On 4/8/25 15:44, Vladislav Gornostaev wrote:
Dear Simon,
I hope this email finds you well. I am writing to seek your expertise regarding
an issue with dnsmasq's DHCPv6 relay functionality, specifically with the
dhcp-script feature not being triggered properly.I have configured dnsmasq
(latest version) as a DHCPv6 relay agent on a Mellanox switch with the
following configuration
"
no-resolv
no-hosts
port=0
log-dhcp
log-queries
# Enable DHCPv6 relay
dhcp-relay=2a02:2a02:2a02:2a02::1,2000::2
# Enable IPv6
enable-ra
# Interface configuration
interface=swp3
interface=swp2
# Add script
dhcp-script=/etc/dnsmasq.d/dhcp6-relay-script.sh
# Log to syslog
log-facility=local7
"
My objective is to have a script that installs routes to the VRF "mgmt" when prefixes are
delegated via DHCPv6-PD. I've created a script that handles the "relay-snoop" action as
documented in the man page, but the script never seems to be triggered by dnsmasq.When I run the
script manually with test parameters:
/etc/dnsmasq.d/dhcp6-relay-script.sh relay-snoop swp3 fe80::abcd
2001:db8::/64It works correctly
However, dnsmasq doesn't appear to be calling the script when it relays prefix
delegations.I've ensured that:
• The script is executable (chmod +x)
• The script has the correct path in the dnsmasq configuration
• Logging is enabled
• The script logs when it's called (to a separate log file)
Would you be able to provide any guidance on:
• Is there a specific build option required for the "relay-snoop" feature
to work?
HAVE_SCRIPT and HAVE_DHCP6 should be sufficient, I think.
• Are there any common issues that might prevent dnsmasq from calling the
script?
Common is not necessarily applicable, but looking at the code, the
valid_lifetime field in the IA_PREFIX option must be non-zero.
• Is there a debug method to verify if dnsmasq is attempting to call the
script?
If you configure an executable which doesn't exist or of non-executable,
calling exec() will fail and that will be logged by dnsmasq, similarly
if your script returns a non-zero exit code. that should be logged. If
it isn't, the script is not being called.
• Could you share a working example of DHCPv6 relay with script
integration?
Sadly, I can't.That would require much more of a test harness than I
available.
It's worth understanding that this is code which is probably very rarely
exercised. You may well have found a real bug in dnsmasq. If you have
some C debugging skills, I'm very happy to walk you through the three of
four bits of code which implement this: Given you have the basis of a
test system already, that's much easier for me than trying to put one
together.
Capturing the network packets (and sending them to me) is also
worthwhile. You can use pcap or wireshark or the dnsmasq --dumpfile and
--dumpmask options.
Cheers,
Simon.
> > Thank you for your time and assistance.
Your insights would be greatly appreciated.
Kind regards,
Vladislav, gornostae...@yandex-team.ru
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
