Re: [Dnsmasq-discuss] dhcp-pd, and autoassigned internal interfaces issues
On 23/01/14 02:31, Vladislav Grishenko wrote: Hi Simon, -if (ifa-ifa_flags IFA_F_PERMANENT) +if (!(ifa-ifa_flags IFA_F_TEMPORARY)) IFA_F_TEMPORARY flag used only if privacy extensions are enabled in kernel, in all other cases it makes no sense and will not be there. That means condition will be always evaluated as TRUE for any kind of address, including event tentative, and any address but privacy-generated will get permanent flag. Meanwhile, construct_worker() has no protection against tentative, temporary and so on flags, so, after patch, it will work for any address on linux. Was it really intended? The problem is that there's no way, using the existing flags, for distinguish between an address created as a result of RA and one created by the dhcpv6-pd client or 6in4 . That's right Dave? Linux is missing the IN6_IFF_AUTOCONF flag that BSD has that marks RA-created flags. So, the above should probably be extended to eliminate dadfailed (deprecated is already filtered out) but there's no way to avoid RA, except for going back to the rule that the host-identifier part of the address must be equal to the first or last address in the dhcp-range. Unless anyone has any bright ideas. Cheers, Simon. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dhcp-pd, and autoassigned internal interfaces issues
Both dnsmasq in git head and odhcpd in openwrt do as close to the right thing as possible now. I released a version of cerowrt that worked right in this scenario yesterday, specifically for comcast subscribers, with the patch for dnsmasq (if you want to use that) but with odhcpd support by default. The latter is upstream in openwrt, and dnsmasq 2.68 (with the less than desirable filter) is not there either, yet, so that's all good. On Wed, Jan 22, 2014 at 9:56 AM, John Gorkos jgor...@gmail.com wrote: So, in this scenario, what's the appropriate configuration to allow machines in the network served by the delegated prefix to get SLAAC addresses and provide them with Route Advertisements? This goes back to the question that I asked in November that got no traction: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q4/007810.html , as I'm using a Comcast DHCPv6 assigned address with prefix delegation as well. John Gorkos On 1/22/14, 6:37 AM, Simon Kelley wrote: Patch applied. Cheers, Simon. On 21/01/14 16:19, Dave Taht wrote: I have finally got my first-ever comcast ipv6 set of users up, and we have a problem with the interrelationship between addresses assigned dynamically by dhcpv6-pd and other means in dnsmasq 2.68. What happens now is that dhcpv6-pd works but dnsmasq 2.68 filters out the interface 13: sw00:BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qlen 1000 inet6 2601:X:Y:9a1::1/64 scope global dynamic valid_lft 182420sec preferred_lft 182420sec so sends no ras. adding a second stable interface dnsmasq picks up. inet6 2601:3:8180:9a1::2/64 scope global valid_lft forever preferred_lft forever this check was not in dnsmasq 2.66, and was put in later for fairly sound reasons (like you don't want to start serving RAs on a SLAAC assigned address), but in the dhcp-pd case or otherwise assigned by the router (6in4) case, we do. Anyway the below patch fixes it but I'd like there to be some clear indicator of where things came from somehow. From 4f55df81d69d20230e18c90d772904372b2b90a4 Mon Sep 17 00:00:00 2001 From: Jonas Gorskixx...@openwrt.org Date: Wed, 8 Jan 2014 11:55:08 +0100 Subject: [PATCH] allow dhcp range construction with non-permanent addresses The linux kernel treats all addresses with a limited lifetime as being non permanent, but when taking over the prefix livetimes from upstream assigned prefixes through DHCP, addresses will always have a limited lifetime. Still reject temporary addresses, as they indicate autoconfigured interfaces. Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Jonas Gorskij...@openwrt.org --- src/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/netlink.c b/src/netlink.c index 3be94ee..d5de4ab 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -265,7 +265,7 @@ int iface_enumerate(int family, void *parm, int (*callback)()) if (ifa-ifa_flags IFA_F_DEPRECATED) flags |= IFACE_DEPRECATED; -if (ifa-ifa_flags IFA_F_PERMANENT) +if (!(ifa-ifa_flags IFA_F_TEMPORARY)) flags |= IFACE_PERMANENT; if (addrp callback_ok) ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dhcp-pd, and autoassigned internal interfaces issues
On Tue, Jan 21, 2014 at 5:13 PM, Simon Kelley si...@thekelleys.org.uk wrote: On 21/01/14 16:19, Dave Taht wrote: I have finally got my first-ever comcast ipv6 set of users up, and we have a problem with the interrelationship between addresses assigned dynamically by dhcpv6-pd and other means in dnsmasq 2.68. What happens now is that dhcpv6-pd works but dnsmasq 2.68 filters out the interface 13: sw00: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qlen 1000 inet6 2601:X:Y:9a1::1/64 scope global dynamic valid_lft 182420sec preferred_lft 182420sec so sends no ras. adding a second stable interface dnsmasq picks up. inet6 2601:3:8180:9a1::2/64 scope global valid_lft forever preferred_lft forever this check was not in dnsmasq 2.66, and was put in later for fairly sound reasons (like you don't want to start serving RAs on a SLAAC assigned address), but in the dhcp-pd case or otherwise assigned by the router (6in4) case, we do. Anyway the below patch fixes it but I'd like there to be some clear indicator of where things came from somehow. Comparing the code in bpf.c (for *BSD) and netlink.c (for Linux) I think it's clear what's meant: exclusion of privacy addresses and addresses installed as a result of RAs received. The patch covers the first of those, but there doesn't seem to be a Linux equivalent of the BSD IN6_IFF_AUTOCONF flag to detect RA-originated addresses. I looked at the kernel source, and there's no candidate I can see. I suspect that this patch is the best that can be done. Well, no, we can always go off and get this BSD IPv6 RA flag into the Linux kernel too. :) Looks needed and useful. And trivial. Cheers, Simon. From 4f55df81d69d20230e18c90d772904372b2b90a4 Mon Sep 17 00:00:00 2001 From: Jonas Gorski xx...@openwrt.org Date: Wed, 8 Jan 2014 11:55:08 +0100 Subject: [PATCH] allow dhcp range construction with non-permanent addresses The linux kernel treats all addresses with a limited lifetime as being non permanent, but when taking over the prefix livetimes from upstream assigned prefixes through DHCP, addresses will always have a limited lifetime. Still reject temporary addresses, as they indicate autoconfigured interfaces. Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Jonas Gorski j...@openwrt.org --- src/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/netlink.c b/src/netlink.c index 3be94ee..d5de4ab 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -265,7 +265,7 @@ int iface_enumerate(int family, void *parm, int (*callback)()) if (ifa-ifa_flags IFA_F_DEPRECATED) flags |= IFACE_DEPRECATED; -if (ifa-ifa_flags IFA_F_PERMANENT) +if (!(ifa-ifa_flags IFA_F_TEMPORARY)) flags |= IFACE_PERMANENT; if (addrp callback_ok) -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dhcp-pd, and autoassigned internal interfaces issues
Hi Simon, -if (ifa-ifa_flags IFA_F_PERMANENT) +if (!(ifa-ifa_flags IFA_F_TEMPORARY)) IFA_F_TEMPORARY flag used only if privacy extensions are enabled in kernel, in all other cases it makes no sense and will not be there. That means condition will be always evaluated as TRUE for any kind of address, including event tentative, and any address but privacy-generated will get permanent flag. Meanwhile, construct_worker() has no protection against tentative, temporary and so on flags, so, after patch, it will work for any address on linux. Was it really intended? Best Regards, Vladislav Grishenko ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dhcp-pd, and autoassigned internal interfaces issues
On 21/01/14 16:19, Dave Taht wrote: I have finally got my first-ever comcast ipv6 set of users up, and we have a problem with the interrelationship between addresses assigned dynamically by dhcpv6-pd and other means in dnsmasq 2.68. What happens now is that dhcpv6-pd works but dnsmasq 2.68 filters out the interface 13: sw00: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qlen 1000 inet6 2601:X:Y:9a1::1/64 scope global dynamic valid_lft 182420sec preferred_lft 182420sec so sends no ras. adding a second stable interface dnsmasq picks up. inet6 2601:3:8180:9a1::2/64 scope global valid_lft forever preferred_lft forever this check was not in dnsmasq 2.66, and was put in later for fairly sound reasons (like you don't want to start serving RAs on a SLAAC assigned address), but in the dhcp-pd case or otherwise assigned by the router (6in4) case, we do. Anyway the below patch fixes it but I'd like there to be some clear indicator of where things came from somehow. Comparing the code in bpf.c (for *BSD) and netlink.c (for Linux) I think it's clear what's meant: exclusion of privacy addresses and addresses installed as a result of RAs received. The patch covers the first of those, but there doesn't seem to be a Linux equivalent of the BSD IN6_IFF_AUTOCONF flag to detect RA-originated addresses. I looked at the kernel source, and there's no candidate I can see. I suspect that this patch is the best that can be done. Cheers, Simon. From 4f55df81d69d20230e18c90d772904372b2b90a4 Mon Sep 17 00:00:00 2001 From: Jonas Gorski xx...@openwrt.org Date: Wed, 8 Jan 2014 11:55:08 +0100 Subject: [PATCH] allow dhcp range construction with non-permanent addresses The linux kernel treats all addresses with a limited lifetime as being non permanent, but when taking over the prefix livetimes from upstream assigned prefixes through DHCP, addresses will always have a limited lifetime. Still reject temporary addresses, as they indicate autoconfigured interfaces. Contributed by T-Labs, Deutsche Telekom Innovation Laboratories Signed-off-by: Jonas Gorski j...@openwrt.org --- src/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/netlink.c b/src/netlink.c index 3be94ee..d5de4ab 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -265,7 +265,7 @@ int iface_enumerate(int family, void *parm, int (*callback)()) if (ifa-ifa_flags IFA_F_DEPRECATED) flags |= IFACE_DEPRECATED; -if (ifa-ifa_flags IFA_F_PERMANENT) +if (!(ifa-ifa_flags IFA_F_TEMPORARY)) flags |= IFACE_PERMANENT; if (addrp callback_ok) ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss