WAN DHCP6 VLAN Priority tagging

[franco]

Ok, this looks reasonable now, but only reverse engineered...

https://github.com/opnsense/src/commit/c0056914
https://github.com/opnsense/src/commit/f841d1d3

Now we have 5 individual commits on top of the dhclient_77 branch which will help pin down what works and what not.


Happy testing,
Franco

[marjohn56]

OK, now having recovered from NYE, I am back on the case.

dhcp6c is looking good, all working on the VLAN and the prio is setting correctly and doing its thing.

Now, the problem is dhclient, although the VLAN is correct, the prio will not set, it's sticking at 0.

I have cheated a little and just copied the changes made for dhcp6c and changed the ports as needed, pasted it directly beneath the dhcp6 set prioty rule in filter.lib.inc - like this:

$dhcpv4_opts = array(
            'label' => 'allow dhcpv client in ' . $intfinfo['descr'],
            'direction' => 'out',
            'interface' => $intf,
            'protocol' => 'udp',
            'from_port' => 68,
            'to_port' => 67,
            );
            if (isset($intfinfo['dhcp6vlanprio'])) {
                $dhcpv4_opts['set-prio'] = $intfinfo['dhcp6vlanprio'];
            }
            $fw->registerFilterRule(1, $dhcpv4_opts, $defaults['pass']);

rules.debug shows:

pass out log quick on em0_vlan832 proto udp from {any} port {546} to {any} port {547} set prio 6 label "allow dhcpv6 client in WAN"
pass out log quick on em0_vlan832 proto udp from {any} port {68} to {any} port {67} set prio 6 label "allow dhcpv client in WAN"

but wireshark shows priority 0.

[marjohn56]

Forgot to add,  I see this in the firewall logs

WAN Dec 31 18:44:15   0.0.0.0:68   255.255.255.255:67   udp   block bogon IPv4 networks from WAN

[nivek1612]

I confirm my tests give the same results as marjohn

The pro flag is not being set on the dhcp request despite the rule being present in rules.debug

[nivek1612]

Well I've been running 18.1.2_2 now for 3 days on the Orange FTTP service
Seeing max throughput of 500/250 no issues

I used the modified dhclient, dhcp6c (i shared these binaries previously) and the vlan flag in tuneables

Also used a marjohn modified interface.inc pending his pull request #2090 being merged

Getting a score of 19/20 on ipv6-test.com

So we know the theory I tested with wireshark work in the wild.
 

[franco]

Next step is 2090 then?

What's still on the TODO list? I recall:
* dhclient VLAN fix
* dhcp6c raw options

Which VLAN flag are you referring to? mtag_pcp? It should not be necessary on 18.1 anymore.


Cheers,
Franco

[nivek1612]

2090 - I have to wait that long, feels like I'm back on the darkside 

I assume you mean 20/20 result. Until Orange set up a reverse DSN entry for my IPv6 there is not much hope of that :-)

Yes setting the mtag_pcp to 1, I may get chance to try without that flag set later (heading back to UK soon)

You are correct on the to do list though

[nivek1612]

Confirmed removed net.link.vlan.mtag_pcp from tunables

All still working

Does that mean the I get a full solution in 2018 now :-)

[franco]

Hopefully.

I'll work on 2090 this week... it's bigger than I liked so it had to be sidestepped for 18.1.

[marjohn56]

Next step is 2090 then?

What's still on the TODO list? I recall:
* dhclient VLAN fix
* dhcp6c raw options

I'll work on 2090 this week... it's bigger than I liked so it had to be sidestepped for 18.1.

It's not THAT big..

 if you look at it, it just breaks down a rather cumbersome call into more logical ones. For example rather than having the existing call writing all the config files AND starting rtsold and dhcp6c, the config file creation is broken out and is a separate call(s), the starting and stopping of the clients is also separate calls.

[franco]

It keeps eluding... meh... sorry!

[nivek1612]

If it provides any motivation I'm back in France on the 18th March and could test :-)

[franco]

I've had Martin explain everything to me... again... that he is still motivated shows great character!

All help welcome, I think we'll be ready when you are back in France.


Cheers,
Franco

[nivek1612]

@franco

I see you guys have completed dhcp6c now

Any ETA for the modified dhclient :-)

[franco]

Hello

Not yet, but at least things keep moving into the right direction. RAW isn't final yet, we decided to run our own dhcp6c client for better review and modification so that comes in rather sooner than later (18.1.8 or 18.1.9 ?)

The patch for dhclient was reviewed and superficially ready, but I'm not sure I broke it during fixing the BPF filter which had a big XXX in the original patch.

Small discussion on this condensed commit: https://github.com/opnsense/src/commit/b179b4628b


Cheers,
Franco