feat(dhcpv6): Add DHCPv6 support for macvlan and bridge drivers

This commit introduces full support for stateful IPv6 address assignment via DHCPv6, resolving the issue where containers would not receive a global IPv6 address on macvlan networks.

The implementation follows the standard IPv6 design of separating gateway discovery (via Router Advertisements) from stateful address assignment (via DHCPv6).

Key changes include:

- **Kernel Configuration:** Netavark now configures the container's kernel to accept Router Advertisements (`accept_ra=2`) for automatic gateway discovery, while disabling SLAAC (`autoconf=0`) to ensure a managed, deterministic network environment.

- **DHCPv6 Service:** A new `DhcpV6Service` is added to the DHCP proxy. It uses the `mozim` library to acquire IPv6 leases and correctly generates a stable DUID-LL from the container's static MAC address to ensure a persistent network identity.

- **gRPC Layer:** The gRPC `Lease` object and its `From` implementations have been updated to act as a universal carrier for both IPv4 and IPv6 lease information.

- **Generic Proxy Logic:** Core functions like `process_client_stream` and `update_lease_ip` have been refactored to handle both DHCPv4 and DHCPv6 services generically, with conditional logic to correctly handle the differences between the protocols (e.g., gateway handling).

Signed-off-by: Rishikpulhani <[email protected]>

Author: Rishikpulhani

Cargo.lock

@@ -62,6 +62,8 @@ futures-core = "0.3.31"
 futures-util = "0.3.31"
 tower = { version = "0.5.2", features = ["util"] }
 hyper-util = "0.1.17"
+hex = "0.4.3"
+dhcproto = "0.12.0"
 
 [build-dependencies]
 chrono = { version = "0.4.42", default-features = false, features = ["clock"] }

Cargo.toml

@@ -1,7 +1,9 @@
 #![cfg_attr(not(unix), allow(unused_imports))]
 
 use crate::dhcp_proxy::cache::{Clear, LeaseCache};
-use crate::dhcp_proxy::dhcp_service::{process_client_stream, DhcpV4Service};
+use crate::dhcp_proxy::dhcp_service::{
+    process_client_stream, DhcpService, DhcpV4Service, DhcpV6Service,
+};
 use crate::dhcp_proxy::ip;
 use crate::dhcp_proxy::lib::g_rpc::netavark_proxy_server::{NetavarkProxy, NetavarkProxyServer};
 use crate::dhcp_proxy::lib::g_rpc::{
@@ -14,6 +16,7 @@ use crate::error::{NetavarkError, NetavarkResult};
 use crate::network::core_utils;
 use clap::Parser;
 use log::{debug, error, warn};
+use mozim::DhcpV6IaType;
 use tokio::task::AbortHandle;
 
 use std::collections::HashMap;
@@ -38,7 +41,7 @@ use tonic::{
     transport::Server, Code, Code::Internal, Code::InvalidArgument, Request, Response, Status,
 };
 
-type TaskData = (Arc<tokio::sync::Mutex<DhcpV4Service>>, AbortHandle);
+type TaskData = (Arc<tokio::sync::Mutex<DhcpService>>, AbortHandle);
 
 #[derive(Debug)]
 /// This is the tonic netavark proxy service that is required to impl the Netavark Proxy trait which
@@ -437,7 +440,7 @@ async fn process_setup<W: Write + Clear>(
             let mut service = DhcpV4Service::new(network_config, timeout)?;
 
             let lease = service.get_lease().await?;
-            let service_arc = Arc::new(tokio::sync::Mutex::new(service));
+            let service_arc = Arc::new(tokio::sync::Mutex::new(DhcpService::V4(service)));
             let service_arc_clone = service_arc.clone();
             let task_handle = tokio::spawn(process_client_stream(service_arc_clone));
             tasks
@@ -446,9 +449,20 @@ async fn process_setup<W: Write + Clear>(
                 .insert(mac.to_string(), (service_arc, task_handle.abort_handle()));
             lease
         }
-        //V6 TODO implement DHCPv6
         1 => {
-            return Err(Status::new(InvalidArgument, "ipv6 not yet supported"));
+            // ia_type for conatainers is generally NonTemporaryAddresses
+            let mut service =
+                DhcpV6Service::new(network_config, timeout, DhcpV6IaType::NonTemporaryAddresses)?;
+            let lease = service.get_lease().await?;
+            //    service in the generic DhcpService enum.
+            let service_arc = Arc::new(tokio::sync::Mutex::new(DhcpService::V6(service)));
+            let service_arc_clone = service_arc.clone();
+            let task_handle = tokio::spawn(process_client_stream(service_arc_clone));
+            tasks
+                .lock()
+                .expect("lock tasks")
+                .insert(mac.to_string(), (service_arc, task_handle.abort_handle()));
+            lease
         }
         _ => {
             return Err(Status::new(InvalidArgument, "invalid protocol version"));