[Dnsmasq-discuss] DHCPv6: Problems w/ multiple interfaces that have identical MACs

Wed Jan 14 21:44:54 GMT 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 13/01/15 15:18, Cory Benfield wrote:
> On Mon, Jan 12, 2015 at 20:46:36, Simon Kelley wrote:
>> You're well on the trail.
>> 
>> In src/network.c in iface_allowed() there's some code
>> 
>> /* check whether the interface IP has been added already we call 
>> this routine multiple times. */ for (iface = daemon->interfaces; 
>> iface; iface = iface->next) if (sockaddr_isequal(&iface->addr, 
>> addr)) < return success without actually doing anything >
>> 
>> sockaddr_isequal DOESN'T compare the scope_ids.
>> 
>> It's debatable if sockaddr_isequal should be changed - I'd have
>> to look where else it's called - or if there should be a
>> scope_id check just in the loop; that would be a good start to
>> see if it fixes things.
> 
> Simon,
> 
> Good spot, that's worked correctly. After applying the admittedly 
> quite naïve patch at the bottom of this email, dnsmasq correctly 
> bound on all those interfaces.

OK, that's useful information: there are no other (known) problems
with this unusual configuration.

> 
> I haven't considered the repercussions of this patch fully yet: in 
> particular I don't know how well it'll work for interfaces that
> only have IPv4 addresses. Regardless, the patch is below if you
> want to take it in its current form.
> 

As it stands, the patch is broken, since the address may be an IPv4
address, as you noticed. Coercing the union to in6 and looking at the
scope_id field will not end well on the address is actually an IPv4
sockaddr.

> If you don't, I'm happy to take guidance on what you want the
> patch to be. For example, you may want to move the check into 
> sockaddr_isequal, or gate it behind a check on the address 
> (IN6_IS_ADDR_LINKLOCAL is a tempting candidate). Shout if you'd
> like that modification made to the patch and I'll make it, test it
> and resubmit it.

The obvious thing to do is still to add the scope_is check in
scokaddr_isequal. I'll find time in the next couple of days to work
through the implications of this: I _think_ it's alright, because I
think the scope_id is set to zero for all non-linklocal addresses, but
that needs to be checked.

Cheers,

Simon.

> 
> Cory
> 
> 
> 
>> From 1cfc68832bcee1e7b2eecda38d9d47c7913815c9 Mon Sep 17
>> 00:00:00 2001
> From: Cory Benfield <cory.benfield at metaswitch.com> Date: Tue, 13
> Jan 2015 15:13:07 +0000 Subject: [PATCH] Allow different IFs with
> the same IP to be bound.
> 
> Signed-off-by: Cory Benfield <cory.benfield at metaswitch.com> --- 
> src/network.c | 5 +++-- 1 file changed, 3 insertions(+), 2 
> deletions(-)
> 
> diff --git a/src/network.c b/src/network.c index 14d2af2..f54d7aa 
> 100644 --- a/src/network.c +++ b/src/network.c @@ -400,8 +400,9 @@ 
> static int iface_allowed(struct iface_param *param, int if_index, 
> char *label,
> 
> /* check whether the interface IP has been added already we call
> this routine multiple times. */ -  for (iface = daemon->interfaces;
> iface; iface = iface->next) -    if (sockaddr_isequal(&iface->addr,
> addr)) + for (iface = daemon->interfaces; iface; iface =
> iface->next) +    if (sockaddr_isequal(&iface->addr, addr) && + 
> (iface->addr.in6.sin6_scope_id == 
> addr->in6.sin6_addr.sin6_scope_id)) { iface->dad = !!(iface_flags
> & IFACE_TENTATIVE); iface->found = 1; /* for garbage collection */
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlS241YACgkQKPyGmiibgrdiJwCgidCVO8YKbnl+MsthVlkIeCaT
qCkAn0Mm9i7V5U38+PndF8DX7G2GcFpe
=6+RV
-----END PGP SIGNATURE-----