New article on ngeth
parent
eaa40bda46
commit
e2a0c11383
@ -0,0 +1,45 @@
|
|||||||
|
---
|
||||||
|
layout: post
|
||||||
|
title: "IPv6 and Netgraph Ethernet pseudo-interface"
|
||||||
|
date: 2017-12-28 12:47:00 +0100
|
||||||
|
comments: true
|
||||||
|
categories:
|
||||||
|
---
|
||||||
|
|
||||||
|
On a NanoBSD firewall, I want to have a separate
|
||||||
|
MAC address on one of the Ethernet interfaces to
|
||||||
|
act as the outer endpoint for IPv6 traffic. This
|
||||||
|
is achieved using a Netgraph eiface:
|
||||||
|
|
||||||
|
```plain /etc/rc.local
|
||||||
|
kldload ng_ether
|
||||||
|
ngctl mkpeer sis0: bridge lower link0
|
||||||
|
ngctl name sis0:lower sis0bridge
|
||||||
|
ngctl connect sis0: sis0bridge: upper link1
|
||||||
|
ngctl mkpeer sis0bridge: eiface link2 ether
|
||||||
|
ngctl msg sis0: setpromisc 1
|
||||||
|
ngctl msg sis0: setautosrc 0
|
||||||
|
|
||||||
|
ifconfig ngeth0 link 06:00:00:00:00:06
|
||||||
|
```
|
||||||
|
|
||||||
|
Note that this does *not* include an ifconfig call to
|
||||||
|
set the interface's IPv6 address: this is done by
|
||||||
|
devd, which calls the boot scripts' ifconfig routine
|
||||||
|
when the interface comes up. Thus I have the following
|
||||||
|
line in /etc/rc.conf:
|
||||||
|
|
||||||
|
```plain /etc/rc.conf
|
||||||
|
ifconfig_ngeth0_ipv6="inet6 fe80::6/64"
|
||||||
|
```
|
||||||
|
|
||||||
|
If instead of this line I have an explicit ifconfig
|
||||||
|
in `/etc/rc.local` then there is a race condition between
|
||||||
|
rc.local and devd. If devd runs last, the boot scripts
|
||||||
|
won't see any IPv6 address configured for the newly
|
||||||
|
created interface in `/etc/rc.conf`, and they will set
|
||||||
|
`ifdisabled` on it (blocking all IPv6 traffic, and marking
|
||||||
|
the configured link local address as "tentative").
|
||||||
|
If devd runs first, the problem is dormant, because setting
|
||||||
|
the link local address clears `ifdisabled` as a side effect.
|
||||||
|
|
Loading…
Reference in New Issue