Bump version to 0.12.3
Merge branch 'develop'
Change logging to be more informative
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>
Update release in docs
Add debug section in docs
Fixes in docs/conf.py to comply with synnefo
Bump version to 0.12.2
Print eui64 too while printing clients
ra: Set O=1 in periodic RA too
..so that rs responses (RA) and periodic ra are identical. Otherwisesome OSes seem to lose already obtained DNS configuration afterreceiving an RA with O flag unset.
dhcp6: return if no IPv6 network attached to tap
Add doc section
Bump version to 0.12.1
Provide DNS Search List in DHCH6_Reply
In case of an IPv6 only VM we have to serve a Domain Search Listso that Windows VM can find the kms server by issuing:
nslookup -type=srv _vlmcs._tcp
An extra config option in ipv6 section is added; domainsThis is a list of search domains included in DHCP6_Reply....
Bump version to 0.12.0
Introduce a helper script to analyze tcpdumps
1) # tcpdump -i tap10 -vvv -w tcpdump.pcap to save capture in a tmp file2) # python analyze_pcap.py tcpdump.pcap to see on-liner logs3) # python analyze_pcap.py tcpdump.pcap -n 14 to see a packet's details...
Support ra-stateless IPv6 configuration
This means that IPv6 will be auto-configured but DNS infowill be obtained via DHCPv6 requests.
With other words our router advertisements have the "O" flag setand we add another handler that serves DHCPv6 requests by...
Bump version to 0.11.8
Allow binding files without IP entry
This is needed for NIC that obtain only IPv6.
Bump version to 0.11.7
Conflicts: version
Some pylint fixes
Support nfqueue of squeeze and wheezy
Support both callback function signatures.
Bump version to 0.11.6next
Bump version to 0.11.6
Use devflow
Revert "Change nameservers in nfdhcpd.conf"
This reverts commit be1030abdbce3fb12eb9682c7260b55c31786fa2.
All IPv4 and IPv6 examples should use the documentation/testranges, seehttps://tools.ietf.org/html/rfc5737 andhttps://tools.ietf.org/html/rfc3849....
One socket per client and few logging fixes
process_pending(num) depending on nfqueue
dhcp - process_pending(5000)rs - process_pending(10)ns - process_pending(10)
Minor changes in logging and process_pending(10)
Add handler for SIGUSR1 to show current state
Add logrotate file
Change RotatingFileHAndler to WatchedFileHandler
Change id before becoming a daemon
This will create a logfile with proper permitions and the RotatingFileHandlerwill not produce any error when bytes exceed maxBytes.
Only set executable name with python-setproctitle
Cannot set individual values for arguments using python-setproctitle.See https://code.google.com/p/py-setproctitle/issues/detail?id=23&can=1.
Change process title to simplify 'ps' display
Use python-setproctitle to change the process titleof the running daemon. Make it appear as a native executableto simplify administration.
Nice logging
Fix a bug related to capng_update()
We need to update CAP_NET_RAW, CAP_NET_ADMIN separetly.
Fix two minor typos in debug messages
Fix bug that causes nfdhcpd to freeze
nfdhcpd opens a socket during init. socket.send() blocks in caseSO_SNDBUF is full. This might happen when packages are pushed tobuffer but never consumed (e.g. VM is shuting down).
To fix this we use non-blocking send with MSG_DONTWAIT and catch...
Fix two more logs
Improve log msgs
Fix bug in log msg
Add umask inside daemon context
Add try-except in DaemonContext.open()
It catches locking exceptions.
Signed-off-by: Dimitris Aragriorgs <dimara@grnet.gr>
Fix previous commit concerning pidfile
Catch IPy exceptions for invalid networks/subnets
Signed-off-by: Stratos Psomadakis <psomas@grnet.gr>
Remove stale pid lock file
In case of make_ll64 fails return
Add try: except: in places of possible exceptions
pkt.lladdrns.lladdrsendp
Refactor nfdhcpd to support get_physindev()
If get_physindev is supported in nfqueue then the clients are indexedby their tap ifindex. If not then clients are indexed by their macs.
Add nice debug messages for nfdhcpd clients
Change ferm
Mangle packets comming from tap+ and prv+ devices
Reapply option for serving domain
Change nfdhcpd.ferm to support bridged clients
Mangle packets comming from all interfaces and not only from taps
Change nameservers in nfdhcpd.conf
Refactor nfdhcp
Get all info from binding file. Do not parse routing tables. Keeptrack of clients depending on their mac. Support clients connectedon bridges. Insteed of patching NFQUEUE add new slot in bindingsthat shows the physical device the incomming request originates (tap)....
Changed pidfile location in configfile by vkoukis
Small typo introduced on df3e8face1cf
Option for serving domain from nfdhcpd to clients
On some occasions the clients do not send an fqdn as hostname, so another way to send a domain is needed.
For that, a new optional config directive is introduced, called "domain", as a way to hardcode the domain we serve....
mac2eui64: exit on an invalid IPv6 prefix
Handle pidfile properly, redirect stderr in daemon
Handle pidfile creation properly, as part of daemonization process.Parse config file and setup logging before daemonization.Redirect stderr to logfile upon daemonization, otherwise numerousunexpected exceptions get lost.
Enable logging of unhandled exceptions
Use the traceback module to log unhandled exceptions to the logfile whenrunning as a daemon.
Signed-off-by: Apollon Oikonomopoulos <apollon@noc.grnet.gr>
Do not send periodic RAs on IPv6-less interfaces
Ignore interfaces with no IPv6 subnets on the respective routing tables and loga debug message.
Ignore requests on unknown interfaces
We ignore requests on interfaces we don't have any information about.Furthermore, we set a verdict of ACCEPT on these packets and let the kernelhandle them.
Ignore link-local IPv6 routing table entries
If we have a client on the "main" routing table, then we must ignore all IPv6link-local subnet declarations that appear in this routing table, possibly"masking out" the intended network route.
Small fixes to kvm-vif-bridge
Update kvm-vif-bridge to use mac2eui64 and also fix default nfdhcpd paths.
Add simple mac2eui64 utility
Add a small utility to generate EUI-64 addresses from MAC-48 + IPv6 prefix.
Fix error handling during binding file parsing
In case something went wrong during parse_binding_file, return None insteadof an obsolete tuple.
Clean up resources upon exit
Wrap the main loop in a try..finally statement, calling our cleanup handler tofree all obtained resources.
Handle the AF_PACKET socket instead of using scapy
Implement our own sendp() method, which has the following benefits:
Also keep CAP_NET_ADMIN for nfqueue verdicts
This is needed for nfqueue to work properly. Without this, the kernelnever acknowledges the verdicts we set, the queue fills up and thekernel drops packets. Worst of all, this happens completely silently.
Fix nasty typo in parse_routing_table
It was meant to be re.group and not re.group*s* all along.
Disable pylint warning for inotify handler methods
The name form for these methods is mandated by pyinotify itself,so there's nothing we can do about it.
Add pylintrc
Blatantly copy ganeti's pylintrc as a base for our own.
Rename nfdhcp.ferm to nfdhcpd.ferm
Major code refactoring
Refactor code to meet pylint's recommendations
Fix typo (vaildate -> validate)
Code refactoring to remove overlong lines
Improve error handling
Catch and handle specific exception families where possible and provideadditional information.
Merge previous changes
Conflicts: nfdhcpd: merge
Implement IPv6 RDNSS
Add support for ICMPv6 RDNSS (RFC 5006) to advertise DNS servers over ICMPv6router advertisements.
DHCP: use nameservers from config
Use the DNS servers from the config file for DHCP replies.
Disable sending periodic RAs when IPv6 is disabled
Disabling IPv6 from the configuration file causes the server to not respond toNS and RS, however it still tried to send out periodic RAs (which was a noop).We explicitly set the timeout of select() to None to avoid this, when IPv6 is...
Add configurationf file validation
Add a specification of the configuration file and runtime validation, usingconfigobj's validate.Validator and custom checks for the nameserver lists.
Add configuration file support
Add configuration file parsing using python-configobj. All command line optionsexcept -d and -f have been moved to the configuration file.
A sample configuration file with all accepted options has been added as well.
Warning: validation and type casting is still missing....
Open the logfile after changing uid and set umask
Set the process' umask in daemon.DaemonContext to 0022 (default was0).
Open the logfile after dropping privileges, so that it is created withproper perimissions (this also ensures that log rotation will work)....
Refactor the main loop code and increase RA period
Increase RA period to 300s by default
Refactor the main loop to check only once for timeout expiration. Thisfixes spurious RA emission because we forgot to properly reset thestart timer.
Use a separate thread for periodic RAs
Periodic RAs can take a long time with many interfaces. The bottleneckseems to lie in bind() send send() with AF_PACKET sockets. So, we spawna separate thread to be able to handle requests in the mean time.
Gracefully handle ICMPv6 NS w/o SrcLLAddr option
Neighbour solicitations sent during interface configuration do notinclude a Source Link-Layer Address option. We ignore them as weshouldn't (and can't) reply anyway.
Warn on NFQUEUE exception
Warn if anything goes wrong during select()
Whitespace cleanup
Gracefully handle dead interfaces on periodic RA
Remove any interfaces that are not there during periodic RA emission.
Rename nfdhcp.py to nfdhcpd
Add sample ferm rules
Add rules for the ferm firewall management framework.
Properly calculate the new timeout for select()
The elapsed time did not take into account the time needed to actuallysend the RAs (which currently with scapy is long enough).