[Bug 1718568] Re: dhclient-script fails to wait for link-local address
Dan Streetman
dan.streetman at canonical.com
Thu Mar 8 18:56:06 UTC 2018
artful:
ubuntu at lp1718568-artful:~$ dpkg -l | grep isc-dhcp
ii isc-dhcp-client 4.3.5-3ubuntu2.2 amd64 DHCP client for automatically obtaining an IP address
ii isc-dhcp-common 4.3.5-3ubuntu2.2 amd64 common manpages relevant to all of the isc-dhcp packages
ubuntu at lp1718568-artful:~$ sudo ip l set down dev ens7
ubuntu at lp1718568-artful:~$ sudo ip l show ens7
3: ens7: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 52:54:00:bf:16:8a brd ff:ff:ff:ff:ff:ff
(on host):
$ virsh domif-setlink lp1718568-artful vnet8 down
Device updated successfully
(back on guest):
ubuntu at lp1718568-artful:~$ sudo dhclient -v -6 ens7
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
no link-local IPv6 address for ens7
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging..
exiting.
after updating to -proposed:
ubuntu at lp1718568-artful:~$ sudo ip l set down dev ens7
ubuntu at lp1718568-artful:~$ sudo ip l show ens7
3: ens7: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 52:54:00:bf:16:8a brd ff:ff:ff:ff:ff:ff
ubuntu at lp1718568-artful:~$ dpkg -l | grep isc-dhcp
ii isc-dhcp-client 4.3.5-3ubuntu2.3 amd64 DHCP client for automatically obtaining an IP address
ii isc-dhcp-common 4.3.5-3ubuntu2.3 amd64 common manpages relevant to all of the isc-dhcp packages
ubuntu at lp1718568-artful:~$ sudo dhclient -v -6 ens7
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
(blocks, waiting for ipv6 link-local addr)
(on host):
$ virsh domif-setlink lp1718568-artful vnet8 up
Device updated successfully
(back on guest):
Listening on Socket/ens7
Sending on Socket/ens7
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT: X-- IA_NA 00:bf:16:8a
XMT: | X-- Request renew in +3600
XMT: | X-- Request rebind in +5400
XMT: | X-- Request address 2001:db8::99.
XMT: | | X-- Request preferred in +7200
XMT: | | X-- Request valid in +10800
XMT: Solicit on ens7, interval 1020ms.
RCV: Advertise message on ens7 from fe80::5054:ff:fec9:897c.
RCV: X-- IA_NA 00:bf:16:8a
RCV: | X-- starts 1520535276
RCV: | X-- t1 - renew +3600
RCV: | X-- t2 - rebind +7200
RCV: | X-- [Options]
RCV: | | X-- IAADDR 2001:db8::99
RCV: | | | X-- Preferred lifetime 604800.
RCV: | | | X-- Max lifetime 2592000.
RCV: X-- Server ID: 00:01:00:01:22:2c:61:12:52:54:00:c9:89:7c
RCV: Advertisement recorded.
PRC: Selecting best advertised lease.
PRC: Considering best lease.
PRC: X-- Initial candidate 00:01:00:01:22:2c:61:12:52:54:00:c9:89:7c (s: 10105, p: 0).
XMT: Forming Request, 0 ms elapsed.
XMT: X-- IA_NA 00:bf:16:8a
XMT: | X-- Requested renew +3600
XMT: | X-- Requested rebind +5400
XMT: | | X-- IAADDR 2001:db8::99
XMT: | | | X-- Preferred lifetime +7200
XMT: | | | X-- Max lifetime +7500
XMT: V IA_NA appended.
XMT: Request on ens7, interval 940ms.
RCV: Reply message on ens7 from fe80::5054:ff:fec9:897c.
RCV: X-- IA_NA 00:bf:16:8a
RCV: | X-- starts 1520535277
RCV: | X-- t1 - renew +3600
RCV: | X-- t2 - rebind +7200
RCV: | X-- [Options]
RCV: | | X-- IAADDR 2001:db8::99
RCV: | | | X-- Preferred lifetime 604800.
RCV: | | | X-- Max lifetime 2592000.
RCV: X-- Server ID: 00:01:00:01:22:2c:61:12:52:54:00:c9:89:7c
PRC: Bound to lease 00:01:00:01:22:2c:61:12:52:54:00:c9:89:7c.
-proposed package verified
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1718568
Title:
dhclient-script fails to wait for link-local address
Status in isc-dhcp package in Ubuntu:
Fix Released
Status in isc-dhcp source package in Trusty:
Fix Committed
Status in isc-dhcp source package in Xenial:
Fix Committed
Status in isc-dhcp source package in Zesty:
Won't Fix
Status in isc-dhcp source package in Artful:
Fix Committed
Status in isc-dhcp source package in Bionic:
Fix Released
Status in isc-dhcp package in Debian:
New
Bug description:
[impact]
bug 1633479 made a change to isc-dhcp to wait for an interface's link-local ipv6 address to switch from 'tentative' to normal, because all link-local addresses briefly go through a 'tentative' state while the kernel is performing ipv6 link-local 'duplicate address detection' (DAD). While in the 'tentative' state, dhclient can't take over the interface and send out
dhcpv6 requests; it must wait until DAD completes.
However, the change made in that bug does not account for the case
where the 'tentative' check is done before the interface has even set
up a link-local address; its case statement assumes if there is no
'tentative' or 'dadfailed' string in the output, the link-local
address is ready to use. When the address check finds no address at
all, this will return as successful, even though it shouldn't, and
dhclient will fail to get the dhcpv6 address.
[test case]
on a system that is configured for dhcpv6 on one or more of its
interfaces, repeatedly try to get the dhcpv6 address. For interfaces
that are slower to actually set up their initial tentative link-local
address, they will occasionally fail, since the current code is a race
between the kernel adding the tentative link-local address, and the
dhclient-script.linux code checking the interface for a tentative
address.
with the patch to correct this, even interfaces slow to add their
tentative link-local address should correctly wait for the address to
get added, and then transition from tentative to normal, and then
begin the dhcpv6 process.
[regression potential]
errors in this function can cause dhclient to fail to get a ipv6
address for an interface; regression would happen if this patch makes
it fail more than it already is failing, but would not cause other
failures or problems after getting an ipv6 address; this patch will
affect only startup-time.
additionally, the current behavior of dhclient when using an interface
that has no link-local address after being brought up is to exit
immediately; while after this patch dhclient will wait ~6 seconds
before exiting (while waiting for the interface to get a non-tentative
link-local addr). This is the point of this bug, that some NIC hw
doesn't show a tentative link-local addr immediately after coming up.
However, if dhclient -6 is configured to run on an interface without
any link state at all (e.g. its physical cable is unplugged), then
while before dhclient would exit immediately with error, it now waits
6 seconds. If the system is misconfigured like that, or if someone
pulls a cable and reboots, then system boot will be delayed an extra 6
seconds. However, that short delay for misconfigured/broken systems
seems acceptable to me, in exchange for allowing dhclient to work with
slightly slow NIC hw. Additionally, consider that if the problem is
instead no dhcpv6 server, dhclient -6 will wait a much, much longer
amount of time for a dhcpv6 response before giving up.
[other info]
related bug 1633479
[original description]
Summary:
========
If a interface does not yet have a link-local address (as it may have
just been brought up), dhclient -6 <ifname> will fail. The built-in
"wait for link-local address" loop does not function properly, causing
DHCP failure.
Discussion:
===========
In trying to configure isc-dhcp-client 4.3.5-3ubuntu1 for IPv6 on
Ubuntu 17.04, I was finding that on boot I was getting failures with
the logged message "no link-local IPv6 address for <ifname>"
I found that it took several seconds for the link-local address to be
assigned when the interface came up (in this case, the ISP/modem-
facing interface), and worked around it with a script that looks at
/sbin/ifconfig $IFACE | /bin/fgrep -q 'scopeid 0x20'
and loops for a fixed number of times for that to be successful.
On looking at /sbin/dhclient-script it appears that it *tries* to do
the same thing in
# set the link up and wait for ipv6 link local dad to finish
ipv6_link_up_and_dad()
this code sets
out=$(ip -6 -o address show dev "$dev" scope link)
then checks it with a case statement inside of a loop for
case " $out " in
*\ dadfailed\ *)
error "$dev: ipv6 dad failed."
return 1;;
*\ tentative\ *) :;;
*) return 0;;
esac
If there is no link-local address, $out will be empty. The default
case is taken, and the loop exits immediately:
$ echo "'$out'" ; case " $out " in
> *\ dadfailed\ *)
> echo "dadfailed"
> ;;
> *\ tentative\ *)
> echo "tentative"
> ;;
> *)
> echo "default"
> esac
''
default
As a result, there is no "wait for link-local address" and when there
is no link-local address, dhclient fails later on.
Possible Fix:
=============
Adding "the missing case" for "no address" case that continues the
loop is one possible solution.
. case " $out " in
. *\ dadfailed\ *)
. error "$dev: ipv6 dad failed."
. return 1;;
. *\ tentative\ *) :;;
+ " ")
+ :
+ ;;
. *) return 0;;
. esac
At least in my situation, this prevents the failure of dhclient due to
the link-local address not being "ready" yet.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1718568/+subscriptions
More information about the foundations-bugs
mailing list