WAN DHCP6 VLAN Priority tagging

franco · December 30, 2017, 08:55:41 PM

Ok, this looks reasonable now, but only reverse engineered...

https://github.com/opnsense/src/commit/c0056914
https://github.com/opnsense/src/commit/f841d1d3

Now we have 5 individual commits on top of the dhclient_77 branch which will help pin down what works and what not. :)

Happy testing,
Franco

marjohn56 · January 02, 2018, 03:25:25 PM

OK, now having recovered from NYE, I am back on the case. :)

dhcp6c is looking good, all working on the VLAN and the prio is setting correctly and doing its thing.

Now, the problem is dhclient, although the VLAN is correct, the prio will not set, it's sticking at 0.

I have cheated a little and just copied the changes made for dhcp6c and changed the ports as needed, pasted it directly beneath the dhcp6 set prioty rule in filter.lib.inc - like this:

$dhcpv4_opts = array(
'label' => 'allow dhcpv client in ' . $intfinfo['descr'],
'direction' => 'out',
'interface' => $intf,
'protocol' => 'udp',
'from_port' => 68,
'to_port' => 67,
);
if (isset($intfinfo['dhcp6vlanprio'])) {
$dhcpv4_opts['set-prio'] = $intfinfo['dhcp6vlanprio'];
}
$fw->registerFilterRule(1, $dhcpv4_opts, $defaults['pass']);

rules.debug shows:

pass out log quick on em0_vlan832 proto udp from {any} port {546} to {any} port {547} set prio 6 label "allow dhcpv6 client in WAN"
pass out log quick on em0_vlan832 proto udp from {any} port {68} to {any} port {67} set prio 6 label "allow dhcpv client in WAN"

but wireshark shows priority 0.

marjohn56 · January 02, 2018, 03:28:37 PM

Forgot to add, I see this in the firewall logs

WAN Dec 31 18:44:15 0.0.0.0:68 255.255.255.255:67 udp block bogon IPv4 networks from WAN

nivek1612 · January 02, 2018, 05:32:56 PM

I confirm my tests give the same results as marjohn

The pro flag is not being set on the dhcp request despite the rule being present in rules.debug

nivek1612 · February 12, 2018, 05:25:40 PM

Well I've been running 18.1.2_2 now for 3 days on the Orange FTTP service
Seeing max throughput of 500/250 no issues

I used the modified dhclient, dhcp6c (i shared these binaries previously) and the vlan flag in tuneables

Also used a marjohn modified interface.inc pending his pull request #2090 being merged

Getting a score of 19/20 on ipv6-test.com

So we know the theory I tested with wireshark work in the wild.

franco · February 12, 2018, 05:58:01 PM

Next step is 2090 then?

What's still on the TODO list? I recall:
* dhclient VLAN fix
* dhcp6c raw options

Which VLAN flag are you referring to? mtag_pcp? It should not be necessary on 18.1 anymore.

Cheers,
Franco

nivek1612 · February 12, 2018, 06:11:31 PM

2090 - I have to wait that long, feels like I'm back on the darkside ;D ;D

I assume you mean 20/20 result. Until Orange set up a reverse DSN entry for my IPv6 there is not much hope of that :-)

Yes setting the mtag_pcp to 1, I may get chance to try without that flag set later (heading back to UK soon)

You are correct on the to do list though

nivek1612 · February 12, 2018, 06:21:48 PM

Confirmed removed net.link.vlan.mtag_pcp from tunables

All still working

Does that mean the I get a full solution in 2018 now :-)

franco · February 12, 2018, 06:28:07 PM

Hopefully. :)

I'll work on 2090 this week... it's bigger than I liked so it had to be sidestepped for 18.1.

marjohn56 · February 23, 2018, 04:27:47 PM

Quote from: franco on February 12, 2018, 05:58:01 PM
Next step is 2090 then?

What's still on the TODO list? I recall:
* dhclient VLAN fix
* dhcp6c raw options

I'll work on 2090 this week... it's bigger than I liked so it had to be sidestepped for 18.1.

It's not THAT big.. :)

if you look at it, it just breaks down a rather cumbersome call into more logical ones. For example rather than having the existing call writing all the config files AND starting rtsold and dhcp6c, the config file creation is broken out and is a separate call(s), the starting and stopping of the clients is also separate calls.

franco · February 28, 2018, 08:46:21 AM

It keeps eluding... meh... sorry!

nivek1612 · February 28, 2018, 09:11:46 PM

If it provides any motivation I'm back in France on the 18th March and could test :-)

franco · February 28, 2018, 09:17:24 PM

I've had Martin explain everything to me... again... that he is still motivated shows great character!

All help welcome, I think we'll be ready when you are back in France.

Cheers,
Franco

nivek1612 · April 02, 2018, 11:26:56 AM

@franco

I see you guys have completed dhcp6c now

Any ETA for the modified dhclient :-)

franco · April 04, 2018, 08:20:45 AM

Hello :)

Not yet, but at least things keep moving into the right direction. RAW isn't final yet, we decided to run our own dhcp6c client for better review and modification so that comes in rather sooner than later (18.1.8 or 18.1.9 ?)

The patch for dhclient was reviewed and superficially ready, but I'm not sure I broke it during fixing the BPF filter which had a big XXX in the original patch.

Small discussion on this condensed commit: https://github.com/opnsense/src/commit/b179b4628b

Cheers,
Franco

WAN DHCP6 VLAN Priority tagging

franco

December 30, 2017, 08:55:41 PM #45 Last Edit: December 30, 2017, 08:57:46 PM by franco

marjohn56

January 02, 2018, 03:25:25 PM #46

marjohn56

January 02, 2018, 03:28:37 PM #47

nivek1612

January 02, 2018, 05:32:56 PM #48

nivek1612

February 12, 2018, 05:25:40 PM #49 Last Edit: February 12, 2018, 05:27:26 PM by nivek1612

franco

February 12, 2018, 05:58:01 PM #50

nivek1612

February 12, 2018, 06:11:31 PM #51

nivek1612

February 12, 2018, 06:21:48 PM #52

franco

February 12, 2018, 06:28:07 PM #53

marjohn56

February 23, 2018, 04:27:47 PM #54

franco

February 28, 2018, 08:46:21 AM #55

nivek1612

February 28, 2018, 09:11:46 PM #56

franco

February 28, 2018, 09:17:24 PM #57

nivek1612

April 02, 2018, 11:26:56 AM #58

franco

April 04, 2018, 08:20:45 AM #59