From nobody Sat May 4 10:06:44 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VWjy749Wjz5KH6B for ; Sat, 4 May 2024 10:06:55 +0000 (UTC) (envelope-from lexi@le-fay.org) Received: from fuchsia.eden.le-Fay.ORG (fuchsia.eden.le-fay.org [81.187.47.195]) by mx1.freebsd.org (Postfix) with ESMTP id 4VWjy65Dskz4mZN for ; Sat, 4 May 2024 10:06:54 +0000 (UTC) (envelope-from lexi@le-fay.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=le-fay.org header.s=fuchsia header.b=ll63AOsp; dmarc=none; spf=pass (mx1.freebsd.org: domain of lexi@le-fay.org designates 81.187.47.195 as permitted sender) smtp.mailfrom=lexi@le-fay.org Received: from iris.eden.le-Fay.ORG (iris.eden.le-fay.org [IPv6:2001:8b0:aab5:106:3::6]) by fuchsia.eden.le-Fay.ORG (Postfix) with ESMTP id 26A04A78E for ; Sat, 04 May 2024 10:06:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=le-fay.org; s=fuchsia; t=1714817205; bh=8u06D0CxAP4YU1l4RF8xTn2/ps/vulU0x61ttRoxz3Y=; h=Date:From:To:Subject; b=ll63AOspGkYXwgGAhuBvoxrM3wJ3Fh/5AZDKdmoueekyGwPOKh4d3iMNGXMWY60xB xE4cetirir0Ha2nOF/I6MaGrEDs4KTk8Spzu2L+V6Qc2rYV9LJ177+JiwQN5m3Ik09 Mb+608ltZxaegNlMCAfMHtOu4SZiMK8ld4o17uGs= Received: from ilythia.eden.le-fay.org (ilythia.eden.le-fay.org [IPv6:2001:8b0:aab5:106:3::10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by iris.eden.le-Fay.ORG (Postfix) with ESMTPSA id 29D0F2C0421 for ; Sat, 04 May 2024 11:06:45 +0100 (BST) Date: Sat, 4 May 2024 11:06:44 +0100 From: Lexi Winter To: net@freebsd.org Subject: IPv6 neighbour solicitations being sent from wrong address? Message-ID: Mail-Followup-To: net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="oC6HI6g2bzJqAwSJ" Content-Disposition: inline X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.49 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.995]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_SPF_ALLOW(-0.20)[+ip4:81.187.47.195]; R_DKIM_ALLOW(-0.20)[le-fay.org:s=fuchsia]; RCVD_NO_TLS_LAST(0.10)[]; RCPT_COUNT_ONE(0.00)[1]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[le-fay.org:+]; DMARC_NA(0.00)[le-fay.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MISSING_XM_UA(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:20712, ipnet:81.187.0.0/16, country:GB]; PREVIOUSLY_DELIVERED(0.00)[net@freebsd.org]; MID_RHS_MATCH_FROMTLD(0.00)[]; MLMMJ_DEST(0.00)[net@freebsd.org]; MIME_TRACE(0.00)[0:+,1:+,2:~]; DWL_DNSWL_NONE(0.00)[le-fay.org:dkim] X-Rspamd-Queue-Id: 4VWjy65Dskz4mZN --oC6HI6g2bzJqAwSJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi, running: FreeBSD 15.0-CURRENT #35 lf/main-n269047-3466614a5454: Tue Apr 30 03:48:53 BST 2024 srcmastr@daphne.eden.le-fay.org:/src/obj/src/freebsd/lf/main/amd64.amd64/sys/LF i have a host with a single vnet jail. the host has an epair interface: # ifconfig epair0a epair0a: flags=1008843 metric 0 mtu 1500 options=8 ether 020c.2a51.7a0a inet6 fe80::1%epair0a/64 scopeid 0x6 groups: epair media: Ethernet 10Gbase-T (10Gbase-T ) status: active nd6 options=1 the jail has the other end of the epair interface: # ifconfig epair0b epair0b: flags=1008843 metric 0 mtu 1500 options=8 ether 020c.2a51.7a0b inet 185.73.44.139/32 broadcast 185.73.44.139 inet6 fe80::2%epair0b/64 scopeid 0x7 inet6 2001:ba8:4015:ffff::1/128 groups: epair media: Ethernet 10Gbase-T (10Gbase-T ) status: active nd6 options=1 the host has a route to 2001:ba8:4015:ffff::1/128 via the epair interface: Internet6: Destination Gateway Flags Nhop# Mtu Netif Expire 2001:ba8:4015:ffff::1 link#6 UH 22 1500 epair0a looking at tcpdump, it seems like the host is sending ICMP neighbour solicitation over the epair interface from a strange IP address, and the jail ignores the requests until the host sends from fe80::1 instead: 11:03:13.418029 02:0c:2a:51:7a:0a > 02:0c:2a:51:7a:0b, ethertype IPv6 (0x86dd), length 86: 2001:ba8:4015:1::1 > 2001:ba8:4015:ffff::1: ICMP6, neighbor solicitation, who has 2001:ba8:4015:ffff::1, length 32 11:03:14.417986 02:0c:2a:51:7a:0a > 02:0c:2a:51:7a:0b, ethertype IPv6 (0x86dd), length 86: 2001:ba8:4015:1::1 > 2001:ba8:4015:ffff::1: ICMP6, neighbor solicitation, who has 2001:ba8:4015:ffff::1, length 32 11:03:16.527722 02:0c:2a:51:7a:0a > 33:33:ff:00:00:01, ethertype IPv6 (0x86dd), length 86: fe80::1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:ba8:4015:ffff::1, length 32 11:03:16.527746 02:0c:2a:51:7a:0b > 02:0c:2a:51:7a:0a, ethertype IPv6 (0x86dd), length 86: fe80::2 > fe80::1: ICMP6, neighbor advertisement, tgt is 2001:ba8:4015:ffff::1, length 32 2001:ba8:4015:1::1 is configured on a different interface on the host, xn0. is this expected behaviour? i would have expected the host to send these from the IP addressed configured on the relevant interface, which is fe80::1. --oC6HI6g2bzJqAwSJ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAABCAAdFiEEuwt6MaPcv/+Mo+ftDHqbqZ41x5kFAmY2CLEACgkQDHqbqZ41 x5mT5gv/c0o3i6wVcGczqGl0nb/b9OVUDnr9tbsZquxFazYx8htxHefrvqkUJNTi 8e04fDBk3qsbGZlc1wR1qPqRMHtHtRH5+4PKBKHCWohvhcVQWSZo6X7ygt9WXtWb mIGoT4MI7LO8Or7hPwbqs6vRMB2X1nklbavG3O7tOh6gZWdGn4TC1u0mkmF0Zizz +vMbeDwBWusIY4pKNemWS7gWHfn7CZ1ZsmRn97vphMC4k4M2aHB762KLwJW841Tb /PM9MSUczLUYUlmP295v3S9kHCiVAi9buWCjPIx4t68QdurtGmJv9BaAmiowB3VX mYQDOyGUiQGrkcQdTGgb6ayAiOmXvreri+cbR4o4Ei5bV7TgChFI3DbOVZYeO58H obLolOSg6OrrAw+2I45oR0HJaAqBsGPafON0OyBJnPGpFVhfE9JBroMv/KoP2cEy 5ETXxNaqUxMrHQ+lKOOUjBm21Ii2P/vhPrc5wR7NQt6Oc3TJvn3BwWxr9oEzzQRV DJMzbJhV =GE8S -----END PGP SIGNATURE----- --oC6HI6g2bzJqAwSJ--