[Dnsmasq-discuss] interface+macvlan on same network confuses dnsmasq v2.66rc2
Gui Iribarren
gui at altermundi.net
Mon Oct 21 20:31:15 BST 2013
Hello Simon!
so, i'm trying to do whacky stuff with dnsmasq v2.66-rc2 on openwrt
basically, i have two interfaces that have different ips but on the same
netmask, and i want dnsmasq to offer dhcpv4 / RA on only one of them.
yet, as dnsmasq config is thought out like "okay, here, have these
ranges / prefixes, and find out by yourself on which interfaces you
should offer them"
i'm having a hard time.
i thought of two alternatives:
1) use tag:interface when declaring the dhcp-ranges
2) use no-dhcp-interface=
but none of them work as expected :( (i get the feeling i'm hitting
bugs, walking an uncommon corner case)
so, the actual details:
##########################################
# ip a s br-lan
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
link/ether 64:70:02:fd:78:81 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.129/24 brd 192.168.11.255 scope global br-lan
inet6 2a00:1508:1:f820::fd:7881/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::6670:2ff:fefd:7881/64 scope link
valid_lft forever preferred_lft forever
# ip a s anygw
22: anygw at br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UNKNOWN
link/ether aa:aa:aa:40:28:b5 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.1/24 scope global anygw
inet6 2a00:1508:1:f820::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::a8aa:aaff:fe40:28b5/64 scope link
valid_lft forever preferred_lft forever
### anygw was created with the following command
# ip link add link br-lan anygw address aa:aa:aa:40:28:b5 type macvlan
### i want dnsmasq to use anygw interface, and ignore br-lan
### first try:
# cat /etc/dnsmasq.conf
enable-ra
dhcp-range=tag:anygw,2a00:1508:1:f820::, ra-names
dhcp-range=tag:anygw,192.168.11.10,192.168.11.249,255.255.255.0,10m
### result: br-lan is not ignored; if i do "rdisc6" from a client,
### i get two RAs in reply, which breaks my whole idea
Hop limit : 64 ( 0x40)
Stateful address conf. : No
Stateful other conf. : No
Router preference : medium
Router lifetime : 1800 (0x00000708) seconds
Reachable time : unspecified (0x00000000)
Retransmit time : unspecified (0x00000000)
Prefix : 2a00:1508:1:f820::/64
Valid time : 3600 (0x00000e10) seconds
Pref. time : 3600 (0x00000e10) seconds
MTU : 1500 bytes (valid)
Source link-layer address: 64:70:02:FD:78:81
Recursive DNS server : 2a00:1508:1:f820::fd:7881
DNS server lifetime : 1200 (0x000004b0) seconds
from fe80::6670:2ff:fefd:7881
Hop limit : 64 ( 0x40)
Stateful address conf. : No
Stateful other conf. : No
Router preference : medium
Router lifetime : 1800 (0x00000708) seconds
Reachable time : unspecified (0x00000000)
Retransmit time : unspecified (0x00000000)
Prefix : 2a00:1508:1:f820::/64
Valid time : 3600 (0x00000e10) seconds
Pref. time : 3600 (0x00000e10) seconds
MTU : 1500 bytes (valid)
Source link-layer address: AA:AA:AA:40:28:B5
Recursive DNS server : 2a00:1508:1:f820::1
DNS server lifetime : 1200 (0x000004b0) seconds
from fe80::a8aa:aaff:fe40:28b5
### and this on the router log
dnsmasq-dhcp[5637]: RTR-ADVERT(br-lan) 2a00:1508:1:f820::
dnsmasq-dhcp[5637]: RTR-SOLICIT(br-lan)
dnsmasq-dhcp[5637]: RTR-ADVERT(br-lan) 2a00:1508:1:f820::
dnsmasq-dhcp[5637]: RTR-SOLICIT(anygw)
dnsmasq-dhcp[5637]: RTR-ADVERT(anygw) 2a00:1508:1:f820::
dnsmasq-dhcp[5637]: RTR-ADVERT(br-lan) 2a00:1508:1:f820::
### while in dhcpv4 it works a bit better, but also messes up a bit
### (client is doing "dhclient")
dnsmasq-dhcp[5637]: DHCPDISCOVER(br-lan) 20:16:d8:65:4d:29 no address
available
dnsmasq-dhcp[5637]: DHCPDISCOVER(anygw) 20:16:d8:65:4d:29
dnsmasq-dhcp[5637]: DHCPOFFER(anygw) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[5637]: DHCPREQUEST(br-lan) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[5637]: DHCPNAK(br-lan) 192.168.11.19 20:16:d8:65:4d:29
wrong server-ID
dnsmasq-dhcp[5637]: DHCPREQUEST(anygw) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[5637]: DHCPACK(anygw) 192.168.11.19 20:16:d8:65:4d:29 preta
### the OFFER it's sending is a funny mix:
### it is sent *from* br-lan MAC and IP (192.168.11.129)
### but 'router' and 'dns server' fields point to anygw (192.168.11.1)
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3
DHCPREQUEST of 192.168.11.19 on wlan0 to 255.255.255.255 port 67
DHCPOFFER of 192.168.11.19 from 192.168.11.129
DHCPACK of 192.168.11.19 from 192.168.11.129
###### now, on to option (2), i add no-dhcp-interface=br-lan
# cat /etc/dnsmasq.conf
enable-ra
dhcp-range=tag:anygw,2a00:1508:1:f820::, ra-names
dhcp-range=tag:anygw,192.168.11.10,192.168.11.249,255.255.255.0,10m
no-dhcp-interface=br-lan
### yay! v6 works! i get only one RA, from anygw interface
dnsmasq-dhcp[6464]: RTR-SOLICIT(anygw)
dnsmasq-dhcp[6464]: RTR-ADVERT(anygw) 2a00:1508:1:f820::
### but dhcpv4 is broken :( clients don't get OFFERs
dnsmasq-dhcp[6794]: DHCPDISCOVER(anygw) 20:16:d8:65:4d:29
dnsmasq-dhcp[6794]: DHCPOFFER(anygw) 192.168.11.20 20:16:d8:65:4d:29
dnsmasq-dhcp[6794]: DHCPDISCOVER(anygw) 20:16:d8:65:4d:29
dnsmasq-dhcp[6794]: DHCPOFFER(anygw) 192.168.11.20 20:16:d8:65:4d:29
### tcpdump shows no such DHCPOFFER actually being sent out
### and here comes the bizarre...
### while playing with this back and forth, it started working,
### turns out, the lease-file was populated in setup (1). i.e.
### if there's a lease for that client already in the lease-file
### then the OFFER is actually sent out
dnsmasq-dhcp[7320]: DHCPDISCOVER(anygw) 20:16:d8:65:4d:29
dnsmasq-dhcp[7320]: DHCPOFFER(anygw) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[7320]: DHCPREQUEST(anygw) 192.168.11.19 20:16:d8:65:4d:29
dnsmasq-dhcp[7320]: DHCPACK(anygw) 192.168.11.19 20:16:d8:65:4d:29 preta
### but no new clients are able to get a first lease.
### (and "preta" only got a lease because it was generated by a
### previous dnsmasq run, without no-dhcp-interface)
#######################################
so, to wrap it up, i'm getting this funny behaviour of DHCPv4
while trying to run dnsmasq only on "anygw" and not on "br-lan", being
that "anygw" is a macvlan interface on top of "br-lan"
(if i try to run dnsmasq only on *br-lan* by using
no-dhcp-interface=anygw, everything works as expected)
binding (at listen port level) dnsmasq only to anygw is not an option
for me, since i want to offer dns server over br-lan :)
separating anygw and br-lan on different netmasks is also not an option
any help will be *much* appreciated, and thanks a lot already for
reading up to this point!
this "anygw" thing is the keystone of a mesh-oriented openwrt firmware
that combines layer2 and a layer3 routing protocols, so that clients can
roam transparently inside clouds, while solving scalability by
segmenting l2 clouds, interconnected by l3 routing.
http://dev.libre-mesh.org/
the whole work being centered around ipv6, makes ra-names fundamental to
having proper resolution between clouds and on the public internet
cheers!!
gui
----------------------------------------
### apendix:
### if it matters, config file also includes in all cases:
dhcp-authoritative
domain-needed
localise-queries
read-ethers
bogus-priv
expand-hosts
domain=lan
server=/lan/
dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto
stop-dns-rebind
rebind-localhost-ok
### and a reference startup log
dnsmasq: DNS rebinding protection is active, will discard upstream
RFC1918 responses!
dnsmasq: Allowing 127.0.0.0/8 responses
dnsmasq[7622]: started, version 2.66rc2 cachesize 150
dnsmasq[7622]: compile time options: IPv6 GNU-getopt no-DBus no-i18n
no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth
dnsmasq-dhcp[7622]: DHCP, IP range 192.168.11.10 -- 192.168.11.249,
lease time 10m
dnsmasq-dhcp[7622]: DHCPv4-derived IPv6 names on 2a00:1508:1:f820::
dnsmasq-dhcp[7622]: router advertisement on 2a00:1508:1:f820::
dnsmasq-dhcp[7622]: IPv6 router advertisement enabled
dnsmasq[7622]: using local addresses only for domain lan
dnsmasq[7622]: reading /tmp/resolv.conf.auto
dnsmasq[7622]: using nameserver 192.168.9.1#53
dnsmasq[7622]: using nameserver 8.8.8.8#53
dnsmasq[7622]: using local addresses only for domain lan
dnsmasq[7622]: read /etc/hosts - 1 addresses
dnsmasq-dhcp[7622]: read /etc/ethers - 0 addresses
More information about the Dnsmasq-discuss
mailing list