From owner-freebsd-stable@FreeBSD.ORG  Sat Oct 15 23:09:35 2011
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 942DB1065675
	for <freebsd-stable@freebsd.org>; Sat, 15 Oct 2011 23:09:35 +0000 (UTC)
	(envelope-from tomelite82@gmail.com)
Received: from mail-gy0-f182.google.com (mail-gy0-f182.google.com
	[209.85.160.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 530AD8FC08
	for <freebsd-stable@freebsd.org>; Sat, 15 Oct 2011 23:09:35 +0000 (UTC)
Received: by gyd8 with SMTP id 8so2681466gyd.13
	for <freebsd-stable@freebsd.org>; Sat, 15 Oct 2011 16:09:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:sender:in-reply-to:references:date
	:x-google-sender-auth:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	bh=SdVDxQoojQyp/7lWuRA9Kly3Hm2k0Ycpd9RSnlUL1wU=;
	b=nDmPBJ61OC3pUF+ak7RIwMtgjegBqpLhzQVcv3uGZVIgNbMwFc3/FyOnc1JY47Lgze
	APEO0/+GJYpucH3WX9azEMPAp5EKi69HRhx5kM2+duHCREYCqn68kaz0MO+MUKAVLACN
	xQ+0eK/YLwYnaIiJgD30NRKdSTB/6DdJmp7nQ=
MIME-Version: 1.0
Received: by 10.150.236.13 with SMTP id j13mr13646337ybh.82.1318718683371;
	Sat, 15 Oct 2011 15:44:43 -0700 (PDT)
Sender: tomelite82@gmail.com
Received: by 10.151.78.21 with HTTP; Sat, 15 Oct 2011 15:44:43 -0700 (PDT)
In-Reply-To: <4E99F1D5.7090108@infracaninophile.co.uk>
References: <4E99F1D5.7090108@infracaninophile.co.uk>
Date: Sat, 15 Oct 2011 15:44:43 -0700
X-Google-Sender-Auth: -YYyH4jUoacCCC9PlNDwM6X68PA
Message-ID: <CAGnGRdJiaPSfHBi0JkMf=6bYVPUPDD7t=Ma2TB8LeDZpH_UsxQ@mail.gmail.com>
From: Qing Li <qingli@freebsd.org>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: FreeBSD Stable List <freebsd-stable@freebsd.org>
Subject: Re: IPv6 and aliases on loopback interfaces
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Oct 2011 23:09:35 -0000

I uploaded a patch last night for this issue, it's sitting at

   http://people.freebsd.org/~qingli/in6.c.diff

--Qing


On Sat, Oct 15, 2011 at 1:49 PM, Matthew Seaman
<m.seaman@infracaninophile.co.uk> wrote:
>
> So, this morning I updated to the latest stable/8 on my desktop box as
> is my habit to do about fortnightly. =A0Lo and behold, the jail I had
> configured hanging off the loopback interface suddenly stopped being
> able to communicate with the rest of the world. =A0For reasons too trivia=
l
> to be worth explaining, this jail only has IPv6 connectivity.
>
> After much bisecting of versions and building of kernels I tracked the
> problem down to r226240.
>
> http://svnweb.freebsd.org/base/stable/8/sys/netinet6/in6.c?r1=3D226235&r2=
=3D226240
>
> After that commit, if I have the following IPv6 config on lo0:
>
> lucid-nonsense:~:% ifconfig lo0 inet6
> lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> =A0 =A0 =A0 =A0options=3D3<RXCSUM,TXCSUM>
> =A0 =A0 =A0 =A0inet6 ::1 prefixlen 128
> =A0 =A0 =A0 =A0inet6 fe80::1%lo0 prefixlen 64 scopeid 0xc
> =A0 =A0 =A0 =A0inet6 fd87:cd50:2103:1:57f9:9484:e8b0:12d1 prefixlen 128
>
> Then the RFC4193 address becomes unpingable[*]:
>
> lucid-nonsense:~:% ping6 fd87:cd50:2103:1:57f9:9484:e8b0:12d1
> PING6(56=3D40+8+8 bytes) fd87:cd50:2103:1:57f9:9484:e8b0:12d1 -->
> fd87:cd50:2103:1:57f9:9484:e8b0:12d1
> ^C
> --- fd87:cd50:2103:1:57f9:9484:e8b0:12d1 ping6 statistics ---
> 3 packets transmitted, 0 packets received, 100.0% packet loss
>
> I can't tell from the commit if this is an intended consequence or not,
> but it seems a bit draconian if so. =A0Surely this will cause problems fo=
r
> such well known techniques as Direct Server Return? =A0Not to mention my
> favourite trick of hanging a jail off an internal interface where I can
> experiment with all sorts of potentially vulnerable network bits without
> exposing them to an external network.
>
> =A0 =A0 =A0 =A0Cheers,
>
> =A0 =A0 =A0 =A0Matthew
>
> [*] Ditto if I clone up a lo1 interface and move
> fd87:cd50:2103:1:57f9:9484:e8b0:12d1 to there. =A0Works fine for 226239 o=
r
> earlier, not for 226240 et seq. =A0What's the point of being able to clon=
e
> lo(4) if you can't usefully configure it with arbitrary addresses?
>
> --
> Dr Matthew J Seaman MA, D.Phil. =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 7 Pri=
ory Courtyard
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey =A0 =A0 Ramsgate
> JID: matthew@infracaninophile.co.uk =A0 =A0 =A0 =A0 =A0 =A0 =A0 Kent, CT1=
1 9PW
>
>