Project

General

Profile

Actions
Copy link

Bug #4829

closed

Prefix delegation broken by new ISC DHCP Server 4.2.8 subnet check

Added by Jim Pingle over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
Renato Botelho
Category:
DHCP (IPv6)
Target version:
2.2.4
Start date:
07/10/2015
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.3
Affected Architecture:
All

Description

A previously working IPv6 configuration for prefix delegation is broken on 2.2.3.

In /var/dhcpd/etc/dhcpdv6.conf, this declaration used to function correctly as expected:

subnet6 2001:470:xxxx:xxxx::/64 {
    range6 2001:470:xxxx:xxxx:0:0:0:FF00 2001:470:xxxx:xxxx:0:0:0:FFFF;
    option dhcp6.name-servers 2001:470:xxxx:xxxx::1;
    prefix6 2001:470:yyyy:F000:: 2001:470:yyyy:FF00:: /60;
}

On 2.2.3, the same block yields an error from the daemon:

Jul 10 15:12:34     dhcpd: /etc/dhcpdv6.conf line 17: prefix6 start prefix is outside the subnet
Jul 10 15:12:34     dhcpd: prefix6 2001:470:yyyy:F000:: 2
Jul 10 15:12:34     dhcpd: ^
Jul 10 15:12:34     dhcpd: Configuration file errors encountered -- exiting

Looks like the culprit is a new check in ISC DHCP 4.2.8, per the release notes :

- Added checks in range6 and prefix6 statement parsing to ensure addresses
are within the declared subnet. Thanks to Jiri Popelka at Red Hat for the
bug report and patch.
[ISC-Bugs #32453]
[ISC-Bugs #17766]
[ISC-Bugs #18510]
[ISC-Bugs #23698]
[ISC-Bugs #28883]

We'll have to adjust the syntax to make the new checks happy or find another way around it.

Manually adding a new subnet6 block outside of the above makes it complain that there are no prefixes inside the shared network.

Actions
Copy link
 #1

Updated by Jim Thompson over 9 years ago

  • Assignee set to Renato Botelho
Actions
Copy link
 #2

Updated by Chris Buechler over 9 years ago

this change in dhcpd seems to be wrong. Posted to their list for feedback with additional details.
https://lists.isc.org/pipermail/dhcp-users/2015-July/019098.html

Actions
Copy link
 #3

Updated by Chris Buechler over 9 years ago

  • Status changed from New to Confirmed
Actions
Copy link
 #4

Updated by Renato Botelho over 9 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

Patch applied to dhcpd-server

Actions
Copy link
 #5

Updated by Jim Pingle over 9 years ago

  • Status changed from Feedback to Confirmed

It's better but still fails in a related way. There is an additional check that needs to be patched out:

Jul 15 17:17:34     dhcpd: /etc/dhcpdv6.conf line 17: network mask smaller than subnet mask
Jul 15 17:17:34     dhcpd: prefix6 2001:470:xxxx:F000:: 2001:470:xxxx:FF00:: /60;
Jul 15 17:17:34     dhcpd: ^
Jul 15 17:17:34     dhcpd: Configuration file errors encountered -- exiting

In this case the prefix delegation is /60 but the subnet is /64 -- since the two have no actual relation to one another, this is OK. Another nonsense validation check they added.

Actions
Copy link
 #6

Updated by Renato Botelho over 9 years ago

  • Status changed from Confirmed to Feedback

This check was also removed, please try next round of snapshots

Actions
Copy link
 #7

Updated by Jim Pingle over 9 years ago

This is all fixed now. Current snap is OK. DHCPd is running and a client behind obtains a delegation.

Do we want to leave this open until it is fixed upstream?

Actions
Copy link
 #8

Updated by Chris Buechler over 9 years ago

  • Status changed from Feedback to Resolved

Works here too. added #4846 todo to remove from pfports when fixed upstream.

Actions
Copy link

Also available in: Atom PDF