Date: Tue, 5 Jan 2021 17:46:50 +0700 From: Victor Sudakov <vas@sibptus.ru> To: freebsd-net@freebsd.org Cc: Lutz Donnerhacke <lutz@donnerhacke.de> Subject: Re: FreeBSD does not reply to IPv6 Neighbor Solicitations Message-ID: <20210105104650.GA7688@admin.sibptus.ru> In-Reply-To: <00a101d6e33b$96edf0c0$c4c9d240$@donnerhacke.de> References: <mailman.93.1609761601.91504.freebsd-questions@freebsd.org> <E9644A2A-6C5F-48C9-AD2D-13BC7FB2E534@gromit.dlib.vt.edu> <20210105031528.GA91534@admin.sibptus.ru> <00a101d6e33b$96edf0c0$c4c9d240$@donnerhacke.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--envbJBWh7q8WU6mo Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Lutz Donnerhacke wrote: > Victor Sudakov wrote: > > Paul Mather wrote: > > > >>>> Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6 > > > >>>> Neighbor Solicitations from the router? > >=20 > > Well, Neighbor Solicitations (ICMPv6 type 135) and Neighbor > > Advertisements (ICMPv6 type 136) are not exactly routing messages, they > > are the equivalent of the ARP protocol in IPv6, and AFAIK should work > > between any two IPv6 nodes to map L3 addresses to L2 addresses, even if > > there are no routers on the segment. Correct me if I'm wrong. >=20 > Correct. >=20 > > You may be right but then it is certainly a bug. Unfortunately I cannot > > reproduce the problem with any reliability, this thing works more often > > than not. >=20 > May you be able to capture the icmp6 traffic of this interface with respe= ct > to ND? I'm really interested in seeing, that the box does not respond to a > given NS query. Here you are http://admin.sibptus.ru/~vas/nd1.pcapng >=20 > There are various reasons, why this may happen, i.e. sender IP in the NS = is > out of prefix of the target IP. This may happen, if multiple prefixes are > added to the interface. Some devices (like Cisco ASA) are very picky on > matching source/target IPs. So it might be possible, that the problem is = not > the the FreeBSD box, but the querying device (Mircotik?) Maybe. The Mikrotik sends neighbor solicitations from a link-local address, as you can see in the packet dump above. Is this correct behavior? >=20 > There is no problem with neighbour discovery without the ACCEPT_RTADV > option. It simply works. I thought as much. > So it works in both directions. > Please note, that the first NS query is coming from a link-local address = and > requesting a global IP. This will not always be answered by any device out > there (especially if the roles are reversed) Hmm, this is an interesting observation, please see the packet dump above, what do you say? And what do standards say, what should be the source address of a neighbor solicitation when the target address is a global address? --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --envbJBWh7q8WU6mo Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJf9EOaAAoJEA2k8lmbXsY0Cr4H/0UOV1Cgw4rCb8wCzxcKBkZg qtgcZZODUJXr7lgohIDpH2KJsg7/ED4AO6lpEhtPd4wlVFYAtdQ3y3Oa95njQDIH 1J2JHH8c8Nwcd6ziK/Ywcde0MXvhzWG5dX9pkZhph5jVsgoWvL+BXIF3c2wLVHxA d5HrDqcfk17uemKq+57utcDt4ZQotaLy7a9vDjGFMi1uRnwi3oc7m/iHh3Yrf41A hkHN32ja/I2y4zhoMsFJl7vwAdxT2RYSKFRha/fh5QcI3D6F8y0VT5vNor38SaAA C2erPmfN9Ofud5Y4OOAE3m4HsX6SQyQaj3GOb7QFFm+NpxLj7Wjhv/MhpZNJSf4= =ENMV -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210105104650.GA7688>