Commit 7b0ebdd0 authored by Dimitris Aragiorgis's avatar Dimitris Aragiorgis
Browse files

Provide DNS Search List in DHCH6_Reply



In case of an IPv6 only VM we have to serve a Domain Search List
so that Windows VM can find the kms server by issuing:

nslookup -type=srv _vlmcs._tcp

An extra config option in ipv6 section is added; domains
This is a list of search domains included in DHCP6_Reply.
Since we validate it with force_list() there is no need for a
trailing comma.

This info could be passed in RAs but DNSSL options is not currently
supported by scapy's inet6.py.
Signed-off-by: default avatarDimitris Aragiorgis <dimara@grnet.gr>
parent 0f4a61eb
......@@ -55,7 +55,7 @@ from scapy.layers.inet6 import IPv6, ICMPv6ND_RA, ICMPv6ND_NA, \
from scapy.layers.dhcp import BOOTP, DHCP
from scapy.layers.dhcp6 import DHCP6_Reply, DHCP6OptDNSServers, \
DHCP6OptServerId, DHCP6OptClientId, \
DUID_LLT, DHCP6_InfoRequest
DUID_LLT, DHCP6_InfoRequest, DHCP6OptDNSDomains
DEFAULT_CONFIG = "/etc/nfdhcpd/nfdhcpd.conf"
......@@ -96,6 +96,7 @@ rs_queue = integer(min=0, max=65535)
ns_queue = integer(min=0, max=65535)
dhcp_queue = integer(min=0, max=65535)
nameservers = ip_addr_list(family=6)
domains = force_list(default=None)
"""
......@@ -356,9 +357,10 @@ class VMNetProxy(object): # pylint: disable=R0902
rs_queue_num=None, ns_queue_num=None, dhcpv6_queue_num=None,
dhcp_lease_lifetime=DEFAULT_LEASE_LIFETIME,
dhcp_lease_renewal=DEFAULT_LEASE_RENEWAL,
dhcp_domain='',
dhcp_domain=None,
dhcp_server_ip=DHCP_DUMMY_SERVER_IP, dhcp_nameservers=None,
ra_period=DEFAULT_RA_PERIOD, ipv6_nameservers=None):
ra_period=DEFAULT_RA_PERIOD, ipv6_nameservers=None,
dhcpv6_domains=None):
try:
getattr(nfqueue.payload, 'get_physindev')
......@@ -381,6 +383,11 @@ class VMNetProxy(object): # pylint: disable=R0902
else:
self.ipv6_nameservers = ipv6_nameservers
if dhcpv6_domains is None:
self.dhcpv6_domains = []
else:
self.dhcpv6_domains = dhcpv6_domains
self.ipv6_enabled = False
self.clients = {}
......@@ -745,14 +752,23 @@ class VMNetProxy(object): # pylint: disable=R0902
logging.info(" - Generating DHCPv6 response for host %s (mac %s) on tap %s",
binding.hostname, binding.mac, binding.tap)
if self.dhcpv6_domains:
domains = self.dhcpv6_domains
else:
domains = [binding.hostname.split('.', 1)[-1]]
# We do this in order not to caclulate optlen ourselves
dnsdomains = str(DHCP6OptDNSDomains(dnsdomains=domains))
dnsservers = str(DHCP6OptDNSServers(dnsservers=self.ipv6_nameservers))
resp = Ether(src=indevmac, dst=binding.mac)/\
IPv6(tc=192, src=str(ifll), dst=str(ofll))/\
UDP(sport=pkt.dport, dport=pkt.sport)/\
DHCP6_Reply(trid=pkt[DHCP6_InfoRequest].trid)/\
DHCP6OptClientId(duid=pkt[DHCP6OptClientId].duid)/\
DHCP6OptServerId(duid=DUID_LLT(lladdr=indevmac, timeval=time.time()))/\
DHCP6OptDNSServers(dnsservers=self.ipv6_nameservers,
optlen=16 * len(self.ipv6_nameservers))
DHCP6OptDNSDomains(dnsdomains)/\
DHCP6OptDNSServers(dnsservers)
try:
binding.sendp(resp)
......@@ -1186,6 +1202,7 @@ if __name__ == "__main__":
"ns_queue_num": config["ipv6"].as_int("ns_queue"),
"ra_period": config["ipv6"].as_int("ra_period"),
"ipv6_nameservers": config["ipv6"]["nameservers"],
"dhcpv6_domains": config["ipv6"]["domains"],
})
# pylint: disable=W0142
......
......@@ -16,7 +16,7 @@ dhcp_queue = 42 # NFQUEUE number to listen on for DHCP requests
# IPv4 nameservers to include in DHCP responses
nameservers = 192.0.2.2, 192.0.2.3
# Optional domain to serve with the replies
#domain = example.com
domain = example.com
## IPv6-related functionality
[ipv6]
......@@ -26,4 +26,7 @@ rs_queue = 43 # NFQUEUE number to listen on for router solicitations
ns_queue = 44 # NFQUEUE number to listen on for neighbor solicitations
dhcp_queue = 45 # NFQUEUE number to listen on for neighbor solicitations
# IPv6 nameservers to send using the ICMPv6 RA RDNSS option (RFC 5006)
# since it is not supported by several OS we serve them to DHCPv6 replies
nameservers = 2001:db8:100::1, 2001:db8:200::2
# Optional list of search domains to serve with DHCPv6 replies
domains = example.com, synnefo.live
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment