From owner-freebsd-net@FreeBSD.ORG  Fri Mar  9 23:54:26 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 12773106566B
	for <freebsd-net@freebsd.org>; Fri,  9 Mar 2012 23:54:26 +0000 (UTC)
	(envelope-from annonymouse@gmail.com)
Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com
	[209.85.220.182])
	by mx1.freebsd.org (Postfix) with ESMTP id BB09A8FC08
	for <freebsd-net@freebsd.org>; Fri,  9 Mar 2012 23:54:25 +0000 (UTC)
Received: by vcmm1 with SMTP id m1so2367639vcm.13
	for <freebsd-net@freebsd.org>; Fri, 09 Mar 2012 15:54:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:in-reply-to:references:date
	:x-google-sender-auth:message-id:subject:from:to:content-type;
	bh=4NAlBrj5Dil6fCaUQ03ULrGGQaJu7hh2uwThmr+wc4Q=;
	b=hWl5l2DuvfqQT7CRpbbqsO1sXW/2nu3E4JGnsrg6EjJozZVXieCKfii39yY/65TwZc
	1bSUwUoLfs6/Qyq2DTPEld/flDchH71tu/fizOy80OVXhlocG3s+s8vC6yVm6F8AynTc
	SOIrGSkNBCCu/rt2yLiHD/Sf2x7OqXV0jf1HypoVrHbdeAeOqVnPzHLhYq9RWHsVl7hJ
	CKoI1qfTgrGnzBKAV8jOqzh7MEA9dAnLj1cGaNJxYnGvqhcTKM8ZwEzA8drpXedpKwMb
	7gJ9Bwyzl2V0MLbiGudo9RLP8JVAIn+ycEbOYeWWmPrKV5BhSaXdXZGRuZx0yMvsBSkK
	IP7Q==
MIME-Version: 1.0
Received: by 10.52.27.1 with SMTP id p1mr7044702vdg.17.1331335561793; Fri, 09
	Mar 2012 15:26:01 -0800 (PST)
Sender: annonymouse@gmail.com
Received: by 10.220.118.19 with HTTP; Fri, 9 Mar 2012 15:26:01 -0800 (PST)
In-Reply-To: <CAJW_4zCUuSFS9A4P-SB41P=b=M+pTDL2zO9mQteHxmOJU98dtQ@mail.gmail.com>
References: <CAJW_4zCUuSFS9A4P-SB41P=b=M+pTDL2zO9mQteHxmOJU98dtQ@mail.gmail.com>
Date: Fri, 9 Mar 2012 23:26:01 +0000
X-Google-Sender-Auth: q9P38ejw-v7-PwUD24FoSUI3uSA
Message-ID: <CAJW_4zC-pMuX57xxc0fd6CNs5voT4Uc-=K1mbMaTEwNS6Q9NKw@mail.gmail.com>
From: Alex Yong <annonymouse+freebsd@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Strong host model in IPv6?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Mar 2012 23:54:26 -0000

(Originally posted on freebsd-hackers@ - sorry)

Hi all,

I've been playing around with IPv6 networking on FreeBSD release 8.2 and
found that there seems to be no strong incoming host model as specified in
RFC 1122.

I've spotted that in IPv4 there is the sysctl "net.inet.ip.check_interface"
which defaults to set, but I've been unable to find any guarantees that
strong host model is enforced in v6 in the comments or internet.  According
to the IPv6 Core Protocols Implementation book (3.7 "Input processing:
ip6_input() Function") the incoming network packet processing in ip6_input
should use the routing table to look up whether packets are of relevance
for an interface - but the code base has diverged significantly since then
including vnets for jails which makes me wonder if this is a bug.  However
before going into the long grass and trying to fix it I thought I'd ask
here to see if there's anything I could try first, if I'm making some
horrific mistakes, or if somebody had come across this already (I had a
quick look at svn but didn't see anything of concern).

My recipe for reproducing is thus:

One FreeBSD 8.2  machine (the box under test), with 2 network interfaces
(interface 0 and interface 1).  interface 0 is connected to a subnet with
routes to the outside world on v4 and v6.  Interface 1 is connected
directly via ethernet cable to the interface of a testing machine, with v4
disabled and a static v6 address for an unroutable subnet via the other
interface.  A route is configured for this subnet out of interface 1 (to
allow for communications with the testing machine).

The testing machine (which happens to be running FreeBSD) has 2 network
interfaces (interface A and B).  Interface A is connected to the same
subnet as interface 0 (this is for my administration prodding of the
testing device), and interface B is directly connected to interface 1 on
the machine under test.  Interface B has a staticly configured IPv6 address
that matches the subnet of interface 1.  It has a route to allow traffic to
flow this way, *and* a route configured to route traffic for the box under
tests interface 0 IPv6 address via interface B.

If I ping interface 0 from box 1, I get a response.  To prove that the
response isn't coming in via the other links I used tcpdump on that
interface on the testing machine *and* the machine under test and showed
packets entering and responses leaving those interfaces.  My expectation
here would be to see packets entering (as the bpf hook is below the IP
layer) but see no response.

I checked sysctl net.inet6.ip6.forwarding is set to 0 (on both machines).

Many thanks for any help

AlexY