[Dnsmasq-discuss] SUCCESS
Gene Czarcinski
gene at czarc.net
Fri Oct 19 13:52:18 BST 2012
On 10/19/2012 07:11 AM, Gene Czarcinski wrote:
> On 10/17/2012 03:18 PM, Simon Kelley wrote:
>> On 17/10/12 14:54, Gene Czarcinski wrote:
>>
>>> OK, I believe I understand: as you describe it, this is needed for
>>> dhcp4. However, getting a little more understanding of how dhcp6 works
>>> from my last round of debugging, dhcp6 currently does handle multiple
>>> packets. It filters on the IPv6 subnet specified in --dhcp-range and
>>> will only serve dhcp6-packets coming in on the interface which has the
>>> defined dhcp-range subnet. If you specify more than one subnet for a
>>> specific dnsmasq, then it will serve each. Any --interface or
>>> --listen-address is irrelevant. However, the two exclude lists are not
>>> irrelevant and any interface specified in wither of those lists will
>>> block the service.
>>
>> The problem is that, without SO_BINDTODEVICE, there is no guarantee
>> that the kernel will route DHCP (v4 or v6) packets to the correct
>> instance of dnsmasq, when there is more than one.
>>>
>>> Now, I assume that all dhcmasq instantiations will each get copies of
>>> all dhcp6 packets. It is their responsibility to process or drop a
>>> packet depending on just what they service.
>>
>> See above: not a valid assumption.
>>>
> Mmmm ... now that I reflect on it I may have seen the problem with dhcp6.
>
> A virtual server running kadvd servicing two ipv6 networks and two
> instances of dnsmasq each serving dhcp4, dhcp6, and dns on one
> network. The dnsmasqs were started with --listen-address but no
> --interface.
>
> Four client virtual systems; two on each network.
>
> Services on the server were started first. Then the four clients
> enabled their network interfaces. Three of them came up fine with
> dhcp4 and dhcp6 addresses. The fourth one had a dhcp4 address but a
> SLAAC address for IPv6. Toggle the interface (disconnect;
> reconnect). Everything fine the now although it now had a dhcp6 and a
> SLAAC address.
>
> The appears to have been the problem. This kind of problem is going
> to be difficult to reliably reproduce so one can "prove" that the fix
> is the right fix (not that I doubt it). I suppose a some my_syslogs
> could be added so there was documentation when packets were dropped.
Simon, now that I have given it some thought, dhcp6_packet() should
never see any dhcpv6 packets except those which it should see. If it
does see a packet which it must drop, that implies things are not
configured properly.
For example, if I specify a network in --dhcp-range which happens to be
on eth0 and then put eth0 in one of the exclude lists, something is wrong.
If --interface and/or --bind-interfaces were not specified and the
device name associated dhcpv6 packet does not match the device name
associated with a --dhcp-range that was specified, this is an error.
It might be appropriate to add my_syslog() warnings when such things occur.
Comments?
Gene
More information about the Dnsmasq-discuss
mailing list