===============================================================
USE 'ndhs' INSTEAD!
This repository only exists for historical purposes. The
current version of this program now lives in the 'ndhs'
repository.
===============================================================
REQUIREMENTS
------------
Linux kernel
GCC or Clang
CMake
Boost
ncmlib
cppformat
INTRODUCTION
------------
ndhs is a DHCPv4 and DHCPv6 server that also provides IPv6 router
advertisements. It is intended to be run on a router; IPv6 assumes that the
default gateway for a network will provide router advertisements, and many
hosts will need stateless DHCP6 information replies in order to determine the
DNS and NTP services for a network.
ndhs has been designed to be secure and function with minimal privilege.
REMARKS ON IPv4 AND IPv6 DIFFERENCES
------------------------------------
IPv6 is very different than IPv4.
IPv6 supports two different methods (stateful, stateless) of automatic IP
address allocation. IPv4 only supports stateful allocation.
Stateful allocation is the familiar DHCPv4 approach, where a centralized
server has authority for IP address allocation on a set of
local network segments. Hosts make queries to this server and are
provided with IP addresses by the server, which records the mappings
(state) between hosts (identified by MAC or IAID/DUIDs) and IP addresses.
DHCPv6 can support this model, but it also allows for stateless
autoconfiguration, where address assignment is not explicitly tracked.
IPv6 stateless address allocation eliminates the need for a centralized
server to keep track of mappings between hosts and IP addresses. Instead,
information about the network (prefix, dns/ntp servers) is provided to
hosts by routers on the local network segment (link). Hosts use this
information to calculate a probabalistically unique IP address, which
is then verified for uniqueness by interrogating the network (using
IPv6 Neighbor Discovery/Duplicate Address Detection).
This is fine for situations where it does not matter what addresses
are assigned to clients; these addresses may even intentionally
change over time (see Privacy Extensions and Temporary Addresses).
However, if it is necessary for mappings to remain constant, or
to vary but be coordinated with DNS entries, stateful address
assignment is necessary.
Stateful assignment still requires router advertisements to be
provided. Many types of necessary information (notably the default gateway)
are provided via router advertisements and not by DHCPv6.
ndhs is designed to support the stateful autoconfiguration model.
It provides all functionality required for stateful autoconfiguration to
fully function for hosts. It should be run only on IPv4/IPv6 routers,
and only on interfaces on the router for which the router performs
routing duties.
STANDARD USAGE
--------------
1) Compile and install ndhs.
a) mkdir build
b) cd build
c) cmake ..
d) make
e) Install the ndhs executable in a normal place.
f) Set up a user and chroot path (optional, but recommended).
g) Set up a configure file. For now, look at cfg.rl to
see the syntax.
h) Make sure that ndhs can write to its state directory for
dynamic leases. If you are using chroot, this by default
will be /state directory beneath the chroot.
If you are not using a chroot, then it will default to
/var/lib/ndhs/state.
2) Run ndhs. Use ndhs --help to see all possible options.
Examples:
ndhs --user=ndhs --chroot /var/lib/ndhs
PORTABILITY
-----------
ndhs could be ported to non-Linux systems, but will require new code
to replace the netlink mechanism used in Linux. Some security hardening
features (seccomp-bpf syscall filtering, SO_LOCK_FILTER) would need to
be disabled, too.
LICENSE
-------
(c) 2014-2016 Nicholas J. Kain <njkain at gmail dot com>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.