在我的 Fedora 34 Linux 防火牆/路由器上我注意到
- IPV6 DHCP PD 請求發送正常。
- IPV6 DHCP PD 回覆確實透過線路到達
- 防火牆核心出於某種原因在 FORWARD 規則中發送 DHCP PD 回复,即使 dhclient 處於當地的
- 封包中的位址正確,與 DHCP 伺服器和本機防火牆相符。
詳細資訊可參見紅帽。
我們有一個 ppp 介面:
# ip -6 a s dev ppp0
20: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc cbq state UNKNOWN group default qlen 3
inet6 fe80::c5d5:e942:39c7:7eb7 peer fe80::9ecc:83ff:fec6:e7e5/128 scope link
valid_lft forever preferred_lft forever
我們有 dhclient 在 ppp0 上監聽:
# lsof -p 4066992 -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
dhclient 4066992 root cwd DIR 254,0 4096 40961 /root
dhclient 4066992 root rtd DIR 254,0 4096 2 /
dhclient 4066992 root txt REG 254,2 2018144 141553 /usr/sbin/dhclient
dhclient 4066992 root mem REG 254,2 53728 22104 /usr/lib64/libnss_files-2.33.so
dhclient 4066992 root mem REG 254,2 1913544 21939 /usr/lib64/libc-2.33.so
dhclient 4066992 root mem REG 254,2 32696 30196 /usr/lib64/libcap-ng.so.0.0.0
dhclient 4066992 root mem REG 254,2 842360 30776 /usr/lib64/ld-2.33.so
dhclient 4066992 root 0u CHR 136,4 0t0 7 /dev/pts/4 (deleted)
dhclient 4066992 root 1u CHR 136,4 0t0 7 /dev/pts/4 (deleted)
dhclient 4066992 root 2u CHR 136,4 0t0 7 /dev/pts/4 (deleted)
dhclient 4066992 root 3u unix 0x000000001f2593f7 0t0 16525445 type=DGRAM (UNCONNECTED)
dhclient 4066992 root 4w REG 254,4 64 251 /var/lib/dhclient/dhclient6.leases
dhclient 4066992 root 5w FIFO 0,8 0t0 16525446 pipe
dhclient 4066992 root 6u IPv6 16524541 0t0 UDP [fe80::c5d5:e942:39c7:7eb7]:dhcpv6-client
這似乎都是正確的。
然後傳入的資料包:
# tcpdump -i ppp0 -vn port 546
dropped privs to tcpdump
tcpdump: listening on ppp0, link-type LINUX_SLL (Linux cooked v1), snapshot length 262144 bytes
06:53:09.236781 IP6 (flowlabel 0x7f0d8, hlim 1, next-header UDP (17) payload length: 60) fe80::c5d5:e942:39c7:7eb7.dhcpv6-client > ff02::1:2.dhcpv6-server: [udp sum ok] dhcp6 solicit (xid=b68ba1 (client-ID hwaddr/time type 1 time 394565497 004063f60200) (option-request DNS-server DNS-search-list) (elapsed-time 65535) (IA_PD IAID:0 T1:3600 T2:5400))
06:53:09.469530 IP6 (class 0xc0, hlim 64, next-header UDP (17) payload length: 141) fe80::9ecc:83ff:fec6:e7e5.dhcpv6-server > fe80::c5d5:e942:39c7:7eb7.dhcpv6-client: [udp sum ok] dhcp6 advertise (xid=b68ba1 (client-ID hwaddr/time type 1 time 394565497 004063f60200) (server-ID vid 0000058339633a63) (IA_PD IAID:0 T1:3600 T2:5760 (IA_PD-prefix 2001:981:a812::/48 pltime:7200 vltime:7200)) (DNS-server 2001:888:0:6::66 2001:888:0:9::99))
06:53:09.469756 IP6 (class 0xc0, hlim 63, next-header UDP (17) payload length: 141) fe80::9ecc:83ff:fec6:e7e5.dhcpv6-server > fe80::c5d5:e942:39c7:7eb7.dhcpv6-client: [udp sum ok] dhcp6 advertise (xid=b68ba1 (client-ID hwaddr/time type 1 time 394565497 004063f60200) (server-ID vid 0000058339633a63) (IA_PD IAID:0 T1:3600 T2:5760 (IA_PD-prefix 2001:981:a812::/48 pltime:7200 vltime:7200)) (DNS-server 2001:888:0:6::66 2001:888:0:9::99))
^C
似乎已正確尋址到 dhclient 介面。
那為什麼dhclient收不到呢?
我在沒有活動防火牆的情況下進行了測試:沒有變化。我簡化了路由等,但沒有改變。
這不是問題來自https://stackoverflow.com/questions/19702489/response-udp-packets-not-arriving-regardless-of-right-ip-and-port-after-sending由於存在路由,因此可以聯絡 dhcp 伺服器。
我應該在哪裡查找為什麼帶有 PD 的 DHCP 回覆封包沒有到達本地?
請發文。你做