Just me having DHCPv6 issues with trunk?

yogo1212 · May 9, 2022, 3:37pm

Updating from 7ea2f3d6e22b506d137cf255ae73ae498c176d1c to 46980294f66ab07b79f9037758a7ea94072340df, I've noticed that my WPJ428 (ipq40xx) no longer has a globally routable IPv6 address.
Same goes for my ramips and ath79 devices.
It might be that it has been missing for longer and I didn't notice.
The uplink router is a FritzBox 6490. My computer has an address.

I've scoured through all the commits to see whether anything has changed but I couldn't find anything. The same (computationally generated) config has been known to work previously.

odhcp6c starts and sends solicit messages and that's it, afaics.

Am I missing something?

odhcp6c output (-v):

Mon May  9 15:08:46 2022 daemon.notice odhcp6c[18995]: Starting SOLICIT transaction (timeout 4294967295s, max rc 0)
Mon May  9 15:08:52 2022 daemon.notice odhcp6c[18995]: (re)starting transaction on br-n_1
Mon May  9 15:08:53 2022 daemon.notice odhcp6c[18995]: Starting SOLICIT transaction (timeout 4294967295s, max rc 0)
Mon May  9 15:08:53 2022 daemon.notice odhcp6c[18995]: (re)starting transaction on br-n_1
Mon May  9 15:08:53 2022 daemon.notice odhcp6c[18995]: Starting SOLICIT transaction (timeout 4294967295s, max rc 0)
Mon May  9 15:08:53 2022 daemon.notice odhcp6c[18995]: (re)starting transaction on br-n_1
Mon May  9 15:08:53 2022 daemon.notice odhcp6c[18995]: Starting SOLICIT transaction (timeout 4294967295s, max rc 0)
Mon May  9 15:08:54 2022 daemon.notice odhcp6c[20626]: (re)starting transaction on br-n_1
Mon May  9 15:08:54 2022 daemon.notice odhcp6c[20626]: Starting SOLICIT transaction (timeout 4294967295s, max rc 0)

firewall:

	chain input {
		type filter hook input priority filter; policy drop;
		ct state established,related accept
		ct state invalid drop
		iifname "lo" accept
		icmp type echo-request accept
		icmpv6 type { echo-request, nd-neighbor-solicit } accept
		meta nfproto ipv6 tcp dport 22 accept
		meta nfproto ipv6 tcp dport { 546 , 547 } accept
	}

ubus state:

$ ubus call network.interface.6n_1 status '{}'
{
        "up": false,
        "pending": true,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "proto": "dhcpv6",
        "device": "br-n_1",
        "data": {

        }
}

tcpdump (later time):

15:15:21.303240 IP6 fe80::b64b:d6ff:fe2e:c7b0.546 > ff02::1:2.547: dhcp6 solicit
15:15:46.131991 IP6 fe80::12fe:edff:fe3b:2990.546 > ff02::1:2.547: dhcp6 solicit
15:16:20.194349 IP6 fe80::b64b:d6ff:fe26:ae0c.546 > ff02::1:2.547: dhcp6 solicit
15:16:20.630562 IP6 fe80::32e1:71ff:febf:74ec.546 > ff02::1:2.547: dhcp6 solicit
15:17:00.352333 IP6 fe80::6f0:21ff:fe4e:25d5.546 > ff02::1:2.547: dhcp6 solicit
15:17:00.354622 IP6 fe80::e228:6dff:fe4e:43a2.547 > fe80::6f0:21ff:fe4e:25d5.546: dhcp6 advertise
15:17:13.943609 IP6 fe80::b64b:d6ff:fe2e:c7b0.546 > ff02::1:2.547: dhcp6 solicit
15:17:38.770382 IP6 fe80::12fe:edff:fe3b:2990.546 > ff02::1:2.547: dhcp6 solicit
15:18:20.618082 IP6 fe80::32e1:71ff:febf:74ec.546 > ff02::1:2.547: dhcp6 solicit
15:18:33.314609 IP6 fe80::b64b:d6ff:fe26:ae0c.546 > ff02::1:2.547: dhcp6 solicit
15:18:58.112235 IP6 fe80::6f0:21ff:fe4e:25d5.546 > ff02::1:2.547: dhcp6 solicit
15:18:58.114465 IP6 fe80::e228:6dff:fe4e:43a2.547 > fe80::6f0:21ff:fe4e:25d5.546: dhcp6 advertise

UCI excerpt:

config interface 'n_1'
        option force_link '1'
        option device 'br-n_1'
        option proto 'dhcp'

config device 'dn_1'
        option type 'bridge'
        option stp '0'
        option bridge_empty '1'
        option name 'br-n_1'
        list ports 'lan'
        list ports 'wan'
        list ports 'bat0'

config interface '6n_1'
        option device '@n_1'
        option proto 'dhcpv6'

trendy · May 9, 2022, 7:01pm

it's UDP.

You'll need more than just these two.

yogo1212 · May 12, 2022, 8:05pm

hi and thanks!

UDP

i created a minimum not-working config for this post and didn't notice the mistake because it didn't behave any different from from what i had earlier.

you're absolutely right about the icmpv6 types...

this is the working result:

ct state established,related accept
...
meta nfproto ipv6 udp dport 546 accept
icmpv6 type { echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept

nd-redirect is on a TODO list

trendy · May 13, 2022, 8:37am

udp again.

yogo1212 · May 13, 2022, 9:32am

no way!

here's the copy'n'paste snippet:
(aiming for a minimal firewall configuration that allows only outgoing connections and address setup)

        chain input {
                type filter hook input priority filter; policy drop;
                ct state established,related accept
                ct state invalid drop
                iifname "lo" accept
                icmp type echo-request accept
                icmpv6 type { echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
                meta nfproto ipv4 udp dport 68 accept
                meta nfproto ipv6 udp dport 546 accept
        }