Date: Tue, 9 Mar 2021 16:13:53 -0800 From: Doug Hardie <bc979@lafn.org> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: IPv6 Startup Message-ID: <7DC550A6-F284-4247-9E43-D26D76AD91C5@sermon-archive.info> In-Reply-To: <07f8c8b6-fb5c-6662-66de-8d5ecd0cc1fd@cyberleo.net> References: <3F059A72-F45B-43B1-8EE3-0176EE072054@sermon-archive.info> <07f8c8b6-fb5c-6662-66de-8d5ecd0cc1fd@cyberleo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 9 March 2021, at 12:53, CyberLeo Kitsana <cyberleo@cyberleo.net> = wrote: >=20 > On 3/9/21 3:58 AM, Doug Hardie wrote: >> I have two systems on the same ethernet. One is configured as a = router, the other as a host. rtadvd is running on the router, rtsold on = the host, and route6d on both. The router was up and running and I = initiated tcpdump of ip6 packets on the interface. Then I booted the = host. The results are interesting: >=20 > <snip> >=20 >> The question is, why are the host addresses being used before DAD is = attempted? It appears there could be some really interesting problems = if the link-layer address actually was duplicated. The problems would = happen before DAD was even attempted? >=20 > I would posit that this is because the fe80:: addresses used in the > initial solicitation are derived from the MAC address of the = interface, > and if you have two interfaces with the same MAC address on the same > subnet you have much bigger problems. While at first glance that makes sense, there is a problem with that. = The fe80:: addresses are no longer supposed to be tied to the MAC = address. Mac's and Windows no longer do that. They use random numbers = and there could easily be duplicates. The RFCs still show the MAC usage = though. Apparently there is a security issue that if you breach one = computer in a site, you quickly can get a working address to all the = others by using the MAC addresses that are easily available in ndp = tables. Also, if there were no need to do DAD, why bother to do it at all? -- Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7DC550A6-F284-4247-9E43-D26D76AD91C5>