Statistics
| Branch: | Tag: | Revision:

root / nfdhcpd @ 07c8990f

History | View | Annotate | Download (41.5 kB)

# Date Author Comment
07c8990f 02/18/2014 02:45 pm Dimitris Aragiorgis

dhcp6: return if no IPv6 network attached to tap

Signed-off-by: Dimitris Aragiorgis <>

7b0ebdd0 02/05/2014 07:37 pm Dimitris Aragiorgis

Provide DNS Search List in DHCH6_Reply

In case of an IPv6 only VM we have to serve a Domain Search List
so that Windows VM can find the kms server by issuing:

nslookup -type=srv _vlmcs._tcp

An extra config option in ipv6 section is added; domains
This is a list of search domains included in DHCP6_Reply....

06e6d9bc 01/17/2014 07:54 pm Dimitris Aragiorgis

Support ra-stateless IPv6 configuration

This means that IPv6 will be auto-configured but DNS info
will be obtained via DHCPv6 requests.

With other words our router advertisements have the "O" flag set
and we add another handler that serves DHCPv6 requests by...

fac9f928 12/16/2013 11:14 am Dimitris Aragiorgis

Allow binding files without IP entry

This is needed for NIC that obtain only IPv6.

Signed-off-by: Dimitris Aragiorgis <>

09f11926 10/02/2013 01:51 pm Dimitris Aragiorgis

Some pylint fixes

Signed-off-by: Dimitris Aragiorgis <>

9aa2fbe7 10/02/2013 01:04 pm Dimitris Aragiorgis

Support nfqueue of squeeze and wheezy

Support both callback function signatures.

Signed-off-by: Dimitris Aragiorgis <>

fd7ca450 10/04/2012 11:16 pm Dimitris Aragiorgis

One socket per client and few logging fixes

Signed-off-by: Dimitris Aragiorgis <>

3f442273 10/04/2012 04:39 pm Dimitris Aragiorgis

process_pending(num) depending on nfqueue

dhcp - process_pending(5000)
rs - process_pending(10)
ns - process_pending(10)

Signed-off-by: Dimitris Aragiorgis <>

b8b91462 10/04/2012 03:22 pm Dimitris Aragiorgis

Minor changes in logging and process_pending(10)

Signed-off-by: Dimitris Aragiorgis <>

40a561a7 10/03/2012 05:59 pm Dimitris Aragiorgis

Add handler for SIGUSR1 to show current state

Signed-off-by: Dimitris Aragiorgis <>

0a2aed6e 10/03/2012 01:27 pm Dimitris Aragiorgis

Change RotatingFileHAndler to WatchedFileHandler

Signed-off-by: Dimitris Aragiorgis <>

de311515 09/23/2012 04:10 pm Dimitris Aragiorgis

Change id before becoming a daemon

This will create a logfile with proper permitions and the RotatingFileHandler
will not produce any error when bytes exceed maxBytes.

Signed-off-by: Dimitris Aragiorgis <>

b53b8522 09/21/2012 01:03 pm Vangelis Koukis

Only set executable name with python-setproctitle

Cannot set individual values for arguments using python-setproctitle.
See https://code.google.com/p/py-setproctitle/issues/detail?id=23&can=1.

856268f2 09/21/2012 12:24 pm Vangelis Koukis

Change process title to simplify 'ps' display

Use python-setproctitle to change the process title
of the running daemon. Make it appear as a native executable
to simplify administration.

0fbb25c0 09/17/2012 05:49 pm Dimitris Aragiorgis

Nice logging

Signed-off-by: Dimitris Aragiorgis <>

ca7b6d21 09/17/2012 05:49 pm Dimitris Aragiorgis

Fix a bug related to capng_update()

We need to update CAP_NET_RAW, CAP_NET_ADMIN separetly.

Signed-off-by: Dimitris Aragiorgis <>

3cbc1569 09/12/2012 01:40 pm Vangelis Koukis

Fix two minor typos in debug messages

8d3dcc3b 09/11/2012 05:48 pm Dimitris Aragiorgis

Fix bug that causes nfdhcpd to freeze

nfdhcpd opens a socket during init. socket.send() blocks in case
SO_SNDBUF is full. This might happen when packages are pushed to
buffer but never consumed (e.g. VM is shuting down).

To fix this we use non-blocking send with MSG_DONTWAIT and catch...

0cca7143 09/06/2012 05:19 pm Christos Stavrakakis

Fix two more logs

764f829a 09/06/2012 04:56 pm Christos Stavrakakis

Improve log msgs

98b1900a 09/06/2012 04:56 pm Christos Stavrakakis

Fix bug in log msg

d7b852fd 09/06/2012 04:35 pm Christos Stavrakakis

Add umask inside daemon context

883eb77e 09/06/2012 03:04 pm Dimitris Aragriorgs

Add try-except in DaemonContext.open()

It catches locking exceptions.

Signed-off-by: Dimitris Aragriorgs <>

0c650606 09/05/2012 03:02 pm Dimitris Aragriorgs

Fix previous commit concerning pidfile

Signed-off-by: Dimitris Aragriorgs <>

b526f9ae 09/05/2012 02:31 pm Stratos Psomadakis

Catch IPy exceptions for invalid networks/subnets

Signed-off-by: Stratos Psomadakis <>

d9361b6e 08/31/2012 12:24 am Dimitris Aragriorgs

Remove stale pid lock file

Signed-off-by: Dimitris Aragriorgs <>

4a3ed624 08/07/2012 08:35 pm Dimitris Aragiorgis

In case of make_ll64 fails return

Signed-off-by: Dimitris Aragiorgis <>

3596e9b6 08/07/2012 06:15 pm Dimitris Aragiorgis

Add try: except: in places of possible exceptions

pkt.lladdr
ns.lladdr
sendp

Signed-off-by: Dimitris Aragiorgis <>

f54e48af 08/07/2012 05:38 pm Dimitris Aragiorgis

Refactor nfdhcpd to support get_physindev()

If get_physindev is supported in nfqueue then the clients are indexed
by their tap ifindex. If not then clients are indexed by their macs.

Signed-off-by: Dimitris Aragiorgis <>

d2c81e80 08/06/2012 04:41 pm Dimitris Aragiorgis

Add nice debug messages for nfdhcpd clients

Signed-off-by: Dimitris Aragiorgis <>

7d38c21d 07/19/2012 08:19 pm Dimitris Aragiorgis

Reapply option for serving domain

Signed-off-by: Dimitris Aragiorgis <>

de1a1bb2 07/03/2012 01:13 pm Dimitris Aragiorgis

Refactor nfdhcp

Get all info from binding file. Do not parse routing tables. Keep
track of clients depending on their mac. Support clients connected
on bridges. Insteed of patching NFQUEUE add new slot in bindings
that shows the physical device the incomming request originates (tap)....

dfe6cc3b 04/02/2012 09:57 am Costas Drogos

Small typo introduced on df3e8face1cf

26ba9dba 03/28/2012 01:28 am Costas Drogos

Option for serving domain from nfdhcpd to clients

On some occasions the clients do not send an fqdn as hostname,
so another way to send a domain is needed.
For that, a new optional config directive is introduced, called
"domain", as a way to hardcode the domain we serve....
df3e8fac 10/12/2011 05:37 pm Vangelis Koukis

Handle pidfile properly, redirect stderr in daemon

Handle pidfile creation properly, as part of daemonization process.
Parse config file and setup logging before daemonization.
Redirect stderr to logfile upon daemonization, otherwise numerous
unexpected exceptions get lost.

feca7bb9 06/03/2011 12:13 pm Apollon Oikonomopoulos

Enable logging of unhandled exceptions

Use the traceback module to log unhandled exceptions to the logfile when
running as a daemon.

Signed-off-by: Apollon Oikonomopoulos <>

b0b3ad51 06/03/2011 12:13 pm Apollon Oikonomopoulos

Do not send periodic RAs on IPv6-less interfaces

Ignore interfaces with no IPv6 subnets on the respective routing tables and log
a debug message.

Signed-off-by: Apollon Oikonomopoulos <>

4c042e71 06/03/2011 11:53 am Apollon Oikonomopoulos

Ignore requests on unknown interfaces

We ignore requests on interfaces we don't have any information about.
Furthermore, we set a verdict of ACCEPT on these packets and let the kernel
handle them.

Signed-off-by: Apollon Oikonomopoulos <>

61739de0 03/22/2011 07:41 pm Apollon Oikonomopoulos

Ignore link-local IPv6 routing table entries

If we have a client on the "main" routing table, then we must ignore all IPv6
link-local subnet declarations that appear in this routing table, possibly
"masking out" the intended network route.

Signed-off-by: Apollon Oikonomopoulos <>

a2eba3d0 03/21/2011 09:46 pm Apollon Oikonomopoulos

Fix error handling during binding file parsing

In case something went wrong during parse_binding_file, return None instead
of an obsolete tuple.

Signed-off-by: Apollon Oikonomopoulos <>

36e1175b 03/14/2011 02:20 pm Apollon Oikonomopoulos

Clean up resources upon exit

Wrap the main loop in a try..finally statement, calling our cleanup handler to
free all obtained resources.

Signed-off-by: Apollon Oikonomopoulos <>

68da8f20 03/14/2011 02:05 pm Apollon Oikonomopoulos

Handle the AF_PACKET socket instead of using scapy

Implement our own sendp() method, which has the following benefits:

  • Keep a single socket and re-use it for all outgoing packets
  • Speed up send operations by 2x
  • Get rid of CAP_NET_RAW as we setup the socket during initialization...
18142d8d 03/11/2011 05:27 pm Apollon Oikonomopoulos

Also keep CAP_NET_ADMIN for nfqueue verdicts

This is needed for nfqueue to work properly. Without this, the kernel
never acknowledges the verdicts we set, the queue fills up and the
kernel drops packets. Worst of all, this happens completely silently.

Signed-off-by: Apollon Oikonomopoulos <>

c6341392 03/11/2011 03:02 pm Apollon Oikonomopoulos

Fix nasty typo in parse_routing_table

It was meant to be re.group and not re.group*s* all along.

Signed-off-by: Apollon Oikonomopoulos <>

c01dec04 03/11/2011 02:41 pm Apollon Oikonomopoulos

Disable pylint warning for inotify handler methods

The name form for these methods is mandated by pyinotify itself,
so there's nothing we can do about it.

Signed-off-by: Apollon Oikonomopoulos <>

6765a36f 03/11/2011 02:25 pm Apollon Oikonomopoulos

Major code refactoring

Refactor code to meet pylint's recommendations

  • Pass format string arguments as such in logging functions
  • Move parse_binding_file and parse_routing_table to top-level functions
  • Clean-up imports
  • Update docstrings

Signed-off-by: Apollon Oikonomopoulos <>

c63ad0e2 03/11/2011 01:12 pm Apollon Oikonomopoulos

Fix typo (vaildate -> validate)

Signed-off-by: Apollon Oikonomopoulos <>

0679a724 03/11/2011 01:11 pm Apollon Oikonomopoulos

Code refactoring to remove overlong lines

Signed-off-by: Apollon Oikonomopoulos <>

810a20fa 03/11/2011 01:08 pm Apollon Oikonomopoulos

Improve error handling

Catch and handle specific exception families where possible and provide
additional information.

Signed-off-by: Apollon Oikonomopoulos <>

7a7b8554 12/03/2010 04:15 pm Apollon Oikonomopoulos

Merge previous changes

Conflicts:
nfdhcpd: merge

Signed-off-by: Apollon Oikonomopoulos <>

30dd1f9e 12/03/2010 03:55 pm Apollon Oikonomopoulos

Implement IPv6 RDNSS

Add support for ICMPv6 RDNSS (RFC 5006) to advertise DNS servers over ICMPv6
router advertisements.

Signed-off-by: Apollon Oikonomopoulos <>

0be961fb 12/03/2010 03:54 pm Apollon Oikonomopoulos

DHCP: use nameservers from config

Use the DNS servers from the config file for DHCP replies.

Signed-off-by: Apollon Oikonomopoulos <>

31d21144 12/03/2010 03:34 pm Apollon Oikonomopoulos

Disable sending periodic RAs when IPv6 is disabled

Disabling IPv6 from the configuration file causes the server to not respond to
NS and RS, however it still tried to send out periodic RAs (which was a noop).
We explicitly set the timeout of select() to None to avoid this, when IPv6 is...

651e531d 12/03/2010 03:24 pm Apollon Oikonomopoulos

Add configurationf file validation

Add a specification of the configuration file and runtime validation, using
configobj's validate.Validator and custom checks for the nameserver lists.

Signed-off-by: Apollon Oikonomopoulos <>

ea915b1a 12/03/2010 02:27 pm Apollon Oikonomopoulos

Add configuration file support

Add configuration file parsing using python-configobj. All command line options
except -d and -f have been moved to the configuration file.

A sample configuration file with all accepted options has been added as well.

Warning: validation and type casting is still missing....

f2c7bb76 11/16/2010 07:23 pm Apollon Oikonomopoulos

Open the logfile after changing uid and set umask

Set the process' umask in daemon.DaemonContext to 0022 (default was
0).

Open the logfile after dropping privileges, so that it is created with
proper perimissions (this also ensures that log rotation will work)....

41a0f754 11/16/2010 03:31 pm Apollon Oikonomopoulos

Refactor the main loop code and increase RA period

Increase RA period to 300s by default

Refactor the main loop to check only once for timeout expiration. This
fixes spurious RA emission because we forgot to properly reset the
start timer.

Signed-off-by: Apollon Oikonomopoulos <>

83027c6b 11/15/2010 09:13 pm Apollon Oikonomopoulos

Use a separate thread for periodic RAs

Periodic RAs can take a long time with many interfaces. The bottleneck
seems to lie in bind() send send() with AF_PACKET sockets. So, we spawn
a separate thread to be able to handle requests in the mean time.

Signed-off-by: Apollon Oikonomopoulos <>

948d4918 11/15/2010 09:12 pm Apollon Oikonomopoulos

Gracefully handle ICMPv6 NS w/o SrcLLAddr option

Neighbour solicitations sent during interface configuration do not
include a Source Link-Layer Address option. We ignore them as we
shouldn't (and can't) reply anyway.

Signed-off-by: Apollon Oikonomopoulos <>

bf84c4a5 11/15/2010 08:22 pm Apollon Oikonomopoulos

Warn on NFQUEUE exception

Warn if anything goes wrong during select()

Signed-off-by: Apollon Oikonomopoulos <>

519ec23c 11/15/2010 08:21 pm Apollon Oikonomopoulos

Whitespace cleanup

Signed-off-by: Apollon Oikonomopoulos <>

6ca53b5c 11/15/2010 08:20 pm Apollon Oikonomopoulos

Gracefully handle dead interfaces on periodic RA

Remove any interfaces that are not there during periodic RA emission.

Signed-off-by: Apollon Oikonomopoulos <>

37dd77bb 11/15/2010 12:50 pm Apollon Oikonomopoulos

Rename nfdhcp.py to nfdhcpd

Signed-off-by: Apollon Oikonomopoulos <>