From owner-freebsd-stable@FreeBSD.ORG Wed Jan 9 14:21:18 2013 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id E6CFE321; Wed, 9 Jan 2013 14:21:18 +0000 (UTC) (envelope-from uqs@FreeBSD.org) Received: from acme.spoerlein.net (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by mx1.freebsd.org (Postfix) with ESMTP id 7A806206; Wed, 9 Jan 2013 14:21:18 +0000 (UTC) Received: from localhost (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by acme.spoerlein.net (8.14.6/8.14.6) with ESMTP id r09ELBKu042254 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 9 Jan 2013 15:21:12 +0100 (CET) (envelope-from uqs@FreeBSD.org) Date: Wed, 9 Jan 2013 15:21:11 +0100 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: Michiel Boland Subject: Re: sendmail vs ipv6 broken after upgrade to 9.1 Message-ID: <20130109142111.GL35868@acme.spoerlein.net> Mail-Followup-To: Michiel Boland , Hiroki Sato , stable@freebsd.org References: <20130108151837.GF35868@acme.spoerlein.net> <50EC5922.5030600@boland.org> <20130108184051.GI35868@acme.spoerlein.net> <20130109.073354.730245417155474512.hrs@allbsd.org> <50ED6D2A.5080908@boland.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <50ED6D2A.5080908@boland.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 14:21:19 -0000 On Wed, 2013-01-09 at 14:14:18 +0100, Michiel Boland wrote: > On 01/08/2013 23:33, Hiroki Sato wrote: > > Ulrich Spörlein wrote > > in <20130108184051.GI35868@acme.spoerlein.net>: > > > > uq> After setting this, it now looks like this: > > uq> root@acme: ~# ip6addrctl > > uq> Prefix Prec Label Use > > uq> ::1/128 50 0 0 > > uq> ::/0 40 1 0 > > uq> 2002::/16 30 2 0 > > uq> ::/96 20 3 0 > > uq> ::ffff:0.0.0.0/96 10 4 0 > > uq> > > uq> And even sendmail is happily finding the sockets to bind to. Thanks for the hint! > > > > I think this just hides the problem. If gshapiro@'s explanation is > > correct, no ::ffff:0.0.0.0/96 address should be returned if the name > > resolution works fine... > > > > -- Hiroki > > > > getipnodebyname(xx, AF_INET6, AI_DEFAULT|AI_ALL) does this:- > > If a host has both IPv6 and IPv4 addresses, both are returned. > The IPv4 address is presented as a mapped address. > The order in which the addresses are returns depends on the > address selection policy (_hpreorder in lib/libc/net/name6.c) Is this also supposed to work for selecting the source IP address for outgoing packets/sockets? And should it work for ping6? Using a tunnel for IPv6, I have this transfer net configured on my router, but for ACL purposes I would like to have all connections come from my real prefix, not the transfer net. So I wrote my own policy, yet ping6 seems to ignore it. The tunnel: tun0: flags=8051 metric 0 mtu 1280 options=80000 inet6 fe80::230:5ff:fe77:e7a0%tun0 prefixlen 64 scopeid 0xd inet6 fe80::2428:ff00:1b:2%tun0 prefixlen 64 scopeid 0xd inet6 2a02:2528:ff00:1b::2 --> 2a02:2528:ff00:1b::1 prefixlen 128 nd6 options=21 The policy: root@coyote:~# ip6addrctl Prefix Prec Label Use ::1/128 50 0 0 ::/0 40 1 107 2002::/16 30 2 0 ::/96 20 3 0 ::ffff:0.0.0.0/96 10 4 0 2a02:2528:ff0d::/64 60 5 85 The ping: root@coyote:~# ping6 acme PING6(56=40+8+8 bytes) 2a02:2528:ff00:1b::2 --> 2a01:4f8:131:23c2::1 16 bytes from 2a01:4f8:131:23c2::1, icmp_seq=0 hlim=54 time=43.606 ms 16 bytes from 2a01:4f8:131:23c2::1, icmp_seq=1 hlim=54 time=42.871 ms As you can see, source prefix stays 2a02:2528:ff00, though I'd like it to be 2a02:2528:ff0d. Cheers, Uli