[radvd-devel-l] Saving logs for radvd

Cameron Kerr cameron at humbledown.org
Wed Feb 2 14:59:19 EST 2011 

On 3/02/2011, at 2:02 AM, Joan wrote:

>> In short, no.  It's not possible with radvd.
>> 
>> Longer answer...  It's the hosts' responsibility to configure its own
>> addresses.  Radvd is only sending the hosts the network prefix.  Some hosts
>> will contact radvd through the all routers multicast address, but even so,
>> the source address of the solicitation may be empty.  Additionally, hosts
>> don't have to contact radvd at all.  A host can wait for a periodic
>> broadcast from radvd then autoconfigure from there without ever contacting
>> radvd.  Also, the host does not communicate back to radvd which addresses it
>> selected.  Generally the host portion of the IPv6 address (the lower 64
>> bits) are derived from the mac address, but this isn't required...
>> 
>> DHCPv6 may be able to do exactly what you want, but that would be for
>> another mailing list...
> Ok, so it depends on stateless ipv6 provisioning, it makes sense ...
> Prior of using radvd I was trying to setup a dhcpv6 server, the
> problem it that while almost all the devices have slaac suport, most
> of them doesn't have a proper dhcpv6 client.
> 
> Well, it seems that either I have to use some logic in my routers to
> register the ips on my LAN or try to find the appropiate dhcpv6 client
> for the devices trying to use our network.

There is another thing you can do. Although SLAAC clients don't attempt to register themselves with radvd, you can listen to the network for the SLAAC process, in particular while the clients is going through the DAD (Duplicate Address Detection) process.

Suggested algorithm:

1) Listen to the networking using a  PCAP expression such as the following to listen for neighbour advertisements:

	Here I'm looking for DADs regarding addresses inside the prefix 2001:470:d:b88/64

	tcpdump -n -s0 -v -i eth0 -e -x '
		icmp6
		and (ip6[40+0] == 135) 
		and (ip6[0x30:4] == 0x20010470 and ip6[0x30+4:4] == 0x000d0b88)
		'

	More info on using TCPDump with ICMPv6 is on my website:
	http://humbledown.org/tcpdump-packet-too-big.xhtml

	You may also like to make stdout line buffered (tcpdump's -l option) if you want to process the results 'live'.

2) Parse the output according to your needs. You may like to extract the Source MAC address, and take note of the time.

You could use this for determining:

1)  which machines had  which IPv6 address (this method should also work for privacy addresses, I think, though I haven't tested it) at which time.

2)  which machines are operating IPv6 on the network (useful when they shouldn't). Because you now have the MAC (which in most cases you could infer from the address anyway), you can now track it down based on your IPv4 DHCP management records.


Hope it helps,
Cameron

More information about the radvd-devel-l mailing list