From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id B66439A360 for ; Fri, 17 Nov 2023 12:40:56 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4B4FF30C09 for ; Fri, 17 Nov 2023 12:40:23 +0100 (CET) Received: from lana.proxmox.com (unknown [94.136.29.99]) by firstgate.proxmox.com (Proxmox) with ESMTP for ; Fri, 17 Nov 2023 12:40:19 +0100 (CET) Received: by lana.proxmox.com (Postfix, from userid 10043) id 400A92C340E; Fri, 17 Nov 2023 12:40:18 +0100 (CET) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Fri, 17 Nov 2023 12:39:46 +0100 Message-Id: <20231117114011.834002-9-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231117114011.834002-1-s.hanreich@proxmox.com> References: <20231117114011.834002-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.482 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH v4 pve-network 08/33] sdn: dhcp: add dnsmasq plugin X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2023 11:40:56 -0000 The plugin creates a dnsmasq@ service that spawns a dnsmasq instance that handles dhcp for that zone. The configuration files for a dnsmasq instance lie within /etc/dnsmasq.d/ The plugin generates the following configuration files: * 00-default.conf Contains the default global configuration for dnsmasq. Disables DNS, enables some specific options for Windows, does some security-related configuration and makes dnsmasq bind only to the interfaces it is responsible for * 10-.conf Contains the default settings for a subnet. Sets dhcp options for DNS and gateway. * 10-.ranges.conf Contains the configuration of DHCP ranges for a subnet. * ethers Contains the MAC address to IP mappings for a zone. Every subnet gets assigned a tag in the dnsmasq configuration that is equal to the subnet_id. This can be used to override / set additional configuration options on a per-subnet basis. Additionally it creates the file /etc/default/dnsmasq. that provides default options for the dnsmasq service. Leases are stored in /var/lib/misc/dnsmasq.. Co-Authored-By: Alexandre Derumier Signed-off-by: Stefan Hanreich --- debian/control | 1 + src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 198 ++++++++++++++++++++++++++++ 2 files changed, 199 insertions(+) create mode 100644 src/PVE/Network/SDN/Dhcp/Dnsmasq.pm diff --git a/debian/control b/debian/control index 8b720c3..4424096 100644 --- a/debian/control +++ b/debian/control @@ -24,6 +24,7 @@ Depends: libpve-common-perl (>= 5.0-45), ${misc:Depends}, ${perl:Depends}, Recommends: frr-pythontools (>= 8.5.1~), ifupdown2 +Suggests: dnsmasq Description: Proxmox VE's SDN (Software Defined Network) stack This package contains the Software Defined Network (tech preview) for Proxmox VE. diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm new file mode 100644 index 0000000..21a6ddd --- /dev/null +++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm @@ -0,0 +1,198 @@ +package PVE::Network::SDN::Dhcp::Dnsmasq; + +use strict; +use warnings; + +use base qw(PVE::Network::SDN::Dhcp::Plugin); + +use Net::IP qw(:PROC); +use PVE::Tools qw(file_set_contents run_command lock_file); + +use File::Copy; + +my $DNSMASQ_CONFIG_ROOT = '/etc/dnsmasq.d'; +my $DNSMASQ_DEFAULT_ROOT = '/etc/default'; +my $DNSMASQ_LEASE_ROOT = '/var/lib/misc'; + +sub type { + return 'dnsmasq'; +} + +sub del_ip_mapping { + my ($class, $dhcpid, $mac) = @_; + + my $ethers_file = "$DNSMASQ_CONFIG_ROOT/$dhcpid/ethers"; + my $ethers_tmp_file = "$ethers_file.tmp"; + + my $removeFn = sub { + open(my $in, '<', $ethers_file) or die "Could not open file '$ethers_file' $!\n"; + open(my $out, '>', $ethers_tmp_file) or die "Could not open file '$ethers_tmp_file' $!\n"; + + while (my $line = <$in>) { + next if $line =~ m/^$mac/; + print $out $line; + } + + close $in; + close $out; + + move $ethers_tmp_file, $ethers_file; + + chmod 0644, $ethers_file; + }; + + PVE::Tools::lock_file($ethers_file, 10, $removeFn); + + if ($@) { + warn "Unable to remove $mac from the dnsmasq configuration: $@\n"; + return; + } + + my $service_name = "dnsmasq\@$dhcpid"; + PVE::Tools::run_command(['systemctl', 'reload', $service_name]); +} + +sub add_ip_mapping { + my ($class, $dhcpid, $mac, $ip) = @_; + + my $ethers_file = "$DNSMASQ_CONFIG_ROOT/$dhcpid/ethers"; + my $ethers_tmp_file = "$ethers_file.tmp"; + + my $appendFn = sub { + open(my $in, '<', $ethers_file) or die "Could not open file '$ethers_file' $!\n"; + open(my $out, '>', $ethers_tmp_file) or die "Could not open file '$ethers_tmp_file' $!\n"; + + while (my $line = <$in>) { + next if $line =~ m/^$mac/; + print $out $line; + } + + print $out "$mac,$ip\n"; + close $in; + close $out; + move $ethers_tmp_file, $ethers_file; + chmod 0644, $ethers_file; + }; + + PVE::Tools::lock_file($ethers_file, 10, $appendFn); + + if ($@) { + warn "Unable to add $mac/$ip to the dnsmasq configuration: $@\n"; + return; + } + + my $service_name = "dnsmasq\@$dhcpid"; + PVE::Tools::run_command(['systemctl', 'reload', $service_name]); +} + +sub configure_subnet { + my ($class, $dhcpid, $subnet_config) = @_; + + die "No gateway defined for subnet $subnet_config->{id}" + if !$subnet_config->{gateway}; + + my $tag = $subnet_config->{id}; + + my @dnsmasq_config = ( + "listen-address=$subnet_config->{gateway}", + ); + + my $option_string; + if (ip_is_ipv6($subnet_config->{network})) { + $option_string = 'option6'; + push @dnsmasq_config, "enable-ra"; + } else { + $option_string = 'option'; + push @dnsmasq_config, "dhcp-option=tag:$tag,$option_string:router,$subnet_config->{gateway}"; + } + + push @dnsmasq_config, "dhcp-option=tag:$tag,$option_string:dns-server,$subnet_config->{'dhcp-dns-server'}" + if $subnet_config->{'dhcp-dns-server'}; + + PVE::Tools::file_set_contents( + "$DNSMASQ_CONFIG_ROOT/$dhcpid/10-$subnet_config->{id}.conf", + join("\n", @dnsmasq_config) . "\n" + ); +} + +sub configure_range { + my ($class, $dhcpid, $subnet_config, $range_config) = @_; + + my $range_file = "$DNSMASQ_CONFIG_ROOT/$dhcpid/10-$subnet_config->{id}.ranges.conf", + my $tag = $subnet_config->{id}; + + open(my $fh, '>>', $range_file) or die "Could not open file '$range_file' $!\n"; + print $fh "dhcp-range=set:$tag,$range_config->{'start-address'},$range_config->{'end-address'}\n"; + close $fh; +} + +sub before_configure { + my ($class, $dhcpid) = @_; + + my $config_directory = "$DNSMASQ_CONFIG_ROOT/$dhcpid"; + + mkdir($config_directory, 755) if !-d $config_directory; + + my $default_config = <