From nobody Tue Mar 29 10:14:20 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6659F1A4EEA3 for ; Tue, 29 Mar 2022 10:14:29 +0000 (UTC) (envelope-from SRS0=GV03=UI=klop.ws=ronald-lists@realworks.nl) Received: from smtp-relay-int.realworks.nl (smtp-relay-int.realworks.nl [194.109.157.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4KSQQr1k7Xz3sxZ for ; Tue, 29 Mar 2022 10:14:28 +0000 (UTC) (envelope-from SRS0=GV03=UI=klop.ws=ronald-lists@realworks.nl) Date: Tue, 29 Mar 2022 12:14:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2; t=1648548860; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=DYnOf72erJUK3xK2XQeuyBpDmnjvu5tBmzY6O79rxPc=; b=dlafUAt86xduuCDqBMb29Kv5ck744oUhJtK9AbghOuYNh2b6o/oyExOollzk8vGf1S71U+ qTJzF5WaB7p8OIeaU/STl0uVSxQ58ldx7wyDAr7//AvoYAkKWj6FqNowVSQh14sN/V9hkg xVF2+kqWXYUFr0TZkw+ecIy4vs+uK63td2a8th0BsTLC9d+LPobkQa/UuZRjf2WrZWl8Vi ZHmVYhNxPxX2DHlq8dj7IbvPKeVMIL5Jlb/bllQlA9viibC5YlcMsXE0hwWoZt6lhQnqoQ liFDT8EWjcC5mn4NBDR+A+PdEf0S3tI9Z8zrMCBKi4PQn7Fl004Eu9uKesbK3Q== From: Ronald Klop To: Goran Mekic Cc: freebsd-current@freebsd.org, "Bjoern A. Zeeb" Message-ID: <1527544025.66.1648548860391@mailrelay> In-Reply-To: <20220329081129.p5xtxlbiyw6klxcl@tilda.center> References: <20220326222957.wuc7xwyiq3bjtlnv@tilda.center> <4772ECB8-6482-4B94-A887-F04EC6272911@lists.zabbadoz.net> <20220329081129.p5xtxlbiyw6klxcl@tilda.center> Subject: Re: DHCPDv6 in non-vnet jail List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_65_558795370.1648548860306" X-Mailer: Realworks (602.328.5a345bb) Importance: Normal X-Priority: 3 (Normal) X-Rspamd-Queue-Id: 4KSQQr1k7Xz3sxZ X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=klop.ws header.s=rw2 header.b=dlafUAt8; dmarc=pass (policy=quarantine) header.from=klop.ws; spf=pass (mx1.freebsd.org: domain of "SRS0=GV03=UI=klop.ws=ronald-lists@realworks.nl" designates 194.109.157.24 as permitted sender) smtp.mailfrom="SRS0=GV03=UI=klop.ws=ronald-lists@realworks.nl" X-Spamd-Result: default: False [-3.07 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.95)[-0.946]; R_DKIM_ALLOW(-0.20)[klop.ws:s=rw2]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:194.109.157.0/24]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000]; RWL_MAILSPIKE_EXCELLENT(0.00)[194.109.157.24:from]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[klop.ws:+]; DMARC_POLICY_ALLOW(-0.50)[klop.ws,quarantine]; HAS_X_PRIO_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.93)[-0.927]; MLMMJ_DEST(0.00)[freebsd-current]; FORGED_SENDER(0.30)[ronald-lists@klop.ws,SRS0=GV03=UI=klop.ws=ronald-lists@realworks.nl]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:3265, ipnet:194.109.0.0/16, country:NL]; FROM_NEQ_ENVFROM(0.00)[ronald-lists@klop.ws,SRS0=GV03=UI=klop.ws=ronald-lists@realworks.nl] X-ThisMailContainsUnwantedMimeParts: N ------=_Part_65_558795370.1648548860306 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Van: "Goran Mekic" Datum: dinsdag, 29 maart 2022 10:11 Aan: "Bjoern A. Zeeb" CC: freebsd-current@freebsd.org Onderwerp: Re: DHCPDv6 in non-vnet jail > > On Sun, Mar 27, 2022 at 02:34:11PM +0000, Bjoern A. Zeeb wrote: > > I assume you have /dev/bpf available inside that jail by a devfs rule so > > effectively you have all network interfaces and traffic available? > As a form of test I've put rtadvd inside the same non-vnet jail and I > can see RA message arrive to the vnet jail. I though I "disconnected" > something concerning IPv6, but that's obviously not the case. > > Let's take a step back. Is there any howto/tutorial on how to put > isc-dhcpd6 in a non-vnet jail? I don't care if it's jail.conf or some > jail manager. Can I somehow see where packets end up, like dtrace? > Should I try some other server/client for DHCPv6? If I can make it work > in any scenario, that would be good starting point for me to figure out > what's wrong with my current setup. > > Regards, > meka > > > > Hi, I think it will help if you share more of your configuration/logs. Besides you can take a look with tcpdump/wireshark on what happens on different interfaces of your machines to see the traffic flow between client and server. Regards, Ronald. ------=_Part_65_558795370.1648548860306 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit  

Van: "Goran Mekic" <meka@tilda.center>
Datum: dinsdag, 29 maart 2022 10:11
Aan: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
CC: freebsd-current@freebsd.org
Onderwerp: Re: DHCPDv6 in non-vnet jail

On Sun, Mar 27, 2022 at 02:34:11PM +0000, Bjoern A. Zeeb wrote:
> I assume you have /dev/bpf available inside that jail by a devfs rule so
> effectively you have all network interfaces and traffic available?
As a form of test I've put rtadvd inside the same non-vnet jail and I
can see RA message arrive to the vnet jail. I though I "disconnected"
something concerning IPv6, but that's obviously not the case.

Let's take a step back. Is there any howto/tutorial on how to put
isc-dhcpd6 in a non-vnet jail? I don't care if it's jail.conf or some
jail manager. Can I somehow see where packets end up, like dtrace?
Should I try some other server/client for DHCPv6? If I can make it work
in any scenario, that would be good starting point for me to figure out
what's wrong with my current setup.

Regards,
meka

 


Hi,

I think it will help if you share more of your configuration/logs.
Besides you can take a look with tcpdump/wireshark on what happens on different interfaces of your machines to see the traffic flow between client and server.

Regards,
Ronald.
  ------=_Part_65_558795370.1648548860306--