[Dnsmasq-discuss] DHCPv6 doesn't work on Linux interfaces enslaved to a VRF
Luci Stanescu
luci at safebits.tech
Tue Oct 10 10:25:48 UTC 2023
Hi Simon,
> On 10 Oct 2023, at 00:17, Simon Kelley <simon at thekelleys.org.uk> wrote:
>
> I've implemented option 1 here and it's currently running and dogfood on my home network. There are no VRF interfaces there: this is a test mainly to check that nothing breaks. So far, so good.
>
> The patch I used is attached. It would be interesting to see if it solves the problem for you.
Many thanks for this! I can confirm that it works as expected with VRF-enslaved interfaces now.
>> 2. Finding authoritative information that the interface index from IPV6_PKTINFO is always set to the L3 interface on which a datagram was received. The kernel mailing list might be start? I'd certainly be happy to help think about and test various scenarios.
>
> Please enquire about 2.
I've tested chains of bond- and bridge-enslaved interfaces (e.g. veth in bond in bridge in bond) and ipi6_ifindex seems to be set to the highest-up master, excluding VRF devices, so that seems promising and should cover the empirical bit. Joining a multicast group on an enslaved interface (if the master isn't a VRF) doesn't seem to work anyway.
I'll ask on the netdev kernel mailing list and see if I can get any assurances, but I'll have to wait for my DMARC record to expire first.
Cheers,
Luci
--
Luci Stanescu
Information Security Consultant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20231010/e64da762/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3602 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20231010/e64da762/attachment.bin>
More information about the Dnsmasq-discuss
mailing list