* Re: [Cerowrt-devel] dnsmasq ipv6 stuff [not found] <mailman.5741.1358880757.1742.cerowrt-devel@lists.bufferbloat.net> @ 2013-01-25 1:47 ` Richard Brown [not found] ` <FC4C3393-3EA4-4130-915E-373FAA458A32@intermapper.com> 1 sibling, 0 replies; 11+ messages in thread From: Richard Brown @ 2013-01-25 1:47 UTC (permalink / raw) To: <cerowrt-devel@lists.bufferbloat.net> Folks, I'm still confused about using CeroWrt 3.7.3-2 to give out v6 addresses to my laptop (it's not working). Here's what I see: - I'm using the HE.net 6in4 tunnel to get a /48 for my home. The router itself has a good v6 address, and can ping global v6 addresses. - ifconfig in the router shows that each of the five interfaces (se00, sw00, sw10, gw00, gw10) have addresses assigned from my /48 (see the network file below). - The only uncommented lines in the /etc/dnsmasq.conf file are a "enable-ra" and a set of dhc-range lines for each of the interfaces. (see below) The prefixes for each of the interfaces match the prefixes in the ifconfig command. - I have not modified /etc/config/dhcp, as it didn't seem to make any difference what I put there. Any thoughts? Thanks. Rich ===================================== root@OpenWrt:/etc# cat /etc/config/network config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'se00' option ifname 'se00' option proto 'static' option ipaddr '172.30.42.1' option netmask '255.255.255.224' option ip6assign '64' config interface 'ge00' option ifname 'ge00' option proto 'dhcp' config interface 'ge01' option ifname '@ge00' option proto 'dhcpv6' option broadcast '1' option metric '2048' option reqprefix '60' config interface 'sw00' option type 'none' option proto 'static' option ipaddr '172.30.42.65' option netmask '255.255.255.224' option ip6assign '64' config interface 'sw10' option type 'none' option proto 'static' option ipaddr '172.30.42.97' option netmask '255.255.255.224' option ip6assign '64' config switch option name 'rtl8366s' option reset '1' option enable_vlan '0' option blinkrate '2' option max_length '3' config switch_vlan option device 'rtl8366s' option vlan '1' option ports '0 1 2 3 5t' config switch_port option device 'rtl8366s' option port '1' option led '6' config switch_port option device 'rtl8366s' option port '2' option led '9' config switch_port option device 'rtl8366s' option port '5' option led '2' config interface 'gw00' option type 'none' option proto 'static' option ipaddr '172.30.42.129' option netmask '255.255.255.224' option ip6assign '64' config interface 'gw10' option type 'none' option proto 'static' option ipaddr '172.30.42.161' option netmask '255.255.255.224' option ip6assign '64' config interface 'gw01' option proto 'ahcp' config interface 'gw11' option proto 'ahcp' config interface 'henet' option proto '6in4' option mtu '1424' option ttl '64' option peeraddr '209.51.161.14' option ip6addr '2001:470:1f06:64::2/64' option ip6prefix '2001:470:8a63::/48' option tunneled 'xxxxxx' option username 'tbxxxxx' option password 'xxxxx ================== root@OpenWrt:/etc# cat /etc/dnsmasq.conf # Added 24Jan2013 -reb enable-ra dhcp-range=se00,2001:470:8a63:2::,ra-stateless,ra-names dhcp-range=sw00,2001:470:8a63:3::,ra-stateless,ra-names dhcp-range=sw10,2001:470:8a63:4::,ra-stateless,ra-names dhcp-range=gw00,2001:470:8a63:0::,ra-stateless,ra-names dhcp-range=gw10,2001:470:8a63:1::,ra-stateless,ra-names ^ permalink raw reply [flat|nested] 11+ messages in thread
[parent not found: <FC4C3393-3EA4-4130-915E-373FAA458A32@intermapper.com>]
* Re: [Cerowrt-devel] dnsmasq ipv6 stuff [not found] ` <FC4C3393-3EA4-4130-915E-373FAA458A32@intermapper.com> @ 2013-01-25 1:55 ` Richard Brown 0 siblings, 0 replies; 11+ messages in thread From: Richard Brown @ 2013-01-25 1:55 UTC (permalink / raw) To: <cerowrt-devel@lists.bufferbloat.net> [Sorry - I realized an earlier request asked to see the auto-generated /var/etc/dnsmasq.conf file. It's appended ] > I'm still confused about using CeroWrt 3.7.3-2 to give out v6 addresses to my laptop (it's not working). Here's what I see: > > - I'm using the HE.net 6in4 tunnel to get a /48 for my home. The router itself has a good v6 address, and can ping global v6 addresses. > > - ifconfig in the router shows that each of the five interfaces (se00, sw00, sw10, gw00, gw10) have addresses assigned from my /48 (see the network file below). > > - The only uncommented lines in the /etc/dnsmasq.conf file are a "enable-ra" and a set of dhc-range lines for each of the interfaces. (see below) The prefixes for each of the interfaces match the prefixes in the ifconfig command. > > - I have not modified /etc/config/dhcp, as it didn't seem to make any difference what I put there. > > Any thoughts? Thanks. > > Rich > > ===================================== > root@OpenWrt:/etc# cat /etc/config/network > > config interface 'loopback' > option ifname 'lo' > option proto 'static' > option ipaddr '127.0.0.1' > option netmask '255.0.0.0' > > config interface 'se00' > option ifname 'se00' > option proto 'static' > option ipaddr '172.30.42.1' > option netmask '255.255.255.224' > option ip6assign '64' > > config interface 'ge00' > option ifname 'ge00' > option proto 'dhcp' > > config interface 'ge01' > option ifname '@ge00' > option proto 'dhcpv6' > option broadcast '1' > option metric '2048' > option reqprefix '60' > > config interface 'sw00' > option type 'none' > option proto 'static' > option ipaddr '172.30.42.65' > option netmask '255.255.255.224' > option ip6assign '64' > > config interface 'sw10' > option type 'none' > option proto 'static' > option ipaddr '172.30.42.97' > option netmask '255.255.255.224' > option ip6assign '64' > > config switch > option name 'rtl8366s' > option reset '1' > option enable_vlan '0' > option blinkrate '2' > option max_length '3' > > config switch_vlan > option device 'rtl8366s' > option vlan '1' > option ports '0 1 2 3 5t' > > config switch_port > option device 'rtl8366s' > option port '1' > option led '6' > > config switch_port > option device 'rtl8366s' > option port '2' > option led '9' > > config switch_port > option device 'rtl8366s' > option port '5' > option led '2' > > config interface 'gw00' > option type 'none' > option proto 'static' > option ipaddr '172.30.42.129' > option netmask '255.255.255.224' > option ip6assign '64' > > config interface 'gw10' > option type 'none' > option proto 'static' > option ipaddr '172.30.42.161' > option netmask '255.255.255.224' > option ip6assign '64' > > config interface 'gw01' > option proto 'ahcp' > > config interface 'gw11' > option proto 'ahcp' > > config interface 'henet' > option proto '6in4' > option mtu '1424' > option ttl '64' > option peeraddr '209.51.161.14' > option ip6addr '2001:470:1f06:64::2/64' > option ip6prefix '2001:470:8a63::/48' > option tunneled 'xxxxxx' > option username 'tbxxxxx' > option password 'xxxxx > > ================== > root@OpenWrt:/etc# cat /etc/dnsmasq.conf > # Added 24Jan2013 -reb > enable-ra > dhcp-range=se00,2001:470:8a63:2::,ra-stateless,ra-names > dhcp-range=sw00,2001:470:8a63:3::,ra-stateless,ra-names > dhcp-range=sw10,2001:470:8a63:4::,ra-stateless,ra-names > dhcp-range=gw00,2001:470:8a63:0::,ra-stateless,ra-names > dhcp-range=gw10,2001:470:8a63:1::,ra-stateless,ra-names > ================== root@OpenWrt:/tmp/etc# cat /var/etc/dnsmasq.conf # auto-generated config file from /etc/config/dhcp conf-file=/etc/dnsmasq.conf dhcp-authoritative domain-needed localise-queries read-ethers bogus-priv expand-hosts dhcp-script=/etc/dnsmasq_net6.sh cache-size=5000 port=53 domain=home.lan server=/home.lan/ except-interface=ge00 dhcp-leasefile=/tmp/dhcp.leases resolv-file=/tmp/resolv.conf.auto stop-dns-rebind rebind-localhost-ok address=/gw.home.lan/172.30.42.1 ptr-record=1.42.30.172.in-addr.arpa,gw.home.lan address=/wpad.home.lan/172.30.42.1 ptr-record=1.42.30.172.in-addr.arpa,wpad.home.lan dhcp-range=se00,172.30.42.2,172.30.42.27,255.255.255.224,24h dhcp-option=se00,42,0.0.0.0 dhcp-option=se00,44,0.0.0.0 dhcp-option=se00,45,0.0.0.0 dhcp-option=se00,46,8 dhcp-range=sw00,172.30.42.66,172.30.42.91,255.255.255.224,24h dhcp-option=sw00,42,0.0.0.0 dhcp-option=sw00,44,0.0.0.0 dhcp-option=sw00,45,0.0.0.0 dhcp-option=sw00,46,8 dhcp-range=sw10,172.30.42.98,172.30.42.123,255.255.255.224,24h dhcp-option=sw10,42,0.0.0.0 dhcp-option=sw10,44,0.0.0.0 dhcp-option=sw10,45,0.0.0.0 dhcp-option=sw10,46,8 dhcp-range=gw00,172.30.42.130,172.30.42.155,255.255.255.224,24h dhcp-option=gw00,42,0.0.0.0 dhcp-option=gw00,44,0.0.0.0 dhcp-option=gw00,45,0.0.0.0 dhcp-option=gw00,46,8 dhcp-range=gw10,172.30.42.162,172.30.42.187,255.255.255.224,24h dhcp-option=gw10,42,0.0.0.0 dhcp-option=gw10,44,0.0.0.0 dhcp-option=gw10,45,0.0.0.0 dhcp-option=gw10,46,8 no-dhcp-interface=ge00 no-dhcp-interface=gw01 no-dhcp-interface=gw11 ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Cerowrt-devel] dnsmasq ipv6 stuff @ 2013-01-30 21:40 Simon Kelley 2013-01-30 23:44 ` Chris Lawrence 0 siblings, 1 reply; 11+ messages in thread From: Simon Kelley @ 2013-01-30 21:40 UTC (permalink / raw) To: cerowrt-devel Apologies for starting a new thread, I finally got around to subscribing to the list, rather than looking in the archives, so I don't have mails to reply to. Chris Lawrence said: Having said that I found that with ra-stateless enabled, at least one device on my network would send DHCPv6 requests that crashed dnsmasq. Any chance you could reproduce that, and get some tcpdump/wireshark packet captures of the offending traffic? Cheers, Simon. ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] dnsmasq ipv6 stuff 2013-01-30 21:40 Simon Kelley @ 2013-01-30 23:44 ` Chris Lawrence 0 siblings, 0 replies; 11+ messages in thread From: Chris Lawrence @ 2013-01-30 23:44 UTC (permalink / raw) To: Simon Kelley; +Cc: <cerowrt-devel@lists.bufferbloat.net> Simon - I haven't seen this behavior with test12 so far, but if I do see it again I will try to track down the issue (it's possible that the problem was related to the misaligned access traps in the mips kernel that Dave et al have been squashing in the latest CeroWRT releases). Chris On Wed, Jan 30, 2013 at 4:40 PM, Simon Kelley <simon@thekelleys.org.uk> wrote: > Apologies for starting a new thread, I finally got around to subscribing to > the list, rather than looking in the archives, so I don't have mails to > reply to. > > Chris Lawrence said: > > Having said that I found that with > ra-stateless enabled, at least one device on my network would send > DHCPv6 requests that crashed dnsmasq. > > Any chance you could reproduce that, and get some tcpdump/wireshark packet > captures of the offending traffic? > > Cheers, > > Simon. > -- Chris Lawrence <lordsutch@gmail.com> Website: http://www.cnlawrence.com/ ^ permalink raw reply [flat|nested] 11+ messages in thread
* [Cerowrt-devel] dnsmasq ipv6 stuff
@ 2013-01-22 6:40 Dave Taht
2013-01-22 18:52 ` Chris Lawrence
0 siblings, 1 reply; 11+ messages in thread
From: Dave Taht @ 2013-01-22 6:40 UTC (permalink / raw)
To: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 3608 bytes --]
I put up the ongoing issues with getting a dhcp-pd prefix assigned to sub
interfaces here:
https://www.bufferbloat.net/issues/422
After prefixes are assigned (somehow)
and after running through the examples in the dnsmasq-test11 tarball,
it sounds like what we want by default is stateless dhcp,
automatic slaac,
automatic naming from dhcp, dhcpv6 and slaac addresses,
and the ability to pick up dynamically assigned prefixes on the interfaces.
I think that's this in /etc/dnsmasq.conf
dhcp-range=se00,1234::, ra-stateless, ra-names
dhcp-range=sw00,1234::, ra-stateless, ra-names
dhcp-range=sw10,1234::, ra-stateless, ra-names
dhcp-range=gw00,1234::, ra-stateless, ra-names
dhcp-range=gw10,1234::, ra-stateless, ra-names
It's kind of unclear to me what 1234 could be replaced with.
"ce30" works for me...
Quick side note - this is another feature in this release:
" Add the ability to act as an authoritative DNS
server. Dnsmasq can now answer queries from the wider 'net
with local data, as long as the correct NS records are set
up. Only local data is provided, to avoid creating an open
DNS relay. Zone transfer is supported, to allow secondary
servers to be configured."
Not sure how this works. Wider net shouldn't get private As, but AAAAs
would be awesome.
From the other examples in the test tarball
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the
RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac
dhcp-range=1234::, ra-stateless, ra-names
# Enable DHCPv6. Note that the prefix-length does not need to be specified
# and defaults to 64 if missing/
#dhcp-range=1234::2, 1234::500, 64, 12h
# Do Router Advertisements, BUT NOT DHCP for this subnet.
#dhcp-range=1234::, ra-only
# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
# hosts. Use the DHCPv4 lease to derive the name, network segment and
# MAC address and assume that the host will also have an
# IPv6 address calculated using the SLAAC alogrithm.
#dhcp-range=1234::, ra-names
# Do Router Advertisements, BUT NOT DHCP for this subnet.
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
#dhcp-range=1234::, ra-only, 48h
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the
RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the
RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration
information.
# They will use SLAAC for addresses.
#dhcp-range=1234::, ra-stateless
# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
# from DHCPv4 leases.
#dhcp-range=1234::, ra-stateless, ra-names
# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overriden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.
#enable-ra
--
Dave Täht
Fixing bufferbloat with cerowrt:
http://www.teklibre.com/cerowrt/subscribe.html
[-- Attachment #2: Type: text/html, Size: 4101 bytes --]
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [Cerowrt-devel] dnsmasq ipv6 stuff 2013-01-22 6:40 Dave Taht @ 2013-01-22 18:52 ` Chris Lawrence 2013-01-22 22:19 ` Maciej Soltysiak ` (2 more replies) 0 siblings, 3 replies; 11+ messages in thread From: Chris Lawrence @ 2013-01-22 18:52 UTC (permalink / raw) To: <cerowrt-devel@lists.bufferbloat.net> On Tue, Jan 22, 2013 at 1:40 AM, Dave Taht <dave.taht@gmail.com> wrote: > I think that's this in /etc/dnsmasq.conf > > dhcp-range=se00,1234::, ra-stateless, ra-names > dhcp-range=sw00,1234::, ra-stateless, ra-names > dhcp-range=sw10,1234::, ra-stateless, ra-names > dhcp-range=gw00,1234::, ra-stateless, ra-names > dhcp-range=gw10,1234::, ra-stateless, ra-names > > It's kind of unclear to me what 1234 could be replaced with. > "ce30" works for me... Using ::1 on each will autoassign the addresses based on the address of the interface, which seems like a sensible default no matter what network address you have. Having said that I found that with ra-stateless enabled, at least one device on my network would send DHCPv6 requests that crashed dnsmasq. So I have: dhcp-range=::1,constructor:se00,ra-names (etc.) I think with test11 that can be further simplified to: dhcp-range=::1,constructor:*,ra-names This uses SLAAC only, which seems sufficient for my network purposes. I tried adding an end to the range to see if that was the problem with DHCP, but that doesn't seem to help, at least in test10. The other thing I noticed in 3.7.2-4 is that both dnsmasq and dnsmasq-dhcpv6 are installed, but the dnsmasq binary is actually the non-v6 version unless you reinstall the dnsmasq-dhcpv6 package (according to upstream OpenWRT, only one or the other should be installed since they conflict). Chris ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] dnsmasq ipv6 stuff 2013-01-22 18:52 ` Chris Lawrence @ 2013-01-22 22:19 ` Maciej Soltysiak 2013-01-22 23:12 ` Dave Taht 2013-01-25 19:21 ` Török Edwin 2 siblings, 0 replies; 11+ messages in thread From: Maciej Soltysiak @ 2013-01-22 22:19 UTC (permalink / raw) To: Chris Lawrence; +Cc: <cerowrt-devel@lists.bufferbloat.net> [-- Attachment #1: Type: text/plain, Size: 2277 bytes --] Something doesn't add up for me. Editing /etc/dnsmasq.conf and restarting yields a process: /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf Now, /var/etc/dnsmasq.conf, being compiled from /etc/config/dhcp doesn't seem to have the settings from /etc/dnsmasq.conf Also, things like ra-names in /etc/dnsmasq.conf doesn't seem to add --enable-ra to runtime options. Am I wrong in thinking that /etc/dnsmasq.conf, although is pared during /etc/init.d/dnsmasq restart, does not get you control over options of the final dnsmasq process? Regards, Maciej On Tue, Jan 22, 2013 at 7:52 PM, Chris Lawrence <lordsutch@gmail.com> wrote: > On Tue, Jan 22, 2013 at 1:40 AM, Dave Taht <dave.taht@gmail.com> wrote: > > I think that's this in /etc/dnsmasq.conf > > > > dhcp-range=se00,1234::, ra-stateless, ra-names > > dhcp-range=sw00,1234::, ra-stateless, ra-names > > dhcp-range=sw10,1234::, ra-stateless, ra-names > > dhcp-range=gw00,1234::, ra-stateless, ra-names > > dhcp-range=gw10,1234::, ra-stateless, ra-names > > > > It's kind of unclear to me what 1234 could be replaced with. > > "ce30" works for me... > > Using ::1 on each will autoassign the addresses based on the address > of the interface, which seems like a sensible default no matter what > network address you have. Having said that I found that with > ra-stateless enabled, at least one device on my network would send > DHCPv6 requests that crashed dnsmasq. So I have: > > dhcp-range=::1,constructor:se00,ra-names > (etc.) > > I think with test11 that can be further simplified to: > > dhcp-range=::1,constructor:*,ra-names > > This uses SLAAC only, which seems sufficient for my network purposes. > I tried adding an end to the range to see if that was the problem with > DHCP, but that doesn't seem to help, at least in test10. > > The other thing I noticed in 3.7.2-4 is that both dnsmasq and > dnsmasq-dhcpv6 are installed, but the dnsmasq binary is actually the > non-v6 version unless you reinstall the dnsmasq-dhcpv6 package > (according to upstream OpenWRT, only one or the other should be > installed since they conflict). > > > Chris > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > [-- Attachment #2: Type: text/html, Size: 2965 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] dnsmasq ipv6 stuff 2013-01-22 18:52 ` Chris Lawrence 2013-01-22 22:19 ` Maciej Soltysiak @ 2013-01-22 23:12 ` Dave Taht 2013-01-23 0:14 ` Chris Lawrence 2013-01-25 19:21 ` Török Edwin 2 siblings, 1 reply; 11+ messages in thread From: Dave Taht @ 2013-01-22 23:12 UTC (permalink / raw) To: Chris Lawrence; +Cc: <cerowrt-devel@lists.bufferbloat.net> [-- Attachment #1: Type: text/plain, Size: 3719 bytes --] On Tue, Jan 22, 2013 at 1:52 PM, Chris Lawrence <lordsutch@gmail.com> wrote: > On Tue, Jan 22, 2013 at 1:40 AM, Dave Taht <dave.taht@gmail.com> wrote: > > I think that's this in /etc/dnsmasq.conf > > > > dhcp-range=se00,1234::, ra-stateless, ra-names > > dhcp-range=sw00,1234::, ra-stateless, ra-names > > dhcp-range=sw10,1234::, ra-stateless, ra-names > > dhcp-range=gw00,1234::, ra-stateless, ra-names > > dhcp-range=gw10,1234::, ra-stateless, ra-names > > > > It's kind of unclear to me what 1234 could be replaced with. > > "ce30" works for me... > > Using ::1 on each will autoassign the addresses based on the address > of the interface, which seems like a sensible default no matter what > network address you have. Having said that I found that with > ra-stateless enabled, at least one device on my network would send > DHCPv6 requests that crashed dnsmasq. So I have: > > dhcp-range=::1,constructor:se00,ra-names > (etc.) > My own objection to ::1 is that provides both an easy mneumonic for people to manage their networks AND an easier vector for attacks from the outside world. J.random.badscript only has to ping ::1 on every subnet in your delegation to try and hit all the routers. That said, I think the humans are going to win on this one, even though the dns integration with ipv6 and dnsmasq is tighter than it's ever been before. One thing that does bother me though, from a simplification standpoint, is I wouldn't mind using up some of that extra address space to gain larger ephemeral port ranges for things like dns service and to make it easier to analyze traffic. I remember back in the 90s when we used to have one ip address per web host.... it was a PITA then because of address scarcity. I have been liking ipv6's integration with virtual machines. No more port forwarding, yea! A raft of unupdated vm machines running boo. > I think with test11 that can be further simplified to: > > dhcp-range=::1,constructor:*,ra-names > > This uses SLAAC only, which seems sufficient for my network purposes. > I tried adding an end to the range to see if that was the problem with > DHCP, but that doesn't seem to help, at least in test10. > > I won't mind providing some examples of syntax, and I can imagine that a guest network might use slaac and an internal network try to use dhcp. The new constructor thing is neat. Though I've read the man page secton on it 3 times, and still don't get it all. And now there's a new authoritative dns support documented in the man page... It has long been my hope to be able to publish AAAA records in the public dns, and this will let you do that. Still unclear as to how to just export AAAAs and not As.... Another one of my hopes has been to get one name for a machine with two interfaces somehow, someday. Anyway, I'm liking it... > The other thing I noticed in 3.7.2-4 is that both dnsmasq and > dnsmasq-dhcpv6 are installed, but the dnsmasq binary is actually the > non-v6 version unless you reinstall the dnsmasq-dhcpv6 package > (according to upstream OpenWRT, only one or the other should be > installed since they conflict). > I may have fixed this in 3.7.3-1, so if it isn't fixed now, let me know. CONFIG_PACKAGE_dnsmasq=m CONFIG_PACKAGE_dnsmasq-dhcpv6=y I'm hoping to get a 3.7.4-1 out with the last of the unaligned hack fixes out today. > Chris > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html [-- Attachment #2: Type: text/html, Size: 4886 bytes --] ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] dnsmasq ipv6 stuff 2013-01-22 23:12 ` Dave Taht @ 2013-01-23 0:14 ` Chris Lawrence 2013-01-23 7:24 ` Phil Pennock 0 siblings, 1 reply; 11+ messages in thread From: Chris Lawrence @ 2013-01-23 0:14 UTC (permalink / raw) To: Dave Taht; +Cc: <cerowrt-devel@lists.bufferbloat.net> On Tue, Jan 22, 2013 at 6:12 PM, Dave Taht <dave.taht@gmail.com> wrote: > My own objection to ::1 is that provides both an easy mneumonic for people > to manage their networks AND an easier vector for attacks from the outside > world. > > J.random.badscript only has to ping ::1 on every subnet in your delegation > to try and hit all the routers. True, although I think that's pretty much unavoidable given the design of ipv6 though (isn't ::1 always the router for the subnet)? You could always honeypot or Turing pit the other 2^16-(n) subnets if you're really paranoid about someone finding your router without a valid IPv6 address to start guessing with. The source code also seems to support using dhcp-range=::,constructor=*,ra-names,ra-stateless (etc.). I'm not sure what dropping the "1" does, exactly, not having perfect ipv6-foo skills yet. Chris ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] dnsmasq ipv6 stuff 2013-01-23 0:14 ` Chris Lawrence @ 2013-01-23 7:24 ` Phil Pennock 0 siblings, 0 replies; 11+ messages in thread From: Phil Pennock @ 2013-01-23 7:24 UTC (permalink / raw) To: Chris Lawrence; +Cc: <cerowrt-devel@lists.bufferbloat.net> On 2013-01-22 at 19:14 -0500, Chris Lawrence wrote: > True, although I think that's pretty much unavoidable given the design > of ipv6 though (isn't ::1 always the router for the subnet)? No, the router can have any IP within that subnet, but it will also join various multicast groups. Link-local multicast is ff02:: and the ::2 address is "all routers", so given "se00" as a network device name: ping6 ff02::2%se00 should elicit a response from every device on the LAN connected to CeroWRT's first LAN interface, where the device thinks that it's a router. Within the multicast assignments (ff0X::) ::1 is all nodes, so ping6 ff02::1%se00 gets a response from every machine which has IPv6 configured up, assuming no packet filters. This is defined for ff0X for X with 1, 2 and 5 (interface-local (ie, this machine), link-local and site-local). Fortunately, IPv6 doesn't define this for the global scope, ff0e::, otherwise there would be a teensy amplification factor for a response to a spoofed ICMP source address sending a ping to ff0e::1. For CeroWRT and debugging, the other interesting address in ff02:: (so you need the %device scoping control on the address) is ff02::1:2 for All_DHCP_Relay_Agents_and_Servers. -Phil ^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Cerowrt-devel] dnsmasq ipv6 stuff 2013-01-22 18:52 ` Chris Lawrence 2013-01-22 22:19 ` Maciej Soltysiak 2013-01-22 23:12 ` Dave Taht @ 2013-01-25 19:21 ` Török Edwin 2 siblings, 0 replies; 11+ messages in thread From: Török Edwin @ 2013-01-25 19:21 UTC (permalink / raw) To: cerowrt-devel On 01/22/2013 08:52 PM, Chris Lawrence wrote: > On Tue, Jan 22, 2013 at 1:40 AM, Dave Taht <dave.taht@gmail.com> wrote: >> I think that's this in /etc/dnsmasq.conf >> >> dhcp-range=se00,1234::, ra-stateless, ra-names >> dhcp-range=sw00,1234::, ra-stateless, ra-names >> dhcp-range=sw10,1234::, ra-stateless, ra-names >> dhcp-range=gw00,1234::, ra-stateless, ra-names >> dhcp-range=gw10,1234::, ra-stateless, ra-names >> >> It's kind of unclear to me what 1234 could be replaced with. >> "ce30" works for me... > > Using ::1 on each will autoassign the addresses based on the address > of the interface, which seems like a sensible default no matter what > network address you have. Having said that I found that with > ra-stateless enabled, at least one device on my network would send > DHCPv6 requests that crashed dnsmasq. So I have: > > dhcp-range=::1,constructor:se00,ra-names > (etc.) > > I think with test11 that can be further simplified to: > > dhcp-range=::1,constructor:*,ra-names Only thing that worked for me is one of these two in /etc/dnsmasq.conf: 1. specify prefix explicitly: dhcp-range=se00,2a02:2f02:1022:a4b7::,ra-names,48h 2. specifiy constructor:se00: dhcp-range=::1,constructor:se00,ra-names,48h Also I had to remove dnsmasq and install dnsmasq-dhcpv6 as mentioned in this thread already. With the above enable-ra seems to be optional. The other things didn't work, it never sends a RTR-ADVERT, although it sees RTR-SOLICIT: dhcp-range=se00,::1,slaac,48h dhcp-range=se00,ce30::,slaac,48h dhcp-range=::1,constructor=*,slaac,48h dhcp-range=::1,constructor:*,slaac,48h <-- this crashes immediately Best regards, --Edwin ^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2013-01-30 23:44 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <mailman.5741.1358880757.1742.cerowrt-devel@lists.bufferbloat.net>
2013-01-25 1:47 ` [Cerowrt-devel] dnsmasq ipv6 stuff Richard Brown
[not found] ` <FC4C3393-3EA4-4130-915E-373FAA458A32@intermapper.com>
2013-01-25 1:55 ` Richard Brown
2013-01-30 21:40 Simon Kelley
2013-01-30 23:44 ` Chris Lawrence
-- strict thread matches above, loose matches on Subject: below --
2013-01-22 6:40 Dave Taht
2013-01-22 18:52 ` Chris Lawrence
2013-01-22 22:19 ` Maciej Soltysiak
2013-01-22 23:12 ` Dave Taht
2013-01-23 0:14 ` Chris Lawrence
2013-01-23 7:24 ` Phil Pennock
2013-01-25 19:21 ` Török Edwin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox