src/PVE/Network/SDN/Dhcp/Dnsmasq.pm

   1 package PVE::Network::SDN::Dhcp::Dnsmasq;
   2
   3 use strict;
   4 use warnings;
   5
   6 use base qw(PVE::Network::SDN::Dhcp::Plugin);
   7
   8 use Net::IP qw(:PROC);
   9 use PVE::Tools qw(file_set_contents run_command lock_file);
  10
  11 use File::Copy;
  12 use Net::DBus;
  13
  14 my $DNSMASQ_CONFIG_ROOT = '/etc/dnsmasq.d';
  15 my $DNSMASQ_DEFAULT_ROOT = '/etc/default';
  16 my $DNSMASQ_LEASE_ROOT = '/var/lib/misc';
  17
  18 sub type {
  19     return 'dnsmasq';
  20 }
  21
  22 sub add_ip_mapping {
  23     my ($class, $dhcpid, $macdb, $mac, $ip4, $ip6) = @_;
  24
  25     my $ethers_file = "$DNSMASQ_CONFIG_ROOT/$dhcpid/ethers";
  26     my $ethers_tmp_file = "$ethers_file.tmp";
  27
  28     my $change = undef;
  29     my $match4 = undef;
  30     my $match6 = undef;
  31
  32     my $appendFn = sub {
  33         open(my $in, '<', $ethers_file) or die "Could not open file '$ethers_file' $!\n";
  34         open(my $out, '>', $ethers_tmp_file) or die "Could not open file '$ethers_tmp_file' $!\n";
  35
  36         while (my $line = <$in>) {
  37             chomp($line);
  38             my ($parsed_mac, $parsed_ip) = split(/,/, $line);
  39             #delete removed mac
  40             if (!defined($macdb->{macs}->{$parsed_mac})) {
  41                 $change = 1;
  42                 next;
  43             }
  44
  45             #delete changed ip
  46             my $ipversion = Net::IP::ip_is_ipv4($parsed_ip) ? "ip4" : "ip6";
  47             if ($macdb->{macs}->{$parsed_mac}->{$ipversion} && $macdb->{macs}->{$parsed_mac}->{$ipversion} ne $parsed_ip) {
  48                 $change = 1;
  49                 next;
  50             }
  51             print $out "$parsed_mac,$parsed_ip\n";
  52             #check if mac/ip already exist
  53             $match4 = 1 if $parsed_mac eq $mac && $macdb->{macs}->{$mac}->{'ip4'} && $macdb->{macs}->{$mac}->{'ip4'} eq $ip4;
  54             $match6 = 1 if $parsed_mac eq $mac && $macdb->{macs}->{$mac}->{'ip6'} && $macdb->{macs}->{$mac}->{'ip6'} eq $ip6;
  55         }
  56
  57         if(!$match4 && $ip4) {
  58             print $out "$mac,$ip4\n";
  59             $change = 1;
  60         }
  61
  62         if(!$match6 && $ip6) {
  63             print $out "$mac,$ip6\n";
  64             $change = 1;
  65         }
  66         close $in;
  67         close $out;
  68         move $ethers_tmp_file, $ethers_file;
  69         chmod 0644, $ethers_file;
  70     };
  71
  72     PVE::Tools::lock_file($ethers_file, 10, $appendFn);
  73
  74     if ($@) {
  75         warn "Unable to add $mac to the dnsmasq configuration: $@\n";
  76         return;
  77     }
  78
  79     my $service_name = "dnsmasq\@$dhcpid";
  80     PVE::Tools::run_command(['systemctl', 'reload', $service_name]) if $change;
  81
  82     #update lease as ip could still be associated to an old removed mac
  83     my $bus = Net::DBus->system();
  84     my $dnsmasq = $bus->get_service("uk.org.thekelleys.dnsmasq.$dhcpid");
  85     my $manager = $dnsmasq->get_object("/uk/org/thekelleys/dnsmasq","uk.org.thekelleys.dnsmasq.$dhcpid");
  86
  87     my @hostname = unpack("C*", "*");
  88     $manager->AddDhcpLease($ip4, $mac, \@hostname, undef, 0, 0, 0) if $ip4;
  89     $manager->AddDhcpLease($ip6, $mac, \@hostname, undef, 0, 0, 0) if $ip6;
  90
  91 }
  92
  93 sub configure_subnet {
  94     my ($class, $dhcpid, $subnet_config) = @_;
  95
  96     die "No gateway defined for subnet $subnet_config->{id}"
  97         if !$subnet_config->{gateway};
  98
  99     my $tag = $subnet_config->{id};
 100
 101     my @dnsmasq_config = (
 102         "listen-address=$subnet_config->{gateway}",
 103     );
 104
 105     my $option_string;
 106     if (ip_is_ipv6($subnet_config->{network})) {
 107         $option_string = 'option6';
 108         push @dnsmasq_config, "enable-ra";
 109     } else {
 110         $option_string = 'option';
 111         push @dnsmasq_config, "dhcp-option=tag:$tag,$option_string:router,$subnet_config->{gateway}";
 112     }
 113
 114     push @dnsmasq_config, "dhcp-option=tag:$tag,$option_string:dns-server,$subnet_config->{'dhcp-dns-server'}"
 115         if $subnet_config->{'dhcp-dns-server'};
 116
 117     PVE::Tools::file_set_contents(
 118         "$DNSMASQ_CONFIG_ROOT/$dhcpid/10-$subnet_config->{id}.conf",
 119         join("\n", @dnsmasq_config) . "\n"
 120     );
 121 }
 122
 123 sub configure_range {
 124     my ($class, $dhcpid, $subnet_config, $range_config) = @_;
 125
 126     my $subnet_file = "$DNSMASQ_CONFIG_ROOT/$dhcpid/10-$subnet_config->{id}.conf";
 127     my $tag = $subnet_config->{id};
 128
 129     my ($zone, $network, $mask) = split(/-/, $tag);
 130
 131     if (Net::IP::ip_is_ipv4($network)) {
 132         $mask = (2 ** $mask - 1) << (32 - $mask);
 133         $mask = join( '.', unpack( "C4", pack( "N", $mask ) ) );
 134     }
 135
 136     open(my $fh, '>>', $subnet_file) or die "Could not open file '$subnet_file' $!\n";
 137     print $fh "dhcp-range=set:$tag,$network,static,$mask,infinite\n";
 138     close $fh;
 139 }
 140
 141 sub before_configure {
 142     my ($class, $dhcpid) = @_;
 143
 144     my $config_directory = "$DNSMASQ_CONFIG_ROOT/$dhcpid";
 145
 146     mkdir($config_directory, 755) if !-d $config_directory;
 147
 148     my $default_config = <<CFG;
 149 CONFIG_DIR='$config_directory,\*.conf'
 150 DNSMASQ_OPTS="--conf-file=/dev/null --enable-dbus=uk.org.thekelleys.dnsmasq.$dhcpid"
 151 CFG
 152
 153     PVE::Tools::file_set_contents(
 154         "$DNSMASQ_DEFAULT_ROOT/dnsmasq.$dhcpid",
 155         $default_config
 156     );
 157
 158     my $default_dnsmasq_config = <<CFG;
 159 except-interface=lo
 160 bind-dynamic
 161 no-resolv
 162 no-hosts
 163 dhcp-leasefile=$DNSMASQ_LEASE_ROOT/dnsmasq.$dhcpid.leases
 164 dhcp-hostsfile=$config_directory/ethers
 165 dhcp-ignore=tag:!known
 166
 167 # Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
 168 dhcp-option=252,"\\n"
 169
 170 # Send microsoft-specific option to tell windows to release the DHCP lease
 171 # when it shuts down. Note the "i" flag, to tell dnsmasq to send the
 172 # value as a four-byte integer - that's what microsoft wants.
 173 dhcp-option=vendor:MSFT,2,1i
 174
 175 # If a DHCP client claims that its name is "wpad", ignore that.
 176 # This fixes a security hole. see CERT Vulnerability VU#598349
 177 dhcp-name-match=set:wpad-ignore,wpad
 178 dhcp-ignore-names=tag:wpad-ignore
 179 CFG
 180
 181     PVE::Tools::file_set_contents(
 182         "$config_directory/00-default.conf",
 183         $default_dnsmasq_config
 184     );
 185
 186     unlink glob "$config_directory/10-*.conf";
 187 }
 188
 189 sub after_configure {
 190     my ($class, $dhcpid) = @_;
 191
 192     my $service_name = "dnsmasq\@$dhcpid";
 193
 194     PVE::Tools::run_command(['systemctl', 'enable', $service_name]);
 195     PVE::Tools::run_command(['systemctl', 'restart', $service_name]);
 196 }
 197
 198 sub before_regenerate {
 199     my ($class) = @_;
 200
 201     PVE::Tools::run_command(['systemctl', 'stop', "dnsmasq@*"]);
 202     PVE::Tools::run_command(['systemctl', 'disable', 'dnsmasq@']);
 203 }
 204
 205 sub after_regenerate {
 206     my ($class) = @_;
 207     # noop
 208 }
 209
 210 1;