Configuring a static IPv6 addr in initramfs-tools (Was: IPv6 configuration initramfs)

To: Marco Moock <mm@dorfdsl.de>
Cc: debian-ipv6@lists.debian.org
Subject: Configuring a static IPv6 addr in initramfs-tools (Was: IPv6 configuration initramfs)
From: Daniel Gröber <dxld@darkboxed.org>
Date: Tue, 19 Mar 2024 12:18:23 +0100
Message-id: <[🔎] 20240319111823.ccm3bkihgv4f5ynz@darkboxed.org>
In-reply-to: <[🔎] 20240318164222.689a0850@dorfdsl.de>
References: <[🔎] 20240318164222.689a0850@dorfdsl.de>

Hi Marco,

On Mon, Mar 18, 2024 at 04:42:22PM +0100, Marco Moock wrote:
> I have a system with Dropbear (to unlock encrypted root volume) inside
> of initramfs. Initramfs itself supports IPv6 (link-local tested).
> Is there a way for static IPv6 address configuration like it exists
> for IPv4?

The way the early boot network autoconfiguration works is the
intramfs-tools init script takes the ip= option from the kernel commandline
and passess it (somewhat modified) to the klibc-utils "ipconfig"
tool. Looking at the source that tool very much only handles IPv4 so we're
going to need to use an alternate approach for adding a v6 address.

initramfs-tools supports adding your own custom code to the boot process, I
have to admit I've never needed to do this, I thought it would be a bit
fiddly but it didn't end up being so bad. These days you can easily test
your initramfs setup using qemu before rebooting and finding your machine
bricked :)

Depending on your fstab/crypttab setup you may have to wait a bit for init
to fail to find the root device and kick you into the rescue shell but this
works:

    $ qemu-system-x86_64 -m 512 -nographic -kernel /boot/vmlinuz-6.1.0-18-amd64 -append 'console=ttyS0 debug=y' -initrd /boot/initrd.img-6.1.0-18-amd64

The script itself is pretty simple, since we can add addressess to an
interface even if it's still down where in the run order we place it
doesn't matter too much. I'm putting it in init-premount like the dropbear
script.

    $ cat /etc/initramfs-tools/scripts/init-premount/my-static-v6
    #!/bin/sh
    case $1 in prereqs) exit 0 ;; esac
    ip addr add dev ens3 2001:db8::1/64

Note: The "prereqs" bit is so initramfs-tools can figure out the order of
scripts when it's generating the image.

I would have liked to recommend the use of ip-token(8) to change the
interface ID of the SLAAC address instead of hardcoding the whole IP so
this works even when your prefix changes but it looks like busybox ip
doesn't support that. Should be pretty trivial to add tho if anyone feels
like working on this.

Let me know how that goes,
--Daniel

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- IPv6 configuration initramfs
  - From: Marco Moock <mm@dorfdsl.de>

Prev by Date: Re: IPv6 configuration initramfs
Previous by thread: Re: IPv6 configuration initramfs
Index(es):
- Date
- Thread