On 19.12.24 09:28, 胡义臻 wrote:
Dear all, I start dnsmasq(version 2.86) with --dhcp-lease-max=1, only one DHCP lease can be allocated. I find that the behavior of IPv4 and IPv6 is inconsistent. IPv4 returns a DHCPNAK packet with log "no leases left". Although IPv6 does not allocate a lease in function lease_allocate, it still returns a DHCPADVERSISE packet and allocates an IPv6 address. (...) [root@localhost.localdomain /]$ip netns exec ns0 tcpdump -i veth0 -vvv port 546 or port 547 dropped privs to tcpdump tcpdump: listening on veth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 15:55:18.192825 IP6 (flowlabel 0xffe1d, hlim 1, next-header UDP (17) payload length: 92) fe80::f03a:70ff:feb0:6dfe.dhcpv6-client > ff02::1:2.dhcpv6-server: [bad udp cksum 0xcbdd -> 0x890a!] dhcp6 solicit (xid=3e98e (client-ID type 4) (option-request DNS-server DNS-search-list) (elapsed-time 0) (IA_NA IAID:1890610686 T1:3600 T2:5400 (IA_ADDR 46:41::165a:c84d pltime:7200 vltime:10800)))
With IPv6, clients usually self-assign an address via SLAAC rather than acquiring one via DHPCv6. When a client uses SLAAC, it still would have to learn other network details, like gateway or DNS servers to use. Such a client would usually learn those via NDP router advertisements as regularly advertised by your router. Alternatively, it may also ask your DHCPv6 server to supply those details. This is referred to as Stateless DHPCv6. In your case, your logs show that a client is trying to solicit DNS details via DHCPv6: > dhcp6 solicit (xid=3e98e (client-ID type 4) (option-request DNS-server DNS-search-list) This would suggest that you see SLAAC and Stateless DHCPv6 in action - normal behaviour. If you want to force your clients to acquire a DHCPv6 lease and never use SLAAC, you'd have to configure your router accordingly. However, you should note that there are OSs that do not support DHCPv6 at all, Android being the most prominent example. By disallowing SLAAC, you'd prevent those clients from acquiring an IPv6 address, which in theory could even completely cut them from network access in absence of IPv4. Kind regards, Buck _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss