From nobody Tue Mar 29 15:21:13 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 582481A5449C for ; Tue, 29 Mar 2022 15:21:27 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "plan-b.pwste.edu.pl", Issuer "GEANT OV RSA CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KSYF01Qwsz3n2q for ; Tue, 29 Mar 2022 15:21:23 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (zarychtam@localhost [127.0.0.1]) by plan-b.pwste.edu.pl (8.17.1/8.17.1) with ESMTPS id 22TFLEwD014855 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 29 Mar 2022 17:21:14 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1648567274; bh=3rTqQP715z42cKdYM55ATvVwu3JoQMACylkwMFeIOvw=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=rSie+jzcgTH6IR/qL8FV/NDpzFP37cu26vbFR4M6npwTe4ulT47UN5ULskyGJGNI9 8fvkJw4i9c7N+GWx5QKRuaLAfLdBJKHvCLzLRLMtg+XiCxe0xAbCP3AdXWsashFvl1 nyLBoKj3eg8MYx75I1X/dpCF5e8CCOoysE4piq1cJ8aE8x7tBSjmj4EM8et33mZGdw VWetE+xAb2ODkJpcekLYZLmt+A9uHP7e9kjAuLhBG3QIHPcrlBo9fbf6atxyrbzGzt HDoeTpayYA8KsYJieqhNNApV9jw8/zzPG6xLkYkNtvohvatOHVVNHJyhW+J8w3kSxv P0giANOEFPOrg== Received: (from zarychtam@localhost) by plan-b.pwste.edu.pl (8.17.1/8.17.1/Submit) id 22TFLDiY014853; Tue, 29 Mar 2022 17:21:13 +0200 (CEST) (envelope-from zarychtam) Date: Tue, 29 Mar 2022 17:21:13 +0200 From: Marek Zarychta To: Goran =?utf-8?B?TWVracSH?= Cc: "Bjoern A. Zeeb" , freebsd-current@freebsd.org Subject: Re: DHCPDv6 in non-vnet jail Message-ID: References: <20220326222957.wuc7xwyiq3bjtlnv@tilda.center> <4772ECB8-6482-4B94-A887-F04EC6272911@lists.zabbadoz.net> <20220329081129.p5xtxlbiyw6klxcl@tilda.center> List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20220329081129.p5xtxlbiyw6klxcl@tilda.center> X-Rspamd-Queue-Id: 4KSYF01Qwsz3n2q X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=plan-b.pwste.edu.pl header.s=plan-b-mailer header.b=rSie+jzc; dmarc=pass (policy=none) header.from=plan-b.pwste.edu.pl; spf=none (mx1.freebsd.org: domain of zarychtam@plan-b.pwste.edu.pl has no SPF policy when checking 2001:678:618::40) smtp.mailfrom=zarychtam@plan-b.pwste.edu.pl X-Spamd-Result: default: False [-3.80 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[plan-b.pwste.edu.pl:s=plan-b-mailer]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[plan-b.pwste.edu.pl:+]; DMARC_POLICY_ALLOW(-0.50)[plan-b.pwste.edu.pl,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MLMMJ_DEST(0.00)[freebsd-current]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:206006, ipnet:2001:678:618::/48, country:PL]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N Dnia Tue, Mar 29, 2022 at 10:11:29AM +0200, Goran Mekić napisał(a): > On Sun, Mar 27, 2022 at 02:34:11PM +0000, Bjoern A. Zeeb wrote: > > I assume you have /dev/bpf available inside that jail by a devfs rule so > > effectively you have all network interfaces and traffic available? > As a form of test I've put rtadvd inside the same non-vnet jail and I > can see RA message arrive to the vnet jail. I though I "disconnected" > something concerning IPv6, but that's obviously not the case. > > Let's take a step back. Is there any howto/tutorial on how to put > isc-dhcpd6 in a non-vnet jail? I don't care if it's jail.conf or some > jail manager. Can I somehow see where packets end up, like dtrace? > Should I try some other server/client for DHCPv6? If I can make it work > in any scenario, that would be good starting point for me to figure out > what's wrong with my current setup. > > Regards, > meka Running DHCPv6 in a jail is possible and pretty straigtforward if /dev/bpf is exposed, but I have never tried to run rtadvd(8) in the jail. The net/isc-dhcp44-server works flawlessy in dedicated DHCPv6 reduntant jails without VNET, but the RA is always done on the core switches for all suppoted subnets in my case. Please consider that DHCPv6 is never replacement, but addition to properly confiugred RA. Best regards, -- Marek Zarychta