From owner-freebsd-stable@FreeBSD.ORG Wed Jan 9 19:28:36 2013 Return-Path: Delivered-To: stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 135F958C; Wed, 9 Jan 2013 19:28:36 +0000 (UTC) (envelope-from uqs@FreeBSD.org) Received: from acme.spoerlein.net (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by mx1.freebsd.org (Postfix) with ESMTP id 95834855; Wed, 9 Jan 2013 19:28:35 +0000 (UTC) Received: from localhost (acme.spoerlein.net [IPv6:2a01:4f8:131:23c2::1]) by acme.spoerlein.net (8.14.6/8.14.6) with ESMTP id r09JSTOq053734 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 9 Jan 2013 20:28:29 +0100 (CET) (envelope-from uqs@FreeBSD.org) Date: Wed, 9 Jan 2013 20:28:28 +0100 From: Ulrich =?utf-8?B?U3DDtnJsZWlu?= To: Hiroki Sato Subject: Re: sendmail vs ipv6 broken after upgrade to 9.1 Message-ID: <20130109192828.GM35868@acme.spoerlein.net> Mail-Followup-To: Hiroki Sato , michiel@boland.org, stable@FreeBSD.org References: <20130109.073354.730245417155474512.hrs@allbsd.org> <50ED6D2A.5080908@boland.org> <20130109142111.GL35868@acme.spoerlein.net> <20130109.234210.397446040718957005.hrs@allbsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Md/poaVZ8hnGTzuv" Content-Disposition: inline In-Reply-To: <20130109.234210.397446040718957005.hrs@allbsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: michiel@boland.org, stable@FreeBSD.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jan 2013 19:28:36 -0000 --Md/poaVZ8hnGTzuv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, 2013-01-09 at 23:42:10 +0900, Hiroki Sato wrote: > Ulrich Sp=C3=B6rlein wrote > in <20130109142111.GL35868@acme.spoerlein.net>: >=20 > > On Wed, 2013-01-09 at 14:14:18 +0100, Michiel Boland wrote: > > > On 01/08/2013 23:33, Hiroki Sato wrote: > > > > Ulrich Sp=C3=B6rlein wrote > > > > in <20130108184051.GI35868@acme.spoerlein.net>: > > > > > > > > uq> After setting this, it now looks like this: > > > > uq> root@acme: ~# ip6addrctl > > > > uq> Prefix Prec Label Use > > > > uq> ::1/128 50 0 0 > > > > uq> ::/0 40 1 0 > > > > uq> 2002::/16 30 2 0 > > > > uq> ::/96 20 3 0 > > > > uq> ::ffff:0.0.0.0/96 10 4 0 > > > > uq> > > > > uq> And even sendmail is happily finding the sockets to bind to. Th= anks for the hint! > > > > > > > > I think this just hides the problem. If gshapiro@'s explanation = is > > > > correct, no ::ffff:0.0.0.0/96 address should be returned if the n= ame > > > > resolution works fine... > > > > > > > > -- Hiroki > > > > > > >=20 > > > getipnodebyname(xx, AF_INET6, AI_DEFAULT|AI_ALL) does this:- > > >=20 > > > If a host has both IPv6 and IPv4 addresses, both are returned. > > > The IPv4 address is presented as a mapped address. > > > The order in which the addresses are returns depends on the > > > address selection policy (_hpreorder in lib/libc/net/name6.c) > >=20 > > Is this also supposed to work for selecting the source IP address for > > outgoing packets/sockets? And should it work for ping6? >=20 > Yes. >=20 > > Using a tunnel for IPv6, I have this transfer net configured on my > > router, but for ACL purposes I would like to have all connections come > > from my real prefix, not the transfer net. So I wrote my own policy, yet > > ping6 seems to ignore it. >=20 > > As you can see, source prefix stays 2a02:2528:ff00, though I'd like it > > to be 2a02:2528:ff0d. >=20 > This is because the prefix on the interface has the first priority. > Why don't you use an fe80::/10 address to route packets to the other > endpoint of tun0? I don't think I have a choice here. To clarify: the sendmail problem is on a server that has native IPv6 connectivity, here I setup my actual prefix as the first address, the address I need to talk to the router is configured as an alias. This works fine. The source address problem I'm now talking about is happening on my router at home, which has a Sixxs tunnel and needs to use AICCU of all things to talk to the outside world, sixxs-aiccu will create the tun(4) interface and set it up like this: tun0: flags=3D8051 metric 0 mtu 1280 options=3D80000 inet6 fe80::230:5ff:fe77:e7a0%tun0 prefixlen 64 scopeid 0xd=20 inet6 fe80::2428:ff00:1b:2%tun0 prefixlen 64 scopeid 0xd=20 inet6 2a02:2528:ff00:1b::2 --> 2a02:2528:ff00:1b::1 prefixlen 128= =20 nd6 options=3D21 Opened by PID 82756 and I'd like to have ipv6 connection originating from this host use 2a02:2528:ff0d::1%em0 instead of 2a02:2528:ff00:1b::2%tun0 as the outgoing address. That tun0 interface can come and go, btw, which complicates things. Is this possible? Or should I just switch to the one local DSL provide I have here that actually offers native IPv6 for home DSL users? Cheers, Uli --Md/poaVZ8hnGTzuv Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (FreeBSD) iQEcBAEBAgAGBQJQ7cTcAAoJEKOmmGRKr4LOrlQIALBt/oQ4s5CJsW/c7ZNtAwV4 b5H2irOPDni2Vt0II63JE4bRfK8mBi50FVT7crZnfHCNX9/c2H6t5cXgrlcwh00w oFLhFRnujoBjy0LxgCmOabiXM6H9sKOYo3jWok9iLiA5eeGzJXY6yggTNmuIJw2d kjigS/GehUG7VpgIYqgsMC7XGR8ucCCEzSJKsZ52lVjWlzL8Yo7mq6dU5jNztQ5M N/WpAl7H+BMOnv7jya8FvkvKb1b4qS+z5MR458aAjZPFeXL0uqso54Y+Aln2S1Wo kwB1Cfuidj7SOWgLWzY6UZGWulKHsRbqpNQXeKB1qkpzrK20ewSdIL6+GH/q2vM= =Q3oo -----END PGP SIGNATURE----- --Md/poaVZ8hnGTzuv--