Discussion:
[Dnsmasq-discuss] DHCPv6 ULA & Global address allocation & Apple devices
Kevin Darbyshire-Bryant
2016-11-21 11:22:56 UTC
Permalink
Hi All,

This problem has been around a while (forever?) but it's only just
annoyed me sufficiently to investigate.

The box in question is running a recent version LEDE and in my case
dnsmasq git head bleeding edge. LEDE normally uses its homegrown odhcpd
to hand out DHCPv6 addresses, whereas I choose to disable this and use
dnsmasq. I use DHCPv6 stateful to hand out addresses, no SLAAC.

The problem is that some devices (Apple) only obtain a ULA based address
allocation when using dnsmasq. Using odhcpd they obtain both a ULA and
global address.

I've previously worked around this simply by removing the ULA prefix
from the LAN interface but the question remains....why does this and
should this happen? Who is wrong? dnsmasq or odhcpd?

dnsmasq:

Mon Nov 21 10:25:49 2016 daemon.info dnsmasq-dhcp[27664]:
DHCPSOLICIT(br-lan) 00:01:00:01:18:c6:20:23:ac:3c:0b:0c:e7:fd
Mon Nov 21 10:25:49 2016 daemon.info dnsmasq-dhcp[27664]:
DHCPADVERTISE(br-lan) fdb5:c64a:3cd0:2b::4ff0:198e
00:01:00:01:18:c6:20:23:ac:3c:0b:0c:e7:fd
Mon Nov 21 10:25:49 2016 daemon.info dnsmasq-dhcp[27664]:
DHCPADVERTISE(br-lan) 2a02:c7f:1220:bf2b::4ff0:198e
00:01:00:01:18:c6:20:23:ac:3c:0b:0c:e7:fd
Mon Nov 21 10:25:49 2016 daemon.info dnsmasq-dhcp[27664]:
DHCPREQUEST(br-lan) 00:01:00:01:18:c6:20:23:ac:3c:0b:0c:e7:fd
Mon Nov 21 10:25:49 2016 daemon.info dnsmasq-dhcp[27664]:
DHCPREPLY(br-lan) fdb5:c64a:3cd0:2b::4ff0:198e
00:01:00:01:18:c6:20:23:ac:3c:0b:0c:e7:fd


Curiously, the solicit gets responded to by two advertises, one ULA, one
global. The follow up dhcprequest only gets the single (ULA) response.


odhcpd:

Mon Nov 21 10:27:48 2016 daemon.warn odhcpd[1426]: DHCPV6 SOLICIT IA_NA
from 0001000118c62023ac3c0b0ce7fd on br-lan: ok
2a02:c7f:1220:bf2b::85e/128 fdb5:c64a:3cd0:2b::85e/128

Clearly the logging is very different and ideally I should grab a packet
dump (being worked on!) to see how this is handled at the packet level
(e.g. does dnsmasq send two reply packets vs odhcpd sends one but with
two answers as hinted by the logs)

Insight and assistance appreciated :-)

Kevin
Kevin Darbyshire-Bryant
2016-11-21 15:52:47 UTC
Permalink
I've got some packet captures now that have helped answer some of the
questions.

1) The DHCPADVERTISE in the log are included in just one packet.

2) The solicits from my ipad and the advertises are identical except
dnsmasq presents the ULA address first whereas odhcpd presents the
global address first. Both ULA & global are included, just the order
gets swapped.

3) The ipad requests the IPv6 address presented first in the solicit.
So for odhcpd it requests global, whereas for dnsmasq it requests ULA.

4) dnsmasq replies with and only with the requested address (ULA) in
this case. odhcpd replies with both global and ULA addresses.


A few questions result:

1) Should dnsmasq reply with all available dhcpv6 ranges even if one
specific address only is requested, like odhcpd?

2) Should dnsmasq re-order its replies in the solicits to present global
first?

3) Is Apple wrong?


Help! :-)


Kevin


PS: As a total hack, I got dnsmasq to ignore any requested addresses.
Dnsmasq replies with both ULA & Global addresses in the reply...and my
iPad is happy...it takes the global address.




--- a/src/rfc3315.c
+++ b/src/rfc3315.c
@@ -867,13 +867,10 @@ static int dhcp6_no_relay(struct state *
if (!check_ia(state, opt, &ia_end, &ia_option))
continue;

- if (!ia_option)
- {
/* If we get a request with a IA_*A without addresses,
treat it exactly like
a SOLICT with rapid commit set. */
save_counter(start);
goto request_no_address;
- }

o = build_ia(state, &t1cntr);
Kevin Darbyshire-Bryant
2016-11-21 18:44:35 UTC
Permalink
Post by Kevin Darbyshire-Bryant
PS: As a total hack, I got dnsmasq to ignore any requested addresses.
Dnsmasq replies with both ULA & Global addresses in the reply...and my
iPad is happy...it takes the global address.
Nope, the above worked temporarily by luck rather than judgement.
Simon Kelley
2016-12-16 21:39:54 UTC
Permalink
Post by Kevin Darbyshire-Bryant
I've got some packet captures now that have helped answer some of
the questions.
1) The DHCPADVERTISE in the log are included in just one packet.
2) The solicits from my ipad and the advertises are identical
except dnsmasq presents the ULA address first whereas odhcpd
presents the global address first. Both ULA & global are included,
just the order gets swapped.
3) The ipad requests the IPv6 address presented first in the
solicit. So for odhcpd it requests global, whereas for dnsmasq it
requests ULA.
4) dnsmasq replies with and only with the requested address (ULA)
in this case. odhcpd replies with both global and ULA addresses.
1) Should dnsmasq reply with all available dhcpv6 ranges even if
one specific address only is requested, like odhcpd?
I don't know. What would be the point of having requested addresses if
they weren't used?
Post by Kevin Darbyshire-Bryant
2) Should dnsmasq re-order its replies in the solicits to present
global first?
Would that help? I guess you really want both addresses.
Post by Kevin Darbyshire-Bryant
3) Is Apple wrong?
Quite possibly.
Post by Kevin Darbyshire-Bryant
Help! :-)
Do you have packet dumps available? I'm interested if the request has
two IA_NA options, or one IA_NA with two addresses.


Cheers,

Simon.
Post by Kevin Darbyshire-Bryant
Kevin
PS: As a total hack, I got dnsmasq to ignore any requested
addresses. Dnsmasq replies with both ULA & Global addresses in the
reply...and my iPad is happy...it takes the global address.
static int dhcp6_no_relay(struct state * if (!check_ia(state, opt,
&ia_end, &ia_option)) continue;
- if (!ia_option) - { /* If we get a
request with a IA_*A without addresses, treat it exactly like a
SOLICT with rapid commit set. */ save_counter(start); goto
request_no_address; - }
o = build_ia(state, &t1cntr);
_______________________________________________ Dnsmasq-discuss
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...