Date: Mon, 7 Sep 2020 16:41:42 -0700 From: Doug Hardie <bc979@lafn.org> To: Michael Tuexen <Michael.Tuexen@lurchi.franken.de> Cc: freebsd-net@freebsd.org Subject: Re: Address Differences between UDP and SCTP Message-ID: <CD62C8AF-7F95-4644-8B9D-BD4864977AFA@mail.sermon-archive.info> In-Reply-To: <7CF5C0CF-A173-4253-9F93-70199578A8F7@lurchi.franken.de> References: <6A9D0A4B-F35C-4012-A868-5450D60EC13B@mail.sermon-archive.info> <7CF5C0CF-A173-4253-9F93-70199578A8F7@lurchi.franken.de>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 7 September 2020, at 13:57, Michael Tuexen = <Michael.Tuexen@lurchi.franken.de> wrote: >=20 >> On 7. Sep 2020, at 22:48, Doug Hardie <bc979@lafn.org> wrote: >>=20 >> I was quite surprised to discover that the sockaddr structure = returned from recv_fd and recvfrom handle IPv4 addresses differently = when using an INET6 socket. I don't know if this was intended, or a = side effect. I started using SCTP because of the need for accessing = multi-homed servers. Some would be on IPv6 and others on IPv4. SCTP = handles that nicely if you use an INET6 socket. When a transaction is = received, if it is to an IPv4 address, then the returned sockaddr will = have a inet_family of IPv4 and the IPv4 structure. If it was sent to an = IPv6 address, then the inet6_family is used. A simple test of the = family tells you which address format was provided and the address is in = IPv4 or IPv6 format accordingly. >>=20 >> However, A new site needed to be added and it is behind a NAT router. = The problem with SCTP is that most (possibly all) NAT routers only work = with TCP and UDP. They will not port forward SCTP. So I have no way to = get through to the machine. So I added code to check for that situation = and use UDP instead. This will work because I don't thing it is at all = likely that a machine behind NAT can be multi-homed. > Would using SCTP/UDP/IPv[46] be an option? It is supported by the = FreeBSD kernel. > See https://tools.ietf.org/html/rfc6951#section-6 for the socket API = for it. Perhaps I am not understanding this completely, but I believe that it = requires UDP encapsulation which is mostly user land code. Thus there = would be two implementations of SCTP in the system. I don't think that = is the best approach. >>=20 >> However, the code to obtain the remote IP address failed miserably. = It turns out that if you have v6only set to 1, you will never see the = IPv4 packets. If you set it to 0, then you get the packets, but the = sockaddr format with UDP is different than that for SCTP. If it is an = IPv6 address, everything is the same. However, if it is an IPv4 = address, then the family remains IPv6, and the address is in sin6_addr = and it is in the format ::ffff:n.n.n.n. This makes it interesting as I = need to obtain the IPv4 address as part of the verification process that = the transaction is authorized. > For UDP and TCP you always get IPv6 addresses on AF_INET6 sockets. If = you are actually using IPv4, IPv4-mapped IPv6 addresses are used. For = SCTP you an choose if you want IPv4-mapped IPv6 addresses or IPv4 = address. It is controlled by > the socket option specified in = https://tools.ietf.org/html/rfc6458#section-8.1.15 That would simplify my code so I am going to implement it. Thanks. >>=20 >> Was this difference intended, or is it likely to change in the = future? > I think it is intended. I had a feeling that would be the case, but I would think consistency = would be more helpful to those using the services. >=20 > Best regards > Michael -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CD62C8AF-7F95-4644-8B9D-BD4864977AFA>