On Mar 3, 1:17pm, Christos Zoulas wrote:
} In article <B42FD035-8CAC-4743-AEF1-***@fugue.com>,
} Ted Lemon <***@fugue.com> wrote:
} >On Nov 16, 2011, at 6:34 AM, Hubert Feyrer <***@feyrer.de> wrote:
} >> Asking out of sheer ignorance: does either dhclient or dhcpcd support DHCPv6?
} >
} >The current ISC dhclient does, but I don't know if anyone's imported it.
}
} It cannot be imported cleanly because of the mess of libisc and friends.
} (BIND vs non BIND ifdefs). Whoever made that mess should clean it. This
} cannot be maintained sanely.

Does this mess affect dhcpd and dhcrelay? If so, then the
maintenance issues are there whether dhclient is kept or not.

}-- End of excerpt from Christos Zoulas

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Yes, they all use the same libraries. The current sources of dhcp come with
tar.gz version of bind, unpack it and build it.

christos


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

A short summary is
http://roy.marples.name/projects/dhcpcd/wiki/DhcpcdFeatures

Updating ISC DHCPD and friends would provide at least some value in
keeping dhclient, since ATM there are no alternatives for DHCPv6.

Joerg
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

I think it is significantly better than the 3.x code we have in base.
I don't know what the state of multi-interface support in dhclient4 is
to know whether it can compare. Support for IPv4 LL is definitely nice
to have, but a bit smaller.

DHCPv6 support is a sore point in NetBSD for now and fixing that one way
or the other would be appreciated. Getting the support for the server is
pretty much a no brainer. For the client, it raises a few questions
about which data set to pick when both DHCP and DHCPv6 are available for
an interface and have a non-empty symmetric difference. Another item is
how to deal with partial support in the presence of multiple interfaces.
Consider having both IPv4 and IPv6 available via WLAN and only IPv4 via
Ethernet -- do you still want to enable IPv6 routing? What is the status
in this area for dhclient?

What about RA handling? Does dhclient depend on the kernel / rtsol for
that?
It exists for the sake of network manager like applications. It is also
a separate program, so no nasty tentacles in the main code :)
Personally, I don't use it.

Joerg

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Except for the libisc problem Christos described.
This is impossible to resolve if we treat configuration information as per-host. There's work going on in the IETF to consider configuration information per-provisioning-domain, where IPv4 and IPv6 would be considered separate provisioning domains, and results from different interfaces (e.g., wired and wireless) would also be considered separate provisioning domains.

I think this is the only way to successfully address this issue, but of course it requires substantial changes to the way programs that connect to the network behave. IMHO the work needs to be done in userland, not in the kernel; I can explain at length if there is interet.
AFAIK, not implemented.
It definitely does not do ND itself.
Yup, that's pretty much my experience of it too. :)


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Date: Wed, 16 Nov 2011 10:21:54 +0800
From: Ted Lemon <***@fugue.com>
Message-ID: <844EEC57-686D-4B04-8162-***@fugue.com>

| This is impossible to resolve if we treat configuration information
| as per-host.

No, it isn't - it's impossible to resolve if the aim is to specify
a method by which it must, or should, be done (which is all the IETF
can do, which is why anything dealing with this, or related, issues
is such a quagmire there), but it's actually reasonably easy when you
get to ignore the network and just consider one host, in one evnironment,
and how that host should configure its multiple interfaces and network
stacks (depending upon which are working at the time).

That's the situation here, and NetBSD could easily (well relatively)
specify, and implement, policies that can be configured by the users
to handle all the weird cases, and yet which default to a rational enough
model that most users never need to go near the config to have everything
work well enough (perhaps not optimally in some sense, but well enough
that things at least all work).

It's only when you try and handle the hard cases (like a host multi-homed
to two different providers) and expect to have the network instruct it
somehow how it should configure itself that things get truly hard to
manage. If the host gets to choose for itself, it can cope.

kre


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Whatever.

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

To expand on this, Robert, my point is that it's all very well and good to be a cowboy and come up with a solution that works well on the networks that you think are good networks. But to come up with a solution that will work on networks that exist in practice but are not the sorts of networks you think should exist in practice is harder. Of course it's always easier to provide a solution to a restricted problem set.

In practice, multiple interface environments where each network is connected to a separate administrative domain are common, not uncommon. If you have an iPhone, that's a device that is connected in this way. My Android phone is currently connected to my hotel network and a Taiwanese 3G provider. Neither provider is qualified to advise my device on how it should operate on the network, so trying to merge configuration information from both services is a fool's errand. Indeed, my Android phone routinely fails to connect to my mail server once per day, even though it has a perfectly valid 3G connection, because the WiFi connection reverts to the captive portal and stops allowing transit through it to my mail server.

Now, you can argue that no NetBSD device will ever be connected in this way, but I will believe you only as long as you promise never to install a cellular data modem in the USB port of your laptop.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

First, I know the general problem is hard, and if the aim is to
specify how it should be solved, in general, then that's a very
difficult task. Further, providing that solution is (aside from
nothing) the only thing that the IETF can really do, so the task
there truly is difficult.

My point is that in NetBSD we don't have to solve that problem
in general. We need (well, it would be nice if we could)
provide a solution that works for most people who use NetBSD,
most of the time, and which can be configured (manually, if we
can't come up with a better way for now) to handle the other cases.

It isn't that a NetBSD device "will never be connected this way",
but that most are not, and in most cases where they are (this year
anyway) the user probably knows enough to configure the problem away.

I assume that you have your iphone working in its hotel/3g environment,
and if not, I'd guess it is because the iphone doesn't provide enough
config options, not because you are unable to work out what you want it
to do ...

For us, right now, that's enough - the number of NetBSD users who need
to manually config is going to be so small, that any who aren't able
to work it out themselves, can just ask, and someone who does understand
(whatever mechanism we create) will be able to assist.

If that ever gets to be a burden (too many users asking) we can figure
out what the common element is, as in practice (if not in theory) there
will always be one - the providers just aren't that imaginative, they
all copy from each other - and provide a canned config (or even automate if
it is reasonable) to solve that particular problem.

If the IETF ever produces a general solution, then we can implement it.
In the meantime, the experience gained by projects like NetBSD (and all
the others of course) might just be useful in providing some guidance as
to what works, what doesn't, and what missing info should be provided to
ease the task.

Now you can consider this "being a cowboy" if you like - I don't, I think
it's just a prudent and sane use of resources - we (NetBSD) don't need to
solve the general problem right now, so there's no need to attempt to do
that. But that doesn't mean do nothing just because there isn't yet
a general solution available. Nor do we need to limit ourselves to
"good networks" whatever they are - just to be able to work in the common
evvironments that our users (the project's users) actually find themselves
in most frequently, today (or next year) - what is needed after that, and
what is needed in less common cases, can be handled later.

kre


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

The problem, Robert, is that I think only in your mind is this a simple problem for the average case. I think this is a problem users of any modern device will run into; in the sense that NetBSD only runs on ancient iron, maybe you are right. But I have to admit that that's not how I think of NetBSD, whether it's true or not.

My phone currently just breaks in the hotel environment, and even though it's broken on me twice, I still tend to forget why it's breaking, and hence how to fix it, because it's so stupid and counterintuitive.

This is precisely what a good network configuration agent is supposed to do for you, and I do not agree with you that this is a problem that need not be solved. I also don't agree with you that the problem is prohibitively difficult. IMHO it's pretty easy: you just try a reasonable collection of starting permutations and use the one that connects and authenticates successfully, discarding the rest. This is what Google Chrome does by default today for the dual-stack scenario; extending this to the multiple interface scenario is trivial.


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

That's very helpful—thanks!
There is dibbler. I don't have any experience with it, though, so I don't know if it's nicer or less nice.

If dhcpcd really is better than dhclient, I could probably hack in DHCPv6 support pretty easily. One thing that spooks me about dhcpcd though is that it supports dbus, which I've always found to be basically unuseable. But I haven't tried it in years. Do you consider this a valuable feature of dhcpcd for NetBSD, or just a bullet point?


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Date: Wed, 16 Nov 2011 16:04:32 +0800
From: Ted Lemon <***@fugue.com>
Message-ID: <A12A1A32-ED6A-4FF1-A211-***@fugue.com>

| The problem, Robert, is that I think only in your mind is this a
| simple problem for the average case.

No, not simple, or it would be done already and we wouldn't be
discussing it, but tractable.

| This is precisely what a good network configuration agent is supposed
| to do for you,

Yes, but lacking that, which your phone apparently doesn't have, and which
NetBSD currently doesn't have, wouldn't a better alternative to nothing be
a sane config that you could set once, when you did work it out, and would
then just do the right thing every later time that you connect?

That's the kind of "first step" config agent that I'd hope to see.

| and I do not agree with you that this is a problem that need not be solved.

If that is what I said, I don't agree with me either - but I don't think
I said that. What I said was that it is not a problem that the NetBSD
project needs to solve today (in general).

| I also don't agree with you that the problem is prohibitively difficult.

Well... (aside from what is "prohibitively difficult" to one engineer
is just plain hard to another, and child's play to someone else...)

| IMHO it's pretty easy: you just try a reasonable collection of starting
| permutations

Which come from? And reasonable according to whom?

| and use the one that connects and authenticates successfully,

And here's the rub - connects and authenticates to what exactly? To
your hotel network? No thanks, that's not useful to me, I want
internet connectivity, plus intra-org connectivity, but how do we test
that either of those works? Is being able to connect to google.com
the test? Not for me, I don't much care, being able to connect to
netbsd.org would be more useful (for me, but perhaps not others), and
of course, the root nameservers (for me). On the other hand, the vast
majority of the world (even of netbsd users) don't care about netbsd.org
(most of the time) or root nameservers, ever. Working out "it is working"
is a truly hard thing to do - especially when you consider all the possible
failure cases, some of which still indicate that the local connectivity is
good, and correctly configured, and something else is broken, out of our
control, and others don't.

| discarding the rest. This is what Google Chrome does by default
| today for the dual-stack scenario;

Dealing with just dual stack is comparatively trivial.

| extending this to the multiple interface scenario is trivial.

No, it isn't - consider a trivial case when (say) at the IETF,
on that hotel network (which I presume is WiFi, and so generally
to be preferred over the more expensive, and slower, 3G) decides
to implement an IPv6 google.com of their own - you connect to it
you get answers, just not the ones you hoped. Given that people
there are clever, they even have nameservers sending out apparently
correct dnssec secured IPv6 addresses for google.com - but with
access to the root servers filtered out, so you can't actually get
the certificates to verify.

Doing all this, truly properly, really is hard.

On the other hand, the method you described isn't too much away from
what I'd expect as a first, or second, step to a solution - an algorithm
that works for most people, most of the time, and some config that you
can set to tell it when it failed, so it doesn't repeat the same
mistake the next time - and leave the harder part of automatically
determining failure, and then automatically responding, for a future
revision, once we better understand how to do that. ("failure"
here is algorithm failure, not just connection failure.)

kre


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Sure, if your machine is bolted to a rack in a data center. There is no way to hard code a network configuration on a mobile device that will work in any meaningful sense. The reason Android doesn't work is that the network configuration, for the same network, no less, keeps shifting.
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

That's why IMHO you have to authenticate (by which I mean the remote server, not authenticate yourself to the network). The scenario you are worried about is perfectly possible in the dual stack case. If you think one interface is more expensive than another, you can handicap the race.
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

This is one of those cases where the DHCP client should use a hook to
decide. You definitely don't want to hard-code the policy.

(I like dhcpcd a lot, really, but sometimes it has hard-coded a policy
where there was already precedent for different people setting different
policies.)

Dave

That would be appreciated as my development time over the past year has
been a trickle at best whilst I can provide fixes, adding full blown
DHCPv6 and IPv6 ND is a bigger task than I thought. Mainly due to my
lack of understanding of writing IPv6 code, constructing addresses from
prefixes and then trying to merge that into existing dhcpcd to keep code
size down.

If anyone wants to do it, it needs to work dual stack with the exiting
DHCPv4, IPv4LL code and follow the same routing logic and priority.
Although I do keep dhcpcd in NetBSD fairly up-to-date it's always best
My goal at the start was to provide a GTK+ systray icon to display how
dhcpcd was configured on my attached networks.
When I started writing this someone said "Why not supply a dbus
interface so GNOME apps can communicate easily".
Sounded like a good idea at the time, along with removing the
abomination called NetworkManager.

Since then I've come to kind of loath dbus as using the raw C library
as I did, rather than the glib library (I hate needless dependencies) is
very painful.
On the other hand, dhcpcd-gtk uses it quite nicely as a very functional
(imo ofc ;) sys tray applet that allows to configure very basic ipv4
information and choose your wireless network.

Long story short, as others have pointed out, it's just a bullet point
and has no place in NetBSD base system.

Thanks

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Remove it after the branch. Or if my evil plan pans out and we get dhcp4
support in the tree...

christos


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

All too easy! In dhcpcd.conf that ships you can find this entry

# Respect the network MTU.
option interface_mtu

Simply comment it out or remove it.

You could also set
nooption interface_mtu

Which would strip it from the DHCP message if the server forces it on
you as well.

It's harcoded in the same why that a US keyboard is by default. Although
you could argue that a typical end user should neither know nor care
about MTU. I am loath to change it, as a lot of other OSes ship with it
default to request and set.

Thanks

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Now, that's pretty rude. Basic netiquette says keep line lengths under 80.
If your user agent wants reflowable text, there's a perfectly good way for it
to achieve that with other compatible user agents while not emitting lines
longer than 80: it can mark the text as format=flowed.

If your MUA can't or won't mark text it wants reflowed on the other end as
format=flowed, please use an appropriate filter to make up for its
shortcomings before posting to public lists.

Thor

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

I disagree. Consider the case where a laptop goes into standyby when
connected. The correct behaviour on resume is to send notify userland
that link is down and then link is back up only if one is currently
connected. This could be a very small timewindow, but is the correct
behaviour so the client can re-negoiate the correct information if it
has changed network in the meantime.

Better behaviour would be to mark these faulty drivers as not having
working link detection as my marking it down then up during a simple MTU
change is clearly broken in my eyes. Basically they should not set
IFM_AVALID.

Thanks

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

This isn't what I am talking about. Suspend/resume involves an explicit
IF_DOWN/IF_UP cycle, so it doesn't matter here. I am talking about
ifconfig $nic $option with option not including down. This should IMHO
not trigger a link state message, even if e.g. setting promisc mode,
changing MTU or multicast filters require a PHY reset.

Joerg

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de

Ah good.

So we can expect `ifconfig re0 mtu 1492; ifconfig re0 down; ifconfig re0
up` to change the MTU without affecting link state but the latter two
calls straight afterwards do.

Thanks

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de