Re: DHCPDv6 in non-vnet jail
On Tue, Mar 29, 2022 at 05:21:13PM +0200, Marek Zarychta wrote: > Running DHCPv6 in a jail is possible and pretty straigtforward if > /dev/bpf is exposed, but I have never tried to run rtadvd(8) in the > jail. The net/isc-dhcp44-server works flawlessy in dedicated DHCPv6 > reduntant jails without VNET, but the RA is always done on the core > switches for all suppoted subnets in my case. Please consider that > DHCPv6 is never replacement, but addition to properly confiugred RA. I ran rtadvd inside jail just to see if RA messages are going back and forth as I suspected I'm blocking something. Otherwise, I'm running rtadvd on the host. If I understand it right, rtadvd's raflags="m" should tell rtsold to run external script. I'm just running it by hand so I use the least amount of software possible. Is that wrong? Should dhcp6c be run with rtsold -M? I tried with rtsold_flags="-a -M /usr/local/bin/dhcp6c" without luck. Regards, meka signature.asc Description: PGP signature
Re: DHCPDv6 in non-vnet jail
On Tue, Mar 29, 2022 at 12:14:20PM +0200, Ronald Klop wrote: > I think it will help if you share more of your configuration/logs. Inside non-vnet jail, this is ifconfig output cbsd0: flags=8843 metric 0 mtu 1500 description: lagg0 ether 58:9c:fc:10:9b:75 inet 172.16.0.253 netmask 0x broadcast 172.16.0.253 inet6 fd10:6c79:8ae5:8b91::2 prefixlen 128 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair1a flags=143 ifmaxaddr 0 port 7 priority 128 path cost 2000 member: epair5a flags=143 ifmaxaddr 0 port 11 priority 128 path cost 2000 member: epair4a flags=143 ifmaxaddr 0 port 10 priority 128 path cost 2000 member: epair3a flags=143 ifmaxaddr 0 port 9 priority 128 path cost 2000 member: epair2a flags=143 ifmaxaddr 0 port 8 priority 128 path cost 2000 groups: bridge nd6 options=21 There are bunch of other interfaces, but only cbsd0 (bridge interface) is set up with ip address. netstat -rn Routing tables Internet: DestinationGatewayFlags Netif Expire 172.16.0.253 link#4 UHcbsd0 Internet6: Destination Gateway Flags Netif Expire fd10:6c79:8ae5:8b91::2link#4UHS lo0 grep -v '^#' /usr/local/etc/dhcpd6.conf default-lease-time 2592000; preferred-lifetime 604800; option dhcp-renewal-time 3600; option dhcp-rebinding-time 7200; allow leasequery; option dhcp6.name-servers 3ffe:501::100:200:ff:fe00:3f3e; option dhcp6.domain-search "test.example.com","example.com"; option dhcp6.info-refresh-time 21600; dhcpv6-lease-file-name "/var/db/dhcpd6/dhcpd6.leases"; subnet6 fd10:6c79:8ae5:8b91::/64 { range6 fd10:6c79:8ae5:8b91::/64; } ls -l /dev total 1 crw--- 1 root wheel 0x26 Mar 29 17:35 bpf lrwxr-xr-x 1 root wheel 3 Mar 28 09:31 bpf0 -> bpf crw-rw-rw- 1 root wheel 0x4a Mar 26 15:54 crypto dr-xr-xr-x 2 root wheel512 Mar 29 03:38 fd crw-rw-rw- 1 root wheel 0x2a Mar 29 18:00 null crw-rw 1 root nsd0x1a5 Mar 24 23:45 pf crw-rw 1 root nsd 0x4b Mar 26 15:54 pfil dr-xr-xr-x 2 root wheel512 Mar 28 09:31 pts crw-r--r-- 1 root wheel0x8 Mar 24 23:45 random lrwxr-xr-x 1 root wheel 4 Mar 28 09:31 stderr -> fd/2 lrwxr-xr-x 1 root wheel 4 Mar 28 09:31 stdin -> fd/0 lrwxr-xr-x 1 root wheel 4 Mar 28 09:31 stdout -> fd/1 lrwxr-xr-x 1 root wheel 6 Mar 28 09:31 urandom -> random crw-rw-rw- 1 root wheel 0x2b Mar 26 15:54 zero On the host I have /etc/rtadvd.conf: cbsd0:addr="fd10:6c79:8ae5:8b91::":raflags="m" On the host ifconfig cbsd0 cbsd0: flags=8843 metric 0 mtu 1500 description: lagg0 ether 58:9c:fc:10:9b:75 inet 172.16.0.254 netmask 0xff00 broadcast 172.16.0.255 inet 172.16.1.254 netmask 0xff00 broadcast 172.16.1.255 inet 172.16.0.253 netmask 0x broadcast 172.16.0.253 inet6 fe80::5a9c:fcff:fe10:9b75%cbsd0 prefixlen 64 scopeid 0x4 inet6 fd10:6c79:8ae5:8b91::1 prefixlen 64 inet6 fd10:6c79:8ae5:8b91::2 prefixlen 128 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair1a flags=143 ifmaxaddr 0 port 7 priority 128 path cost 2000 member: epair5a flags=143 ifmaxaddr 0 port 11 priority 128 path cost 2000 member: epair4a flags=143 ifmaxaddr 0 port 10 priority 128 path cost 2000 member: epair3a flags=143 ifmaxaddr 0 port 9 priority 128 path cost 2000 member: epair2a flags=143 ifmaxaddr 0 port 8 priority 128 path cost 2000 groups: bridge nd6 options=21 > Besides you can take a look with tcpdump/wireshark on what happens on > different interfaces of your machines to see the traffic flow between client > and server. Running tcpdump -i cbsd0 ip6 inside the non-vnet: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on cbsd0, link-type EN10MB (Ethernet), capture size 262144 bytes 18:02:29.081325 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 18:02:51.229813 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:02:52.338420 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:02:54.444709 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:02:58.449268 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:02:59.083071 IP
Re: DHCPDv6 in non-vnet jail
Dnia Tue, Mar 29, 2022 at 10:11:29AM +0200, Goran Mekić napisał(a): > On Sun, Mar 27, 2022 at 02:34:11PM +, Bjoern A. Zeeb wrote: > > I assume you have /dev/bpf available inside that jail by a devfs rule so > > effectively you have all network interfaces and traffic available? > As a form of test I've put rtadvd inside the same non-vnet jail and I > can see RA message arrive to the vnet jail. I though I "disconnected" > something concerning IPv6, but that's obviously not the case. > > Let's take a step back. Is there any howto/tutorial on how to put > isc-dhcpd6 in a non-vnet jail? I don't care if it's jail.conf or some > jail manager. Can I somehow see where packets end up, like dtrace? > Should I try some other server/client for DHCPv6? If I can make it work > in any scenario, that would be good starting point for me to figure out > what's wrong with my current setup. > > Regards, > meka Running DHCPv6 in a jail is possible and pretty straigtforward if /dev/bpf is exposed, but I have never tried to run rtadvd(8) in the jail. The net/isc-dhcp44-server works flawlessy in dedicated DHCPv6 reduntant jails without VNET, but the RA is always done on the core switches for all suppoted subnets in my case. Please consider that DHCPv6 is never replacement, but addition to properly confiugred RA. Best regards, -- Marek Zarychta
Re: "set but not used" warnings in the kernel
Is it time for WARNS=7 in the Makefiles? Regards, Ronald. Van: Mateusz Guzik Datum: dinsdag, 29 maart 2022 13:15 Aan: freebsd-current@freebsd.org Onderwerp: "set but not used" warnings in the kernel This is way too spammy and there is no consistent effort to clean them up, that I can see anyway. As such, I think these warns are doing more damage than help and should be disabled by default. Alternatively, perhaps people can step up. I'm pretty sure to date I got rid of more of these than anyone else. Comments? -- Mateusz Guzik
"set but not used" warnings in the kernel
This is way too spammy and there is no consistent effort to clean them up, that I can see anyway. As such, I think these warns are doing more damage than help and should be disabled by default. Alternatively, perhaps people can step up. I'm pretty sure to date I got rid of more of these than anyone else. Comments? -- Mateusz Guzik
Re: DHCPDv6 in non-vnet jail
Van: "Goran Mekic" Datum: dinsdag, 29 maart 2022 10:11 Aan: "Bjoern A. Zeeb" CC: freebsd-current@freebsd.org Onderwerp: Re: DHCPDv6 in non-vnet jail On Sun, Mar 27, 2022 at 02:34:11PM +, Bjoern A. Zeeb wrote: > I assume you have /dev/bpf available inside that jail by a devfs rule so > effectively you have all network interfaces and traffic available? As a form of test I've put rtadvd inside the same non-vnet jail and I can see RA message arrive to the vnet jail. I though I "disconnected" something concerning IPv6, but that's obviously not the case. Let's take a step back. Is there any howto/tutorial on how to put isc-dhcpd6 in a non-vnet jail? I don't care if it's jail.conf or some jail manager. Can I somehow see where packets end up, like dtrace? Should I try some other server/client for DHCPv6? If I can make it work in any scenario, that would be good starting point for me to figure out what's wrong with my current setup. Regards, meka Hi, I think it will help if you share more of your configuration/logs. Besides you can take a look with tcpdump/wireshark on what happens on different interfaces of your machines to see the traffic flow between client and server. Regards, Ronald.
Re: DHCPDv6 in non-vnet jail
On Sun, Mar 27, 2022 at 02:34:11PM +, Bjoern A. Zeeb wrote: > I assume you have /dev/bpf available inside that jail by a devfs rule so > effectively you have all network interfaces and traffic available? As a form of test I've put rtadvd inside the same non-vnet jail and I can see RA message arrive to the vnet jail. I though I "disconnected" something concerning IPv6, but that's obviously not the case. Let's take a step back. Is there any howto/tutorial on how to put isc-dhcpd6 in a non-vnet jail? I don't care if it's jail.conf or some jail manager. Can I somehow see where packets end up, like dtrace? Should I try some other server/client for DHCPv6? If I can make it work in any scenario, that would be good starting point for me to figure out what's wrong with my current setup. Regards, meka signature.asc Description: PGP signature