History | View | Annotate | Download (41.5 kB)
dhcp6: return if no IPv6 network attached to tap
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Provide DNS Search List in DHCH6_Reply
In case of an IPv6 only VM we have to serve a Domain Search Listso that Windows VM can find the kms server by issuing:
nslookup -type=srv _vlmcs._tcp
An extra config option in ipv6 section is added; domainsThis is a list of search domains included in DHCP6_Reply....
Support ra-stateless IPv6 configuration
This means that IPv6 will be auto-configured but DNS infowill be obtained via DHCPv6 requests.
With other words our router advertisements have the "O" flag setand we add another handler that serves DHCPv6 requests by...
Allow binding files without IP entry
This is needed for NIC that obtain only IPv6.
Some pylint fixes
Support nfqueue of squeeze and wheezy
Support both callback function signatures.
One socket per client and few logging fixes
process_pending(num) depending on nfqueue
dhcp - process_pending(5000)rs - process_pending(10)ns - process_pending(10)
Minor changes in logging and process_pending(10)
Add handler for SIGUSR1 to show current state
Change RotatingFileHAndler to WatchedFileHandler
Change id before becoming a daemon
This will create a logfile with proper permitions and the RotatingFileHandlerwill not produce any error when bytes exceed maxBytes.
Only set executable name with python-setproctitle
Cannot set individual values for arguments using python-setproctitle.See https://code.google.com/p/py-setproctitle/issues/detail?id=23&can=1.
Change process title to simplify 'ps' display
Use python-setproctitle to change the process titleof the running daemon. Make it appear as a native executableto simplify administration.
Nice logging
Fix a bug related to capng_update()
We need to update CAP_NET_RAW, CAP_NET_ADMIN separetly.
Fix two minor typos in debug messages
Fix bug that causes nfdhcpd to freeze
nfdhcpd opens a socket during init. socket.send() blocks in caseSO_SNDBUF is full. This might happen when packages are pushed tobuffer but never consumed (e.g. VM is shuting down).
To fix this we use non-blocking send with MSG_DONTWAIT and catch...
Fix two more logs
Improve log msgs
Fix bug in log msg
Add umask inside daemon context
Add try-except in DaemonContext.open()
It catches locking exceptions.
Signed-off-by: Dimitris Aragriorgs <dimara@grnet.gr>
Fix previous commit concerning pidfile
Catch IPy exceptions for invalid networks/subnets
Signed-off-by: Stratos Psomadakis <psomas@grnet.gr>
Remove stale pid lock file
In case of make_ll64 fails return
Add try: except: in places of possible exceptions
pkt.lladdrns.lladdrsendp
Refactor nfdhcpd to support get_physindev()
If get_physindev is supported in nfqueue then the clients are indexedby their tap ifindex. If not then clients are indexed by their macs.
Add nice debug messages for nfdhcpd clients
Reapply option for serving domain
Refactor nfdhcp
Get all info from binding file. Do not parse routing tables. Keeptrack of clients depending on their mac. Support clients connectedon bridges. Insteed of patching NFQUEUE add new slot in bindingsthat shows the physical device the incomming request originates (tap)....
Small typo introduced on df3e8face1cf
Option for serving domain from nfdhcpd to clients
On some occasions the clients do not send an fqdn as hostname, so another way to send a domain is needed.
For that, a new optional config directive is introduced, called "domain", as a way to hardcode the domain we serve....
Handle pidfile properly, redirect stderr in daemon
Handle pidfile creation properly, as part of daemonization process.Parse config file and setup logging before daemonization.Redirect stderr to logfile upon daemonization, otherwise numerousunexpected exceptions get lost.
Enable logging of unhandled exceptions
Use the traceback module to log unhandled exceptions to the logfile whenrunning as a daemon.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Do not send periodic RAs on IPv6-less interfaces
Ignore interfaces with no IPv6 subnets on the respective routing tables and loga debug message.
Ignore requests on unknown interfaces
We ignore requests on interfaces we don't have any information about.Furthermore, we set a verdict of ACCEPT on these packets and let the kernelhandle them.
Ignore link-local IPv6 routing table entries
If we have a client on the "main" routing table, then we must ignore all IPv6link-local subnet declarations that appear in this routing table, possibly"masking out" the intended network route.
Fix error handling during binding file parsing
In case something went wrong during parse_binding_file, return None insteadof an obsolete tuple.
Clean up resources upon exit
Wrap the main loop in a try..finally statement, calling our cleanup handler tofree all obtained resources.
Handle the AF_PACKET socket instead of using scapy
Implement our own sendp() method, which has the following benefits:
Also keep CAP_NET_ADMIN for nfqueue verdicts
This is needed for nfqueue to work properly. Without this, the kernelnever acknowledges the verdicts we set, the queue fills up and thekernel drops packets. Worst of all, this happens completely silently.
Fix nasty typo in parse_routing_table
It was meant to be re.group and not re.group*s* all along.
Disable pylint warning for inotify handler methods
The name form for these methods is mandated by pyinotify itself,so there's nothing we can do about it.
Major code refactoring
Refactor code to meet pylint's recommendations
Fix typo (vaildate -> validate)
Code refactoring to remove overlong lines
Improve error handling
Catch and handle specific exception families where possible and provideadditional information.
Merge previous changes
Conflicts: nfdhcpd: merge
Implement IPv6 RDNSS
Add support for ICMPv6 RDNSS (RFC 5006) to advertise DNS servers over ICMPv6router advertisements.
DHCP: use nameservers from config
Use the DNS servers from the config file for DHCP replies.
Disable sending periodic RAs when IPv6 is disabled
Disabling IPv6 from the configuration file causes the server to not respond toNS and RS, however it still tried to send out periodic RAs (which was a noop).We explicitly set the timeout of select() to None to avoid this, when IPv6 is...
Add configurationf file validation
Add a specification of the configuration file and runtime validation, usingconfigobj's validate.Validator and custom checks for the nameserver lists.
Add configuration file support
Add configuration file parsing using python-configobj. All command line optionsexcept -d and -f have been moved to the configuration file.
A sample configuration file with all accepted options has been added as well.
Warning: validation and type casting is still missing....
Open the logfile after changing uid and set umask
Set the process' umask in daemon.DaemonContext to 0022 (default was0).
Open the logfile after dropping privileges, so that it is created withproper perimissions (this also ensures that log rotation will work)....
Refactor the main loop code and increase RA period
Increase RA period to 300s by default
Refactor the main loop to check only once for timeout expiration. Thisfixes spurious RA emission because we forgot to properly reset thestart timer.
Use a separate thread for periodic RAs
Periodic RAs can take a long time with many interfaces. The bottleneckseems to lie in bind() send send() with AF_PACKET sockets. So, we spawna separate thread to be able to handle requests in the mean time.
Gracefully handle ICMPv6 NS w/o SrcLLAddr option
Neighbour solicitations sent during interface configuration do notinclude a Source Link-Layer Address option. We ignore them as weshouldn't (and can't) reply anyway.
Warn on NFQUEUE exception
Warn if anything goes wrong during select()
Whitespace cleanup
Gracefully handle dead interfaces on periodic RA
Remove any interfaces that are not there during periodic RA emission.
Rename nfdhcp.py to nfdhcpd