[WIP]feat(dhcpv6): Add DHCPv6 support for macvlan and bridge drivers #1323

Rishikpulhani · 2025-08-25T09:54:13Z

This commit introduces full support for stateful IPv6 address assignment via DHCPv6, resolving the issue where containers would not receive a global IPv6 address on macvlan networks.

The implementation follows the standard IPv6 design of separating gateway discovery (via Router Advertisements) from stateful address assignment (via DHCPv6).

Design

The implementation follows the standard IPv6 model:

Gateway Discovery via Router Advertisements: The container's kernel is configured via sysctl (accept_ra=2, autoconf=0) to automatically learn its default gateway from RAs while preventing SLAAC. Netavark does not parse RA messages itself.
Stateful Address Assignment via DHCPv6: A new DhcpV6Service in the DHCP proxy uses the mozim library to acquire a lease, providing the container with a stable IP address and other options like DNS.

Key changes include:

Kernel Configuration: Netavark now configures the container's kernel to accept Router Advertisements (accept_ra=2) for automatic gateway discovery, while disabling SLAAC (autoconf=0) to ensure a managed, deterministic network environment.
DHCPv6 Service: A new DhcpV6Service is added to the DHCP proxy. It uses the mozim library to acquire IPv6 leases and correctly generates a stable DUID-LL from the container's static MAC address to ensure a persistent network identity.
gRPC Layer: The gRPC Lease object and its From implementations have been updated to act as a universal carrier for both IPv4 and IPv6 lease information.
Generic Proxy Logic: Core functions like process_client_stream and update_lease_ip have been refactored to handle both DHCPv4 and DHCPv6 services generically, with conditional logic to correctly handle the differences between the protocols (e.g., gateway handling).

Summary by Sourcery

Enable stateful DHCPv6 on macvlan and bridge networks by introducing a dedicated DhcpV6Service, updating kernel sysctl settings for IPv6 gateway discovery, and extending the proxy and gRPC lease handling to support IPv6 leases

New Features:

Introduce full stateful DHCPv6 support via a new DhcpV6Service using the mozim library
Configure container kernel sysctl on macvlan and bridge drivers to accept Router Advertisements and disable SLAAC
Extend the gRPC Lease message and its conversions to carry IPv6 lease details such as DNS, domain search list, and NTP servers

Enhancements:

Add a DhcpService enum to unify DHCPv4 and DHCPv6 services and refactor proxy logic for protocol-agnostic lease processing
Generate deterministic DUID-LL identifiers from container MAC addresses to ensure stable DHCPv6 leases across restarts

Build:

Add hex and dhcproto dependencies for encoding and parsing DHCPv6 options

openshift-ci · 2025-08-25T09:54:19Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Rishikpulhani
Once this PR has been reviewed and has the lgtm label, please assign luap99 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

sourcery-ai · 2025-08-25T09:54:20Z

Reviewer's Guide

This PR extends Netavark’s networking stack to support stateful DHCPv6 by adding a dedicated DhcpV6Service in the DHCP proxy, updating the gRPC Lease conversion to handle IPv6, configuring container kernels for Router Advertisement acceptance, and introducing required dependencies.

Class diagram for new DHCPv6 support in DhcpService

classDiagram
    class DhcpService {
        <<enum>>
        V4(DhcpV4Service)
        V6(DhcpV6Service)
    }
    class DhcpV4Service
    class DhcpV6Service {
        +DhcpV6ClientAsync client
        +NetworkConfig network_config
        +Option<MozimV6Lease> previous_lease
        +new(nc: NetworkConfig, timeout: u32, ia_type: DhcpV6IaType) Result<Self, DhcpServiceError>
        +get_lease() Result<NetavarkLease, DhcpServiceError>
    }
    DhcpService --> DhcpV4Service
    DhcpService --> DhcpV6Service
    DhcpV6Service --> DhcpV6ClientAsync
    DhcpV6Service --> NetworkConfig
    DhcpV6Service --> MozimV6Lease

    class DhcpServiceError {
        DhcpServiceErrorKind kind
        String message
    }
    DhcpV6Service --> DhcpServiceError

    class NetavarkLease
    class MozimV6Lease
    DhcpV6Service --> NetavarkLease
    DhcpV6Service --> MozimV6Lease

File-Level Changes

Change	Details	Files
Introduce DhcpV6Service in the DHCP proxy	Add DhcpService enum variant for V6 Implement DhcpV6Service new() and async get_lease(), using mozim client Generate deterministic DUID-LL from container MAC for stable leases Store and convert MozimV6Lease to NetavarkLease	`src/dhcp_proxy/dhcp_service.rs`
Extend gRPC proxy layer to support DHCPv6 leases	Import DhcpV6Lease and relevant DHCPv6 option enums Implement From for Lease, mapping DNS, domain, NTP, prefix and flags Set is_v6 flag and default non-applicable fields for IPv6	`src/dhcp_proxy/lib.rs`
Configure container kernel sysctls for IPv6 RA and disable SLAAC	Enable accept_ra=2 on container interfaces to learn default routes via RA Disable IPv6 autoconf to prevent SLAAC on macvlan and bridge	`src/network/bridge.rs` `src/network/vlan.rs`
Update project dependencies for DHCPv6 support	Add hex crate for DUID encoding Add dhcproto crate for DHCPv6 option parsing	`Cargo.toml`

Assessment against linked issues

Issue	Objective	Addressed	Explanation
#1072	Ensure that containers attached to a podman network using the macvlan driver with ipv6 enabled and ipam-driver dhcp receive a global IPv6 address assigned via DHCPv6.	✅
#1072	Implement DHCPv6 support in the network backend (netavark) for both macvlan and bridge drivers, so that stateful IPv6 address assignment via DHCPv6 is possible.	✅

Possibly linked issues

network driver macvlan does not receive an ipv6 address from dhcp #1072: The PR implements DHCPv6 support for macvlan networks, enabling containers to receive IPv6 addresses as requested in the issue.

Tips and commands

Interacting with Sourcery

Trigger a new review: Comment @sourcery-ai review on the pull request.
Continue discussions: Reply directly to Sourcery's review comments.
Generate a GitHub issue from a review comment: Ask Sourcery to create an
issue from a review comment by replying to it. You can also reply to a
review comment with @sourcery-ai issue to create an issue from it.
Generate a pull request title: Write @sourcery-ai anywhere in the pull
request title to generate a title at any time. You can also comment
@sourcery-ai title on the pull request to (re-)generate the title at any time.
Generate a pull request summary: Write @sourcery-ai summary anywhere in
the pull request body to generate a PR summary at any time exactly where you
want it. You can also comment @sourcery-ai summary on the pull request to
(re-)generate the summary at any time.
Generate reviewer's guide: Comment @sourcery-ai guide on the pull
request to (re-)generate the reviewer's guide at any time.
Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
pull request to resolve all Sourcery comments. Useful if you've already
addressed all the comments and don't want to see them anymore.
Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
request to dismiss all existing Sourcery reviews. Especially useful if you
want to start fresh with a new review - don't forget to comment
@sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

Enable or disable review features such as the Sourcery-generated pull request
summary, the reviewer's guide, and others.
Change the review language.
Add, remove or edit custom review instructions.
Adjust other review settings.

Getting Help

Contact our support team for questions or feedback.
Visit our documentation for detailed guides and information.
Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

This commit introduces full support for stateful IPv6 address assignment via DHCPv6, resolving the issue where containers would not receive a global IPv6 address on macvlan networks. The implementation follows the standard IPv6 design of separating gateway discovery (via Router Advertisements) from stateful address assignment (via DHCPv6). Key changes include: - **Kernel Configuration:** Netavark now configures the container's kernel to accept Router Advertisements (`accept_ra=2`) for automatic gateway discovery, while disabling SLAAC (`autoconf=0`) to ensure a managed, deterministic network environment. - **DHCPv6 Service:** A new `DhcpV6Service` is added to the DHCP proxy. It uses the `mozim` library to acquire IPv6 leases and correctly generates a stable DUID-LL from the container's static MAC address to ensure a persistent network identity. - **gRPC Layer:** The gRPC `Lease` object and its `From` implementations have been updated to act as a universal carrier for both IPv4 and IPv6 lease information. - **Generic Proxy Logic:** Core functions like `process_client_stream` and `update_lease_ip` have been refactored to handle both DHCPv4 and DHCPv6 services generically, with conditional logic to correctly handle the differences between the protocols (e.g., gateway handling). Signed-off-by: Rishikpulhani <rishikpulhani@gmail.com>

packit-as-a-service · 2025-08-26T08:04:18Z