[Dnsmasq-discuss] interface+macvlan on same network confuses dnsmasq v2.66rc2

Gui Iribarren gui at altermundi.net
Mon Oct 21 20:31:15 BST 2013


Hello Simon!
so, i'm trying to do whacky stuff with dnsmasq v2.66-rc2 on openwrt

basically, i have two interfaces that have different ips but on the same 
netmask, and i want dnsmasq to offer dhcpv4 / RA on only one of them.
yet, as dnsmasq config is thought out like "okay, here, have these 
ranges / prefixes, and find out by yourself on which interfaces you 
should offer them"
i'm having a hard time.

i thought of two alternatives:
1) use tag:interface when declaring the dhcp-ranges
2) use no-dhcp-interface=

but none of them work as expected :( (i get the feeling i'm hitting 
bugs, walking an uncommon corner case)

so, the actual details:

##########################################

# ip  a s br-lan
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue 
state UP
     link/ether 64:70:02:fd:78:81 brd ff:ff:ff:ff:ff:ff
     inet 192.168.11.129/24 brd 192.168.11.255 scope global br-lan
     inet6 2a00:1508:1:f820::fd:7881/64 scope global
        valid_lft forever preferred_lft forever
     inet6 fe80::6670:2ff:fefd:7881/64 scope link
        valid_lft forever preferred_lft forever
# ip a s anygw
22: anygw at br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc 
noqueue state UNKNOWN
     link/ether aa:aa:aa:40:28:b5 brd ff:ff:ff:ff:ff:ff
     inet 192.168.11.1/24 scope global anygw
     inet6 2a00:1508:1:f820::1/64 scope global
        valid_lft forever preferred_lft forever
     inet6 fe80::a8aa:aaff:fe40:28b5/64 scope link
        valid_lft forever preferred_lft forever

### anygw was created with the following command
# ip link add link br-lan anygw address aa:aa:aa:40:28:b5 type macvlan

### i want dnsmasq to use anygw interface, and ignore br-lan

### first try:
# cat /etc/dnsmasq.conf
enable-ra
dhcp-range=tag:anygw,2a00:1508:1:f820::, ra-names
dhcp-range=tag:anygw,192.168.11.10,192.168.11.249,255.255.255.0,10m

### result: br-lan is not ignored; if i do "rdisc6" from a client,
### i get two RAs in reply, which breaks my whole idea

Hop limit                 :           64 (      0x40)
Stateful address conf.    :           No
Stateful other conf.      :           No
Router preference         :       medium
Router lifetime           :         1800 (0x00000708) seconds
Reachable time            :  unspecified (0x00000000)
Retransmit time           :  unspecified (0x00000000)
  Prefix                   : 2a00:1508:1:f820::/64
   Valid time              :         3600 (0x00000e10) seconds
   Pref. time              :         3600 (0x00000e10) seconds
  MTU                      :         1500 bytes (valid)
  Source link-layer address: 64:70:02:FD:78:81
  Recursive DNS server     : 2a00:1508:1:f820::fd:7881
   DNS server lifetime     :         1200 (0x000004b0) seconds
  from fe80::6670:2ff:fefd:7881

Hop limit                 :           64 (      0x40)
Stateful address conf.    :           No
Stateful other conf.      :           No
Router preference         :       medium
Router lifetime           :         1800 (0x00000708) seconds
Reachable time            :  unspecified (0x00000000)
Retransmit time           :  unspecified (0x00000000)
  Prefix                   : 2a00:1508:1:f820::/64
   Valid time              :         3600 (0x00000e10) seconds
   Pref. time              :         3600 (0x00000e10) seconds
  MTU                      :         1500 bytes (valid)
  Source link-layer address: AA:AA:AA:40:28:B5
  Recursive DNS server     : 2a00:1508:1:f820::1
   DNS server lifetime     :         1200 (0x000004b0) seconds
  from fe80::a8aa:aaff:fe40:28b5

### and this on the router log

dnsmasq-dhcp[5637]: RTR-ADVERT(br-lan) 2a00:1508:1:f820::
dnsmasq-dhcp[5637]: RTR-SOLICIT(br-lan)
dnsmasq-dhcp[5637]: RTR-ADVERT(br-lan) 2a00:1508:1:f820::
dnsmasq-dhcp[5637]: RTR-SOLICIT(anygw)
dnsmasq-dhcp[5637]: RTR-ADVERT(anygw) 2a00:1508:1:f820::
dnsmasq-dhcp[5637]: RTR-ADVERT(br-lan) 2a00:1508:1:f820::

### while in dhcpv4 it works a bit better, but also messes up a bit
### (client is doing "dhclient")
dnsmasq-dhcp[5637]: DHCPDISCOVER(br-lan) 20:16:d8:65:4d:29 no address 
available
dnsmasq-dhcp[5637]: DHCPDISCOVER(anygw) 20:16:d8:65:4d:29
dnsmasq-dhcp[5637]: DHCPOFFER(anygw) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[5637]: DHCPREQUEST(br-lan) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[5637]: DHCPNAK(br-lan) 192.168.11.19 20:16:d8:65:4d:29 
wrong server-ID
dnsmasq-dhcp[5637]: DHCPREQUEST(anygw) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[5637]: DHCPACK(anygw) 192.168.11.19 20:16:d8:65:4d:29 preta

### the OFFER it's sending is a funny mix:
### it is sent *from* br-lan MAC and IP (192.168.11.129)
### but 'router' and 'dns server' fields point to anygw (192.168.11.1)

DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3
DHCPREQUEST of 192.168.11.19 on wlan0 to 255.255.255.255 port 67
DHCPOFFER of 192.168.11.19 from 192.168.11.129
DHCPACK of 192.168.11.19 from 192.168.11.129


###### now, on to option (2), i add no-dhcp-interface=br-lan

# cat /etc/dnsmasq.conf
enable-ra
dhcp-range=tag:anygw,2a00:1508:1:f820::, ra-names
dhcp-range=tag:anygw,192.168.11.10,192.168.11.249,255.255.255.0,10m
no-dhcp-interface=br-lan

### yay! v6 works! i get only one RA, from anygw interface

dnsmasq-dhcp[6464]: RTR-SOLICIT(anygw)
dnsmasq-dhcp[6464]: RTR-ADVERT(anygw) 2a00:1508:1:f820::

### but dhcpv4 is broken :( clients don't get OFFERs

dnsmasq-dhcp[6794]: DHCPDISCOVER(anygw) 20:16:d8:65:4d:29
dnsmasq-dhcp[6794]: DHCPOFFER(anygw) 192.168.11.20 20:16:d8:65:4d:29
dnsmasq-dhcp[6794]: DHCPDISCOVER(anygw) 20:16:d8:65:4d:29
dnsmasq-dhcp[6794]: DHCPOFFER(anygw) 192.168.11.20 20:16:d8:65:4d:29

### tcpdump shows no such DHCPOFFER actually being sent out

### and here comes the bizarre...
### while playing with this back and forth, it started working,
### turns out, the lease-file was populated in setup (1). i.e.
### if there's a lease for that client already in the lease-file
### then the OFFER is actually sent out

dnsmasq-dhcp[7320]: DHCPDISCOVER(anygw) 20:16:d8:65:4d:29
dnsmasq-dhcp[7320]: DHCPOFFER(anygw) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[7320]: DHCPREQUEST(anygw) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[7320]: DHCPACK(anygw) 192.168.11.19 20:16:d8:65:4d:29 preta

### but no new clients are able to get a first lease.
### (and "preta" only got a lease because it was generated by a
### previous dnsmasq run, without no-dhcp-interface)


#######################################

so, to wrap it up, i'm getting this funny behaviour of DHCPv4
while trying to run dnsmasq only on "anygw" and not on "br-lan", being 
that "anygw" is a macvlan interface on top of "br-lan"

(if i try to run dnsmasq only on *br-lan* by using
no-dhcp-interface=anygw, everything works as expected)

binding (at listen port level) dnsmasq only to anygw is not an option 
for me, since i want to offer dns server over br-lan :)

separating anygw and br-lan on different netmasks is also not an option

any help will be *much* appreciated, and thanks a lot already for 
reading up to this point!

this "anygw" thing is the keystone of a mesh-oriented openwrt firmware 
that combines layer2 and a layer3 routing protocols, so that clients can 
roam transparently inside clouds, while solving scalability by 
segmenting l2 clouds, interconnected by l3 routing.
http://dev.libre-mesh.org/
the whole work being centered around ipv6, makes ra-names fundamental to 
having proper resolution between clouds and on the public internet

cheers!!

gui

----------------------------------------

### apendix:
### if it matters, config file also includes in all cases:

dhcp-authoritative
domain-needed
localise-queries
read-ethers
bogus-priv
expand-hosts
domain=lan
server=/lan/
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok


### and a reference startup log

dnsmasq: DNS rebinding protection is active, will discard upstream 
RFC1918 responses!
dnsmasq: Allowing 127.0.0.0/8 responses
dnsmasq[7622]: started, version 2.66rc2 cachesize 150
dnsmasq[7622]: compile time options: IPv6 GNU-getopt no-DBus no-i18n 
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth
dnsmasq-dhcp[7622]: DHCP, IP range 192.168.11.10 -- 192.168.11.249, 
lease time 10m
dnsmasq-dhcp[7622]: DHCPv4-derived IPv6 names on 2a00:1508:1:f820::
dnsmasq-dhcp[7622]: router advertisement on 2a00:1508:1:f820::
dnsmasq-dhcp[7622]: IPv6 router advertisement enabled
dnsmasq[7622]: using local addresses only for domain lan
dnsmasq[7622]: reading /tmp/resolv.conf.auto
dnsmasq[7622]: using nameserver 192.168.9.1#53
dnsmasq[7622]: using nameserver 8.8.8.8#53
dnsmasq[7622]: using local addresses only for domain lan
dnsmasq[7622]: read /etc/hosts - 1 addresses
dnsmasq-dhcp[7622]: read /etc/ethers - 0 addresses




More information about the Dnsmasq-discuss mailing list