[LAC-TF] Configuring dhcp6s as a stateless server: transmit reply to fe80::dc93:49bf:da71:d1cd%bge1 failed

Jorge M. Niedbalski R. niedbalski at ip6nw.com
Wed Jul 16 15:07:02 BRT 2008 

2008/7/16 Roque Gagliano <roque at lacnic.net>:

> Hola,
> Les cuento que finalmente logre hacer andar "algun" dhcpv6 server en
> freebsd.
>
> Gracias Jorge por la ayuda!
>
> Lo que hice es lo siguiente:
>
> 1) en rtadvd hay que habilitar la flag "o", para eso en el archivo
> /etc/rtadvd.conf agragar:
> bge1:\
>         :raflags="o":
> 2) compile de fuente (no hay puerto) el dhcpd 4.0. Ojo, que solo puede ser
> o servidor dhcp para v4 o servidor dhcp para v6. Esta instalacion por ahora
> la tengo en el directorio /root/dhcpd40 (./configure --prefix=/root/dhcpd40)
>
> 3) genere el archivo de configuraion
> # dhcpd.conf
> #
> # Sample configuration file for ISC dhcpd
> #
>
> # option definitions common to all supported networks...
> option dhcp6.domain-search "lacnic.net";
> option dhcp6.name-servers
> 2001:13c7:7001:4224::224,2001:13c7:7001:4225::225;
>
> default-lease-time 600;
> max-lease-time 7200;
>
> # Use this to enble / disable dynamic dns updates globally.
> #ddns-update-style none;
>
> # If this DHCP server is the official DHCP server for the local
> # network, the authoritative directive should be uncommented.
> authoritative;
>
> # Use this to send dhcp log messages to a different log file (you also
> # have to hack syslog.conf to complete the redirection).
> #log-facility local7;
> subnet6 2001:13c7:7001:5000::/64 {
> allow unknown-clients;
> }
>
> 4) copie el script de arranque del puerto dhcp (v3) a
> /usr/local/etc/rc.d/dhcpdv6, cambiando el name por dhcpdv6 y el comando por
> donde tenia el ejecutable.
> (no queria cambiar el binario que estaba usando hasta ahora para ipv4).
>
> 5) en /etc/rc.conf tengo:
> # -- Habilito DHCP6 -
> dhcpdv6_enable="YES"
> dhcpdv6_flags="-6 -q"
> dhcpdv6_conf="/root/dhcpd40/etc/dhcpd.conf"
> dhcpdv6_ifaces="bge1"
> dhcpdv6_chuser_enable="NO"
>
> 5) En el firewall del servidor agregue:
> "$IPFW" add 14015 set 1 permit log udp from { fe80::/10 or "$VLAN22v6" }
> 546 to { ff02::1:2 or "$BGE1v6" or fe80::/10 } 547 in via bge1 || exit 1
> y
> "$IPFW" add 16030 set 1 permit log udp from { "$BGE1v6" or fe80::/10 } 547
> to { "$VLAN22v6" or fe80::/10 } 546 out via bge1 || exit 1
>
> y listo...funciona
>
> r.
>
>
>
>
>
>
>
> On Jul 16, 2008, at 2:12 PM, Jorge M. Niedbalski R. wrote:
>
>
>
> 2008/7/15 Jorge M. Niedbalski R. <niedbalski at ip6nw.com>:
>
>> 2008/7/15 Roque Gagliano <roque at lacnic.net>:
>>
>>>  Hola,
>>> Mande esta pregunta al foro de los programadores del wide-dhcp6 pero no
>>> me contestaron, a ver si aquí alguien tiene experiencia en el tema y me
>>> puede dar una mano.
>>>
>>> gracias!
>>> Roque
>>>
>>> Begin forwarded message:
>>>
>>> *From: *Roque Gagliano <roque at lacnic.net>
>>> *Date: *July 14, 2008 10:54:22 AM GMT-03:00
>>> *To: *wide-dhcpv6-developers at lists.sourceforge.net
>>> *Subject: **configuring dhcp6s as a stateless server: transmit reply to
>>> fe80::dc93:49bf:da71:d1cd%bge1 failed*
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hi,
>>>
>>> I am using a dhcp6s server in a FreeBSD environment just to provide DNS
>>> info to clients (I am using stateless autoconf with raflag 0x40). I can see
>>> the "DHCP Information Request" from the customers at the server (using
>>> tcpdump) and the service up using sockstat but the server is not responding
>>> them. I tried to debug but the only message that I get is:
>>>
>>> Jul 11 17:29:28 fwi dhcp6s[77211]: server6_send: transmit reply to
>>> fe80::dc93:49bf:da71:d1cd%bge1 failed
>>>
>>> My configuration file is:
>>>
>>> [root at fwi /usr/local/etc]# more /usr/local/etc/dhcp6s.conf
>>> # The followings are a sample configuration to provide a DNS server
>>> address
>>> # for every client as well as to delegate a permanent IPv6 prefix
>>> # 2001:db8:1111::/48 to a client whose DUID is 00:01:00:01:aa:bb.
>>>
>>> option domain-name-servers 2001:13c7:7001:4224::224;
>>> option domain-name-servers 2001:13c7:7001:4225::225;
>>> option domain-name "lacnic.net.uy";
>>> [root at fwi /usr/local/etc]#
>>>
>>> [root at fwi ~]# sockstat  -6
>>> USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
>>> root     dhcp6s     88992 5  udp6   *:547                 *:*
>>> root     dhcp6s     88992 6  udp6   *:62256               *:*
>>> root     dhcp6s     88992 7  tcp6   ::1:5547              *:*
>>>
>>> Do you have any idea of what could be hapenning?
>>>
>>> thanks for your help,
>>> Roque
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.8 (Darwin)
>>>
>>> iEYEARECAAYFAkh7Wo8ACgkQnk+WSgHpbO4wugCglpPp4dYsITV7VsjQR9/EhIFg
>>> p7cAoNTG3OfsUxXHoLOzITi6sBDVKNj7
>>> =J8NM
>>> -----END PGP SIGNATURE-----
>>>
>>>
>>>
>>> _______________________________________________
>>> LACTF mailing list
>>> LACTF at lacnic.net
>>> https://mail.lacnic.net/mailman/listinfo/lactf
>>>
>>>
>> No utilizo wide-dhcpv6 , pero veamos si te puedo ayudar.
>>
>> Donde se genera el error es en :
>>
>> error = sendto(s, buf, len, 0, sa, sysdep_sa_len(sa)); /** file common.c
>> **/
>>
>> Segun el man sendto(2) , los errores que pueden ser retornados :
>>
>>      [EHOSTUNREACH]     The remote host was unreachable.
>>      [EISCONN]  A destination address was specified and the socket is
>> already connected.
>>      [ECONNREFUSED]     The socket received an ICMP destination
>> unreachable
>>                         message from the last message sent.  This
>> typically
>>                         means that the receiver is not listening on the
>> remote
>>                         port.
>>      [EHOSTDOWN]        The remote host was down.
>>      [ENETDOWN]         The remote network was down.
>>
>>
>> Me inclino por que no puede alcanzar la red de origen del cliente que
>> genera el information request ¿ Puedes mostrarme un dump de un request DHCP
>> desde un cliente ?
>>
>> --
>> Jorge Niedbalski R.
>> -----------------------------------------
>>
>
> Estimado Roque :
>
> Creo que es un bug en la funcion server6_send mas especificamente en la
> validacion de la variable struct sockaddr *from ¿ Tienes la opcion de
> recompilar o instalaste un package ? ¿ o te quedaste con la configuracion
> del isc-dhcp-server? . Si puedes recompilar prueba con el siguiente patch
> que genera una linea de log en debug, me envias la info del debug (no tengo
> instalacion de wide-dhcpv6 para probar) , luego de eso validaremos la
> estructura y comprobaremos si es un bug:
>
> --- common.c    2008-07-16 13:05:06.000000000 -0400
> +++ common.c.old    2008-07-16 13:05:33.000000000 -0400
> @@ -824,6 +824,7 @@
>      int error;
>
>      error = sendto(s, buf, len, 0, sa, sysdep_sa_len(sa));
> +    dprintf(LOG_DEBUG, FNAME, "socket error: %s", error);
>      return (error != len) ? -1 : 0;
>  }
>
> Saludos,
>
>
> --
> Jorge Niedbalski R.
> -----------------------------------------
>  _______________________________________________
> LACTF mailing list
> LACTF at lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lactf
>
>
>
> _______________________________________________
> LACTF mailing list
> LACTF at lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lactf
>
>
Roque :

Buenisimo :) , estoy creando el port para FreeBSD (Lo enviare por si lo
commitean), aunque todavia queda harto trabajo por hacer en el isc-dhcp.

Olvide comentarte que aunque quizas 4.1-alpha  es mas inmaduro que 4.0
http://ftp.isc.org/isc/dhcp/dhcp-4.1.0a1.tar.gz

Este ultimo tiene soporte para delegacion de prefijos.

-- 
Jorge Niedbalski R.
-----------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.lacnic.net/pipermail/lactf/attachments/20080716/b717d093/attachment.html>

More information about the LACTF mailing list