From owner-freebsd-hackers@FreeBSD.ORG Fri Mar 9 15:28:17 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8908E106564A for ; Fri, 9 Mar 2012 15:28:17 +0000 (UTC) (envelope-from annonymouse@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 3AC918FC19 for ; Fri, 9 Mar 2012 15:28:17 +0000 (UTC) Received: by vbmv11 with SMTP id v11so1786284vbm.13 for ; Fri, 09 Mar 2012 07:28:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=JN/PVm9WW3pqGUw3u5fjnYP3GE3vR7HRXnnZxd91Dw0=; b=v74MkwpO7JirtTqhzp8d+fyBrQmxxpe32PZRE1XaZbUlz9CQPzP9uWDSa7FDxwZQan 5jhK5TgbkCNrRyOZPmeR+cooqUIolF0toPON+W5zUsPVygPEVB7lT7aNG4qIkjhV34Iu sBCvtN4rOQ4gOJYxBrkxEDOsQQpR0VOeyKVIpL8IPrrprS/2y1aUjs7P+sqAvcKhHNVH IwUze3zkISGA8a3lWT9TLKqznhp2tAi4gsMj1kn8VBn2tBm+zfUuben3HVgk8Bg7VTMH zM+fFLvNWBXPg6JhXMmKugiDHJ9IWH2IwQJIH35HB9PO5hSEMaX2Ol06JvzT6wB9A8gc acnQ== MIME-Version: 1.0 Received: by 10.52.36.2 with SMTP id m2mr3896529vdj.102.1331305368571; Fri, 09 Mar 2012 07:02:48 -0800 (PST) Sender: annonymouse@gmail.com Received: by 10.220.118.19 with HTTP; Fri, 9 Mar 2012 07:02:48 -0800 (PST) Date: Fri, 9 Mar 2012 15:02:48 +0000 X-Google-Sender-Auth: jYxhtfgtMglwnTvAWTeysugZVMI Message-ID: From: Alex Yong To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Strong host model in IPv6? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2012 15:28:17 -0000 Hi all, I've been playing around with IPv6 networking on FreeBSD release 8.2 and found that there seems to be no strong incoming host model as specified in RFC 1122. I've spotted that in IPv4 there is the sysctl "net.inet.ip.check_interface" which defaults to set, but I've been unable to find any guarantees that strong host model is enforced in v6 in the comments or internet. According to the IPv6 Core Protocols Implementation book (3.7 "Input processing: ip6_input() Function") the incoming network packet processing in ip6_input should use the routing table to look up whether packets are of relevance for an interface - but the code base has diverged significantly since then including vnets for jails which makes me wonder if this is a bug. However before going into the long grass and trying to fix it I thought I'd ask here to see if there's anything I could try first, if I'm making some horrific mistakes, or if somebody had come across this already (I had a quick look at svn but didn't see anything of concern). My recipe for reproducing is thus: One FreeBSD 8.2 machine (the box under test), with 2 network interfaces (interface 0 and interface 1). interface 0 is connected to a subnet with routes to the outside world on v4 and v6. Interface 1 is connected directly via ethernet cable to the interface of a testing machine, with v4 disabled and a static v6 address for an unroutable subnet via the other interface. A route is configured for this subnet out of interface 1 (to allow for communications with the testing machine). The testing machine (which happens to be running FreeBSD) has 2 network interfaces (interface A and B). Interface A is connected to the same subnet as interface 0 (this is for my administration prodding of the testing device), and interface B is directly connected to interface 1 on the machine under test. Interface B has a staticly configured IPv6 address that matches the subnet of interface 1. It has a route to allow traffic to flow this way, *and* a route configured to route traffic for the box under tests interface 0 IPv6 address via interface B. If I ping interface 0 from box 1, I get a response. To prove that the response isn't coming in via the other links I used tcpdump on that interface on the testing machine *and* the machine under test and showed packets entering and responses leaving those interfaces. My expectation here would be to see packets entering (as the bpf hook is below the IP layer) but see no response. I checked sysctl net.inet6.ip6.forwarding is set to 0 (on both machines). Many thanks for any help AlexY