Revision ed7f0f2a
/dev/null | ||
---|---|---|
1 |
# Defaults for nfdhcpd initscript |
|
2 |
# sourced by /etc/init.d/nfdhcpd |
|
3 |
# installed at /etc/default/nfdhcpd by the maintainer scripts |
|
4 |
|
|
5 |
# |
|
6 |
# This is a POSIX shell fragment |
|
7 |
# |
|
8 |
|
|
9 |
RUN="yes" |
|
10 |
|
|
11 |
# Additional options that are passed to the Daemon. |
|
12 |
DAEMON_OPTS="" |
/dev/null | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
# |
|
3 |
# This is free software; you may redistribute it and/or modify |
|
4 |
# it under the terms of the GNU General Public License as |
|
5 |
# published by the Free Software Foundation; either version 2, |
|
6 |
# or (at your option) any later version. |
|
7 |
# |
|
8 |
# This is distributed in the hope that it will be useful, but |
|
9 |
# WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 |
# GNU General Public License for more details. |
|
12 |
# |
|
13 |
# You should have received a copy of the GNU General Public License with |
|
14 |
# the Debian operating system, in /usr/share/common-licenses/GPL; if |
|
15 |
# not, write to the Free Software Foundation, Inc., 59 Temple Place, |
|
16 |
# Suite 330, Boston, MA 02111-1307 USA |
|
17 |
# |
|
18 |
### BEGIN INIT INFO |
|
19 |
# Provides: nfdhcpd |
|
20 |
# Required-Start: $network $local_fs $remote_fs |
|
21 |
# Required-Stop: $remote_fs |
|
22 |
# Should-Start: |
|
23 |
# Should-Stop: |
|
24 |
# Default-Start: 2 3 4 5 |
|
25 |
# Default-Stop: 0 1 6 |
|
26 |
# Short-Description: NFQueue DHCP/RA server |
|
27 |
### END INIT INFO |
|
28 |
|
|
29 |
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
|
30 |
|
|
31 |
DAEMON=/usr/sbin/nfdhcpd |
|
32 |
NAME=nfdhcpd |
|
33 |
DESC="NFQUEUE-based DHCP/RA server" |
|
34 |
LOGDIR=/var/log/nfdhcpd |
|
35 |
|
|
36 |
PIDFILE=/var/run/$NAME.pid |
|
37 |
|
|
38 |
test -x $DAEMON || exit 0 |
|
39 |
|
|
40 |
. /lib/lsb/init-functions |
|
41 |
|
|
42 |
# Default options, these can be overriden by the information |
|
43 |
# at /etc/default/$NAME |
|
44 |
DAEMON_OPTS="" # Additional options given to the server |
|
45 |
|
|
46 |
DIETIME=2 # Time to wait for the server to die, in seconds |
|
47 |
# If this value is set too low you might not |
|
48 |
# let some servers to die gracefully and |
|
49 |
# 'restart' will not work |
|
50 |
|
|
51 |
STARTTIME=1 # Time to wait for the server to start, in seconds |
|
52 |
# If this value is set each time the server is |
|
53 |
# started (on start or restart) the script will |
|
54 |
# stall to try to determine if it is running |
|
55 |
# If it is not set and the server takes time |
|
56 |
# to setup a pid file the log message might |
|
57 |
# be a false positive (says it did not start |
|
58 |
# when it actually did) |
|
59 |
|
|
60 |
LOGFILE=$LOGDIR/$NAME.log # Server logfile |
|
61 |
#DAEMONUSER=nfdhcp # Users to run the daemons as. If this value |
|
62 |
# is set start-stop-daemon will chuid the server |
|
63 |
|
|
64 |
# Include defaults if available |
|
65 |
if [ -f /etc/default/$NAME ] ; then |
|
66 |
. /etc/default/$NAME |
|
67 |
fi |
|
68 |
|
|
69 |
# Use this if you want the user to explicitly set 'RUN' in |
|
70 |
# /etc/default/ |
|
71 |
if [ "x$RUN" != "xyes" ] ; then |
|
72 |
log_failure_msg "$NAME disabled, please adjust the configuration to your needs " |
|
73 |
log_failure_msg "and then set RUN to 'yes' in /etc/default/$NAME to enable it." |
|
74 |
exit 1 |
|
75 |
fi |
|
76 |
|
|
77 |
# Check that the user exists (if we set a user) |
|
78 |
# Does the user exist? |
|
79 |
set -e |
|
80 |
|
|
81 |
running_pid() { |
|
82 |
# Check if a given process pid's cmdline matches a given name |
|
83 |
pid=$1 |
|
84 |
name=$2 |
|
85 |
[ -z "$pid" ] && return 1 |
|
86 |
[ ! -d /proc/$pid ] && return 1 |
|
87 |
cmd=`cat /proc/$pid/cmdline | tr "\000" "\n"|head -n 1 |cut -d : -f 1` |
|
88 |
# Is this the expected server |
|
89 |
[ "$cmd" != "$name" ] && return 1 |
|
90 |
return 0 |
|
91 |
} |
|
92 |
|
|
93 |
running() { |
|
94 |
# Check if the process is running looking at /proc |
|
95 |
# (works for all users) |
|
96 |
|
|
97 |
# No pidfile, probably no daemon present |
|
98 |
[ ! -f "$PIDFILE" ] && return 1 |
|
99 |
pid=`cat $PIDFILE` |
|
100 |
running_pid $pid python || return 1 |
|
101 |
return 0 |
|
102 |
} |
|
103 |
|
|
104 |
start_server() { |
|
105 |
start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS |
|
106 |
errcode=$? |
|
107 |
return $errcode |
|
108 |
} |
|
109 |
|
|
110 |
stop_server() { |
|
111 |
killproc -p $PIDFILE $DAEMON |
|
112 |
rrcode=$? |
|
113 |
return $errcode |
|
114 |
} |
|
115 |
|
|
116 |
reload_server() { |
|
117 |
[ ! -f "$PIDFILE" ] && return 1 |
|
118 |
pid=pidofproc $PIDFILE # This is the daemon's pid |
|
119 |
# Send a SIGHUP |
|
120 |
kill -1 $pid |
|
121 |
return $? |
|
122 |
} |
|
123 |
|
|
124 |
force_stop() { |
|
125 |
# Force the process to die killing it manually |
|
126 |
[ ! -e "$PIDFILE" ] && return |
|
127 |
if running ; then |
|
128 |
kill -15 $pid |
|
129 |
# Is it really dead? |
|
130 |
sleep "$DIETIME"s |
|
131 |
if running ; then |
|
132 |
kill -9 $pid |
|
133 |
sleep "$DIETIME"s |
|
134 |
if running ; then |
|
135 |
echo "Cannot kill $NAME (pid=$pid)!" |
|
136 |
exit 1 |
|
137 |
fi |
|
138 |
fi |
|
139 |
fi |
|
140 |
rm -f $PIDFILE |
|
141 |
} |
|
142 |
|
|
143 |
|
|
144 |
case "$1" in |
|
145 |
start) |
|
146 |
log_daemon_msg "Starting $DESC " "$NAME" |
|
147 |
# Check if it's running first |
|
148 |
if running ; then |
|
149 |
log_progress_msg "apparently already running" |
|
150 |
log_end_msg 0 |
|
151 |
exit 0 |
|
152 |
fi |
|
153 |
if start_server ; then |
|
154 |
# NOTE: Some servers might die some time after they start, |
|
155 |
# this code will detect this issue if STARTTIME is set |
|
156 |
# to a reasonable value |
|
157 |
[ -n "$STARTTIME" ] && sleep $STARTTIME # Wait some time |
|
158 |
if running ; then |
|
159 |
# It's ok, the server started and is running |
|
160 |
log_end_msg 0 |
|
161 |
else |
|
162 |
# It is not running after we did start |
|
163 |
log_end_msg 1 |
|
164 |
fi |
|
165 |
else |
|
166 |
# Either we could not start it |
|
167 |
log_end_msg 1 |
|
168 |
fi |
|
169 |
;; |
|
170 |
stop) |
|
171 |
log_daemon_msg "Stopping $DESC" "$NAME" |
|
172 |
if running ; then |
|
173 |
# Only stop the server if we see it running |
|
174 |
errcode=0 |
|
175 |
stop_server || errcode=$? |
|
176 |
log_end_msg $errcode |
|
177 |
else |
|
178 |
# If it's not running don't do anything |
|
179 |
log_progress_msg "apparently not running" |
|
180 |
log_end_msg 0 |
|
181 |
exit 0 |
|
182 |
fi |
|
183 |
;; |
|
184 |
force-stop) |
|
185 |
# First try to stop gracefully the program |
|
186 |
$0 stop |
|
187 |
if running; then |
|
188 |
# If it's still running try to kill it more forcefully |
|
189 |
log_daemon_msg "Stopping (force) $DESC" "$NAME" |
|
190 |
errcode=0 |
|
191 |
force_stop || errcode=$? |
|
192 |
log_end_msg $errcode |
|
193 |
fi |
|
194 |
;; |
|
195 |
restart|force-reload) |
|
196 |
log_daemon_msg "Restarting $DESC" "$NAME" |
|
197 |
errcode=0 |
|
198 |
stop_server || errcode=$? |
|
199 |
# Wait some sensible amount, some server need this |
|
200 |
[ -n "$DIETIME" ] && sleep $DIETIME |
|
201 |
start_server || errcode=$? |
|
202 |
[ -n "$STARTTIME" ] && sleep $STARTTIME |
|
203 |
running || errcode=$? |
|
204 |
log_end_msg $errcode |
|
205 |
;; |
|
206 |
status) |
|
207 |
|
|
208 |
log_daemon_msg "Checking status of $DESC" "$NAME" |
|
209 |
if running ; then |
|
210 |
log_progress_msg "running" |
|
211 |
log_end_msg 0 |
|
212 |
else |
|
213 |
log_progress_msg "apparently not running" |
|
214 |
log_end_msg 1 |
|
215 |
exit 1 |
|
216 |
fi |
|
217 |
;; |
|
218 |
reload) |
|
219 |
log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon" |
|
220 |
log_warning_msg "cannot re-read the config file (use restart)." |
|
221 |
;; |
|
222 |
*) |
|
223 |
N=/etc/init.d/$NAME |
|
224 |
echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2 |
|
225 |
exit 1 |
|
226 |
;; |
|
227 |
esac |
|
228 |
|
|
229 |
exit 0 |
b/hooks/network-remove-post.d/snf-network | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
source /etc/default/snf-network |
|
4 |
|
|
5 |
|
|
6 |
NETFILE=$SHAREDDIR/networks/$NETWORK |
|
7 |
|
|
8 |
rm $NETFILE |
|
9 |
|
/dev/null | ||
---|---|---|
1 |
# IP-less inteface, used to route public IPv4 |
|
2 |
# for Synnefo VMs |
|
3 |
auto eth0.101 |
|
4 |
iface eth0.101 inet manual |
|
5 |
ip-routing-table rt_public |
|
6 |
ip-routes 62.217.123.128/27 |
|
7 |
ip-gateway 62.217.123.129 |
|
8 |
ip-forwarding 1 |
|
9 |
ip-proxy-arp 1 |
|
10 |
arp-ip 62.217.123.158 |
|
11 |
|
|
12 |
#auto eth0.100 |
|
13 |
iface eth0.100 inet manual |
|
14 |
up ip link set eth0.100 up |
|
15 |
|
|
16 |
#auto br100 |
|
17 |
iface br100 inet static |
|
18 |
# needed for being the rooter for the VMs |
|
19 |
address 192.168.100.1 |
|
20 |
netmask 255.255.255.240 |
|
21 |
bridge_ports eth0.100 |
|
22 |
# needed by nfdhcpd to make DHCP responses |
|
23 |
up ip route add 192.168.100.0/28 dev br100 table rt_net100 |
|
24 |
up ip route add default via 192.168.100.1 dev br100 table rt_net100 |
|
25 |
# needed for the VMs to connect to the world |
|
26 |
up iptables -t nat -A POSTROUTING -s 192.168.100.0/28 \! -d 192.168.100.0/28 -j MASQUERADE |
|
27 |
down iptables -t nat -D POSTROUTING -s 192.168.100.0/28 \! -d 192.168.100.0/28 -j MASQUERADE |
|
28 |
bridge_stp off |
|
29 |
bridge_fd 2 |
|
30 |
|
|
31 |
#auto br100:1 |
|
32 |
iface br100:1 inet static |
|
33 |
# needed for being the rooter for the VMs |
|
34 |
address 192.168.101.1 |
|
35 |
netmask 255.255.255.240 |
|
36 |
up ip route add 192.168.101.0/28 dev br100 table rt_net101 |
|
37 |
up ip route add default via 192.168.101.1 dev br100 table rt_net101 |
|
38 |
# needed for the VMs to connect to the world |
|
39 |
up iptables -t nat -A POSTROUTING -s 192.168.101.0/28 \! -d 192.168.101.0/28 -j MASQUERADE |
|
40 |
down iptables -t nat -D POSTROUTING -s 192.168.101.0/28 \! -d 192.168.101.0/28 -j MASQUERADE |
|
41 |
|
b/kvm-vif-bridge | ||
---|---|---|
18 | 18 |
|
19 | 19 |
function routed_setup_ipv4 { |
20 | 20 |
# get the link's default gateway |
21 |
gw=$(ip route list table $TABLE | sed -n 's/default via \([^ ]\+\).*/\1/p' | head -1)
|
|
21 |
gw=$GATEWAY
|
|
22 | 22 |
|
23 | 23 |
# mangle ARPs to come from the gw's IP |
24 | 24 |
arptables -A OUTPUT -o $INTERFACE --opcode request -j mangle --mangle-ip-s "$gw" |
... | ... | |
35 | 35 |
|
36 | 36 |
function routed_setup_ipv6 { |
37 | 37 |
# Add a routing entry for the eui-64 |
38 |
prefix=$(ip -6 route list table $TABLE | awk '/\/64/ {print $1; exit}')
|
|
39 |
uplink=$(ip -6 route list table $TABLE | sed -n 's/default via .* dev \([^ ]\+\).*/\1/p' | head -1)
|
|
38 |
prefix=$SUBNET6
|
|
39 |
uplink=$GATEWAY6
|
|
40 | 40 |
eui64=$($MAC2EUI64 $MAC $prefix) |
41 | 41 |
|
42 | 42 |
while ip -6 rule del dev $INTERFACE; do :; done |
... | ... | |
82 | 82 |
|
83 | 83 |
function setup_nfdhcpd { |
84 | 84 |
umask 022 |
85 |
cat >$NFDHCPD_STATE_DIR/$INTERFACE <<EOF |
|
85 |
FILE=$NFDHCPD_STATE_DIR/$INTERFACE |
|
86 |
cat >$FILE <<EOF |
|
86 | 87 |
IFACE=$1 |
87 | 88 |
IP=$IP |
88 | 89 |
MAC=$MAC |
... | ... | |
90 | 91 |
HOSTNAME=$INSTANCE |
91 | 92 |
TAGS="$TAGS" |
92 | 93 |
EOF |
94 |
if [ -n $GATEWAY ]; then |
|
95 |
echo GATEWAY=$GATEWAY >> $FILE |
|
96 |
fi |
|
97 |
if [ -n $SUBNET ]; then |
|
98 |
echo SUBNET=$SUBNET >> $FILE |
|
99 |
fi |
|
100 |
if [ -n $GATEWAY6 ]; then |
|
101 |
echo GATEWAY6=$GATEWAY6 >> $FILE |
|
102 |
fi |
|
103 |
if [ -n $SUBNET6 ]; then |
|
104 |
echo SUBNET6=$SUBNET6 >> $FILE |
|
105 |
fi |
|
106 |
|
|
93 | 107 |
} |
94 | 108 |
|
95 | 109 |
function clear_ebtables { |
... | ... | |
136 | 150 |
fi |
137 | 151 |
} |
138 | 152 |
|
139 |
#FIXME: import router mac from the config files |
|
140 |
# must know node group!! how??? |
|
141 |
ROUTER_MAC=e4:11:5b:b2:8d:ca |
|
142 |
MAC_MASK=ff:ff:ff:0:0:0 |
|
143 | 153 |
|
144 | 154 |
TABLE=rt_$NETWORK |
145 | 155 |
|
... | ... | |
158 | 168 |
iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP |
159 | 169 |
|
160 | 170 |
routed_setup_ipv4 |
161 |
# routed_setup_ipv6
|
|
162 |
# routed_setup_firewall
|
|
171 |
routed_setup_ipv6 |
|
172 |
routed_setup_firewall |
|
163 | 173 |
setup_nfdhcpd $INTERFACE |
164 | 174 |
clear_ebtables >/dev/null 2>&1 |
165 | 175 |
elif [ "$MODE" = "bridged" ]; then |
/dev/null | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
DIR=/var/lib/snf-network |
|
4 |
NEW_GATEWAY=$1 |
|
5 |
NEW_TYPE=$2 |
|
6 |
NETWORK=$3 |
|
7 |
RT_TABLES=/etc/iproute2/rt_tables |
|
8 |
|
|
9 |
if [ $# -ne 3 ]; then |
|
10 |
echo "$0 <gateway> <private/public> <name>" |
|
11 |
exit 1 |
|
12 |
fi |
|
13 |
|
|
14 |
source /etc/default/snf-network |
|
15 |
|
|
16 |
NETWORK_FILE=$DIR/networks/$NETWORK |
|
17 |
|
|
18 |
source $NETWORK_FILE |
|
19 |
|
|
20 |
OLD_GATEWAY=$GATEWAY |
|
21 |
OLD_TYPE=$TYPE |
|
22 |
|
|
23 |
INTERFACES=$(ls $DIR/interfaces/$NETWORK-*) |
|
24 |
|
|
25 |
|
|
26 |
for IFACES in $INTERFACES ; do |
|
27 |
|
|
28 |
NODEGROUP=$(echo $IFACES | sed 's/.*interfaces.*-//') |
|
29 |
source $DIR/nodegroups/$NODEGROUP |
|
30 |
|
|
31 |
read x VLAN MODE BRIDGE < $INTERFACES |
|
32 |
|
|
33 |
if [ $MODE == "routed" ]; then |
|
34 |
if [ $TYPE == "public" ]; then |
|
35 |
ip route replace default via $GATEWAY dev $VLAN table rt_$NETWORK |
|
36 |
fi |
|
37 |
fi |
|
38 |
|
|
39 |
if [ $MODE == "bridged" ]; then |
|
40 |
if [ ! -z $GATEWAY ]; then |
|
41 |
ip route replace default via $GATEWAY dev $BRIDGE table rt_$NETWORK |
|
42 |
if [ $TYPE == "private" ]; then |
|
43 |
if [ ! -z $ROUTER ]; then |
|
44 |
if [ $(hostname) == $ROUTER ]; then |
|
45 |
NETMASK=$(ipcalc $SUBNET | grep Netmask | awk '{print $4}') |
|
46 |
ip addr del $GATEWAY/$NETMASK dev $BRIDGE |
|
47 |
ip addr add $NEW_GATEWAY/$NETMASK dev $BRIDGE |
|
48 |
fi |
|
49 |
fi |
|
50 |
fi |
|
51 |
fi |
|
52 |
fi |
|
53 |
|
|
54 |
if [ ! -z $NEW_GATEWAY ]; then |
|
55 |
sed -i '/^GATEWAY/ s/=.*/='"$NEW_GATEWAY"'/' $NETWORK_FILE |
|
56 |
fi |
|
57 |
|
|
58 |
if [ ! -z $NEW_TYPE ]; then |
|
59 |
sed -i '/^TYPE/ s/=.*/='"$NEW_TYPE"'/' $NETWORK_FILE |
|
60 |
fi |
|
61 |
|
|
62 |
done |
b/nfdhcpd/nfdhcpd | ||
---|---|---|
116 | 116 |
} |
117 | 117 |
|
118 | 118 |
|
119 |
def parse_routing_table(table="main", family=4): |
|
120 |
""" Parse the given routing table to get connected route, gateway and |
|
121 |
default device. |
|
122 |
|
|
123 |
""" |
|
124 |
ipro = subprocess.Popen(["ip", "-%d" % family, "ro", "ls", |
|
125 |
"table", table], stdout=subprocess.PIPE) |
|
126 |
routes = ipro.stdout.readlines() |
|
127 |
|
|
128 |
def_gw = None |
|
129 |
def_dev = None |
|
130 |
def_net = None |
|
131 |
|
|
132 |
for route in routes: |
|
133 |
# Find the least-specific connected route |
|
134 |
m = re.match("^([\S]+/[\S]+) dev ([\S]+)", route) |
|
135 |
if not m: |
|
136 |
continue |
|
137 |
|
|
138 |
if family == 6 and m.group(1).startswith("fe80:"): |
|
139 |
# Skip link-local declarations in "main" table |
|
140 |
continue |
|
141 |
|
|
142 |
def_net, def_dev = m.groups() |
|
143 |
|
|
144 |
try: |
|
145 |
def_net = IPy.IP(def_net) |
|
146 |
except ValueError, e: |
|
147 |
logging.warn("Unable to parse default route entry %s: %s", |
|
148 |
def_net, str(e)) |
|
149 |
|
|
150 |
for route in routes: |
|
151 |
match = re.match(r'^default.*via ([\S]+).*dev ([\S]+)', route) |
|
152 |
if match: |
|
153 |
def_gw, def_dev = match.groups() |
|
154 |
break |
|
155 |
|
|
156 |
return Subnet(net=def_net, gw=def_gw, dev=def_dev) |
|
157 |
|
|
158 |
|
|
159 | 119 |
def parse_binding_file(path): |
160 | 120 |
""" Read a client configuration from a tap file |
161 | 121 |
|
... | ... | |
171 | 131 |
ips = None |
172 | 132 |
link = None |
173 | 133 |
hostname = None |
134 |
subnet = None |
|
135 |
gateway = None |
|
136 |
subnet6 = None |
|
137 |
gateway6 = None |
|
174 | 138 |
|
175 | 139 |
for line in iffile: |
176 | 140 |
if line.startswith("IP="): |
... | ... | |
184 | 148 |
hostname = line.strip().split("=")[1] |
185 | 149 |
elif line.startswith("IFACE="): |
186 | 150 |
iface = line.strip().split("=")[1] |
187 |
|
|
188 |
return Client(ifname=ifname, mac=mac, ips=ips, link=link, hostname=hostname, iface=iface) |
|
189 |
|
|
151 |
elif line.startswith("SUBNET="): |
|
152 |
subnet = line.strip().split("=")[1] |
|
153 |
elif line.startswith("GATEWAY="): |
|
154 |
gateway = line.strip().split("=")[1] |
|
155 |
elif line.startswith("SUBNET6="): |
|
156 |
subnet6 = line.strip().split("=")[1] |
|
157 |
elif line.startswith("GATEWAY6="): |
|
158 |
gatewa6 = line.strip().split("=")[1] |
|
159 |
|
|
160 |
return Client(ifname=ifname, mac=mac, ips=ips, link=link, |
|
161 |
hostname=hostname,iface=iface, subnet=subnet, |
|
162 |
gateway=gateway, subnet6=subnet6, gateway6=gateway6 ) |
|
190 | 163 |
|
191 | 164 |
class ClientFileHandler(pyinotify.ProcessEvent): |
192 | 165 |
def __init__(self, server): |
... | ... | |
211 | 184 |
|
212 | 185 |
|
213 | 186 |
class Client(object): |
214 |
def __init__(self, ifname=None, mac=None, ips=None, link=None, hostname=None, iface=None): |
|
187 |
def __init__(self, ifname=None, mac=None, ips=None, link=None, |
|
188 |
hostname=None, iface=None, subnet=None, gateway=None, |
|
189 |
subnet6=None, gateway6=None ): |
|
215 | 190 |
self.mac = mac |
216 | 191 |
self.ips = ips |
217 | 192 |
self.hostname = hostname |
218 | 193 |
self.link = link |
219 | 194 |
self.iface = iface |
220 | 195 |
self.ifname = ifname |
196 |
self.subnet = subnet |
|
197 |
self.gateway = gateway |
|
198 |
self.net = Subnet(net=subnet, gw=gateway, dev=ifname) |
|
199 |
self.subnet6 = subnet6 |
|
200 |
self.gateway6 = gateway6 |
|
201 |
self.net6 = Subnet(net=subnet6, gw=gateway6, dev=ifname) |
|
221 | 202 |
|
222 | 203 |
@property |
223 | 204 |
def ip(self): |
... | ... | |
318 | 299 |
self.ipv6_enabled = False |
319 | 300 |
|
320 | 301 |
self.clients = {} |
321 |
self.subnets = {} |
|
302 |
#self.subnets = {}
|
|
322 | 303 |
self.ifaces = {} |
323 |
self.v6nets = {} |
|
304 |
#self.v6nets = {}
|
|
324 | 305 |
self.nfq = {} |
325 | 306 |
self.l2socket = socket.socket(socket.AF_PACKET, |
326 | 307 |
socket.SOCK_RAW, ETH_P_ALL) |
... | ... | |
392 | 373 |
|
393 | 374 |
def build_config(self): |
394 | 375 |
self.clients.clear() |
395 |
self.subnets.clear() |
|
396 | 376 |
|
397 | 377 |
for path in glob.glob(os.path.join(self.data_path, "*")): |
398 | 378 |
self.add_iface(path) |
... | ... | |
475 | 455 |
else: |
476 | 456 |
if binding.is_valid(): |
477 | 457 |
self.clients[binding.mac] = binding |
478 |
self.subnets[binding.link] = parse_routing_table(binding.link) |
|
479 | 458 |
logging.debug("Added client %s on %s", binding.hostname, iface) |
480 | 459 |
self.ifaces[ifindex] = binding.iface |
481 |
self.v6nets[iface] = parse_routing_table(binding.link, 6) |
|
482 | 460 |
|
483 | 461 |
def remove_iface(self, ifname): |
484 | 462 |
""" Cleanup clients on a removed interface |
485 | 463 |
|
486 | 464 |
""" |
487 |
if ifname in self.v6nets: |
|
488 |
del self.v6nets[ifname] |
|
489 |
|
|
490 | 465 |
for mac in self.clients.keys(): |
491 | 466 |
if self.clients[mac].ifname == ifname: |
492 | 467 |
iface = self.client[mac].iface |
... | ... | |
546 | 521 |
resp = Ether(dst=mac, src=self.get_iface_hw_addr(iface))/\ |
547 | 522 |
IP(src=DHCP_DUMMY_SERVER_IP, dst=binding.ip)/\ |
548 | 523 |
UDP(sport=pkt.dport, dport=pkt.sport)/resp |
549 |
subnet = self.subnets[binding.link]
|
|
524 |
subnet = binding.net
|
|
550 | 525 |
|
551 | 526 |
if not DHCP in pkt: |
552 | 527 |
logging.warn("Invalid request from %s on %s, no DHCP" |
... | ... | |
627 | 602 |
return |
628 | 603 |
|
629 | 604 |
ifmac = self.get_iface_hw_addr(iface) |
630 |
subnet = self.v6nets[iface] |
|
605 |
binding = self.clients[ifmac] |
|
606 |
subnet = binding.net6 |
|
631 | 607 |
ifll = subnet.make_ll64(ifmac) |
632 | 608 |
|
633 | 609 |
# Signal the kernel that it shouldn't further process the packet |
... | ... | |
662 | 638 |
return |
663 | 639 |
|
664 | 640 |
ifmac = self.get_iface_hw_addr(iface) |
665 |
subnet = self.v6nets[iface] |
|
641 |
binding = self.clients[ifmac] |
|
642 |
subnet = binding.net6 |
|
666 | 643 |
ifll = subnet.make_ll64(ifmac) |
667 | 644 |
|
668 | 645 |
ns = IPv6(payload.get_data()) |
... | ... | |
703 | 680 |
if not ifmac: |
704 | 681 |
continue |
705 | 682 |
|
706 |
subnet = self.v6nets[iface] |
|
683 |
binding = self.clients[ifmac] |
|
684 |
subnet = binding.net6 |
|
707 | 685 |
if subnet.net is None: |
708 | 686 |
logging.debug("Skipping periodic RA on interface %s," |
709 | 687 |
" as it is not IPv6-connected", iface) |
b/nfdhcpd/nfdhcpd.conf | ||
---|---|---|
1 | 1 |
## nfdhcpd sample configuration file |
2 | 2 |
## General options |
3 | 3 |
[general] |
4 |
pidfile = /var/run/nfdhcpd.pid |
|
4 |
pidfile = /var/run/nfdhcpd/nfdhcpd.pid
|
|
5 | 5 |
datapath = /var/lib/nfdhcpd # Where the client configuration will be read from |
6 | 6 |
logdir = /var/log/nfdhcpd # Where to write our logs |
7 | 7 |
user = nobody # An unprivileged user to run as |
... | ... | |
14 | 14 |
server_ip = 192.0.2.1 |
15 | 15 |
dhcp_queue = 42 # NFQUEUE number to listen on for DHCP requests |
16 | 16 |
# IPv4 nameservers to include in DHCP responses |
17 |
nameservers = 192.0.2.2, 192.0.2.3
|
|
17 |
nameservers = 194.177.210.210, 194.177.210.10
|
|
18 | 18 |
|
19 | 19 |
## IPv6-related functionality |
20 | 20 |
[ipv6] |
/dev/null | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
DIR=/var/lib/snf-network |
|
4 |
NAME=$1 |
|
5 |
RT_TABLES=/etc/iproute2/rt_tables |
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
if [ $# -ne 1 ]; then |
|
10 |
echo "$0 <name>" |
|
11 |
exit 1 |
|
12 |
fi |
|
13 |
|
|
14 |
# remove old entry |
|
15 |
sed -i '/rt_'"$NAME"'$/ d' $RT_TABLES |
|
16 |
|
|
17 |
rm $DIR/networks/$NAME |
b/snf-network-enable | ||
---|---|---|
1 |
#!/bin/bash |
|
2 |
|
|
3 |
function get_value { |
|
4 |
|
|
5 |
eval def=\$$1 |
|
6 |
read -p "$1? [$def] " x |
|
7 |
if [ -n "$x" ]; then eval $1="$x"; fi |
|
8 |
|
|
9 |
} |
|
10 |
|
|
11 |
|
|
12 |
DEFAULT=/etc/default/snf-network |
|
13 |
|
|
14 |
CONF=/etc/snf-network/snf-network.conf |
|
15 |
|
|
16 |
source $CONF |
|
17 |
source $DEFAULT |
|
18 |
|
|
19 |
|
|
20 |
if [ ! -e $SHAREDDIR ]; then |
|
21 |
mkdir $SHAREDDIR |
|
22 |
mkdir $SHAREDDIR/networks |
|
23 |
mkdir $SHAREDDIR/infra |
|
24 |
mkdir $SHAREDDIR/interfaces |
|
25 |
mkdir $SHAREDDIR/mappings |
|
26 |
fi |
|
27 |
|
|
28 |
#if [ -z "$(grep nfdhcpd.ferm /etc/ferm/ferm.conf)" ]; then |
|
29 |
# echo @include 'nfdhcpd.ferm'; >> /etc/ferm/ferm.conf |
|
30 |
# /etc/init.d/ferm restart |
|
31 |
#fi |
|
32 |
|
|
33 |
|
|
34 |
cd $SHAREDDIR/infra/ |
|
35 |
|
|
36 |
for nodegroup in $NODEGROUPS; do |
|
37 |
source $DEFAULT |
|
38 |
echo Group: $nodegroup |
|
39 |
get_value ROUTER |
|
40 |
get_value ROUTER_MAC |
|
41 |
get_value MAC_MASK |
|
42 |
get_value PUBLIC_INTERFACE |
|
43 |
get_value PUBLIC_BRIDGE |
|
44 |
get_value PUBLIC_VLAN |
|
45 |
get_value PRIVATE_VLAN |
|
46 |
get_value PRIVATE_BRIDGE |
|
47 |
get_value MASQ_VLAN |
|
48 |
get_value MASQ_BRIDGE |
|
49 |
cat > $nodegroup <<EOF |
|
50 |
ROUTER=$ROUTER |
|
51 |
ROUTER_MAC=$ROUTER_MAC |
|
52 |
MAC_MASK=$MAC_MASK |
|
53 |
PUBLIC_INTERFACE=$PUBLIC_INTERFACE |
|
54 |
PUBLIC_BRIDGE=$PUBLIC_BRIDGE |
|
55 |
PUBLIC_VLAN=$PUBLIC_VLAN |
|
56 |
PRIVATE_VLAN=$PRIVATE_VLAN |
|
57 |
PRIVATE_BRIDGE=$PRIVATE_BRIDGE |
|
58 |
MASQ_VLAN=$MASQ_VLAN |
|
59 |
MASQ_BRIDGE=$MASQ_BRIDGE |
|
60 |
EOF |
|
61 |
done |
|
62 |
|
|
63 |
|
|
64 |
for node in $NODES; do |
|
65 |
echo Node: $node |
|
66 |
NODEGROUP=default |
|
67 |
get_value NODEGROUP |
|
68 |
ln -s $NODEGROUP $node |
|
69 |
done |
b/snf-network.conf | ||
---|---|---|
1 |
NODEGROUPS="default" |
|
2 |
|
|
3 |
NODES="dev88 dev89" |
/dev/null | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
# |
|
3 |
|
|
4 |
add_vlan() { |
|
5 |
if [ -n "`echo -n "$1" | tr -d '[0-9]'`" ]; then |
|
6 |
echo "Invalid vlan tag $1" |
|
7 |
exit 1 |
|
8 |
fi |
|
9 |
|
|
10 |
vlan=$1 |
|
11 |
ifce=$2 |
|
12 |
|
|
13 |
if [ -d "/sys/class/net/vlan${vlan}/bridge" ]; then |
|
14 |
echo "Vlan $vlan already configured" |
|
15 |
exit 0 |
|
16 |
fi |
|
17 |
|
|
18 |
if ( grep -q "iface vlan${vlan}$" /etc/network/interfaces ); then |
|
19 |
echo "Vlan $vlan configured but down, bringing up" |
|
20 |
else |
|
21 |
echo "Adding vlan $vlan to /etc/network/interfaces" |
|
22 |
cat >>/etc/network/interfaces <<EOF |
|
23 |
auto vlan${vlan} |
|
24 |
iface vlan${vlan} inet manual |
|
25 |
bridge_ports ${ifce}.${vlan} |
|
26 |
bridge_stp off |
|
27 |
bridge_maxwait 0 |
|
28 |
bridge_fd 0 |
|
29 |
|
|
30 |
EOF |
|
31 |
fi |
|
32 |
|
|
33 |
/sbin/ifup "vlan${vlan}" >/dev/null 2>&1 |
|
34 |
exit 0 |
|
35 |
} |
|
36 |
|
|
37 |
list_vlans() { |
|
38 |
for iface in /sys/class/net/vlan*; do |
|
39 |
if [ -d "$iface/bridge" ]; then |
|
40 |
vlan=`basename "$iface"` |
|
41 |
( grep -q "iface $vlan$" /etc/network/interfaces ) |
|
42 |
if [ $? == 0 ]; then |
|
43 |
echo "${vlan##vlan}" |
|
44 |
else |
|
45 |
echo "${vlan##vlan} (unconfigured)" |
|
46 |
fi |
|
47 |
fi |
|
48 |
done |
|
49 |
|
|
50 |
} |
|
51 |
|
|
52 |
case "$1" in |
|
53 |
add) |
|
54 |
if [ x"$3" != x"" ]; then |
|
55 |
ifce=$3 |
|
56 |
else |
|
57 |
ifce="bond0" |
|
58 |
fi |
|
59 |
add_vlan "$2" "$ifce" |
|
60 |
;; |
|
61 |
remove) |
|
62 |
remove_vlan "$2" |
|
63 |
;; |
|
64 |
list) |
|
65 |
list_vlans |
|
66 |
;; |
|
67 |
*) |
|
68 |
echo "Usage: vlan (add number [ifce="bond0"]|remove number|list)" |
|
69 |
;; |
|
70 |
esac; |
|
71 |
|
Also available in: Unified diff