On Fri, Nov 16, 2018 at 05:35:03PM +0100, Reyk Floeter wrote: > Hi, > > "local interface" (-L) is an amazing feature and I use it every day; > but it is IPv4-only and now I realized that I need IPv6 too. > > The attached diff implements IPv6 support for local interfaces. > > A few notes and limitations: > > - Unlike the embedded IPv4 DHCP server, it does not implement a > DHCPv6/rtsol responder in vmd. It relies on a rad(8) change that I've > sent earlier today. Configuring rad is easy enough and IPv6 users are > used to jumping though extra hoops: use my rad diff and run the daemon > with "interface tap" in /etc/rad.conf. > > - It is disabled by default. You can enable it with a global option > "local inet6" (to get a runtime random fd00::/8 ULA prefix) or "local > inet6 prefix xxx::/64" (to configure your own prefix). For > simplicity, the prefix is a global and not a per-VM option. > > - Once enabled, IPv6 will be enabled and an additional IPv6 address > configured on the host's VM tap(4) interface whenever you create it > with "local interface" / -L. > > - The IPv6 address is derived from the configured prefix and the IPv4 > address of the local interface on the VM side. This way it embeds the > VM and interface Id and you can even pf af-to it to IPv4 again! > > ``` > vm_priv_ifconfig: interface tap0 address 100.64.9.2/31 > vm_priv_ifconfig: interface tap0 address fdfc:6be5:806:930a:6440:903:0:1/96 > ^^^^^^^^ > 100.64.9.3 > ``` > > - The resulting address is suitable for rad(8) - just run "ifconfig > vio0 inet6 autoconf" in the guest and you'll get your /96 IPv6 > address. > > ``` > vio0: > flags=208b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,AUTOCONF6> > mtu 1500 > lladdr fe:e1:bb:d1:88:4f > index 1 priority 0 llprio 3 > groups: egress > media: Ethernet autoselect > status: active > inet 100.64.9.3 netmask 0xfffffffe > inet6 fe80::7a1f:6128:505d:4ea5%vio0 prefixlen 64 scopeid 0x1 > inet6 fdfc:6be5:806:930a:6440:903:b11c:516 prefixlen 96 autoconf > autoconfprivacy pltime 86063 vltime 604794 > inet6 fdfc:6be5:806:930a:6440:903:d457:347a prefixlen 96 autoconf > pltime 604794 vltime 2591994 > ``` > > - The only problem is that the IPv6 address is nondeterministic where > you cannot guess the VM's IPv6 address "from the outside" (32 bits of > entropy for the guest IP). It tried it with a /127 prefix but > slaacd/rad don't handle this very well as it has a 50% chance of > creating a duplicate with the host's IP. I didn't attempt to "fix" it > as it would probably be incompatible with other rtsol clients. So I > eventually decided that this is not important as I would still use the > IPv4 address to log in - the IPv6 address is primarily used for > outbound connections. > > OK? > > Reyk
Nice....ok ccardenas@ +--+ Carlos
