Auteur Sujet: ISC DHCP client raw socket solution  (Lu 5576 fois)

0 Membres et 1 Invité sur ce sujet

MaKess

  • Abonné Orange Fibre
  • *
  • Messages: 5
ISC DHCP client raw socket solution
« le: 19 mars 2019 à 23:10:33 »
Hi everyone,
(sorry for not writing in French, I'm not quite that good at writing in it yet)

I saw here on the forum that many people that are trying to replace Orange's Livebox with a Linux router encounter one particular problem when using the ISC DHCP client:
dhclient, the default on many Ubuntu and Debian setups uses raw sockets for sending the initial DHCP request while the machine does not have an address yet. packets that are sent through those raw sockets bypass the normal IP stack, therefore cannot be classified in iptables (normally done through -j CLASSIFY --set-class 0:6) and as a consequence setting the IEEE 802.1Q PCP value (VLAN priority) is kinda hard.
But Orange's equipment insists on receiving ARP, DHCP, ICMPv6, … packets on the 832 VLAN with the priority set to 6, otherwise it won't respond.

So I though I might share my solution to that:

The solution with which I went is to simply create a dedicated "net_prio" CGroup (I called it "dhcp-orange") and launch the dhclient instances (one for IPv4, one for IPv6) in that group.
Then, the interface priority map for this group can be set to the tag all packets going out on the VLAN interface ("enp2s0.832" in my case) with classification/ skb priority of 0:6.

The skb priority of 0:6 is then simpy mapped to a VLAN priority of 6 by using the normal egress map.

Here's the snippet from my /etc/network/interfaces:

# VLAN 832 for internet traffic (incl. VoIP)
auto enp2s0.832
iface enp2s0.832 inet manual
pre-up cgcreate -g net_prio:dhcp-orange
pre-up cgset -r "net_prio.ifpriomap=enp2s0.832 6" dhcp-orange
post-up ip link set enp2s0.832 type vlan egress 5:5 6:6
post-up cgexec -g net_prio:dhcp-orange --sticky -- dhclient -4 -cf /etc/dhcp/dhclient-orange-v4.conf $IFACE
post-up cgexec -g net_prio:dhcp-orange --sticky -- dhclient -6 -cf /etc/dhcp/dhclient-orange-v6.conf -P -D LL $IFACE
pre-down dhclient -4 -r
pre-down dhclient -6 -r
vlan-raw-device enp2s0

  • cgcreate creates a new CGroup
  • cgset is used to do some configuration
  • cgexec launches a new process in that group

all three tools can simply be installed through the cgroup-tools package on Ubuntu & Debian.

I hope this might be useful to some of you :)

Cheers
« Modifié: 20 mars 2019 à 07:37:46 par MaKess »

jeremyp3

  • Abonné Orange Fibre
  • *
  • Messages: 719
  • Pau (64)
ISC DHCP client raw socket solution
« Réponse #1 le: 20 mars 2019 à 03:52:55 »
hello :)

in debian stretch I have a error when I run the command
cgexec -g net_cls:dhcp-orange --sticky -- dhclient .....

cgroup change of group failed

error log strace:
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/cgred.socket"}, 23) = -1 ENOENT (No such file or directory)

here are the steps I did to install everything

# aptitude install cgroup-tools
# mkdir tmp/net_prio
# mount -t cgroup -o net_prio net_prio /tmp/net_prio
# cgcreate -g net_prio:dhcp-orange
# cgset -r "net_prio.ifpriomap=wan0.832 6" dhcp-orange
# ip link set wan0.832 type vlan egress 5:5 6:6
# cgexec -g net_cls:dhcp-orange --sticky -- dhclient -v -4 -cf /etc/dhcp/dhclient-vlan-832.conf -pf /run/dhclient.wan0.832.pid -lf /var/lib/dhcp/dhclient.wan0.832.leases wan0.832
cgroup change of group failed
#

after reading some doc, I did not understand if there was a need for a service or not.

thanks for the help.

Jerem.

MaKess

  • Abonné Orange Fibre
  • *
  • Messages: 5
ISC DHCP client raw socket solution
« Réponse #2 le: 20 mars 2019 à 07:46:59 »
ah, désolé.

instead of
cgexec -g net_cls:dhcp-orange …can you try
cgexec -g net_prio:dhcp-orange …
on Ubuntu systems, both controllers are actually merged by default into one, so using "net_prio" in one place and "net_cls" in another didn't create an error for me.
lrwxrwxrwx  1 root root  16 March 19 06:48 net_cls -> net_cls,net_prio/
dr-xr-xr-x  4 root root   0 March 19 22:56 net_cls,net_prio/
lrwxrwxrwx  1 root root  16 March 19 06:48 net_prio -> net_cls,net_prio/

but this is bad style. so I fixed it in my original post.
sorry for that.

kgersen

  • Modérateur
  • Abonné Bbox fibre
  • *
  • Messages: 9 131
  • Paris (75)
ISC DHCP client raw socket solution
« Réponse #3 le: 20 mars 2019 à 11:18:48 »
hi thanks neat trick !

I wonder if one can build an openwrt kernel that supports cgroups. probably yes since I've seen lxc on openwrt.

jeremyp3

  • Abonné Orange Fibre
  • *
  • Messages: 719
  • Pau (64)
ISC DHCP client raw socket solution
« Réponse #4 le: 21 mars 2019 à 05:38:42 »
hello,

super, it works ! I removed all the iptables rules clacify and I keep the max rate

thanks for the tip !

doctorrock

  • Abonné Orange Fibre
  • *
  • Messages: 940
  • Draguignan 83
ISC DHCP client raw socket solution
« Réponse #5 le: 21 mars 2019 à 13:25:00 »
But Orange's equipment insists on receiving ARP, DHCP, ICMPv6, … packets on the 832 VLAN with the priority set to 6, otherwise it won't respond.

Wrong, that depends on your area.
For example to me : this is absolutely not necessary, I send a COS-0 DHCP request, and I get a response from Orange's endpoint with no problem at all.
So, one should first try the "simple solution", then assume he lives in a "priority-6 area". It's just about luck as Orange doesn't share such information.

kgersen

  • Modérateur
  • Abonné Bbox fibre
  • *
  • Messages: 9 131
  • Paris (75)
ISC DHCP client raw socket solution
« Réponse #6 le: 21 mars 2019 à 13:32:34 »
Wrong, that depends on your area.
For example to me : this is absolutely not necessary, I send a COS-0 DHCP request, and I get a response from Orange's endpoint with no problem at all.
So, one should first try the "simple solution", then assume he lives in a "priority-6 area". It's just about luck as Orange doesn't share such information.

but to be safe, better do priority-6 even if not needed. That way if Orange changes something in your area you won't have any issue. All livebox use priority-6 whatever the area they're in.

zoc

  • Abonné Orange Fibre
  • *
  • Messages: 4 351
  • Antibes (06) / Mercury (73)
ISC DHCP client raw socket solution
« Réponse #7 le: 21 mars 2019 à 18:11:30 »
And actually, CoS 6 is only required for DHCP(6) in those areas : I’m in, so I must set the CoS on DHCP to get an IP, but I’m sending everything else (ARP, ICMP, ICMP6) with priority set to best effort (0) and everything is still working.