History of a bug

Raspberry as network monitor

Rédigé par gorki Aucun commentaire

Problem :

I built a network monitoring solution following this guides :

Truly, a great job.

But I has build the solution at home for another network, I would like that my raspberry start and monitor at boot. And I missed in the comments or text a few thing.

Solution :

I created services as described in the comment for prometheus, add another for the tcpdump. Don't forget prometheus working directory in this configuration (no specific user for prometheus).


ExecStart=/home/pi/prometheus/prometheus-2.23.0.linux-armv7/prometheus \
    --config.file /home/pi/prometheus/prometheus.yml


Description=TCPDump service for traffic monitoring
ExecStart=python3 /home/pi/network-traffic-metrics/network-traffic-metrics.py "(src net and not dst net or (dst net and not src net"

But I had some network issues :

First, disable dhcpcd and install isc-dhcp-server

In my case, I keep dhcpcd as it mount the network interfaces eth0 & eth1. I also put a no gateway on eth0 (my lan part)

My dhcpcd.conf configuration for interfaces :

interface eth1
static ip_address=
static routers=
static domain_name_servers=
static domain_search=

interface eth0
static ip_address=
static routers=
static domain_name_servers=
static domain_search=

But with this configuration, at boot :

  • isc-dhcp-server and tcpdump

were not started because eth0 was not up or plugged. In my case, I could plug eth0 later.

So I took a while, but I found the network hook that works (forget all /etc/network thing, dhcpcd do not use it).

Create a file (not a directory...) called /etc/dhcpcd.exit-hook with


if [ "$interface" = "eth0" & "$reason" = "STATIC" & "$if_up" = "true" ]
	systemctl start tcpdump
	systemctl start isc-dhcp-server.service

And all is starting when eth0 is going up.

PEER_DNS=no on debian or how to prevent a specific DHCP interface to update the DNS

Rédigé par gorki Aucun commentaire

Problem :

On Debian, do not update resolv.conf (DNS) when we have multiple DHCP network interfaces.

Solution :

A first link : Never update resolv.conf with DHCP client

But we don't want to never update, but sometimes update...

On Redhat families it's simple (see the previous link) : PEERDNS=NO on the right interfaces

On Debian families.... let's use the hook as suggested :

Create hook to avoid /etc/resolv.conf file update

You need to create /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate file under Debian / Ubuntu Linux:
# vi /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate
Append following code:

{ : }

OK, but the hook prevent ALL interfaces to update resolv.conf, the idea :

  1. in the hook test the interface name
  2. if one authorized, call the original make_resolv_conf
  3. otherwise to nothing

In bash it's not easy to have multiple function with the same name, but thanks stackoverlow !:


# copies function named $1 to name $2
copy_function() {
    declare -F $1 > /dev/null || return 1
    eval "$(echo "${2}()"; declare -f ${1} | tail -n +2)"

# Import the original make_resolv_conf
# Normally useless, hooks are called after make_resolv_conf declaration
# . /sbin/dhclient-script

copy_function make_resolv_conf orignal_make_resolv_conf

make_resolv_conf() {
        if [ ${interface} = "auhtorizedInterface" ] ; then

Update :

The previous solution is not working...  declare is not known by sh/dash and the script is run by sh/dash. So the copy function is not possible.

Ideas :

  • copy make_resolv_conf in this file under original_make_resolv_conf : it works, but ugly due to security patch not handled
  • use 2 hooks : one enter : save resolv.conf, one on exit : restore resolv.conf if ${interface} is not authorized
  • try to extract make_resolv_conf from /sbin/dhclient-script : not so easy...

Best solution, the two hooks, it's a pity :) I like the copy_functions :) :

# vi /etc/dhcp3/dhclient-enter-hooks.d/selectdns-enter


cp /etc/resolv.conf /tmp/resolv.conf.${interface}

# vi /etc/dhcp3/dhclient-exit-hooks.d/selectdns-exit


if [ ${interface} = "auhtorizedInterface" ] ; then
       echo "${interface} not authorized"
       cp /tmp/resolv.conf.${interface} /etc/resolv.conf


Fil RSS des articles de ce mot clé