ipoe: add support for multiple DHCP relay servers #100
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Store all multiple relay global options in memory. Only use the first entry. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Store all interface relay options in memory. Only use the first relay option. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Move the code to resolve giaddr when it is not set in the conf into a function. Cosmetic change only. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
add list_for_each_entry_safe in order to itirate over a list of a given type safe against removal in order to free list elements one by one. Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
6e2cf25 to
34920ca
Compare
Create a dhcp_relay for all DHCP servers (ie. open the UDP socket and create a dhcpv4_relay struct). Only relay client packets to the first DHCP server. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Relay the clients dhcp packets to all servers regardless the packet is destined to the server. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
siaddr is the "IP address of next server to use in bootstrap returned in DHCPOFFER, DHCPACK by server". siaddr is set at last resort to serv->dhcpv4_relay->giaddr that is the configured giaddr or else the source address of the serv->dhcpv4_relay socket. However serv->dhcpv4_relay will disappear in favor of a list of dhcpv4_relay. Set siaddr to the first found giaddr value in the list. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
If any of the DHCP servers has no opened socket on the agent, retry to connect its socket after receiving a DHCP packet from a client. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Cleanup the code that was for one DHCP server only. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Since multiple DHCP servers can now be configured, it is useful to know from server a DHCP packet is coming from. Store the source address of packets originated from the DHCP servers. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The accel-ppp relay agent can now talk to multiple DHCP servers but
logs do not mention the address DHCP server.
Display the DHCP server address when logging the packets exchanged
between the accel-ppp relay agent and the DHCP servers.
> Aug 09 14:24:41 DHCP-RELAY accel-ppp[470]: vxl1.111:: recv [DHCPv4 relay from 172.16.1.3 Ack xid=685377c5 ciaddr=10.17.0.1 yiaddr=10.17.0.1 siaddr=172.16.1.3 giaddr=172.16.0.1 chaddr=0c:be:37:a4:00:00 <Message-Type Ack> <Server-ID 172.16.1.3> <Lease-Time 60> <Subnet 255.255.255.255> <Router 10.10.64.1> <Relay-Agent {Agent-Circuit-ID vxl1.111} {Agent-Remote-ID AGENT-REMOTE-ID1} {Link-Selection 10.10.64.1}>]
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Remove some dead code in ipoe_ses_recv_dhcpv4. Code is now consistent with ipoe_ses_recv_dhcpv4_request. Fixes: c19c045 ("ipoe: update xid of session") Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The ipoe_session struct relay_addr bit is only set to 1 if ipoe_session struct yiaddr is set. Remove the relay_addr bit and test that yiaddr is set instead. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
ipoe_session_activate() is only called from ipoe_ses_recv_dhcpv4_request() if ses->ses.state == AP_STATE_STARTING. Remove a useless check. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
After the first DHCPOFFER is read, __ipoe_session_start() removes the ses->dhcpv4_request pointer. As a consequence, next DHCPOFFER are not read nor logged, which means that the relay takes into account the first DHCPOFFER only. Log the next DHCPOFFER even if they are not read. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Ignore the DHCP packet if it does not match the server ID of the first DHCPOFFER. Link: https://www.rfc-editor.org/rfc/rfc2131#page-29 Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Store the IP of the server that provides the DHCPOFFER. It is needed in the next commits to display the value with the "show sessions" command and to know whether to relay client message to the configured DHCP server. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Accel-ppp now forwards all the client requests to all the configured DHCP servers. However, only the server that provides the DHCP parameters is interested in receiving all the requests. At the lease initialization, the DHCP client sends a DHCPDISCOVER that MUST be relayed to all the configured servers. Multiple DHCPOFFER are received in return. The accel-ppp relay agent only considers the first one and relays it to client. The client sends a first DHCPREQUEST with no filled client IP address (ciaddr) but with a "Requested IP address" (DHCP option 50). This DHCPREQUEST MUST be relayed to all the servers with the "server ID" (option 54) of the first DHCPOFFER. The matching server knows its offer is accepted and the others implicitly knows their offer is declined. The next DHCP requests from the client are only relevant for the matching. After the lease initialization, relay requests to the server that provides the first DHCPOFFER only. Link: https://www.rfc-editor.org/rfc/rfc2131#page-16 Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
For the moment, the accel-ppp agent relay sends some DHCPRELEASE to all interface DHCP servers even when they have not provided the IP address. Send DHCPRELEASE packets to the relevant servers only. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Display an optional server column in accel-cmd show sessions. > # accel-cmd show sessions ifname,vrf,calling-sid,ip,state,uptime,type,dhcp-server order ip > ifname | vrf | calling-sid | ip | state | uptime | type | dhcp-server > --------+------+-------------------+-----------+--------+----------+------+------------- > ipoe0 | vrf1 | 0c:be:37:a4:00:00 | 10.16.0.1 | active | 00:16:59 | ipoe | 10.90.81.68 Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Add documentation for multiple relay values. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Multiple DHCP severs may send DHCPOFFER with the same offered client IP address (yiaddr). Display with the "show session" command all the servers that provides the same yiaddr as the one from the first DHCPOFFER. In the following commit, all these servers will participate in the DHCP exchanges. > # accel-cmd show sessions ifname,vrf,calling-sid,ip,state,uptime,type,dhcp-server order ip > ifname | vrf | calling-sid | ip | state | uptime | type | dhcp-server > --------+------+-------------------+-----------+--------+----------+------+------------------------- > ipoe0 | vrf1 | 0c:be:37:a4:00:00 | 10.16.0.1 | active | 00:16:59 | ipoe | 10.90.81.68, 10.90.82.68 Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Several DHCP servers may provide a similar DHCPOFFER. accel-ppp only considers the first received offer. The initial DHCPREQUEST is relayed with the "server ID" (option 54) of the first DHCPOFFER to all the servers. Theoretically, only the matching server should reply with a DHCPACK. However, some implementation like ISC DHCP server ignores the "server ID" (option 54) value and replies with a DHCPACK if the requested options match the DHCPOFFER it sent. Allow relaying the requests to all DHCP that provides the session yiaddr. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When reading the configuration, conf_lease_time, conf_renew_time, conf_lease_timeout and conf_rebind_time are always reset whenever the values are configured. Do not assign values that are overwritten later. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Lease default timers derivate from the other timers. Add macro to define ratio from other timers. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
The IPOE session lease timer value is taken from the configuration if available or from the LEASE_TIME macro. When the DHCP server sends an OFFER or an ACK with a different lease time, this value is overwritten but the REBIND and RENEWING timers are not changed. If the new value is lower than the REBIND and RENEWING timers, the clients will not go to the RENEWING and REBIND state to re-request its IP address before the lease timeout. Overwrite REBIND and RENEWING timers when receiving a lease timer from the server. Note the server MUST send a lease timer with a DHCP OFFER or ACK. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
If the DHCP server send a renew or rebind lease timer value that is inconsistent with the other lease timer values, replace the values when relaying the server packets to the client. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Get Linux VRF information from Netlink and store it into the IPOE server structure. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When an interface from the [ipoe] configuration section belongs to a VRF, add and delete the /32 routes to the clients in the interface VRF. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Allow relaying the DHCP relay to server traffic from a vrf. Link: FRRouting/frr@edc3f63 Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com> Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Set the AP session VRF name. It is displayed "accel-cmd show sessions". vrf_name is used to set the IPOE interface into its vrf. Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
34920ca to
dbd5d60
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for multiple DHCP servers behind the relay.
It is possible to specify multiple DHCP relay servers globally or per interface.
With multiple DHCP servers, the relay receives multiple DHCPOFFER but only the first one is relayed to the DHCP client. RFC2131 says that the relay must relay all the DHCPOFFER to the client and the client selects the best offer (actually the first one in most cases) by sending a DHCPREQUEST with the "Server Identifier" (Option 54) of the selected DHCPOFFER. However, accel-ppp replaces the "Server Identifier" (Option 54) of the DHCPOFFER by its own address. If all the DHCPOFFER were sent to the client, the DHCPREQUEST "Server Identifier" (Option 54) could not identify the selected offer.