From owner-freebsd-net@freebsd.org Tue Sep 8 05:50:45 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 88C693E41DE for ; Tue, 8 Sep 2020 05:50:45 +0000 (UTC) (envelope-from Michael.Tuexen@lurchi.franken.de) Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.franken.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BlvQD1tRlz4Hnf for ; Tue, 8 Sep 2020 05:50:43 +0000 (UTC) (envelope-from Michael.Tuexen@lurchi.franken.de) Received: from [IPv6:2a02:8109:1140:c3d:b8e0:2901:13c2:2133] (unknown [IPv6:2a02:8109:1140:c3d:b8e0:2901:13c2:2133]) (Authenticated sender: lurchi) by mail-n.franken.de (Postfix) with ESMTPSA id 7B7F676DF3D51; Tue, 8 Sep 2020 07:50:38 +0200 (CEST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) Subject: Re: Address Differences between UDP and SCTP From: Michael Tuexen In-Reply-To: Date: Tue, 8 Sep 2020 07:50:37 +0200 Cc: freebsd-net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <6A9D0A4B-F35C-4012-A868-5450D60EC13B@mail.sermon-archive.info> <7CF5C0CF-A173-4253-9F93-70199578A8F7@lurchi.franken.de> To: Doug Hardie X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de X-Rspamd-Queue-Id: 4BlvQD1tRlz4Hnf X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of Michael.Tuexen@lurchi.franken.de has no SPF policy when checking 2001:638:a02:a001:20e:cff:fe4a:feaa) smtp.mailfrom=Michael.Tuexen@lurchi.franken.de X-Spamd-Result: default: False [-0.34 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-0.93)[-0.931]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[franken.de]; ARC_NA(0.00)[]; AUTH_NA(1.00)[]; NEURAL_SPAM_SHORT(0.04)[0.040]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-0.85)[-0.851]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:680, ipnet:2001:638::/32, country:DE]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-net] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Sep 2020 05:50:45 -0000 > On 8. Sep 2020, at 01:41, Doug Hardie wrote: >=20 >> On 7 September 2020, at 13:57, Michael Tuexen = wrote: >>=20 >>> On 7. Sep 2020, at 22:48, Doug Hardie wrote: >>>=20 >>> I was quite surprised to discover that the sockaddr structure = returned from recv_fd and recvfrom handle IPv4 addresses differently = when using an INET6 socket. I don't know if this was intended, or a = side effect. I started using SCTP because of the need for accessing = multi-homed servers. Some would be on IPv6 and others on IPv4. SCTP = handles that nicely if you use an INET6 socket. When a transaction is = received, if it is to an IPv4 address, then the returned sockaddr will = have a inet_family of IPv4 and the IPv4 structure. If it was sent to an = IPv6 address, then the inet6_family is used. A simple test of the = family tells you which address format was provided and the address is in = IPv4 or IPv6 format accordingly. >>>=20 >>> However, A new site needed to be added and it is behind a NAT = router. The problem with SCTP is that most (possibly all) NAT routers = only work with TCP and UDP. They will not port forward SCTP. So I have = no way to get through to the machine. So I added code to check for that = situation and use UDP instead. This will work because I don't thing it = is at all likely that a machine behind NAT can be multi-homed. >> Would using SCTP/UDP/IPv[46] be an option? It is supported by the = FreeBSD kernel. >> See https://tools.ietf.org/html/rfc6951#section-6 for the socket API = for it. >=20 > Perhaps I am not understanding this completely, but I believe that it = requires UDP encapsulation which is mostly user land code. Thus there = would be two implementations of SCTP in the system. I don't think that = is the best approach. No, the UDP encapsulation/decapsulation is done by the kernel. On = FreeBSD you have only a single stack. You can even have a single association where some paths are using UDP = encapsulation, some are not. For the server side, the only thing you need to do is to enable it = hostwide by setting sudo sysctl -w net.inet.sctp.udp_tunneling_port=3D9899 or putting net.inet.sctp.udp_tunneling_port=3D9899 in /etc/sysctl.conf On the client side you need to use the socket option defined in https://tools.ietf.org/html/rfc6951#section-6.1 See https://github.com/nplab/tsctp/blob/master/tsctp.c#L477 for an example. >=20 >>>=20 >>> However, the code to obtain the remote IP address failed miserably. = It turns out that if you have v6only set to 1, you will never see the = IPv4 packets. If you set it to 0, then you get the packets, but the = sockaddr format with UDP is different than that for SCTP. If it is an = IPv6 address, everything is the same. However, if it is an IPv4 = address, then the family remains IPv6, and the address is in sin6_addr = and it is in the format ::ffff:n.n.n.n. This makes it interesting as I = need to obtain the IPv4 address as part of the verification process that = the transaction is authorized. >> For UDP and TCP you always get IPv6 addresses on AF_INET6 sockets. If = you are actually using IPv4, IPv4-mapped IPv6 addresses are used. For = SCTP you an choose if you want IPv4-mapped IPv6 addresses or IPv4 = address. It is controlled by >> the socket option specified in = https://tools.ietf.org/html/rfc6458#section-8.1.15 >=20 > That would simplify my code so I am going to implement it. Thanks. >=20 >>>=20 >>> Was this difference intended, or is it likely to change in the = future? >> I think it is intended. >=20 > I had a feeling that would be the case, but I would think consistency = would be more helpful to those using the services. You mean to switch the default for SCTP_I_WANT_MAPPED_V4_ADDR to false? Best regards Michael >=20 >>=20 >> Best regards >> Michael >=20 > -- Doug >=20 >=20