From nobody Thu Feb 16 05:22:33 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PHNcX5MZ8z3p8LT for ; Thu, 16 Feb 2023 05:22:36 +0000 (UTC) (envelope-from possessor.assizer305@aceecat.org) Received: from beesty.loosely.org (beesty.loosely.org [IPv6:2600:3c01:e000:4c0::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PHNcW5tryz4Xm7 for ; Thu, 16 Feb 2023 05:22:35 +0000 (UTC) (envelope-from possessor.assizer305@aceecat.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=aceecat.org header.s=rsa header.b=kSgrDFe8; spf=pass (mx1.freebsd.org: domain of possessor.assizer305@aceecat.org designates 2600:3c01:e000:4c0::2 as permitted sender) smtp.mailfrom=possessor.assizer305@aceecat.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aceecat.org ; s=rsa; h=Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID :Subject:To:From:Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=LyP1y80d+dg2haMQlgXIj/EO1lnI/xgf1gUFMYnw4Hk=; b=kSgrDFe8VIk8VKYj+E2+oU4N2j Y992wIrexpRDqAtOt/r5mL1ASrwT24OLYvVGbAozc4fos0lNXyYOp82fTK1t+ER7N9ZjlZ8jXYV36 vTubSjA1KrEV/dpD96+t/YW5CLm+mXjOhJBgN9ebTDxSYYLyjaFY6tfVYK1sshouDOPjK7u+Yp3bR 5hzfvAgGKUxVF6U07ezW0Bs75Jjma03b9V2ci27JELY8MmldIHSYhmwjzhyFhPkgoSlN5TWsAhyLZ x/AgFTYqxd14z1+TdhxKAY+Xguu7sm+SSVygdNUThDioOUq6o/PAbIDWAE8G8JRGWCfYZrigj5tO4 h4zlF2KQ==; Received: from [::1] (helo=beesty) by beesty.loosely.org with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.96-20-303f59ccb) (envelope-from ) id 1pSWj4-000Oh0-0J for freebsd-questions@freebsd.org; Wed, 15 Feb 2023 21:22:34 -0800 Date: Wed, 15 Feb 2023 21:22:33 -0800 From: Ian Zimmerman To: freebsd-questions@freebsd.org Subject: Re: Source IP selection Message-ID: <20230216052233.sprgmazuunk25ynw@beesty.loosely.org> Mail-Followup-To: freebsd-questions@freebsd.org References: <20230215222458.bij5oh3wtaq6inje@beesty.loosely.org> <20230215232241.5A86B9977DF3@ary.qy> List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230215232241.5A86B9977DF3@ary.qy> Sender: itz@aceecat.org X-Spamd-Result: default: False [-3.50 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[aceecat.org:s=rsa]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; DKIM_TRACE(0.00)[aceecat.org:+]; ASN(0.00)[asn:63949, ipnet:2600:3c01::/32, country:SG]; RCVD_VIA_SMTP_AUTH(0.00)[]; DMARC_NA(0.00)[aceecat.org]; RCVD_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; TO_DN_NONE(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4PHNcW5tryz4Xm7 X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N On Wed, Feb 15, 2023 at 06:22:40PM -0500, John Levine wrote: > >May the kernel choose an address through which there's no route to > >the destination? > > It knows what addreses it has configured on what interfaces, and > what's in its local routing table, not the entire state of the global > Internet. The routing table just tells it what interface to use for > what networks. I think it does soemthing simple minded like using the > first address configured on the interface if you don't override that > with bind(). > > If you bind a local address and then tell it to send to a remote > address that isn't in the routing table for the interface the address > is assigned to, I have no idea what happens. Try it and let us know > what happens. > > If you told us what you are trying to do, you would get more useful > answers. Yes, fair enough. This is a sysadmin question, not a programming one. I cannot recompile every program installed on the system to fix this (if it needs fixing). My VPS provider (Linode) gave me a secondary address so my two nodes can talk to each other without accruing charges. Note that: - it really is an alias on the same interface, *not* a VLAN - it is not a publicly routable address (192.168.) Here's an excerpt of the configuration, with one obvious change: 6+1 ~$ ifconfig vtnet0 vtnet0: flags=8863 metric 0 mtu 1500 options=4c00b8 ... inet 123.123.123.4 netmask 0xffffff00 broadcast 123.123.123.255 inet 192.168.135.161 netmask 0xffff8000 broadcast 192.168.255.255 media: Ethernet autoselect (10Gbase-T ) status: active nd6 options=23 7+1 ~$ netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire default 123.123.123.1 UGS vtnet0 123.123.123.0/24 link#1 U vtnet0 123.123.123.4 link#1 UHS lo0 127.0.0.1 link#2 UH lo0 192.168.128.0/17 link#1 U vtnet0 192.168.135.161 link#1 UHS lo0 Now I am concerned what happens if something like unbound sends to the outside world, in a client role. I don't think it binds its socket, how would *it* know which address to use? It lets the kernel decide, and I think most client programs do. So, can it get the secondary address? -- Ian