Public | Automated Build

Last pushed: a year ago
Short Description
NDP Proxy Daemon
Full Description
                 ndppd - NDP Proxy Daemon

                      Version 0.2.4

1. Legal

ndppd - NDP Proxy Daemon
Copyright (C) 2011 Daniel Adolfsson daniel@priv.nu

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see http://www.gnu.org/licenses/.


2. About 'ndppd'

'ndppd', or NDP Proxy Daemon, is a daemon that proxies NDP (Neighbor
Discovery Protocol) messages between interfaces.

The Neighbor Discovery Protocol (NDP) is a protocol in the Internet
Protocol Suite used with Internet Protocol Version 6 (IPv6). It
operates in the Link Layer of the Internet model (RFC 1122) and is
responsible for address autoconfiguration of nodes, discovery of
other nodes on the link, determining the Link Layer addresses
of other nodes, duplicate address detection, finding available
routers and Domain Name System (DNS) servers, address prefix
discovery, and maintaining reachability information about the paths
to other active neighbor nodes (RFC 4861). (Wikipedia)

'ndppd' currently only supports Neighbor Solicitation Messages and
Neighbor Advertisement Messages.

Before an IPv6 packet can be sent to a host, that host's link-layer
address must first be discovered. This is done by sending a Neighbor
Solicitation message containing the requested target IPv6 address
to a specific multicast address. If a host have configured a
matching IP, that host will then respond with a Neighbor
Advertisement message, and provide it's link-layer address.

Let's say you want to route some IPs to another interface, and
your ISP isn't truly routing your subnet to your host. It means
that your host will have respond to Neighbor Solicitation messages
for IPs it haven't configured in order to be able to route them.

Linux have a limited support for proxying Neighbor Solicitation
messages by simply answering to any messages where the target IP
can be found in the host's neighbor proxy table. To make this work
you need to enable "proxy_ndp", and then add each single host to the
neighbor proxy table by typing something like:

  ip -6 neigh add proxy <ip> dev <if>

Unfortunately, it doesn't support listing proxies, and as I said,
only individual IPs are supported. No subnets.

'ndppd' solves this by listening for Neighbor Solicitation messages
on an interface, then query the internal interfaces for that target
IP before finally sending a Neighbor Advertisement message.

You can create rules to query one interface for one subnet, and
another interface for another. 'ndppd' can even respond directly to
Neighbor Solicitation messages without querying anything, should you
need that.


3. Dependencies

As of version 0.2.2, libconfuse is no longer needed.


4. Compiling

First, make sure you have g++ and make installed.

It should be as easy as:

  make all && make install

If you want to enable debugging, you can type:

  make DEBUG=1 all

Note that this version of the binary is much bigger, and the daemon
produces a lot of messages.


5. Usage

Read through 'ndppd.conf-dist' for guidelines and examples how to
configure the daemon.

Usage: ndppd [-d] [-c <config>] [-p <pidfile>]

-p <pidfile>
Create a pidfile at the specified location.

-c <config>
Read configuration from the specified location, instead of
the default which is /etc/ndppd.conf.

-d Daemonize the process, putting it in the background.
Also enables syslogging.

-v Increase logging verbosity. Can be used several times in
order to increase even further.


5. Docker

You can build a docker image with

  docker build -t ndppd .

In order to run the image, you need to be on the host network
with privileged access

  docker run -d --privileged --net=host --restart=always --name ndppd_c ndppd '2607:5300:xxxx:xxxx::/64'

6. Website and contact

Contact : Daniel Adolfsson daniel@priv.nu

Website : https://github.com/DanielAdolfsson/ndppd

   Git : git://github.com/DanielAdolfsson/ndppd.git

If you want to report a bug, you can either send me a mail directly,
or submit an issue on github.com.

Docker Pull Command
Owner
intersoftlab
Source Repository

Comments (0)