Modified the "IPv6 assignment hint" in LAN interface caused multiple prefixes with different hints in RA packagets

ver: OpenWrt 22.03.2
Modified the "IPv6 assignment hint" to cause RA packets to have multiple prefixes
restarted odhcpd didn't work
reboot fixed it, the fault can be reproduced

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.50.254'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '9'
config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ra 'server'
        list ra_flags 'none'
config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

捕获

  • Why didn't you highlight the same thing for the ULA?
  • I notice your MTU is 1492, is this native IPv6 or a tunnel?
  • You don't show configs wan6 or a tunnel interface (i.e. no interface where the IPv6 addresses come from)
  • What fault?

If you don't specify the correct ip6class (e.g. 'local' for ULA, 'wan6' for WAN, etc.), the ip6assign will issue a /64 from all available subnets.

hello,
the picture is the RA package that received on pc
wan6 is over the ipv4 pppoe
Shouldn't there be only one prefix?
I found that RA is provided by odhcpd

I understand.

OK.

  • You didn't specify ip6class - and you have an ULA and at least one wan6
  • You don't provide enough information to determine that (e.g. PD, other interfaces you have, their PD, assignment length, etc.)

Correct.

prefix provided by isp is 60bits length
dhcpv6 disable, RA flag disabled M and disabled O
lan prefix len is configured as 64 bits, then ipv6 hit changed from 5 to 9 and to 3, and the prefix nums in RA package from 1 to 2 and to 3

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdc7:78a6:9cc8::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.50.254'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '3'

config interface 'wan'
        option device 'eth1'
        option proto 'pppoe'
        option username '**'
        option password '**'
        option ipv6 'auto'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'


root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ra 'server'
        list ra_flags 'none'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'


root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option src 'wan'
        option dest_ip '192.168.50.8'
        list proto 'tcp'
        option src_dport '*'
        option dest_port '*'

config redirect
        option dest 'lan'
        option target 'DNAT'
        list proto 'tcp'
        option src 'wan'
        option src_dport '*-*'
        option dest_ip '192.168.50.8'
        option dest_port '*-*'

config rule
        option family 'ipv6'
        list proto 'tcp'
        option src 'wan'
        option dest 'lan'
        list dest_ip '::20b:*:*:*/::ffff:ffff:ffff'
        option dest_port '*'
        option target 'ACCEPT'

config rule
        option family 'ipv6'
        list proto 'tcp'
        option src 'wan'
        option dest 'lan'
        list dest_ip '::20b:*:*:*/::ffff:ffff:ffff:ffff'
        option dest_port '*-*'
        option target 'ACCEPT'


  1. The Wiki says this should be '03'
  1. Try:

option ip6class 'wan6'

my prefix provided by isp is 60bit, so i think that the remaining 4 bits should be one bit hexadecimal number

???

See: https://openwrt.org/docs/guide-user/network/ipv6/configuration#protocol_static_ipv6

I didn't understand how to do it

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.50.254'
        option netmask '255.255.255.0'
        option ip6assign '64'
        option ip6hint '03'
        option ip6class 'wan6'
        option ip6class 'local'
  • ip6hint: Subprefix ID to be used if available (e.g. 1234 with an ip6assign of 64 will assign prefixes of the form …:1234::/64 or given LAN ports, LAN & LAN2, and a prefix delegation of /56, use ip6hint of 00 and 80 which would give prefixes of LAN …:xx00::/64 and LAN2 …:xx80::/64)
1 Like

Yes, exactly, that's correct (I've read it, hence I informed you).

it doesn't work,there is no ipv6 in br-lan and there is no prefix that provided by isp in RA package any more

???

Revert.

I wouldn't expect it to, I don't think that re-reads /etc/config/network. Though it isn't clear exactly how a setting like ip6hint is eventually communicated to odhcpd.
After making a change like this I think it needs a general network restart then restart the DHCP services.

1 Like

Generally, the required services will be restarted when the apply button is clicked :smiley:

From your responses, sometimes it's difficult to determine if you're disagreeing and if you tested.

Did you restart the network in general as mk24 suggested?

Restarting the network service fixed it

/etc/init.d/network restart

:smiling_face_with_tear:

1 Like