[LAC-TF] Configuring dhcp6s as a stateless server: transmit reply to fe80::dc93:49bf:da71:d1cd%bge1 failed

Roque Gagliano roque at lacnic.net
Wed Jul 16 14:57:03 BRT 2008 

Hola,

Les cuento que finalmente logre hacer andar "algun" dhcpv6 server en  
freebsd.

Gracias Jorge por la ayuda!

Lo que hice es lo siguiente:

1) en rtadvd hay que habilitar la flag "o", para eso en el archivo / 
etc/rtadvd.conf agragar:
bge1:\
         :raflags="o":
2) compile de fuente (no hay puerto) el dhcpd 4.0. Ojo, que solo puede  
ser o servidor dhcp para v4 o servidor dhcp para v6. Esta instalacion  
por ahora la tengo en el directorio /root/dhcpd40 (./configure -- 
prefix=/root/dhcpd40)

3) genere el archivo de configuraion
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
option dhcp6.domain-search "lacnic.net";
option dhcp6.name-servers  
2001:13c7:7001:4224::224,2001:13c7:7001:4225::225;

default-lease-time 600;
max-lease-time 7200;

# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
#log-facility local7;
subnet6 2001:13c7:7001:5000::/64 {
allow unknown-clients;
}

4) copie el script de arranque del puerto dhcp (v3) a /usr/local/etc/ 
rc.d/dhcpdv6, cambiando el name por dhcpdv6 y el comando por donde  
tenia el ejecutable.
(no queria cambiar el binario que estaba usando hasta ahora para ipv4).

5) en /etc/rc.conf tengo:
# -- Habilito DHCP6 -
dhcpdv6_enable="YES"
dhcpdv6_flags="-6 -q"
dhcpdv6_conf="/root/dhcpd40/etc/dhcpd.conf"
dhcpdv6_ifaces="bge1"
dhcpdv6_chuser_enable="NO"

5) En el firewall del servidor agregue:
"$IPFW" add 14015 set 1 permit log udp from { fe80::/10 or  
"$VLAN22v6" } 546 to { ff02::1:2 or "$BGE1v6" or fe80::/10 } 547 in  
via bge1 || exit 1
y
"$IPFW" add 16030 set 1 permit log udp from { "$BGE1v6" or fe80::/10 }  
547 to { "$VLAN22v6" or fe80::/10 } 546 out via bge1 || exit 1

y listo...funciona

r.







On Jul 16, 2008, at 2:12 PM, Jorge M. Niedbalski R. wrote:

>
>
> 2008/7/15 Jorge M. Niedbalski R. <niedbalski at ip6nw.com>:
> 2008/7/15 Roque Gagliano <roque at lacnic.net>:
> Hola,
>
> Mande esta pregunta al foro de los programadores del wide-dhcp6 pero  
> no me contestaron, a ver si aquí alguien tiene experiencia en el  
> tema y me puede dar una mano.
>
> gracias!
> Roque
>
> Begin forwarded message:
>
>> From: Roque Gagliano <roque at lacnic.net>
>> Date: July 14, 2008 10:54:22 AM GMT-03:00
>> To: wide-dhcpv6-developers at lists.sourceforge.net
>> Subject: configuring dhcp6s as a stateless server: transmit reply  
>> to fe80::dc93:49bf:da71:d1cd%bge1 failed
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi,
>>
>> I am using a dhcp6s server in a FreeBSD environment just to provide  
>> DNS info to clients (I am using stateless autoconf with raflag  
>> 0x40). I can see the "DHCP Information Request" from the customers  
>> at the server (using tcpdump) and the service up using sockstat but  
>> the server is not responding them. I tried to debug but the only  
>> message that I get is:
>>
>> Jul 11 17:29:28 fwi dhcp6s[77211]: server6_send: transmit reply to  
>> fe80::dc93:49bf:da71:d1cd%bge1 failed
>>
>> My configuration file is:
>>
>> [root at fwi /usr/local/etc]# more /usr/local/etc/dhcp6s.conf
>> # The followings are a sample configuration to provide a DNS server  
>> address
>> # for every client as well as to delegate a permanent IPv6 prefix
>> # 2001:db8:1111::/48 to a client whose DUID is 00:01:00:01:aa:bb.
>>
>> option domain-name-servers 2001:13c7:7001:4224::224;
>> option domain-name-servers 2001:13c7:7001:4225::225;
>> option domain-name "lacnic.net.uy";
>> [root at fwi /usr/local/etc]#
>>
>> [root at fwi ~]# sockstat  -6
>> USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN  
>> ADDRESS
>> root     dhcp6s     88992 5  udp6   *:547                 *:*
>> root     dhcp6s     88992 6  udp6   *:62256               *:*
>> root     dhcp6s     88992 7  tcp6   ::1:5547              *:*
>>
>> Do you have any idea of what could be hapenning?
>>
>> thanks for your help,
>> Roque
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.8 (Darwin)
>>
>> iEYEARECAAYFAkh7Wo8ACgkQnk+WSgHpbO4wugCglpPp4dYsITV7VsjQR9/EhIFg
>> p7cAoNTG3OfsUxXHoLOzITi6sBDVKNj7
>> =J8NM
>> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> LACTF mailing list
> LACTF at lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lactf
>
>
> No utilizo wide-dhcpv6 , pero veamos si te puedo ayudar.
>
> Donde se genera el error es en :
>
> error = sendto(s, buf, len, 0, sa, sysdep_sa_len(sa)); /** file  
> common.c **/
>
> Segun el man sendto(2) , los errores que pueden ser retornados :
>
>      [EHOSTUNREACH]     The remote host was unreachable.
>      [EISCONN]  A destination address was specified and the socket  
> is already connected.
>      [ECONNREFUSED]     The socket received an ICMP destination  
> unreachable
>                         message from the last message sent.  This  
> typically
>                         means that the receiver is not listening on  
> the remote
>                         port.
>      [EHOSTDOWN]        The remote host was down.
>      [ENETDOWN]         The remote network was down.
>
>
> Me inclino por que no puede alcanzar la red de origen del cliente  
> que genera el information request ¿ Puedes mostrarme un dump de un  
> request DHCP desde un cliente ?
>
> -- 
> Jorge Niedbalski R.
> -----------------------------------------
>
> Estimado Roque :
>
> Creo que es un bug en la funcion server6_send mas especificamente en  
> la validacion de la variable struct sockaddr *from ¿ Tienes la  
> opcion de recompilar o instalaste un package ? ¿ o te quedaste con  
> la configuracion del isc-dhcp-server? . Si puedes recompilar prueba  
> con el siguiente patch que genera una linea de log en debug, me  
> envias la info del debug (no tengo instalacion de wide-dhcpv6 para  
> probar) , luego de eso validaremos la estructura y comprobaremos si  
> es un bug:
>
> --- common.c    2008-07-16 13:05:06.000000000 -0400
> +++ common.c.old    2008-07-16 13:05:33.000000000 -0400
> @@ -824,6 +824,7 @@
>      int error;
>
>      error = sendto(s, buf, len, 0, sa, sysdep_sa_len(sa));
> +    dprintf(LOG_DEBUG, FNAME, "socket error: %s", error);
>      return (error != len) ? -1 : 0;
>  }
>
> Saludos,
>
>
> -- 
> Jorge Niedbalski R.
> -----------------------------------------
> _______________________________________________
> LACTF mailing list
> LACTF at lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lactf

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.lacnic.net/pipermail/lactf/attachments/20080716/99bd5dd2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <https://mail.lacnic.net/pipermail/lactf/attachments/20080716/99bd5dd2/attachment.sig>

More information about the LACTF mailing list