Re: inet6 route not added for autoconf prefix
On 03/11/15(Tue) 10:25, Lauri Tirkkonen wrote:
> On Tue, Nov 03 2015 10:24:32 +0200, Lauri Tirkkonen wrote:
> > I applied the attached patch on top of 5.8-stable rtadvd
>
> Might work better if I actually attach the patch.
Committed, thanks!
>
> --
> Lauri Tirkkonen | lotheac @ IRCnet
> ? usr.sbin/rtadvd/cscope.out
> ? usr.sbin/rtadvd/rtadvd
> Index: usr.sbin/rtadvd/if.c
> ===
> RCS file: /cvs/src/usr.sbin/rtadvd/if.c,v
> retrieving revision 1.29
> diff -u -p -r1.29 if.c
> --- usr.sbin/rtadvd/if.c 25 Oct 2015 22:11:34 - 1.29
> +++ usr.sbin/rtadvd/if.c 3 Nov 2015 08:14:23 -
> @@ -180,6 +180,7 @@ int
> lladdropt_length(struct sockaddr_dl *sdl)
> {
> switch (sdl->sdl_type) {
> + case IFT_CARP:
> case IFT_ETHER:
> case IFT_FDDI:
> return(ROUNDUP8(ETHER_ADDR_LEN + 2));
> @@ -196,6 +197,7 @@ lladdropt_fill(struct sockaddr_dl *sdl,
> ndopt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; /* fixed */
>
> switch (sdl->sdl_type) {
> + case IFT_CARP:
> case IFT_ETHER:
> case IFT_FDDI:
> ndopt->nd_opt_len = (ROUNDUP8(ETHER_ADDR_LEN + 2)) >> 3;
Re: inet6 route not added for autoconf prefix
On 03/11/15(Tue) 10:24, Lauri Tirkkonen wrote: > On Mon, Nov 02 2015 19:37:14 +0200, Lauri Tirkkonen wrote: > > The discussion leads me to think that there might be a bug with rtadvd > > not including the src lladdr option when run on a carp interface. > > I applied the attached patch on top of 5.8-stable rtadvd, and it fixes > the problem: src lladdr options are now present in router advertisement. > This also fixes the -current client box's route issue, it now gets the > correct on-link route: > > 2001:708:20:e336::/64 fe80::219:99ff:fee8:e88a%em0 UC 0 > 2 - 4 em0 Good to now, I think the diff should be committed. > > However, Linux and illumos machines on this same network do get the > > appropriate 2001:708:20:e336::/64 route added by default (and > > consequently communicate succesfully) - is the fact that the route is > > not being added (when the src lladdr is missing in the rtadv) possibly > > another bug? > > According to RFC 4861, the source link-layer address option may be > omitted by routers [0], so I do think the on-link route not being added > is another bug. I don't have a patch for it though. > > [0]: https://tools.ietf.org/html/rfc4861#page-21 Fine however the actual KAME code is more than horrible and won't select a default router without specified lladdr. defrouter_select() check for the state of the associated LLINFO which is ND6_LLINFO_NOSTATE in your case, that's why no route is created.
Re: inet6 route not added for autoconf prefix
On Tue, Nov 03 2015 10:24:32 +0200, Lauri Tirkkonen wrote:
> I applied the attached patch on top of 5.8-stable rtadvd
Might work better if I actually attach the patch.
--
Lauri Tirkkonen | lotheac @ IRCnet
? usr.sbin/rtadvd/cscope.out
? usr.sbin/rtadvd/rtadvd
Index: usr.sbin/rtadvd/if.c
===
RCS file: /cvs/src/usr.sbin/rtadvd/if.c,v
retrieving revision 1.29
diff -u -p -r1.29 if.c
--- usr.sbin/rtadvd/if.c25 Oct 2015 22:11:34 - 1.29
+++ usr.sbin/rtadvd/if.c3 Nov 2015 08:14:23 -
@@ -180,6 +180,7 @@ int
lladdropt_length(struct sockaddr_dl *sdl)
{
switch (sdl->sdl_type) {
+ case IFT_CARP:
case IFT_ETHER:
case IFT_FDDI:
return(ROUNDUP8(ETHER_ADDR_LEN + 2));
@@ -196,6 +197,7 @@ lladdropt_fill(struct sockaddr_dl *sdl,
ndopt->nd_opt_type = ND_OPT_SOURCE_LINKADDR; /* fixed */
switch (sdl->sdl_type) {
+ case IFT_CARP:
case IFT_ETHER:
case IFT_FDDI:
ndopt->nd_opt_len = (ROUNDUP8(ETHER_ADDR_LEN + 2)) >> 3;
Re: inet6 route not added for autoconf prefix
On Mon, Nov 02 2015 19:37:14 +0200, Lauri Tirkkonen wrote: > The discussion leads me to think that there might be a bug with rtadvd > not including the src lladdr option when run on a carp interface. I applied the attached patch on top of 5.8-stable rtadvd, and it fixes the problem: src lladdr options are now present in router advertisement. This also fixes the -current client box's route issue, it now gets the correct on-link route: 2001:708:20:e336::/64 fe80::219:99ff:fee8:e88a%em0 UC 0 2 - 4 em0 > However, Linux and illumos machines on this same network do get the > appropriate 2001:708:20:e336::/64 route added by default (and > consequently communicate succesfully) - is the fact that the route is > not being added (when the src lladdr is missing in the rtadv) possibly > another bug? According to RFC 4861, the source link-layer address option may be omitted by routers [0], so I do think the on-link route not being added is another bug. I don't have a patch for it though. [0]: https://tools.ietf.org/html/rfc4861#page-21 -- Lauri Tirkkonen | lotheac @ IRCnet
Re: inet6 route not added for autoconf prefix
On Mon, Nov 02 2015 18:29:25 +0100, Martin Pieuchot wrote: > On 02/11/15(Mon) 19:03, Lauri Tirkkonen wrote: > > On Mon, Nov 02 2015 17:47:04 +0100, Martin Pieuchot wrote: > > > On 02/11/15(Mon) 16:29, Lauri Tirkkonen wrote: > > > > On Mon, Nov 02 2015 15:10:07 +0100, Martin Pieuchot wrote: > > > > > Could you include the output of "netstat -rnf inet6" before and after > > > > > enabling autoconf on your interface? > > > > > > > > Sure. > > > > > > Thanks. Sadly I don't see anything useful here and cannot reproduce the > > > bug. Could you try cranking "net.inet6.icmp6.nd6_debug" and see if you > > > get any info when autoconfiguring your interface? > > > > Not really. Just output about successful DAD not finding any duplicates: > > > > em0: got interface identifier from itself > > em0: ifid: 02:19:99:ff:fe:e8:e8:8a > > em0: starting DAD for fe80:1::219:99ff:fee8:e88a > > em0: DAD complete for fe80:1::219:99ff:fee8:e88a - no duplicates found > > em0: starting DAD for 2001:708:20:e336:219:99ff:fee8:e88a > > em0: starting DAD for 2001:708:20:e336:b478:409f:f764:f5c5 > > em0: DAD complete for 2001:708:20:e336:219:99ff:fee8:e88a - no > > duplicates found > > em0: DAD complete for 2001:708:20:e336:b478:409f:f764:f5c5 - no > > duplicates found > > I should have asked that before, but do you see the announced prefix > with "ndp -p" and/or router with "ndp -r"? Yes: flashman ~ % ndp -p 2001:708:20:e336::/64 if=em0 flags=LAD vltime=2592000, pltime=604800, expire=29d23h59m58s, ref=2 advertised by fe80::200:5eff:fe00:109%em0 (unreachable) flashman ~ % ndp -r fe80::200:5eff:fe00:109%em0 if=em0, flags=, pref=medium, expire=29m57s The ndp entry for the router is incomplete after autoconf (hence "unreachable"). ping6'ing it makes it reachable *and* seems to add the appropriate on-link route, though. -- Lauri Tirkkonen | lotheac @ IRCnet
Re: inet6 route not added for autoconf prefix
On Mon, Nov 02 2015 19:03:34 +0200, Lauri Tirkkonen wrote: > On Mon, Nov 02 2015 17:47:04 +0100, Martin Pieuchot wrote: > > On 02/11/15(Mon) 16:29, Lauri Tirkkonen wrote: > > > On Mon, Nov 02 2015 15:10:07 +0100, Martin Pieuchot wrote: > > > > Could you include the output of "netstat -rnf inet6" before and after > > > > enabling autoconf on your interface? > > > > > > Sure. > > > > Thanks. Sadly I don't see anything useful here and cannot reproduce the > > bug. Could you try cranking "net.inet6.icmp6.nd6_debug" and see if you > > get any info when autoconfiguring your interface? > > Not really. Just output about successful DAD not finding any duplicates: I might've spoken too soon. I do get a bunch of 'NS packet from non-neighbor' when actually trying to use the interface, but I suppose that's more of a symptom of the on-link route missing than the cause: nd6_ns_input: NS packet from non-neighbor nd6_ns_input: src=2001:708:20:e336::1 nd6_ns_input: dst=ff02:1::1:ff02:2a23 nd6_ns_input: tgt=2001:708:20:e336:1497:d53b:5d02:2a23 tgt is the autoconfprivacy address currently in use for this host, and src is the static address on the non-carp interface of the router. These solicitations don't get answered (I assume because they're from "non-neighbor", since there is no on-link route to src), and v6 connectivity to the router fails, which was the problem I initially set out to investigate. The discussion leads me to think that there might be a bug with rtadvd not including the src lladdr option when run on a carp interface. However, Linux and illumos machines on this same network do get the appropriate 2001:708:20:e336::/64 route added by default (and consequently communicate succesfully) - is the fact that the route is not being added (when the src lladdr is missing in the rtadv) possibly another bug? -- Lauri Tirkkonen | lotheac @ IRCnet
Re: inet6 route not added for autoconf prefix
On 2015/11/02 18:56, Lauri Tirkkonen wrote: > On Mon, Nov 02 2015 16:40:15 +, Stuart Henderson wrote: > > On 2015/11/02 13:56, loth...@iki.fi wrote: > > > The machine sending the router advertisements in question is OpenBSD > > > 5.8-stable > > > (rtadvd running on carp interface), and the prefix information is visible > > > on > > > the wire: > > > > Does the 5.8-stable machine have any autoconf addresses? > > Nope, it's a router so only static addresses. OK, it's not the 5.8 bug that I was wondering about then. Routers can have autoconf addresses though, a typical ISP setup for native v6 over PPP is to use autoconf to hand out the PPP address, plus DHCPv6-PD to hand out prefixes to use on the LAN. > > > 00:00:5e:00:01:09 33:33:00:00:00:01 86dd 166: fe80::200:5eff:fe00:109 > > > > ff02::1: icmp6: router advertisement(chlim=64, router_ltime=1800, > > > reachable_time=0, retrans_time=0)(prefix info: LA valid_ltime=2592000, > > > preferred_ltime=604800, prefix=2001:708:20:e336::/64)(unknown > > > opt_type=25, opt_len=5)(unknown opt_type=31, opt_len=3) [icmp6 cksum ok] > > > (len 112, hlim 255) > > > > There's no "src lladdr" in here. Do you explicitly set 'nolladdr' in > > rtadvd.conf? > > Nope; only rdnss/dnssl options in there, and the result is the same even > without a configuration file. Interesting point that it is missing, > though; maybe that's related to rtadvd being run on a carp interface? Ah that's possible ... I don't have a handy v6+carp setup that I can play with here.
Re: inet6 route not added for autoconf prefix
On 02/11/15(Mon) 19:03, Lauri Tirkkonen wrote: > On Mon, Nov 02 2015 17:47:04 +0100, Martin Pieuchot wrote: > > On 02/11/15(Mon) 16:29, Lauri Tirkkonen wrote: > > > On Mon, Nov 02 2015 15:10:07 +0100, Martin Pieuchot wrote: > > > > Could you include the output of "netstat -rnf inet6" before and after > > > > enabling autoconf on your interface? > > > > > > Sure. > > > > Thanks. Sadly I don't see anything useful here and cannot reproduce the > > bug. Could you try cranking "net.inet6.icmp6.nd6_debug" and see if you > > get any info when autoconfiguring your interface? > > Not really. Just output about successful DAD not finding any duplicates: > > em0: got interface identifier from itself > em0: ifid: 02:19:99:ff:fe:e8:e8:8a > em0: starting DAD for fe80:1::219:99ff:fee8:e88a > em0: DAD complete for fe80:1::219:99ff:fee8:e88a - no duplicates found > em0: starting DAD for 2001:708:20:e336:219:99ff:fee8:e88a > em0: starting DAD for 2001:708:20:e336:b478:409f:f764:f5c5 > em0: DAD complete for 2001:708:20:e336:219:99ff:fee8:e88a - no duplicates > found > em0: DAD complete for 2001:708:20:e336:b478:409f:f764:f5c5 - no > duplicates found I should have asked that before, but do you see the announced prefix with "ndp -p" and/or router with "ndp -r"?
Re: inet6 route not added for autoconf prefix
On Mon, Nov 02 2015 17:47:04 +0100, Martin Pieuchot wrote: > On 02/11/15(Mon) 16:29, Lauri Tirkkonen wrote: > > On Mon, Nov 02 2015 15:10:07 +0100, Martin Pieuchot wrote: > > > Could you include the output of "netstat -rnf inet6" before and after > > > enabling autoconf on your interface? > > > > Sure. > > Thanks. Sadly I don't see anything useful here and cannot reproduce the > bug. Could you try cranking "net.inet6.icmp6.nd6_debug" and see if you > get any info when autoconfiguring your interface? Not really. Just output about successful DAD not finding any duplicates: em0: got interface identifier from itself em0: ifid: 02:19:99:ff:fe:e8:e8:8a em0: starting DAD for fe80:1::219:99ff:fee8:e88a em0: DAD complete for fe80:1::219:99ff:fee8:e88a - no duplicates found em0: starting DAD for 2001:708:20:e336:219:99ff:fee8:e88a em0: starting DAD for 2001:708:20:e336:b478:409f:f764:f5c5 em0: DAD complete for 2001:708:20:e336:219:99ff:fee8:e88a - no duplicates found em0: DAD complete for 2001:708:20:e336:b478:409f:f764:f5c5 - no duplicates found -- Lauri Tirkkonen | lotheac @ IRCnet
Re: inet6 route not added for autoconf prefix
On Mon, Nov 02 2015 16:40:15 +, Stuart Henderson wrote: > On 2015/11/02 13:56, loth...@iki.fi wrote: > > The machine sending the router advertisements in question is OpenBSD > > 5.8-stable > > (rtadvd running on carp interface), and the prefix information is visible on > > the wire: > > Does the 5.8-stable machine have any autoconf addresses? Nope, it's a router so only static addresses. > > 00:00:5e:00:01:09 33:33:00:00:00:01 86dd 166: fe80::200:5eff:fe00:109 > > > ff02::1: icmp6: router advertisement(chlim=64, router_ltime=1800, > > reachable_time=0, retrans_time=0)(prefix info: LA valid_ltime=2592000, > > preferred_ltime=604800, prefix=2001:708:20:e336::/64)(unknown opt_type=25, > > opt_len=5)(unknown opt_type=31, opt_len=3) [icmp6 cksum ok] (len 112, hlim > > 255) > > There's no "src lladdr" in here. Do you explicitly set 'nolladdr' in > rtadvd.conf? Nope; only rdnss/dnssl options in there, and the result is the same even without a configuration file. Interesting point that it is missing, though; maybe that's related to rtadvd being run on a carp interface? -- Lauri Tirkkonen | lotheac @ IRCnet
Re: inet6 route not added for autoconf prefix
On 02/11/15(Mon) 16:29, Lauri Tirkkonen wrote: > On Mon, Nov 02 2015 15:10:07 +0100, Martin Pieuchot wrote: > > Could you include the output of "netstat -rnf inet6" before and after > > enabling autoconf on your interface? > > Sure. Thanks. Sadly I don't see anything useful here and cannot reproduce the bug. Could you try cranking "net.inet6.icmp6.nd6_debug" and see if you get any info when autoconfiguring your interface?
Re: inet6 route not added for autoconf prefix
On 2015/11/02 13:56, loth...@iki.fi wrote: > The machine sending the router advertisements in question is OpenBSD > 5.8-stable > (rtadvd running on carp interface), and the prefix information is visible on > the wire: Does the 5.8-stable machine have any autoconf addresses? > 00:00:5e:00:01:09 33:33:00:00:00:01 86dd 166: fe80::200:5eff:fe00:109 > > ff02::1: icmp6: router advertisement(chlim=64, router_ltime=1800, > reachable_time=0, retrans_time=0)(prefix info: LA valid_ltime=2592000, > preferred_ltime=604800, prefix=2001:708:20:e336::/64)(unknown opt_type=25, > opt_len=5)(unknown opt_type=31, opt_len=3) [icmp6 cksum ok] (len 112, hlim > 255) There's no "src lladdr" in here. Do you explicitly set 'nolladdr' in rtadvd.conf?
Re: inet6 route not added for autoconf prefix
On Mon, Nov 02 2015 15:10:07 +0100, Martin Pieuchot wrote: > Could you include the output of "netstat -rnf inet6" before and after > enabling autoconf on your interface? Sure. flashman ~ % doas ifconfig em0 -inet6 flashman ~ % netstat -rnf inet6 Routing tables Internet6: DestinationGatewayFlags Refs Use Mtu Prio Iface ::/104 ::1UGRS 00 32768 8 lo0 ::/96 ::1UGRS 00 32768 8 lo0 ::1::1UHl 14 18 32768 1 lo0 ::127.0.0.0/104::1UGRS 00 32768 8 lo0 ::224.0.0.0/100::1UGRS 00 32768 8 lo0 ::255.0.0.0/104::1UGRS 00 32768 8 lo0 :::0.0.0.0/96 ::1UGRS 00 32768 8 lo0 2002::/24 ::1UGRS 00 32768 8 lo0 2002:7f00::/24 ::1UGRS 00 32768 8 lo0 2002:e000::/20 ::1UGRS 00 32768 8 lo0 2002:ff00::/24 ::1UGRS 00 32768 8 lo0 fe80::/10 ::1UGRS 01 32768 8 lo0 fe80::1%lo0fe80::1%lo0UHl 00 32768 1 lo0 fec0::/10 ::1UGRS 00 32768 8 lo0 ff01::/16 ::1UGRS 01 32768 8 lo0 ff01::%lo0/32 ::1UC 01 32768 4 lo0 ff02::/16 ::1UGRS 01 32768 8 lo0 ff02::%lo0/32 ::1UC 01 32768 4 lo0 flashman ~ % doas ifconfig em0 inet6 autoconf flashman ~ % netstat -rnf inet6 Routing tables Internet6: DestinationGatewayFlags Refs Use Mtu Prio Iface ::/104 ::1UGRS 00 32768 8 lo0 ::/96 ::1UGRS 00 32768 8 lo0 defaultfe80::200:5eff:fe00:109%em0UG 02 -56 em0 ::1::1UHl 14 18 32768 1 lo0 ::127.0.0.0/104::1UGRS 00 32768 8 lo0 ::224.0.0.0/100::1UGRS 00 32768 8 lo0 ::255.0.0.0/104::1UGRS 00 32768 8 lo0 :::0.0.0.0/96 ::1UGRS 00 32768 8 lo0 2001:708:20:e336:219:99ff:fee8:e88a 00:19:99:e8:e8:8a UHLl 00 - 1 em0 2001:708:20:e336:f88b:c952:b856:b6af 00:19:99:e8:e8:8a UHLl 00 - 1 em0 2002::/24 ::1UGRS 00 32768 8 lo0 2002:7f00::/24 ::1UGRS 00 32768 8 lo0 2002:e000::/20 ::1UGRS 00 32768 8 lo0 2002:ff00::/24 ::1UGRS 00 32768 8 lo0 fe80::/10 ::1UGRS 02 32768 8 lo0 fe80::%em0/64 fe80::219:99ff:fee8:e88a%em0 UC 11 - 4 em0 fe80::200:5eff:fe00:109%em0link#1 UHLc 1 12 - 4 em0 fe80::219:99ff:fee8:e88a%em0 00:19:99:e8:e8:8a UHLl 00 - 1 em0 fe80::1%lo0fe80::1%lo0UHl 00 32768 1 lo0 fec0::/10 ::1UGRS 00 32768 8 lo0 ff01::/16 ::1UGRS 02 32768 8 lo0 ff01::%em
Re: inet6 route not added for autoconf prefix
On 02/11/15(Mon) 13:56, loth...@iki.fi wrote: > >Synopsis:inet6 route not added for autoconf prefix > >Category:kernel > >Environment: > System : OpenBSD 5.8 > Details : OpenBSD 5.8-current (GENERIC.MP) #1560: Sun Nov 1 > 20:57:59 MST 2015 > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 > >Description: > > When configuring an interface for inet6 autoconf and receiving a router > advertisement containing a certain global prefix, a route for that prefix is > not added to the routing table. > > The machine sending the router advertisements in question is OpenBSD > 5.8-stable > (rtadvd running on carp interface), and the prefix information is visible on > the wire: > > 00:00:5e:00:01:09 33:33:00:00:00:01 86dd 166: fe80::200:5eff:fe00:109 > > ff02::1: icmp6: router advertisement(chlim=64, router_ltime=1800, > reachable_time=0, retrans_time=0)(prefix info: LA valid_ltime=2592000, > preferred_ltime=604800, prefix=2001:708:20:e336::/64)(unknown opt_type=25, > opt_len=5)(unknown opt_type=31, opt_len=3) [icmp6 cksum ok] (len 112, hlim > 255) > > (I have been having some inet6 issues with my openbsd workstation behind these > carp+pfsync firewalls for a long while, and while I still need to investigate > further, I believe this is an important piece of the puzzle) > > >How-To-Repeat: > > ifconfig em0 inet6 autoconf > ifconfig em0 # to check your assigned address and prefix length > netstat -rnf inet6 | grep 2001:708:20:e336 # or whatever your prefix is > > Observe that only a host entry exists matching the prefix matching the > global address of the interface. Additionally, 'route get' can be used > to verify that addresses in the same prefix are thought to be behind > the default router: > > # route get 2001:708:20:e336::123 > route to: 2001:708:20:e336::123 > destination: :: > mask: default > gateway: fe80::200:5eff:fe00:109%em0 > > >Fix: > autoconfigured prefixes should be added as on-link routes. Could you include the output of "netstat -rnf inet6" before and after enabling autoconf on your interface? Thanks, Martin
