[avahi] General Avahi usage questions

Lennart Poettering lennart at poettering.net
Tue Feb 16 16:42:44 PST 2010 

On Sat, 13.02.10 03:54, Linus Lüssing (linus.luessing at web.de) wrote:

> > > first question: I think I remember having the avahi-daemon running
> > > which assigned an ipv4 address on a new alias interface. when does
> > > this happen, when not?
> > 
> > avahi-autoipd is usually used as a fallback for dhcp.

> I see. In the beginning I more had the impression that avahi would
> utilise dedicated subnets only. But sounds plausible as at least for
> IPv4 IP collisions are a lot less when using dhcp. Hmm, but
> also... if I intend to use a network without a dhcp server and all
> clients rely on just using the link local ones, then one host that
> left its dhcp server on by mistake could cause quite a lot of
> trouble couldn't it? Or even if there were two dhcp serves on by
> mistake with two different subnets... hell, that would split
> everything in two to three clouds! I couldn't find an option to
> enforce link-local addresses for avahi anywhere, is there something
> like this?

You may, --force-bind is may be used for that.

That said this isn't really a problem if your distribution is properly
set up and follows the recommendations pointed out here:

http://avahi.org/wiki/AvahiAutoipd#Routes

If you distribution does not follow this, then please contact them and
ask them to fix that.

> > 
> > > I also found this avahi-ipauto thingy, but it does not seem to be
> > > running for this avahi-ip4ll stuff to assign a 169.254.0.0/16
> > > adress
> > > -169.254.0.0/24 and 169.254.254.0/24 (if I remember right)
> > 
> > uh? avahi-autoipd will assign one of those addresses if no other
> > address is configured via dhcp or so.
> Ah, okay. I had to play a little with dhcp client and avahi to
> see when and how avahi-autoipd is actually determening this state.
> On my Debian system it also looks like, that additionally I have
> to set the according interface to static, dhcp or NetworkManager
> in /etc/network/interfaces, right? (according to
> /etc/avahi/avahi-autoipd.action)

IIRC Debian sets everything up right out of the box so that dhcpcd's
action script will call avahi-autoipd if it cannot find an IP
address. 

But I am not not a Debian guy, so you better ask the Debian folks
about this.

> 
> > > 2nd question: how can I look up the ip addresses that are assigned
> > > to mylaptop.local (mylaptop should just be the local host name in
> > > /etc/hosts on 127.0.1.1 on a debian system, right?)
> > 
> > getent hosts mylaptop.local
> Hmm, that did not seem to work, I'm just getting the local ip
> addresses specified in /etc/hosts. But hey, the mdns-scan did at
> least find the other machine in my network.
> > 
> > (you need nss-mdns installed for that)
> Ehm, and there's only the libnss-mdns available in Debian
> unstable (and it is installed here).

That's presumably the right package.

You might want to use wireshark or suchlike to check whether the query
packets are properly generated.

> > Avahi will always announce the "best" address it can find on each
> > interface. Meaning that global addresses are generally preferred over
> > link-local ones.
> So like global -> organisation -> site -> link -> host? (Is the
> ipv6 multicast scopes list the one that can be used as a
> reference? Or is there something more complete?)

Most of the scope stuff does not exist anymore these days. Global and
Link are the only two scopes recognized these days iirc, and Avahi
looks for them.

> Another question that comes in my mind here: What happens, if two
> computers have two different subnets configured which can't reach
> each other over this one but could reach each other over their
> ipv6 link local address as being on the same ethernet link.
> Shouldn't avahi announce this link local address as well so that
> those two hosts could communicate with each other anyway?
> Is there a reason why avahi is not announcing all ip addresses
> available on an interface (with adding its prefered priorities so
> that the another host could choose the interface with the highest
> priority stated and reachable as well)?

We want to minimize the traffic generated and hence pick only one
address per iface to announce, and that's the one that is probably the
most usefil one, i.e. a routable address. Anf if the routes mentioned
above are set up properly then things should be quire robust.

> And I guess, avahi is announcing both the "best" ipv6 and ipv4
> address letting the other hosts decide which type they are
> capable connecting to, right?

Not sure I follow.

Avahi will pick the best address per interface and per protocol and
announce those. On a host with one network interface and both IPv6 and
IPv4 it will hence announce exactly two addresses.

> Should applications only allow connections from other hosts that
> had previously announced themselves via avahi or should they accept
> any connection (which might be a security issue?). But the first
> thing could cause some trouble if the kernel would decide to use
> source address differing from the one announced by avahi...
> And again for IPv6, generally an application should try connecting
> to the host's announced IPv6 address first and retry the IPv4 one
> after a timeout?

Avahi is not a security tool. It tries its best to make sure it
doesn't pass on data from non-local networks or to non-local networks,
but don't use it for authentication.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the avahi mailing list