Re: DHCPDv6 in non-vnet jail
- Reply: Goran Mekić : "Re: DHCPDv6 in non-vnet jail"
- In reply to: Goran Mekić : "Re: DHCPDv6 in non-vnet jail"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 30 Mar 2022 12:45:17 UTC
Hi, First. I'm not an IPv6 expert. Got it running at home. Although with SLAAC, not DHCP yet. Another disclaimer is that I use VNET-jails nowadays. But I like to try and think along with you. What surprises me is that your non-vnet jail does not have a LINKLOCAL fe80::: address. These addresses are used for configuration in the local network (AFAIK). And your routing table does not contain a line like this: ff02::/16 ::1 UGRS lo0 So how is the ff02:: multicast routed in your network? But the tcpdump shows that the multicast solicit message is received on the non-vnet dhcp-server so that seems to work: 18:02:51.229813 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit I don't know if the dhcp-server program also sees this request coming in on its interface. Maybe extra logging can help there. According to https://en.wikipedia.org/wiki/DHCPv6#Example the dhcp-server would reply with a link-local fe80:: address. "Server replies with an advertise from [fe80::0011:22ff:fe33:5566]:547 to [fe80::aabb:ccff:fedd:eeff]:546." But your dhcp-server does not have an fe80::. So I'm wondering how that would work. More questions than answers. But I hope it helps. Regards, Ronald. Van: "Goran Mekic" <meka@tilda.center> Datum: dinsdag, 29 maart 2022 18:11 Aan: Ronald Klop <ronald-lists@klop.ws> CC: freebsd-current@freebsd.org, "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Onderwerp: Re: DHCPDv6 in non-vnet jail > > On Tue, Mar 29, 2022 at 12:14:20PM +0200, Ronald Klop wrote: > > I think it will help if you share more of your configuration/logs. > Inside non-vnet jail, this is ifconfig output > cbsd0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > description: lagg0 > ether 58:9c:fc:10:9b:75 > inet 172.16.0.253 netmask 0xffffffff broadcast 172.16.0.253 > inet6 fd10:6c79:8ae5:8b91::2 prefixlen 128 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 7 priority 128 path cost 2000 > member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 11 priority 128 path cost 2000 > member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 10 priority 128 path cost 2000 > member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 9 priority 128 path cost 2000 > member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 8 priority 128 path cost 2000 > groups: bridge > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > > There are bunch of other interfaces, but only cbsd0 (bridge interface) > is set up with ip address. > > > netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Netif Expire > 172.16.0.253 link#4 UH cbsd0 > > Internet6: > Destination Gateway Flags Netif Expire > fd10:6c79:8ae5:8b91::2 link#4 UHS lo0 > > > grep -v '^#' /usr/local/etc/dhcpd6.conf > > default-lease-time 2592000; > preferred-lifetime 604800; > option dhcp-renewal-time 3600; > option dhcp-rebinding-time 7200; > allow leasequery; > option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e; > option dhcp6.domain-search "test.example.com","example.com"; > option dhcp6.info-refresh-time 21600; > dhcpv6-lease-file-name "/var/db/dhcpd6/dhcpd6.leases"; > > subnet6 fd10:6c79:8ae5:8b91::/64 { > range6 fd10:6c79:8ae5:8b91::/64; > } > > > ls -l /dev > total 1 > crw------- 1 root wheel 0x26 Mar 29 17:35 bpf > lrwxr-xr-x 1 root wheel 3 Mar 28 09:31 bpf0 -> bpf > crw-rw-rw- 1 root wheel 0x4a Mar 26 15:54 crypto > dr-xr-xr-x 2 root wheel 512 Mar 29 03:38 fd > crw-rw-rw- 1 root wheel 0x2a Mar 29 18:00 null > crw-rw---- 1 root nsd 0x1a5 Mar 24 23:45 pf > crw-rw---- 1 root nsd 0x4b Mar 26 15:54 pfil > dr-xr-xr-x 2 root wheel 512 Mar 28 09:31 pts > crw-r--r-- 1 root wheel 0x8 Mar 24 23:45 random > lrwxr-xr-x 1 root wheel 4 Mar 28 09:31 stderr -> fd/2 > lrwxr-xr-x 1 root wheel 4 Mar 28 09:31 stdin -> fd/0 > lrwxr-xr-x 1 root wheel 4 Mar 28 09:31 stdout -> fd/1 > lrwxr-xr-x 1 root wheel 6 Mar 28 09:31 urandom -> random > crw-rw-rw- 1 root wheel 0x2b Mar 26 15:54 zero > > > > On the host I have /etc/rtadvd.conf: > cbsd0:addr="fd10:6c79:8ae5:8b91::":raflags="m" > > > On the host ifconfig cbsd0 > cbsd0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > description: lagg0 > ether 58:9c:fc:10:9b:75 > inet 172.16.0.254 netmask 0xffffff00 broadcast 172.16.0.255 > inet 172.16.1.254 netmask 0xffffff00 broadcast 172.16.1.255 > inet 172.16.0.253 netmask 0xffffffff broadcast 172.16.0.253 > inet6 fe80::5a9c:fcff:fe10:9b75%cbsd0 prefixlen 64 scopeid 0x4 > inet6 fd10:6c79:8ae5:8b91::1 prefixlen 64 > inet6 fd10:6c79:8ae5:8b91::2 prefixlen 128 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 7 priority 128 path cost 2000 > member: epair5a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 11 priority 128 path cost 2000 > member: epair4a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 10 priority 128 path cost 2000 > member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 9 priority 128 path cost 2000 > member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 8 priority 128 path cost 2000 > groups: bridge > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > > > Besides you can take a look with tcpdump/wireshark on what happens on different interfaces of your machines to see the traffic flow between client and server. > Running tcpdump -i cbsd0 ip6 inside the non-vnet: > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on cbsd0, link-type EN10MB (Ethernet), capture size 262144 bytes > 18:02:29.081325 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 > 18:02:51.229813 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 18:02:52.338420 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 18:02:54.444709 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 18:02:58.449268 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 18:02:59.083071 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 > 18:03:06.545104 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 18:03:12.355503 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 > 18:03:22.890933 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 18:03:29.084154 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 > 18:03:54.837662 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit > 18:03:59.081342 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 > 18:04:29.083992 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 > 18:04:41.028190 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 > > > That happens while I'm running dhcp6c -d -f eth0 inside vnet jail (eth0 > is epair that is renamed): > Mar/29/2022 18:02:50: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory > Mar/29/2022 18:02:50: failed initialize control message authentication > Mar/29/2022 18:02:50: skip opening control port > Mar/29/2022 18:02:50: cfparse: fopen(/usr/local/etc/dhcp6c.conf): No such file or directory > Mar/29/2022 18:02:51: Sending Solicit > Mar/29/2022 18:02:52: Sending Solicit > Mar/29/2022 18:02:54: Sending Solicit > Mar/29/2022 18:02:58: Sending Solicit > Mar/29/2022 18:03:06: Sending Solicit > Mar/29/2022 18:03:22: Sending Solicit > Mar/29/2022 18:03:54: Sending Solicit > > > > Can I provide any more info? > > Regards, > meka > > > >