Re: Bug#901255: netcfg-static: Unable to configure fe80::1 as a gateway
Hi, On 12.06.18 14:32, Samuel Thibault wrote: > Ok, then netcfg-static needs to be improved to do that. > [...] >> let's just flag the Debian IPv6 implementation as broken on this point >> and move on. > And let it stay broken at vitam æternam?... > > It's a matter of someone fixing the code. It seems Igor Scheller is > happy to work on it, he just needs a way forward, not being only told > that what is currently there is nonsense. > > Samuel Imho this "partial fix" could be added anyway (maybe with a remark of "needs to be implemented in a proper way)? That would at least solve the problem in that case. Igor PS: Happy b-day to this PR also, its alive (and dead at the same time) for 2 years signature.asc Description: OpenPGP digital signature
Re: Bug#901255: netcfg-static: Unable to configure fe80::1 as a gateway
Bjørn Mork, le mar. 12 juin 2018 15:19:25 +0200, a ecrit: > Samuel Thibault writes: > > > It's a matter of someone fixing the code. It seems Igor Scheller is > > happy to work on it, he just needs a way forward, not being only told > > that what is currently there is nonsense. > > Well, using fe80::1 as default gateway would not be a problem if it > weren't for the existing nonsensical code. Don't know how to say that in > any other way. By proposing actual solutions instead. So there was for one that netcfg-static needs to explicitly add a route to the gateway. Now, to check that it works: > So if you take a single default router address as input, then the > validation bolis down to sending a Neighbor Solicitation and seeing if > you receive a Neighbor Advertisement back. The question is now how to do that easily in netcfg-static (i.e. not crafting packets by hand). Samuel
Re: Bug#901255: netcfg-static: Unable to configure fe80::1 as a gateway
Bjørn Mork, le mar. 12 juin 2018 14:12:28 +0200, a ecrit: > Samuel Thibault writes: > > Bjørn Mork, le mar. 12 juin 2018 13:30:39 +0200, a ecrit: > >> But this will: > >> > >> frtest3:~# ip route add 2001:db8:f00::1/128 dev eth1 > > > > So this is a route, which can be checked for. > > No, it is a route you can safely add. Ok, then netcfg-static needs to be improved to do that. > But I think we are running in circles now. We aren't. > let's just flag the Debian IPv6 implementation as broken on this point > and move on. And let it stay broken at vitam æternam?... It's a matter of someone fixing the code. It seems Igor Scheller is happy to work on it, he just needs a way forward, not being only told that what is currently there is nonsense. Samuel
Re: Bug#901255: netcfg-static: Unable to configure fe80::1 as a gateway
Bjørn Mork, le mar. 12 juin 2018 13:30:39 +0200, a ecrit: > But this will: > > frtest3:~# ip route add 2001:db8:f00::1/128 dev eth1 So this is a route, which can be checked for. > > which is the point of the test AIUI. > > The test is pointless. There is absolutely no requirement that the > gateway should be part of any larger on-link prefix or related to any of > the configured host addresses in any way. Please scratch from your mind whatever you thought I meant. What I meant is that a route is needed for that. That is what we can really check for to provide useful feedback to a user making a typo, before trying to reach something on the Internet that might just be randomly off. Samuel
Re: Bug#901255: netcfg-static: Unable to configure fe80::1 as a gateway
Igor Scheller, le mar. 12 juin 2018 11:28:58 +0200, a ecrit: > Imho it could be a better option to just configure the interface and > test if something is reachable? "something" is the problem. We do test for reachability of the mirror anyway. But again, checking that there actually is a route does make sense. It just needs to be properly checked. Your proposed change doesn't make it worse (and the dev part really is needed). Samuel
Re: Bug#901255: netcfg-static: Unable to configure fe80::1 as a gateway
Bjørn Mork, le mar. 12 juin 2018 10:52:30 +0200, a ecrit: > Huh? What is this? There is no "gateway must be in subnet" requirement > in IPv6. The gateway must only be reachable, which means that you must > be able to resolve the L2 address using ND. Before that, you need a route, which is the point of the test AIUI. That said, the code should be looking over all networks of the interface, not only the first. Samuel
Re: Bug#901255: netcfg-static: Unable to configure fe80::1 as a gateway
On 12.06.2018 10:52, Bjørn Mork wrote:
> Igor Scheller writes:
>
> From 6bff2dee11a8d5493f87ec541f854e3897ef6a9a Mon Sep 17 00:00:00 2001
>> From: Igor Scheller
>> Date: Mon, 11 Jun 2018 23:52:37 +0200
>> Subject: [PATCH] Added support for fe80 addresses as gateway
>>
>> ---
>> netcfg-common.c | 5 -
>> static.c | 3 ++-
>> test/test_netcfg_gateway_reachable.c | 24
>> 3 files changed, 30 insertions(+), 2 deletions(-)
>>
>> diff --git a/netcfg-common.c b/netcfg-common.c
>> index c6d1d8d5..007c1875 100644
>> --- a/netcfg-common.c
>> +++ b/netcfg-common.c
>> @@ -1677,8 +1677,11 @@ int netcfg_gateway_reachable(const struct
>> netcfg_interface *interface)
>> if (interface->address_family == AF_INET) {
>> return (gw_addr.in4.s_addr && ((gw_addr.in4.s_addr &
>> mask.in4.s_addr) == net.in4.s_addr));
>> } else if (interface->address_family == AF_INET6) {
>> +if ((ntohs(gw_addr.in6.s6_addr32[0]) & 0xffc0) == (0xfe80 &
>> 0xffc0)) {
>> +return 1;
>> +}
>> +
>> int i;
>> -
>> for (i = 0; i < 4; i++) {
>> if ((gw_addr.in6.s6_addr32[i] & mask.in6.s6_addr32[i]) !=
>> net.in6.s6_addr32[i]) {
>> return 0;
Jup, thats true but my programming skills are not good enough to
implement that so this was the first option that came to my mind.
> Or did I misunderstand what this code tries to do?
That's exactly what it does, same for the default behavior in the for
loop below.
Imho it could be a better option to just configure the interface and
test if something is reachable?
> Bjørn
signature.asc
Description: OpenPGP digital signature
Re: Bug#901255: netcfg-static: Unable to configure fe80::1 as a gateway
Igor Scheller writes:
From 6bff2dee11a8d5493f87ec541f854e3897ef6a9a Mon Sep 17 00:00:00 2001
> From: Igor Scheller
> Date: Mon, 11 Jun 2018 23:52:37 +0200
> Subject: [PATCH] Added support for fe80 addresses as gateway
>
> ---
> netcfg-common.c | 5 -
> static.c | 3 ++-
> test/test_netcfg_gateway_reachable.c | 24
> 3 files changed, 30 insertions(+), 2 deletions(-)
>
> diff --git a/netcfg-common.c b/netcfg-common.c
> index c6d1d8d5..007c1875 100644
> --- a/netcfg-common.c
> +++ b/netcfg-common.c
> @@ -1677,8 +1677,11 @@ int netcfg_gateway_reachable(const struct
> netcfg_interface *interface)
> if (interface->address_family == AF_INET) {
> return (gw_addr.in4.s_addr && ((gw_addr.in4.s_addr &
> mask.in4.s_addr) == net.in4.s_addr));
> } else if (interface->address_family == AF_INET6) {
> +if ((ntohs(gw_addr.in6.s6_addr32[0]) & 0xffc0) == (0xfe80 & 0xffc0))
> {
> +return 1;
> +}
> +
> int i;
> -
> for (i = 0; i < 4; i++) {
> if ((gw_addr.in6.s6_addr32[i] & mask.in6.s6_addr32[i]) !=
> net.in6.s6_addr32[i]) {
> return 0;
Huh? What is this? There is no "gateway must be in subnet" requirement
in IPv6. The gateway must only be reachable, which means that you must
be able to resolve the L2 address using ND. Any other "is gateway
reachable" test is bogus. "subnet" is completely irrelevant.
Or did I misunderstand what this code tries to do?
Bjørn
Re: Bug#901255: netcfg-static: Unable to configure fe80::1 as a gateway
Hi,
I created a merge request [1] for that, Improvements welcome ;)
Greets,
Igor Scheller
[1] https://salsa.debian.org/installer-team/netcfg/merge_requests/3/diffs
On 10.06.2018 22:33, Philipp Kern wrote:
> On 6/10/18 7:25 PM, Samuel Thibault wrote:
>> Igor Scheller, le dim. 10 juin 2018 18:57:50 +0200, a ecrit:
>>> When I try to configure fe80::1 (next router) as a gateway in an IPv6 only
>>> network the installer stops with an "Unreachable gateway" error.
>>>
>>> Looking at netcfg-common.c:netcfg_gateway_reachable its checked by comparing
>>> bytes. Imho a better way would be to configure the interface and ping the
>>> gateway?
>> Well, the gateway has no obligation to respond to pings, so it's not a
>> proper way.
>>
>> Checking that the prefix matches however makes complete sense, and
>> should just work. Provided that the network prefix length is correct,
>> of course, but it has to be otherwise it's a configuration error. I
>> guess the problem is rather there.
> Well, the gateway may as well be link-local and not be in the assigned
> prefix. That's unfortunately a valid configuration. I wouldn't call
> fe80::1 "next router", though. It's not a well-known address. ff02::2
> (all routers) would be, in a way. But alas.
>
> I guess the answer here is that if the gateway is in fe80::/10 the route
> needs to be added with the interface's name, just like pointopoint does it.
>
> The better setup is to use autoconfiguration and let the router announce
> itself. That's how most production IPv6 setups work because the standard
> calls for that. But I know that especially providers like Hetzner are
> notorious for requiring their users to use a hard-coded fe80::1 default
> gateway. (And ifupdown supports this correctly.)
>
> Kind regards
> Philipp Kern
>
From 6bff2dee11a8d5493f87ec541f854e3897ef6a9a Mon Sep 17 00:00:00 2001
From: Igor Scheller
Date: Mon, 11 Jun 2018 23:52:37 +0200
Subject: [PATCH] Added support for fe80 addresses as gateway
---
netcfg-common.c | 5 -
static.c | 3 ++-
test/test_netcfg_gateway_reachable.c | 24
3 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/netcfg-common.c b/netcfg-common.c
index c6d1d8d5..007c1875 100644
--- a/netcfg-common.c
+++ b/netcfg-common.c
@@ -1677,8 +1677,11 @@ int netcfg_gateway_reachable(const struct netcfg_interface *interface)
if (interface->address_family == AF_INET) {
return (gw_addr.in4.s_addr && ((gw_addr.in4.s_addr & mask.in4.s_addr) == net.in4.s_addr));
} else if (interface->address_family == AF_INET6) {
+if ((ntohs(gw_addr.in6.s6_addr32[0]) & 0xffc0) == (0xfe80 & 0xffc0)) {
+return 1;
+}
+
int i;
-
for (i = 0; i < 4; i++) {
if ((gw_addr.in6.s6_addr32[i] & mask.in6.s6_addr32[i]) != net.in6.s6_addr32[i]) {
return 0;
diff --git a/static.c b/static.c
index ea12fba4..7ad0193b 100644
--- a/static.c
+++ b/static.c
@@ -474,7 +474,8 @@ static int netcfg_activate_static_ipv6(struct debconfclient *client,
rv |= di_exec_shell_log(buf);
if (!empty_str(interface->gateway)) {
-snprintf(buf, sizeof(buf), "ip route add default via %s", interface->gateway);
+snprintf(buf, sizeof(buf), "ip route add default via %s dev %s", interface->gateway, interface->name);
+di_info("executing: %s", buf);
rv |= di_exec_shell_log(buf);
}
#endif
diff --git a/test/test_netcfg_gateway_reachable.c b/test/test_netcfg_gateway_reachable.c
index 840d1452..4ceec15a 100644
--- a/test/test_netcfg_gateway_reachable.c
+++ b/test/test_netcfg_gateway_reachable.c
@@ -81,6 +81,29 @@ START_TEST(test_netcfg_gateway_reachable_v6_48)
}
END_TEST
+START_TEST(test_netcfg_gateway_reachable_v6_fe80)
+{
+struct netcfg_interface iface;
+netcfg_interface_init();
+
+strcpy(iface.ipaddress, "2001:3:5:7::42");
+strcpy(iface.gateway, "fe80::1");
+iface.masklen = 64;
+iface.address_family = AF_INET6;
+
+fail_unless (netcfg_gateway_reachable(), "Gateway erroneously unreachable");
+
+strcpy (iface.gateway, "febf::1");
+fail_unless (netcfg_gateway_reachable(), "Gateway erroneously unreachable");
+
+strcpy (iface.gateway, "fe7f::1");
+fail_if (netcfg_gateway_reachable(), "Gateway erroneously reachable");
+
+strcpy (iface.gateway, "fec0::1");
+fail_if (netcfg_gateway_reachable(), "Gateway erroneously reachable");
+}
+END_TEST
+
Suite *test_netcfg_gateway_reachable_suite (void)
{
Suite *s = suite_create ("netcfg_gateway_reachable");
@@ -90,6 +113,7 @@ Suite *test_netcfg_gateway_reachable_suite (void)
tcase_add_test (tc, test_netcfg_gateway_reachable_v4_22);
tcase_add_test (tc, test_netcfg_gateway_reachable_v6_64);
tcase_add_test (tc, test_netcfg_gateway_reachable_v6_48);
+ tcase_add_test (tc, test_netcfg_gateway_reachable_v6_fe80);
suite_add_tcase (s, tc);
--
2.17.1
signature.asc
Description:
