 2012 10:17:55 +0000 (13:17 +0300)]
Change nameservers in nfdhcpd.conf
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Dimitris Aragiorgis [Tue, 3 Jul 2012 10:13:54 +0000 (13:13 +0300)]
Refactor nfdhcp
Get all info from binding file. Do not parse routing tables. Keep
track of clients depending on their mac. Support clients connected
on bridges. Insteed of patching NFQUEUE add new slot in bindings
that shows the physical device the incomming request originates (tap).
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Costas Drogos [Tue, 3 Apr 2012 13:35:30 +0000 (16:35 +0300)]
Changed pidfile location in configfile by vkoukis
Costas Drogos [Mon, 2 Apr 2012 06:57:28 +0000 (09:57 +0300)]
Small typo introduced on
df3e8face1cf
Costas Drogos [Tue, 27 Mar 2012 22:28:41 +0000 (01:28 +0300)]
Option for serving domain from nfdhcpd to clients
On some occasions the clients do not send an fqdn as hostname,
so another way to send a domain is needed.
For that, a new optional config directive is introduced, called
"domain", as a way to hardcode the domain we serve.
If this directive is not defined, the traditional
'find domain through hostname' technique is used.
Faidon Liambotis [Wed, 12 Oct 2011 14:38:03 +0000 (17:38 +0300)]
mac2eui64: exit on an invalid IPv6 prefix
Vangelis Koukis [Wed, 7 Sep 2011 11:53:17 +0000 (14:53 +0300)]
Handle pidfile properly, redirect stderr in daemon
Handle pidfile creation properly, as part of daemonization process.
Parse config file and setup logging before daemonization.
Redirect stderr to logfile upon daemonization, otherwise numerous
unexpected exceptions get lost.
Apollon Oikonomopoulos [Fri, 3 Jun 2011 09:10:50 +0000 (12:10 +0300)]
Enable logging of unhandled exceptions
Use the traceback module to log unhandled exceptions to the logfile when
running as a daemon.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 3 Jun 2011 08:50:34 +0000 (11:50 +0300)]
Do not send periodic RAs on IPv6-less interfaces
Ignore interfaces with no IPv6 subnets on the respective routing tables and log
a debug message.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 3 Jun 2011 08:45:03 +0000 (11:45 +0300)]
Ignore requests on unknown interfaces
We ignore requests on interfaces we don't have any information about.
Furthermore, we set a verdict of ACCEPT on these packets and let the kernel
handle them.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Tue, 22 Mar 2011 17:41:40 +0000 (19:41 +0200)]
Ignore link-local IPv6 routing table entries
If we have a client on the "main" routing table, then we must ignore all IPv6
link-local subnet declarations that appear in this routing table, possibly
"masking out" the intended network route.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 21 Mar 2011 20:06:29 +0000 (22:06 +0200)]
Small fixes to kvm-vif-bridge
Update kvm-vif-bridge to use mac2eui64 and also fix default nfdhcpd paths.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 21 Mar 2011 20:04:02 +0000 (22:04 +0200)]
Add simple mac2eui64 utility
Add a small utility to generate EUI-64 addresses from MAC-48 + IPv6 prefix.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 21 Mar 2011 19:46:19 +0000 (21:46 +0200)]
Fix error handling during binding file parsing
In case something went wrong during parse_binding_file, return None instead
of an obsolete tuple.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 14 Mar 2011 12:20:22 +0000 (14:20 +0200)]
Clean up resources upon exit
Wrap the main loop in a try..finally statement, calling our cleanup handler to
free all obtained resources.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 14 Mar 2011 11:58:42 +0000 (13:58 +0200)]
Handle the AF_PACKET socket instead of using scapy
Implement our own sendp() method, which has the following benefits:
* Keep a single socket and re-use it for all outgoing packets
* Speed up send operations by 2x
* Get rid of CAP_NET_RAW as we setup the socket during initialization
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 11 Mar 2011 15:26:13 +0000 (17:26 +0200)]
Also keep CAP_NET_ADMIN for nfqueue verdicts
This is needed for nfqueue to work properly. Without this, the kernel
never acknowledges the verdicts we set, the queue fills up and the
kernel drops packets. Worst of all, this happens completely silently.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 11 Mar 2011 13:02:46 +0000 (15:02 +0200)]
Fix nasty typo in parse_routing_table
It was meant to be re.group and not re.group*s* all along.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 11 Mar 2011 12:41:48 +0000 (14:41 +0200)]
Disable pylint warning for inotify handler methods
The name form for these methods is mandated by pyinotify itself,
so there's nothing we can do about it.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 11 Mar 2011 12:41:25 +0000 (14:41 +0200)]
Add pylintrc
Blatantly copy ganeti's pylintrc as a base for our own.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 11 Mar 2011 12:28:29 +0000 (14:28 +0200)]
Rename nfdhcp.ferm to nfdhcpd.ferm
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 11 Mar 2011 12:25:02 +0000 (14:25 +0200)]
Major code refactoring
Refactor code to meet pylint's recommendations
* Pass format string arguments as such in logging functions
* Move parse_binding_file and parse_routing_table to top-level functions
* Clean-up imports
* Update docstrings
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 11 Mar 2011 11:12:49 +0000 (13:12 +0200)]
Fix typo (vaildate -> validate)
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 11 Mar 2011 11:11:55 +0000 (13:11 +0200)]
Code refactoring to remove overlong lines
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 11 Mar 2011 11:08:48 +0000 (13:08 +0200)]
Improve error handling
Catch and handle specific exception families where possible and provide
additional information.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 3 Dec 2010 14:00:43 +0000 (16:00 +0200)]
Merge previous changes
Conflicts:
nfdhcpd: merge
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 3 Dec 2010 13:55:46 +0000 (15:55 +0200)]
Implement IPv6 RDNSS
Add support for ICMPv6 RDNSS (RFC 5006) to advertise DNS servers over ICMPv6
router advertisements.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 3 Dec 2010 13:54:59 +0000 (15:54 +0200)]
DHCP: use nameservers from config
Use the DNS servers from the config file for DHCP replies.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 3 Dec 2010 13:34:47 +0000 (15:34 +0200)]
Disable sending periodic RAs when IPv6 is disabled
Disabling IPv6 from the configuration file causes the server to not respond to
NS and RS, however it still tried to send out periodic RAs (which was a noop).
We explicitly set the timeout of select() to None to avoid this, when IPv6 is
disabled.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 3 Dec 2010 13:24:13 +0000 (15:24 +0200)]
Add configurationf file validation
Add a specification of the configuration file and runtime validation, using
configobj's validate.Validator and custom checks for the nameserver lists.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 3 Dec 2010 12:25:47 +0000 (14:25 +0200)]
Add configuration file support
Add configuration file parsing using python-configobj. All command line options
except -d and -f have been moved to the configuration file.
A sample configuration file with all accepted options has been added as well.
Warning: validation and type casting is still missing.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Tue, 16 Nov 2010 17:20:27 +0000 (19:20 +0200)]
Open the logfile after changing uid and set umask
Set the process' umask in daemon.DaemonContext to 0022 (default was
0).
Open the logfile after dropping privileges, so that it is created with
proper perimissions (this also ensures that log rotation will work).
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Tue, 16 Nov 2010 13:31:06 +0000 (15:31 +0200)]
Refactor the main loop code and increase RA period
Increase RA period to 300s by default
Refactor the main loop to check only once for timeout expiration. This
fixes spurious RA emission because we forgot to properly reset the
start timer.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 15 Nov 2010 19:13:40 +0000 (21:13 +0200)]
Use a separate thread for periodic RAs
Periodic RAs can take a _long_ time with many interfaces. The bottleneck
seems to lie in bind() send send() with AF_PACKET sockets. So, we spawn
a separate thread to be able to handle requests in the mean time.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 15 Nov 2010 19:12:08 +0000 (21:12 +0200)]
Gracefully handle ICMPv6 NS w/o SrcLLAddr option
Neighbour solicitations sent during interface configuration do not
include a Source Link-Layer Address option. We ignore them as we
shouldn't (and can't) reply anyway.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 15 Nov 2010 18:22:20 +0000 (20:22 +0200)]
Warn on NFQUEUE exception
Warn if anything goes wrong during select()
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 15 Nov 2010 18:21:58 +0000 (20:21 +0200)]
Whitespace cleanup
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 15 Nov 2010 18:20:43 +0000 (20:20 +0200)]
Gracefully handle dead interfaces on periodic RA
Remove any interfaces that are not there during periodic RA emission.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 15 Nov 2010 10:50:59 +0000 (12:50 +0200)]
Rename nfdhcp.py to nfdhcpd
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Mon, 15 Nov 2010 10:35:13 +0000 (12:35 +0200)]
Add sample ferm rules
Add rules for the ferm firewall management framework.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Sat, 13 Nov 2010 22:42:35 +0000 (00:42 +0200)]
Properly calculate the new timeout for select()
The elapsed time did not take into account the time needed to actually
send the RAs (which currently with scapy is long enough).
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Sat, 13 Nov 2010 12:02:51 +0000 (14:02 +0200)]
Added periodic RA functionality
The daemon now sends out ICMPv6 RAs periodically (every 30s)
to all configured interfaces.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 12 Nov 2010 16:01:44 +0000 (18:01 +0200)]
Add sample kvm-vif-bridge for use with ganeti
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 12 Nov 2010 15:59:42 +0000 (17:59 +0200)]
Proxy NDP support
Proxy all ICMPv6 Neighbor Solicitations on behalf of the connected
clients.
Signed-off-by: root <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 12 Nov 2010 13:05:48 +0000 (15:05 +0200)]
ICMPv6 RA support
The daemon now listens for router solicitations on a dedicated NFQUEUE
and responds with the appropriate router adverisement as needed.
TODO: implement periodic RAs
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 12 Nov 2010 11:56:34 +0000 (13:56 +0200)]
Namespace changes to facilitate DHCP/RA merging
Changes required to merge ICMPv6 RA functionality.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Apollon Oikonomopoulos [Fri, 12 Nov 2010 11:29:03 +0000 (13:29 +0200)]
Initial commit: nfdhcp.py
Promiscuous DHCP with NFQUEUE support
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>