Commit 44fcc157 authored by Dimitris Aragiorgis's avatar Dimitris Aragiorgis

Merge branch 'develop'

parents edf9cca9 2048471a
...@@ -25,7 +25,7 @@ import sys, os ...@@ -25,7 +25,7 @@ import sys, os
# Add any Sphinx extension module names here, as strings. They can be extensions # Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = [] extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest', 'sphinx.ext.intersphinx', 'sphinx.ext.todo', 'sphinx.ext.coverage', 'sphinx.ext.pngmath', 'sphinx.ext.ifconfig', 'sphinx.ext.viewcode']
# Add any paths that contain templates here, relative to this directory. # Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates'] templates_path = ['_templates']
...@@ -41,7 +41,7 @@ master_doc = 'index' ...@@ -41,7 +41,7 @@ master_doc = 'index'
# General information about the project. # General information about the project.
project = u'nfdhcpd' project = u'nfdhcpd'
copyright = u'2014, Dimitris Aragiorgis' copyright = u'2010-2013, GRNET S.A. All rights reserved'
# The version info for the project you're documenting, acts as replacement for # The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the # |version| and |release|, also used in various other places throughout the
...@@ -50,7 +50,7 @@ copyright = u'2014, Dimitris Aragiorgis' ...@@ -50,7 +50,7 @@ copyright = u'2014, Dimitris Aragiorgis'
# The short X.Y version. # The short X.Y version.
version = '0.12' version = '0.12'
# The full version, including alpha/beta/rc tags. # The full version, including alpha/beta/rc tags.
release = '0.12.0' release = '0.12.3'
# The language for content autogenerated by Sphinx. Refer to documentation # The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages. # for a list of supported languages.
...@@ -96,7 +96,27 @@ html_theme = 'default' ...@@ -96,7 +96,27 @@ html_theme = 'default'
# Theme options are theme-specific and customize the look and feel of a theme # Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the # further. For a list of options available for each theme, see the
# documentation. # documentation.
#html_theme_options = {} html_theme_options = {
'collapsiblesidebar': 'true',
'footerbgcolor': '#55b577',
'footertextcolor': '#000000',
'sidebarbgcolor': '#ffffff',
'sidebarbtncolor': '#f2f2f2',
'sidebartextcolor': '#000000',
'sidebarlinkcolor': '#328e4a',
'relbarbgcolor': '#55b577',
'relbartextcolor': '#ffffff',
'relbarlinkcolor': '#ffffff',
'bgcolor': '#ffffff',
'textcolor': '#000000',
'headbgcolor': '#ffffff',
'headtextcolor': '#000000',
'headlinkcolor': '#c60f0f',
'linkcolor': '#328e4a',
'visitedlinkcolor': '#63409b',
'codebgcolor': '#eeffcc',
'codetextcolor': '#333333'
}
# Add any paths that contain custom themes here, relative to this directory. # Add any paths that contain custom themes here, relative to this directory.
#html_theme_path = [] #html_theme_path = []
...@@ -184,7 +204,7 @@ latex_elements = { ...@@ -184,7 +204,7 @@ latex_elements = {
# (source start file, target name, title, author, documentclass [howto/manual]). # (source start file, target name, title, author, documentclass [howto/manual]).
latex_documents = [ latex_documents = [
('index', 'nfdhcpd.tex', u'nfdhcpd Documentation', ('index', 'nfdhcpd.tex', u'nfdhcpd Documentation',
u'Dimitris Aragiorgis', 'manual'), u'Synnefo Development', 'manual'),
] ]
# The name of an image file (relative to this directory) to place at the top of # The name of an image file (relative to this directory) to place at the top of
...@@ -214,7 +234,7 @@ latex_documents = [ ...@@ -214,7 +234,7 @@ latex_documents = [
# (source start file, name, description, authors, manual section). # (source start file, name, description, authors, manual section).
man_pages = [ man_pages = [
('index', 'nfdhcpd', u'nfdhcpd Documentation', ('index', 'nfdhcpd', u'nfdhcpd Documentation',
[u'Dimitris Aragiorgis'], 1) [u'Synnefo Development'], 1)
] ]
# If true, show URL addresses after external links. # If true, show URL addresses after external links.
...@@ -228,7 +248,7 @@ man_pages = [ ...@@ -228,7 +248,7 @@ man_pages = [
# dir menu entry, description, category) # dir menu entry, description, category)
texinfo_documents = [ texinfo_documents = [
('index', 'nfdhcpd', u'nfdhcpd Documentation', ('index', 'nfdhcpd', u'nfdhcpd Documentation',
u'Dimitris Aragiorgis', 'nfdhcpd', 'One line description of project.', u'Synnefo Development', 'nfdhpcd', 'One line description of project.',
'Miscellaneous'), 'Miscellaneous'),
] ]
...@@ -240,3 +260,10 @@ texinfo_documents = [ ...@@ -240,3 +260,10 @@ texinfo_documents = [
# How to display URL addresses: 'footnote', 'no', or 'inline'. # How to display URL addresses: 'footnote', 'no', or 'inline'.
#texinfo_show_urls = 'footnote' #texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
#texinfo_no_detailmenu = False
# Example configuration for intersphinx: refer to the Python standard library.
intersphinx_mapping = {'http://docs.python.org/': None}
...@@ -175,6 +175,16 @@ In case you use ferm, this file should be included in `/etc/ferm/ferm.conf`. ...@@ -175,6 +175,16 @@ In case you use ferm, this file should be included in `/etc/ferm/ferm.conf`.
Otherwise an `rc.local` script can be used to issue those rules upon boot. Otherwise an `rc.local` script can be used to issue those rules upon boot.
debug
-----
A useful way to see the clients registered in nfdhpcd runtime context one can
send SIGUSR1 and see the list in the logfile:
.. code-block:: console
# kill -SIGUSR1 $(cat /var/run/nfdhcpd/nfdhpcd.pid) && tail -n 100 /var/log/nfdhcpd/nfdhpcd.log
| [1] https://www.wzdftpd.net/redmine/projects/nfqueue-bindings/wiki/ | [1] https://www.wzdftpd.net/redmine/projects/nfqueue-bindings/wiki/
| [2] https://code.grnet.gr/projects/snf-network/ | [2] https://code.grnet.gr/projects/snf-network/
......
...@@ -281,6 +281,15 @@ class Client(object): ...@@ -281,6 +281,15 @@ class Client(object):
logging.warn(" - Truncated msg: %d/%d bytes sent", logging.warn(" - Truncated msg: %d/%d bytes sent",
count, ldata) count, ldata)
def __repr__(self):
ret = "hostname %s, tap %s, mac %s" % \
(self.hostname, self.tap, self.mac)
if self.ip:
ret += ", ip %s" % self.ip
if self.eui64:
ret += ", eui64 %s" % self.eui64
return ret
class Subnet(object): class Subnet(object):
def __init__(self, net=None, gw=None, dev=None): def __init__(self, net=None, gw=None, dev=None):
...@@ -428,9 +437,10 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -428,9 +437,10 @@ class VMNetProxy(object): # pylint: disable=R0902
else: else:
logging.debug(" - Getting binding for ifindex %s", ifindex) logging.debug(" - Getting binding for ifindex %s", ifindex)
b = self.clients[ifindex] b = self.clients[ifindex]
logging.info(" - Client found. %s", b)
return b return b
except KeyError: except KeyError:
logging.debug(" - No client found for mac / ifindex %s / %s", logging.info(" - No client found. mac: %s, ifindex: %s",
mac, ifindex) mac, ifindex)
return None return None
...@@ -554,9 +564,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -554,9 +564,7 @@ class VMNetProxy(object): # pylint: disable=R0902
else: else:
self.clients[ifindex] = b self.clients[ifindex] = b
k = ifindex k = ifindex
logging.info(" - Added client:") logging.info(" - Added client %s. %s", k, b)
logging.info(" + %10s | %20s %20s %10s %20s %40s",
k, b.hostname, b.mac, b.tap, b.ip, b.eui64)
def remove_tap(self, tap): def remove_tap(self, tap):
""" Cleanup clients on a removed interface """ Cleanup clients on a removed interface
...@@ -565,12 +573,9 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -565,12 +573,9 @@ class VMNetProxy(object): # pylint: disable=R0902
try: try:
for k, cl in self.clients.items(): for k, cl in self.clients.items():
if cl.tap == tap: if cl.tap == tap:
logging.info("Removing client %s and closing socket on %s",
cl.hostname, cl.tap)
logging.info(" - %10s | %20s %20s %10s %20s %40s",
k, cl.hostname, cl.mac, cl.tap, cl.ip, cl.eui64)
cl.socket.close() cl.socket.close()
del self.clients[k] del self.clients[k]
logging.info("Removed client %s. %s", k, cl)
except: except:
logging.debug("Client on %s disappeared!!!", tap) logging.debug("Client on %s disappeared!!!", tap)
...@@ -579,7 +584,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -579,7 +584,7 @@ class VMNetProxy(object): # pylint: disable=R0902
""" Generate a reply to bnetfilter-queue-deva BOOTP/DHCP request """ Generate a reply to bnetfilter-queue-deva BOOTP/DHCP request
""" """
logging.info(" * Processing pending DHCP request") logging.info(" * DHCP: Processing pending request")
# Workaround for supporting both squeezy's nfqueue-bindings-python # Workaround for supporting both squeezy's nfqueue-bindings-python
# and wheezy's python-nfqueue because for some reason the function's # and wheezy's python-nfqueue because for some reason the function's
# signature has changed and has broken compatibility # signature has changed and has broken compatibility
...@@ -607,10 +612,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -607,10 +612,7 @@ class VMNetProxy(object): # pylint: disable=R0902
binding = self.get_binding(indev, mac) binding = self.get_binding(indev, mac)
if binding is None: if binding is None:
# We don't know anything about this interface, so accept the packet # We don't know anything about this interface, so accept the packet
# and return # and return an let the kernel handle it
logging.debug(" - Ignoring DHCP request on unknown iface %s", indev)
# We don't know what to do with this packet, so let the kernel
# handle it
payload.set_verdict(nfqueue.NF_ACCEPT) payload.set_verdict(nfqueue.NF_ACCEPT)
return return
...@@ -618,29 +620,23 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -618,29 +620,23 @@ class VMNetProxy(object): # pylint: disable=R0902
payload.set_verdict(nfqueue.NF_DROP) payload.set_verdict(nfqueue.NF_DROP)
if mac != binding.mac: if mac != binding.mac:
logging.warn(" - Recieved spoofed DHCP request: mac %s, indev %s", logging.warn(" - DHCP: Recieved spoofed request from %s (and not %s)",
mac, indev) mac, binding)
return return
if not binding.ip: if not binding.ip:
logging.info(" - No IP found in binding file.") logging.info(" - DHCP: No IP found in binding file %s.", binding)
return return
logging.info(" - Generating DHCP response:" if not DHCP in pkt:
" host %s, mac %s, tap %s, indev %s", logging.warn(" - DHCP: Invalid request with no DHCP payload found. %s", binding)
binding.hostname, mac, binding.tap, indev) return
resp = Ether(dst=mac, src=self.get_iface_hw_addr(binding.indev))/\ resp = Ether(dst=mac, src=self.get_iface_hw_addr(binding.indev))/\
IP(src=DHCP_DUMMY_SERVER_IP, dst=binding.ip)/\ IP(src=DHCP_DUMMY_SERVER_IP, dst=binding.ip)/\
UDP(sport=pkt.dport, dport=pkt.sport)/resp UDP(sport=pkt.dport, dport=pkt.sport)/resp
subnet = binding.net subnet = binding.net
if not DHCP in pkt:
logging.warn(" - Invalid request from %s on %s, no DHCP"
" payload found", binding.mac, binding.tap)
return
dhcp_options = [] dhcp_options = []
requested_addr = binding.ip requested_addr = binding.ip
for opt in pkt[DHCP].options: for opt in pkt[DHCP].options:
...@@ -649,8 +645,8 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -649,8 +645,8 @@ class VMNetProxy(object): # pylint: disable=R0902
if type(opt) is tuple and opt[0] == "requested_addr": if type(opt) is tuple and opt[0] == "requested_addr":
requested_addr = opt[1] requested_addr = opt[1]
logging.info(" - %s from %s on %s", DHCP_TYPES.get(req_type, "UNKNOWN"), logging.info(" - DHCP: %s from %s",
binding.mac, binding.tap) DHCP_TYPES.get(req_type, "UNKNOWN"), binding)
if self.dhcp_domain: if self.dhcp_domain:
domainname = self.dhcp_domain domainname = self.dhcp_domain
...@@ -659,9 +655,8 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -659,9 +655,8 @@ class VMNetProxy(object): # pylint: disable=R0902
if req_type == DHCPREQUEST and requested_addr != binding.ip: if req_type == DHCPREQUEST and requested_addr != binding.ip:
resp_type = DHCPNAK resp_type = DHCPNAK
logging.info(" - Sending DHCPNAK to %s on %s: requested %s" logging.info(" - DHCP: Sending DHCPNAK to %s (because requested %s)",
" instead of %s", binding.mac, binding.tap, binding, requested_addr)
requested_addr, binding.ip)
elif req_type in (DHCPDISCOVER, DHCPREQUEST): elif req_type in (DHCPDISCOVER, DHCPREQUEST):
resp_type = DHCP_REQRESP[req_type] resp_type = DHCP_REQRESP[req_type]
...@@ -688,8 +683,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -688,8 +683,7 @@ class VMNetProxy(object): # pylint: disable=R0902
elif req_type == DHCPRELEASE: elif req_type == DHCPRELEASE:
# Log and ignore # Log and ignore
logging.info(" - DHCPRELEASE from %s on %s", logging.info(" - DHCP: DHCPRELEASE from %s", binding)
binding.hostname, binding.tap)
return return
# Finally, always add the server identifier and end options # Finally, always add the server identifier and end options
...@@ -700,20 +694,18 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -700,20 +694,18 @@ class VMNetProxy(object): # pylint: disable=R0902
] ]
resp /= DHCP(options=dhcp_options) resp /= DHCP(options=dhcp_options)
logging.info(" - %s to %s (%s) on %s", DHCP_TYPES[resp_type], mac, logging.info(" - RESPONSE: %s for %s", DHCP_TYPES[resp_type], binding)
binding.ip, binding.tap)
try: try:
binding.sendp(resp) binding.sendp(resp)
except socket.error, e: except socket.error, e:
logging.warn(" - DHCP response on %s (%s) failed: %s", logging.warn(" - DHCP: Response on %s failed: %s", binding, str(e))
binding.tap, binding.hostname, str(e))
except Exception, e: except Exception, e:
logging.warn(" - Unkown error during DHCP response on %s (%s): %s", logging.warn(" - DHCP: Unkown error during response on %s: %s",
binding.tap, binding.hostname, str(e)) binding, str(e))
def dhcpv6_response(self, arg1, arg2=None): # pylint: disable=W0613 def dhcpv6_response(self, arg1, arg2=None): # pylint: disable=W0613
logging.info(" * Processing pending DHCPv6 request") logging.info(" * DHCPv6: Processing pending request")
# Workaround for supporting both squeezy's nfqueue-bindings-python # Workaround for supporting both squeezy's nfqueue-bindings-python
# and wheezy's python-nfqueue because for some reason the function's # and wheezy's python-nfqueue because for some reason the function's
# signature has changed and has broken compatibility # signature has changed and has broken compatibility
...@@ -730,10 +722,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -730,10 +722,7 @@ class VMNetProxy(object): # pylint: disable=R0902
binding = self.get_binding(indev, mac) binding = self.get_binding(indev, mac)
if binding is None: if binding is None:
# We don't know anything about this interface, so accept the packet # We don't know anything about this interface, so accept the packet
# and return # and return and let the kernel handle it
logging.debug(" - Ignoring dhcpv6 request for mac %s", mac)
# We don't know what to do with this packet, so let the kernel
# handle it
payload.set_verdict(nfqueue.NF_ACCEPT) payload.set_verdict(nfqueue.NF_ACCEPT)
return return
...@@ -743,7 +732,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -743,7 +732,7 @@ class VMNetProxy(object): # pylint: disable=R0902
subnet = binding.net6 subnet = binding.net6
if subnet.net is None: if subnet.net is None:
logging.debug(" - No IPv6 network assigned for tap %s", binding.tap) logging.debug(" - DHCPv6: No IPv6 network assigned to %s", binding)
return return
indevmac = self.get_iface_hw_addr(binding.indev) indevmac = self.get_iface_hw_addr(binding.indev)
...@@ -755,9 +744,6 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -755,9 +744,6 @@ class VMNetProxy(object): # pylint: disable=R0902
if ofll is None: if ofll is None:
return return
logging.info(" - Generating DHCPv6 response for host %s (mac %s) on tap %s",
binding.hostname, binding.mac, binding.tap)
if self.dhcpv6_domains: if self.dhcpv6_domains:
domains = self.dhcpv6_domains domains = self.dhcpv6_domains
else: else:
...@@ -776,21 +762,23 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -776,21 +762,23 @@ class VMNetProxy(object): # pylint: disable=R0902
DHCP6OptDNSDomains(dnsdomains)/\ DHCP6OptDNSDomains(dnsdomains)/\
DHCP6OptDNSServers(dnsservers) DHCP6OptDNSServers(dnsservers)
logging.info(" - RESPONSE: DHCPv6 reply for %s", binding)
try: try:
binding.sendp(resp) binding.sendp(resp)
except socket.error, e: except socket.error, e:
logging.warn(" - DHCPv6 on %s (%s) failed: %s", logging.warn(" - DHCPv6: Response on %s failed: %s",
binding.tap, binding.hostname, str(e)) binding, str(e))
except Exception, e: except Exception, e:
logging.warn(" - Unkown error during DHCPv6 on %s (%s): %s", logging.warn(" - DHCPv6: Unkown error during response on %s: %s",
binding.tap, binding.hostname, str(e)) binding, str(e))
def rs_response(self, arg1, arg2=None): # pylint: disable=W0613 def rs_response(self, arg1, arg2=None): # pylint: disable=W0613
""" Generate a reply to a BOOTP/DHCP request """ Generate a reply to an ICMPv6 router solicitation
""" """
logging.info(" * Processing pending RS request") logging.info(" * RS: Processing pending request")
# Workaround for supporting both squeezy's nfqueue-bindings-python # Workaround for supporting both squeezy's nfqueue-bindings-python
# and wheezy's python-nfqueue because for some reason the function's # and wheezy's python-nfqueue because for some reason the function's
# signature has changed and has broken compatibility # signature has changed and has broken compatibility
...@@ -804,7 +792,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -804,7 +792,7 @@ class VMNetProxy(object): # pylint: disable=R0902
try: try:
mac = pkt.lladdr mac = pkt.lladdr
except: except:
logging.debug(" - Cannot obtain lladdr in rs") logging.debug(" - RS: Cannot obtain lladdr")
return return
indev = get_indev(payload) indev = get_indev(payload)
...@@ -812,10 +800,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -812,10 +800,7 @@ class VMNetProxy(object): # pylint: disable=R0902
binding = self.get_binding(indev, mac) binding = self.get_binding(indev, mac)
if binding is None: if binding is None:
# We don't know anything about this interface, so accept the packet # We don't know anything about this interface, so accept the packet
# and return # and return and let the kernel handle it
logging.debug(" - Ignoring router solicitation on for mac %s", mac)
# We don't know what to do with this packet, so let the kernel
# handle it
payload.set_verdict(nfqueue.NF_ACCEPT) payload.set_verdict(nfqueue.NF_ACCEPT)
return return
...@@ -823,14 +808,14 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -823,14 +808,14 @@ class VMNetProxy(object): # pylint: disable=R0902
payload.set_verdict(nfqueue.NF_DROP) payload.set_verdict(nfqueue.NF_DROP)
if mac != binding.mac: if mac != binding.mac:
logging.warn(" - Received spoofed RS request: mac %s, tap %s", logging.warn(" - RS: Received spoofed request from %s (and not %s)",
mac, binding.tap) mac, binding)
return return
subnet = binding.net6 subnet = binding.net6
if subnet.net is None: if subnet.net is None:
logging.debug(" - No IPv6 network assigned for tap %s", binding.tap) logging.debug(" - RS: No IPv6 network assigned to %s", binding)
return return
indevmac = self.get_iface_hw_addr(binding.indev) indevmac = self.get_iface_hw_addr(binding.indev)
...@@ -838,9 +823,6 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -838,9 +823,6 @@ class VMNetProxy(object): # pylint: disable=R0902
if ifll is None: if ifll is None:
return return
logging.info(" - Generating RA for host %s (mac %s) on tap %s",
binding.hostname, mac, binding.tap)
resp = Ether(src=indevmac)/\ resp = Ether(src=indevmac)/\
IPv6(src=str(ifll))/ICMPv6ND_RA(O=1, routerlifetime=14400)/\ IPv6(src=str(ifll))/ICMPv6ND_RA(O=1, routerlifetime=14400)/\
ICMPv6NDOptPrefixInfo(prefix=str(subnet.prefix), ICMPv6NDOptPrefixInfo(prefix=str(subnet.prefix),
...@@ -850,21 +832,23 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -850,21 +832,23 @@ class VMNetProxy(object): # pylint: disable=R0902
resp /= ICMPv6NDOptRDNSS(dns=self.ipv6_nameservers, resp /= ICMPv6NDOptRDNSS(dns=self.ipv6_nameservers,
lifetime=self.ra_period * 3) lifetime=self.ra_period * 3)
logging.info(" - RESPONSE: RA for %s", binding)
try: try:
binding.sendp(resp) binding.sendp(resp)
except socket.error, e: except socket.error, e:
logging.warn(" - RA on %s (%s) failed: %s", logging.warn(" - RS: RA failed on %s: %s",
binding.tap, binding.hostname, str(e)) binding, str(e))
except Exception, e: except Exception, e:
logging.warn(" - Unkown error during RA on %s (%s): %s", logging.warn(" - RS: Unkown error during RA on %s: %s",
binding.tap, binding.hostname, str(e)) binding, str(e))
def ns_response(self, arg1, arg2=None): # pylint: disable=W0613 def ns_response(self, arg1, arg2=None): # pylint: disable=W0613
""" Generate a reply to an ICMPv6 neighbor solicitation """ Generate a reply to an ICMPv6 neighbor solicitation
""" """
logging.info(" * Processing pending NS request") logging.info(" * NS: Processing pending request")
# Workaround for supporting both squeezy's nfqueue-bindings-python # Workaround for supporting both squeezy's nfqueue-bindings-python
# and wheezy's python-nfqueue because for some reason the function's # and wheezy's python-nfqueue because for some reason the function's
# signature has changed and has broken compatibility # signature has changed and has broken compatibility
...@@ -879,7 +863,7 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -879,7 +863,7 @@ class VMNetProxy(object): # pylint: disable=R0902
try: try:
mac = ns.lladdr mac = ns.lladdr
except: except:
logging.debug(" - Cannot obtain lladdr from ns") logging.debug(" - NS: Cannot obtain lladdr")
return return
...@@ -888,24 +872,20 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -888,24 +872,20 @@ class VMNetProxy(object): # pylint: disable=R0902
binding = self.get_binding(indev, mac) binding = self.get_binding(indev, mac)
if binding is None: if binding is None:
# We don't know anything about this interface, so accept the packet # We don't know anything about this interface, so accept the packet
# and return # and return and let the kernel handle it
logging.debug(" - Ignoring neighbour solicitation for eui64 %s",
ns.tgt)
# We don't know what to do with this packet, so let the kernel
# handle it
payload.set_verdict(nfqueue.NF_ACCEPT) payload.set_verdict(nfqueue.NF_ACCEPT)
return return
payload.set_verdict(nfqueue.NF_DROP) payload.set_verdict(nfqueue.NF_DROP)
if mac != binding.mac: if mac != binding.mac:
logging.warn(" - Received spoofed NS request" logging.warn(" - NS: Received spoofed request from %s (and not %s)",
" for mac %s from tap %s", mac, binding.tap) mac, binding)
return return
subnet = binding.net6 subnet = binding.net6
if subnet.net is None: if subnet.net is None:
logging.debug(" - No IPv6 network assigned for the interface") logging.debug(" - NS: No IPv6 network assigned to %s", binding)
return return
indevmac = self.get_iface_hw_addr(binding.indev) indevmac = self.get_iface_hw_addr(binding.indev)
...@@ -915,25 +895,24 @@ class VMNetProxy(object): # pylint: disable=R0902 ...@@ -915,25 +895,24 @@ class VMNetProxy(object): # pylint: disable=R0902
return return
if not (subnet.net.overlaps(ns.tgt) or str(ns.tgt) == str(ifll)): if not (subnet.net.overlaps(ns.tgt) or str(ns.tgt) == str(ifll)):
logging.debug(" - Received NS for a non-routable IP (%s)", ns.tgt) logging.debug(" - NS: Received NS for a non-routable IP (%s)", ns.tgt)