Re: DHCPv6 support in Network Manager isn't RFC compliant

From: Stéphane Graber <stgraber ubuntu com>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: DHCPv6 support in Network Manager isn't RFC compliant
Date: Fri, 29 Jul 2011 18:24:03 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 07/29/2011 05:54 PM, Dan Williams wrote:
> On Thu, 2011-07-28 at 10:23 -0400, Stéphane Graber wrote:
>> Hello,
>> 
>> As I'm not subscribed to this mailing-list, I'd appreciate it if
>> you could Cc me on your replies. Thanks
>> 
>> 
>> I've recently been spending quite a bit of time testing Network 
>> Manager's IPv6 support on Ubuntu as part of our ongoing effort of 
>> getting full IPv6 support for Oneiric.
>> 
>> It's really looking good and Network Manager does a great job of 
>> handling all the possible use cases I have, except one small
>> detail.
>> 
>> I noticed yesterday that Network Manager uses a different DHCP
>> lease file for each connection. I can understand why it's been done
>> this way for DHCPv4 (makes it more readable and easier to cleanup)
>> but that's unfortunately breaking DHCPv6 support.
> 
> Thanks for investigating this.
> 
>> 
>> You're probably aware that with DHCPv6, "host" definitions on the
>> server side are no longer tied to a MAC address but instead to a
>> DUID. This DUID is defined in RFC 3315, section 9. 
>> http://www.ietf.org/rfc/rfc3315.txt
>> 
>> Quoting part of this specific section: The DUID is carried in an
>> option because it may be variable length and because it is not
>> required in all DHCP messages.  The DUID is designed to be unique
>> across all DHCP clients and servers, and stable for any specific
>> client or server - that is, the DUID used by a client or server
>> SHOULD NOT change over time if at all possible; for example, a
>> device's DUID should not change as a result of a change in the
>> device's network hardware.
>> 
>> The way the ISC dhclient works, it's looking for a default-duid
>> field in its lease file. For example, on my machine I currently
>> have: default-duid
>> "\000\001\000\001\025\303}\370\000#\024\243\331\244";
>> 
>> This is fine as long as dhclient always uses the same lease file
>> but it's sadly not the current behavior when used with Network
>> Manager.
>> 
>> The current behavior's IPv4 equivalent would be a changing MAC
>> address for every single network defined in Network Manager, which
>> is really problematic for system administrators who need to do
>> per-host configuration with DHCPv6.
>> 
>> 
>> I'd highly recommend Network Manager either uses 
>> /var/lib/dhcp/dhclient6.leases as its lease file or if you
>> absolutely want to keep a separate lease file per connection, then
>> use the following algorithm:
>> 
>> 1) Check if /var/lib/dhcp/dhclient6.leases exists 1a) If it does,
>> grab the DUID from it. 1b) If it doesn't, generate a new DUID and
>> write it to /var/lib/dhcp/dhclient6.leases 2) Write that DUID to
>> your per-connection lease file prior to starting dhclient
> 
> This is probably the best course of action; if there's already a 
> leasefile but that leasefile doesn't have a default DUID, then we
> add the default DUID to the top of the leasefile.  If there isnt' a 
> leasefile, then we create a new leasefile with one line (for the 
> default-duid) and pass that file to dhclient like we normally do.
> 
> If /var/lib/dhcp/dhclient6.leases doesn't exist (it doesn't on any of
> my systems) then we should probably scan existing leasefiles and grab
> the first default duid that we find.  That could be a performance
> issue though, so if possible the code should only do this *once* (in 
> nm-dhcp-dhclient.c) and store the value in a global 'static char *' 
> variable so that it can be re-used from other instances of 
> NMDHCPDhclient without having to be re-read.

My suggestion in this case would be to instead create
/var/lib/dhcp/dhclient6.leases containing only the duid.

This way you shouldn't have to scan through all your .leases file and
someone manually starting dhclient6 will still get the same duid.

> 
> Anyone want to take a stab at the patch?  Should be pretty simple. 
> Testcases earn you a bonus :)
> 
> Dan


- -- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJOMzL/AAoJEMY4l01keS1n7IoP/jcctsyQFQ/7gTwp8mEbETVT
7zkMvVd/LTIGOLN3WEfeJLrKmRR3HR8AvAayD5IVFD8ak0XPTFv2Wfpo6yUKSiiU
yOYvW4mOmtJC+xKCqq9A2GZfQtumw8RO49ipOsalhsokMoTUAcmYPdoSLOqjkUUj
HJRUc5Hr+d3bL0QfdNRdVdnwTZfmejeMAVrAZ2nyOQe0DR86rm+suynUpBmYEGG0
j3I3Rf9xWwQfz8TFjfveFbKeFwqMcUU8MhBRhcVfYc7GTTwgwY/zXMVhCmU+9pc0
4033xiXo7nu4Dy7DsPUQbfwtVDENV0zgsErr68ZFw0Z465sVRCha21FCuGyanWWP
DwnDFhSH7LoQP9zh0P0c7nfCAJc0BPPgr3hqqm43h1TGa3vSW1COiGPFaLg3+gBR
sZGEOjLUfIOiduLGAfei32em5Ci5Tinl/acAtby/LDv0qQ8JFcHxE45B4Dtdl3C9
2IWi7Yty4JJLo1L5QpjugXT6DX8SAy2njFR4Rz8O3Fl5PeyWLxJOgGV6uGJ2FjcB
ETfEKqu0mVNHNDMG1qpFHHtVbBw8B3Jqx0YKJZR6LHTdFHxkT/C+Ktg6jybU1MfD
dEfAnvDM93a/Le3jImg+e85XBnRIG+plyZr0X1BNjUxx8scr4dK6VbZKTg+G9nYF
XGBcbnxaDpBTCDT9K1c6
=xh6/
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: DHCPv6 support in Network Manager isn't RFC compliant
  - From: Dan Williams

References:
- DHCPv6 support in Network Manager isn't RFC compliant
  - From: =?ISO-8859-1?Q?St=E9phane_Graber?=
- Re: DHCPv6 support in Network Manager isn't RFC compliant
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]