Skip to content

Instantly share code, notes, and snippets.

@daemonhorn
Last active January 2, 2023 15:24
Show Gist options
  • Save daemonhorn/83f8cdce3b3d1a7f85e3b28a5fb7a74f to your computer and use it in GitHub Desktop.
Save daemonhorn/83f8cdce3b3d1a7f85e3b28a5fb7a74f to your computer and use it in GitHub Desktop.
PfSense patch to wide-dhcp6 client to support IA_NA on IA_PD interface. This is a temporary workaround for FIOS IPv6 router.
--- prefixconf.c.orig 2017-02-28 19:06:15.000000000 +0000
+++ prefixconf.c 2022-02-13 19:16:41.144605000 +0000
@@ -201,20 +201,6 @@
if (sp->prefix.vltime != 0 && spcreate) {
for (pif = TAILQ_FIRST(iac_pd->pifc_head); pif;
pif = TAILQ_NEXT(pif, link)) {
- /*
- * The requesting router MUST NOT assign any delegated
- * prefixes or subnets from the delegated prefix(es) to
- * the link through which it received the DHCP message
- * from the delegating router.
- * [RFC3633 Section 12.1]
- */
- if (strcmp(pif->ifname, dhcpifp->ifname) == 0) {
- d_printf(LOG_INFO, FNAME,
- "skip %s as a prefix interface",
- dhcpifp->ifname);
- continue;
- }
-
add_ifprefix(sp, pinfo, pif);
}
}
@daemonhorn
Copy link
Author

daemonhorn commented Feb 13, 2022

This is a temporary workaround for PFSense since the wide-dhcp6 client (dhcp6c) does not support the same request options as the FIOS-branded router to exclude a range from the allocated PD prefix for router utilization. https://datatracker.ietf.org/doc/html/rfc6603 and option 67 PD_EXCLUDE in https://datatracker.ietf.org/doc/html/rfc8415. See also: https://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml

@daemonhorn
Copy link
Author

daemonhorn commented Feb 13, 2022

AMD64 (x64) built file as of 2/13/22 from freebsd ports with patch above for those who do not want to rebuild from source.
SHA256 (dhcp6c) = 80933ad87426f489d9f16bcb76d6a72c02b637aabc9ce074009521d42fecc88c
/usr/local/sbin/dhcp6c
https://drive.google.com/file/d/1fY4Y_Vd9ZDz3OV1CTOvcTn3P8MD1vukr/view?usp=sharing

@daemonhorn
Copy link
Author

daemonhorn commented Feb 13, 2022

Requires WAN being set to DHCP6, and a custom configuration file as follows:
/etc/dhcp6c_WAN_LAN_VLAN.conf

interface em0 {
        send ia-pd 0;   # request prefix delegation
        request domain-name-servers;
        request domain-name;
        script "/var/etc/dhcp6c_wan_script.sh"; # we'd like some nameservers please
};
id-assoc pd 0 {
#  Support prefix 0 on LAN interface (em1)
        prefix ::/56 infinity;
        prefix-interface em1 {
                sla-id 0;
                sla-len 8;
        };
# Support prefix 1 on GUEST_VLAN interface (em1.20)
        prefix-interface em1.20 {
                sla-id 1;
                sla-len 8;
        };
# Support prefix 16 on WAN interface (em0) - requires patch to prefixconf.c to enable
        prefix-interface em0 {
                sla-id 16;
                sla-len 8;
        };
};

@daemonhorn
Copy link
Author

Still works (source/bin/config) on PfSense 2.6.0

@dlangille
Copy link

Did this get fed upstream into pfSense?

@daemonhorn
Copy link
Author

Did this get fed upstream into pfSense?

Not yet. I tried to get upstream (pfsense and the kame-dhcp6 port maintainer hrs@) to look at this and some other features needed to better support a modern RFC compliant DHCPv6, but not a lot of traction. I think a better long-term solution may be to switch to net/dhcpcd port originally created by Roy Marples. In the mean time, if you have a commit bit with pfsense, feel free to upstream for me.

@daemonhorn
Copy link
Author

Oh, and for the record, the FiOS branded router actually uses Roy Marples dhcpcd code, and sends the PD_EXCLUDE option, but my local FiOS DHCPv6 server ignores the PD_EXCLUDE option anyway, YMMV.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment