[kea-dev] Possibility of disabling raw socket use in Kea ? -> works!
Chaigneau, Nicolas
nicolas.chaigneau at capgemini.com
Thu Sep 25 07:17:44 UTC 2014
Hello Marcin,
I'm using Red Hat Enterprise Linux Server release 6.4 (Santiago)
>
> -----Message d'origine-----
> De : Marcin Siodelski [mailto:marcin at isc.org]
> Envoyé : mercredi 24 septembre 2014 18:14
> À : Chaigneau, Nicolas
> Cc : Tomek Mrugalski; kea-dev at lists.isc.org
> Objet : Re: Possibility of disabling raw socket use in Kea ? -> works!
>
> Nicolas,
>
> Great to hear.
>
> We are going to add a configuration switch to enable/disable this behavior at some point. Maybe in 0.9.1 release, or 0.9.2.
>
> Can you tell what OS you're using. I presume it is some Linux flavor?
> We will need to test this on other OSes too, when we introduce a config switch.
>
> Marcin
>
> On Wed 24 Sep 2014 17:47:32 CEST, Chaigneau, Nicolas wrote:
> >
> > Hello,
> >
> >
> > I've rebuilt Kea with the code change you described.
> >
> > In file:
> > src/bin/dhcp4/dhcp4_srv.h
> >
> > The following modification was applied to Dhcpv4Srv constructor:
> > // const bool direct_response_desired = true);
> > const bool direct_response_desired = false);
> >
> >
> >
> > And I'm quite happy with the results, it works perfectly :)
> >
> >
> >
> > I ran the following test cases:
> >
> > 1) Started Kea on an interface with a single IP address (no iptables
> > filtering set up initially)
> >
> > - Sent a unicast DHCP request from a relay to Kea
> > -> Request is correctly received and handled by Kea. Client gets a response.
> >
> > - Applied a simple filtering rule through iptables:
> > iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j DROP
> >
> > - Sent a unicast DHCP request from a relay to Kea
> > -> iptables drops the packet. Kea does not receive anything. Client does not get a response.
> >
> >
> > 2) Started Kea on an interface with two IP addresses (no iptables
> > filtering is set up initially)
> >
> > - Noticed the following warning log:
> >
> > 2014-09-24 17:18:51.134 WARN [kea-dhcp4.dhcpsrv/10731]
> > DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Binding socket to an
> > interface is not supported on this OS; therefore only one socket
> > listening to broadcast traffic can be opened. Sockets will not be
> > opened on remaining interfaces
> >
> > (which could be improved to be more informative, when (if) disabling
> > raw socket becomes configurable. But that's a minor detail.)
> >
> > - Sent a unicast DHCP request from a relay to Kea (using either IP address)
> > -> Request is correctly received and handled by Kea. Client gets a response.
> >
> > - Applied iptables filtering, as previously
> >
> > - Sent a unicast DHCP request from a relay to Kea (using either IP address)
> > -> iptables drops the packet. Kea does not receive anything. Client does not get a response.
> >
> >
> >
> > Regards,
> > Nicolas.
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
More information about the kea-dev
mailing list