[kea-dev] Possibility of disabling raw socket use in Kea ? -> works!

Chaigneau, Nicolas nicolas.chaigneau at capgemini.com
Wed Sep 24 15:47:32 UTC 2014


Hello,


I've rebuilt Kea with the code change you described.

In file:
src/bin/dhcp4/dhcp4_srv.h

The following modification was applied to Dhcpv4Srv constructor:
//              const bool direct_response_desired = true);
              const bool direct_response_desired = false);


  
And I'm quite happy with the results, it works perfectly :)



I ran the following test cases:

1) Started Kea on an interface with a single IP address (no iptables filtering set up initially)

- Sent a unicast DHCP request from a relay to Kea
  -> Request is correctly received and handled by Kea. Client gets a response.
  
- Applied a simple filtering rule through iptables:
iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j DROP

- Sent a unicast DHCP request from a relay to Kea
  -> iptables drops the packet. Kea does not receive anything. Client does not get a response.

  
2) Started Kea on an interface with two IP addresses (no iptables filtering is set up initially)

- Noticed the following warning log:

2014-09-24 17:18:51.134 WARN  [kea-dhcp4.dhcpsrv/10731] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Binding socket to an interface is not supported on this OS; therefore only one socket listening to broadcast traffic can be opened. Sockets will not be opened on remaining interfaces

(which could be improved to be more informative, when (if) disabling raw socket becomes configurable. But that's a minor detail.)

- Sent a unicast DHCP request from a relay to Kea (using either IP address)
  -> Request is correctly received and handled by Kea. Client gets a response.

- Applied iptables filtering, as previously

- Sent a unicast DHCP request from a relay to Kea (using either IP address)
  -> iptables drops the packet. Kea does not receive anything. Client does not get a response.  



Regards,
Nicolas.


> On 22/09/14 12:13, Marcin Siodelski wrote:
> > The code in Kea is prepared to switch between the use of raw sockets 
> > and regular datagram sockets. But, currently the selection is 
> > hardcoded and there is no configuration parameter to control this 
> > selection by the administrator. We're now going through some 
> > refactoring of the configuration code, so once this is done we can easily implement the switch.
> For the time being, you can do an experiment. It requires a minor change to the source code.
> 
> The specific socket handling objects are called PktFilterLPF (raw
> sockets) PktFilterInet(udp sockets). They are initialized in IfaceMgr::setMatchingPacketFilter in iface_mgr_linux.cc in src/lib/dhcp directory. That is called from Dhcpv4Srv constructor, which is in turn controlled by direct_response_desired flag. Its default value is set to true. If you edit it (line 91 in src/lib/dhcp/dhcp4_srv.h) to false and recompile, it is possible that the code will be able to successfully use UDP sockets.
> 
> Disclaimer: It's a quick hack. I haven't done any experiments with this, so it may break down. We can't apply it, as most people are interested in direct traffic, so a proper switch (either compile time or run time) is needed. That's something that we can't do immediately.
> 
> Tomek
> 
>
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.



More information about the kea-dev mailing list