From nobody Tue Mar 29 16:11:05 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0ADD31A4CF1E for ; Tue, 29 Mar 2022 19:31:19 +0000 (UTC) (envelope-from meka@tilda.center) Received: from c3po.tilda.center (c3po.tilda.center [108.61.164.129]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4KSfnK519yz52NN for ; Tue, 29 Mar 2022 19:31:17 +0000 (UTC) (envelope-from meka@tilda.center) Received: from tilda.center (109-93-255-137.static.isp.telekom.rs [109.93.255.137]) by c3po.tilda.center (Postfix) with ESMTPSA id 32E131CBE9; Tue, 29 Mar 2022 21:31:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tilda.center; s=c3po; t=1648582275; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GZvvfHUgPekkZai2kChCRvjBq8ofdCkZJ0vHPwdwS/o=; b=KQ+RW9dKGEESqWkJrXH9mXV4FyyTxEM1rJjtauSOBqh/wJAjNyKCrLwV/oKwzfY/teidIG yxEiZkg0vAo6Y3Q8irfw1n9GVnj92luxSvIts7S3miSQ/+3NZIUTqxP5R1XGlsG7J9n9rZ zeqwaQwMe6zvBkmuJz+rodBSAWRD7OY= Date: Tue, 29 Mar 2022 18:11:05 +0200 From: Goran =?utf-8?B?TWVracSH?= To: Ronald Klop Cc: freebsd-current@freebsd.org, "Bjoern A. Zeeb" Subject: Re: DHCPDv6 in non-vnet jail Message-ID: <20220329161105.uw5aigvpazd77we4@tilda.center> References: <20220326222957.wuc7xwyiq3bjtlnv@tilda.center> <4772ECB8-6482-4B94-A887-F04EC6272911@lists.zabbadoz.net> <20220329081129.p5xtxlbiyw6klxcl@tilda.center> <1527544025.66.1648548860391@mailrelay> List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jreevis3qtujrjsm" Content-Disposition: inline In-Reply-To: <1527544025.66.1648548860391@mailrelay> X-Rspamd-Queue-Id: 4KSfnK519yz52NN X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tilda.center header.s=c3po header.b=KQ+RW9dK; dmarc=pass (policy=reject) header.from=tilda.center; spf=pass (mx1.freebsd.org: domain of meka@tilda.center designates 108.61.164.129 as permitted sender) smtp.mailfrom=meka@tilda.center X-Spamd-Result: default: False [-4.04 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tilda.center:s=c3po]; MID_RHS_MATCH_FROM(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; NEURAL_SPAM_SHORT(0.43)[0.433]; NEURAL_HAM_LONG(-1.00)[-1.000]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[tilda.center:+]; DMARC_POLICY_ALLOW(-0.50)[tilda.center,reject]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; MLMMJ_DEST(0.00)[freebsd-current]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; R_MIXED_CHARSET(0.62)[subject]; ASN(0.00)[asn:20473, ipnet:108.61.164.0/22, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-ThisMailContainsUnwantedMimeParts: N --jreevis3qtujrjsm Content-Type: text/plain; charset=utf-8 Content-Disposition: inline On Tue, Mar 29, 2022 at 12:14:20PM +0200, Ronald Klop wrote: > I think it will help if you share more of your configuration/logs. Inside non-vnet jail, this is ifconfig output cbsd0: flags=8843 metric 0 mtu 1500 description: lagg0 ether 58:9c:fc:10:9b:75 inet 172.16.0.253 netmask 0xffffffff broadcast 172.16.0.253 inet6 fd10:6c79:8ae5:8b91::2 prefixlen 128 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair1a flags=143 ifmaxaddr 0 port 7 priority 128 path cost 2000 member: epair5a flags=143 ifmaxaddr 0 port 11 priority 128 path cost 2000 member: epair4a flags=143 ifmaxaddr 0 port 10 priority 128 path cost 2000 member: epair3a flags=143 ifmaxaddr 0 port 9 priority 128 path cost 2000 member: epair2a flags=143 ifmaxaddr 0 port 8 priority 128 path cost 2000 groups: bridge nd6 options=21 There are bunch of other interfaces, but only cbsd0 (bridge interface) is set up with ip address. netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire 172.16.0.253 link#4 UH cbsd0 Internet6: Destination Gateway Flags Netif Expire fd10:6c79:8ae5:8b91::2 link#4 UHS lo0 grep -v '^#' /usr/local/etc/dhcpd6.conf default-lease-time 2592000; preferred-lifetime 604800; option dhcp-renewal-time 3600; option dhcp-rebinding-time 7200; allow leasequery; option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e; option dhcp6.domain-search "test.example.com","example.com"; option dhcp6.info-refresh-time 21600; dhcpv6-lease-file-name "/var/db/dhcpd6/dhcpd6.leases"; subnet6 fd10:6c79:8ae5:8b91::/64 { range6 fd10:6c79:8ae5:8b91::/64; } ls -l /dev total 1 crw------- 1 root wheel 0x26 Mar 29 17:35 bpf lrwxr-xr-x 1 root wheel 3 Mar 28 09:31 bpf0 -> bpf crw-rw-rw- 1 root wheel 0x4a Mar 26 15:54 crypto dr-xr-xr-x 2 root wheel 512 Mar 29 03:38 fd crw-rw-rw- 1 root wheel 0x2a Mar 29 18:00 null crw-rw---- 1 root nsd 0x1a5 Mar 24 23:45 pf crw-rw---- 1 root nsd 0x4b Mar 26 15:54 pfil dr-xr-xr-x 2 root wheel 512 Mar 28 09:31 pts crw-r--r-- 1 root wheel 0x8 Mar 24 23:45 random lrwxr-xr-x 1 root wheel 4 Mar 28 09:31 stderr -> fd/2 lrwxr-xr-x 1 root wheel 4 Mar 28 09:31 stdin -> fd/0 lrwxr-xr-x 1 root wheel 4 Mar 28 09:31 stdout -> fd/1 lrwxr-xr-x 1 root wheel 6 Mar 28 09:31 urandom -> random crw-rw-rw- 1 root wheel 0x2b Mar 26 15:54 zero On the host I have /etc/rtadvd.conf: cbsd0:addr="fd10:6c79:8ae5:8b91::":raflags="m" On the host ifconfig cbsd0 cbsd0: flags=8843 metric 0 mtu 1500 description: lagg0 ether 58:9c:fc:10:9b:75 inet 172.16.0.254 netmask 0xffffff00 broadcast 172.16.0.255 inet 172.16.1.254 netmask 0xffffff00 broadcast 172.16.1.255 inet 172.16.0.253 netmask 0xffffffff broadcast 172.16.0.253 inet6 fe80::5a9c:fcff:fe10:9b75%cbsd0 prefixlen 64 scopeid 0x4 inet6 fd10:6c79:8ae5:8b91::1 prefixlen 64 inet6 fd10:6c79:8ae5:8b91::2 prefixlen 128 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair1a flags=143 ifmaxaddr 0 port 7 priority 128 path cost 2000 member: epair5a flags=143 ifmaxaddr 0 port 11 priority 128 path cost 2000 member: epair4a flags=143 ifmaxaddr 0 port 10 priority 128 path cost 2000 member: epair3a flags=143 ifmaxaddr 0 port 9 priority 128 path cost 2000 member: epair2a flags=143 ifmaxaddr 0 port 8 priority 128 path cost 2000 groups: bridge nd6 options=21 > Besides you can take a look with tcpdump/wireshark on what happens on different interfaces of your machines to see the traffic flow between client and server. Running tcpdump -i cbsd0 ip6 inside the non-vnet: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on cbsd0, link-type EN10MB (Ethernet), capture size 262144 bytes 18:02:29.081325 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 18:02:51.229813 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:02:52.338420 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:02:54.444709 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:02:58.449268 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:02:59.083071 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 18:03:06.545104 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:03:12.355503 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 18:03:22.890933 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:03:29.084154 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 18:03:54.837662 IP6 fe80::2a0:98ff:fe7d:cad.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 18:03:59.081342 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 18:04:29.083992 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 18:04:41.028190 IP6 fe80::5a9c:fcff:fe10:9b75.10482 > ff12::8384.21027: UDP, length 322 That happens while I'm running dhcp6c -d -f eth0 inside vnet jail (eth0 is epair that is renamed): Mar/29/2022 18:02:50: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory Mar/29/2022 18:02:50: failed initialize control message authentication Mar/29/2022 18:02:50: skip opening control port Mar/29/2022 18:02:50: cfparse: fopen(/usr/local/etc/dhcp6c.conf): No such file or directory Mar/29/2022 18:02:51: Sending Solicit Mar/29/2022 18:02:52: Sending Solicit Mar/29/2022 18:02:54: Sending Solicit Mar/29/2022 18:02:58: Sending Solicit Mar/29/2022 18:03:06: Sending Solicit Mar/29/2022 18:03:22: Sending Solicit Mar/29/2022 18:03:54: Sending Solicit Can I provide any more info? Regards, meka --jreevis3qtujrjsm Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE1WIFkXy2ZeMKjjKEWj1TknovrLYFAmJDL5UACgkQWj1Tknov rLaTng//aDJ45nZnYn+hD8Dx1sfFf5jvfb13weMAQ2z/E+cTmMPyRF5H4R3F0Tr6 VWdth0RNO4/8ffueMSNf2hPFJVN06bYw3ddW8qBCxaOSl8VPOYa+QbF8Ol0wth3S BzuQzCDbotZBFIcZ7yKJMD3jRbBAWU93gYw7otmFLS4LQOjzr3J807VGO/B6zBjm DySc3aoCQL7FDqIpEq2yMcF+QeOgtnSrkIWMM1ZKzGXmDnGhs8MWEs3yksa4Ybn+ Yr+1j1Jzdsa0voIPU3dmC7Qxq5TxJGxTzoxRgnMDUEpFtrbjMG2o8r2FClBwzYS3 yI9qoIcII4jSAWnz1WyX/9jaBjo+ml2oiFNVxXagunvJlUC9i5PbowxVyw/QXsoS +u3C6M+32M16WGdyahuupK1TZ1te5UMqXQ2G/JmfHuGB3y84m8JyyDT+xQ3HbkYe qhsb0NVfvhAMrwXeq4Gbz7e1uzgY9aIQuMAS1MGBTfw28MrnHEw6zSMkIVSErw2F nITXmwul0/nQY2WtXEq5YKoIy/sBBVHo2z4dlA1IXec6Bnok4SNol6OAyULZs/gm PQr0Wc5gj1JuWBPhVl5L5lKLO4HNvGhcyGVkrk4V02VU5trK5SKqFBAP+VwXmZIq 4cE9L5nWE5u7D5WG5PS9PgP2e/csaqR+Ukfoy4HqtHvzFNAdCbA= =RmKY -----END PGP SIGNATURE----- --jreevis3qtujrjsm--