cfg.StrOpt('dnsmasq_dns_server',
help=_('Use another DNS server before any in '
'/etc/resolv.conf.')),
+ cfg.IntOpt(
+ 'dnsmasq_lease_max',
+ default=(2 ** 24),
+ help=_('Limit number of leases to prevent a denial-of-service.')),
cfg.StrOpt('interface_driver',
help=_("The driver used to manage the virtual interface.")),
]
'--except-interface=lo',
'--pid-file=%s' % self.get_conf_file_name(
'pid', ensure_conf_dir=True),
- #TODO (mark): calculate value from cidr (defaults to 150)
- #'--dhcp-lease-max=%s' % ?,
'--dhcp-hostsfile=%s' % self._output_hosts_file(),
'--dhcp-optsfile=%s' % self._output_opts_file(),
'--leasefile-ro',
]
+ possible_leases = 0
for i, subnet in enumerate(self.network.subnets):
# if a subnet is specified to have dhcp disabled
if not subnet.enable_dhcp:
set_tag = 'set:'
else:
set_tag = ''
+
+ cidr = netaddr.IPNetwork(subnet.cidr)
+
cmd.append('--dhcp-range=%s%s,%s,%s,%ss' %
(set_tag, self._TAG_PREFIX % i,
- netaddr.IPNetwork(subnet.cidr).network,
+ cidr.network,
mode,
self.conf.dhcp_lease_duration))
+ possible_leases += cidr.size
+
+ # Cap the limit because creating lots of subnets can inflate
+ # this possible lease cap.
+ cmd.append('--dhcp-lease-max=%d' %
+ min(possible_leases, self.conf.dnsmasq_lease_max))
cmd.append('--conf-file=%s' % self.conf.dnsmasq_config_file)
if self.conf.dnsmasq_dns_server:
id = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
subnets = [FakeV4Subnet()]
ports = [FakePort1()]
+ namespace = 'qdhcp-ns'
class FakeV6Network:
id = 'bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb'
subnets = [FakeV6Subnet()]
ports = [FakePort2()]
+ namespace = 'qdhcp-ns'
class FakeDualNetwork:
class TestDnsmasq(TestBase):
- def _test_spawn(self, extra_options):
+ def _test_spawn(self, extra_options, network=FakeDualNetwork(),
+ max_leases=16777216):
def mock_get_conf_file_name(kind, ensure_conf_dir=False):
- return '/dhcp/cccccccc-cccc-cccc-cccc-cccccccccccc/%s' % kind
+ return '/dhcp/%s/%s' % (network.id, kind)
def fake_argv(index):
if index == 0:
'exec',
'qdhcp-ns',
'env',
- 'NEUTRON_NETWORK_ID=cccccccc-cccc-cccc-cccc-cccccccccccc',
+ 'NEUTRON_NETWORK_ID=%s' % network.id,
'dnsmasq',
'--no-hosts',
'--no-resolv',
'--bind-interfaces',
'--interface=tap0',
'--except-interface=lo',
- '--pid-file=/dhcp/cccccccc-cccc-cccc-cccc-cccccccccccc/pid',
- '--dhcp-hostsfile=/dhcp/cccccccc-cccc-cccc-cccc-cccccccccccc/host',
- '--dhcp-optsfile=/dhcp/cccccccc-cccc-cccc-cccc-cccccccccccc/opts',
- '--leasefile-ro',
- '--dhcp-range=set:tag0,192.168.0.0,static,86400s',
- '--dhcp-range=set:tag1,fdca:3ba5:a17a:4ba3::,static,86400s']
+ '--pid-file=/dhcp/%s/pid' % network.id,
+ '--dhcp-hostsfile=/dhcp/%s/host' % network.id,
+ '--dhcp-optsfile=/dhcp/%s/opts' % network.id,
+ '--leasefile-ro']
+
+ expected.extend(
+ '--dhcp-range=set:tag%d,%s,static,86400s' %
+ (i, s.cidr.split('/')[0])
+ for i, s in enumerate(network.subnets)
+ )
+ expected.append('--dhcp-lease-max=%d' % max_leases)
expected.extend(extra_options)
self.execute.return_value = ('', '')
with mock.patch.multiple(dhcp.Dnsmasq, **attrs_to_mock) as mocks:
mocks['get_conf_file_name'].side_effect = mock_get_conf_file_name
mocks['_output_opts_file'].return_value = (
- '/dhcp/cccccccc-cccc-cccc-cccc-cccccccccccc/opts'
+ '/dhcp/%s/opts' % network.id
)
mocks['interface_name'].__get__ = mock.Mock(return_value='tap0')
with mock.patch.object(dhcp.sys, 'argv') as argv:
argv.__getitem__.side_effect = fake_argv
- dm = dhcp.Dnsmasq(self.conf, FakeDualNetwork(),
- version=float(2.59))
+ dm = dhcp.Dnsmasq(self.conf, network, version=float(2.59))
dm.spawn_process()
self.assertTrue(mocks['_output_opts_file'].called)
self.execute.assert_called_once_with(expected,
'--server=8.8.8.8',
'--domain=openstacklocal'])
+ def test_spawn_max_leases_is_smaller_than_cap(self):
+ self._test_spawn(
+ ['--conf-file=', '--domain=openstacklocal'],
+ network=FakeV4Network(),
+ max_leases=256)
+
def test_output_opts_file(self):
fake_v6 = 'gdca:3ba5:a17a:4ba3::1'
fake_v6_cidr = 'gdca:3ba5:a17a:4ba3::/64'
Code Review / openstack-build / neutron-build.git / commitdiff