IPv6 scope handling, was Re: svn commit: r335806 - projects/pnfs-planb-server/usr.sbin/nfsd

Sun Jul 1 10:56:33 UTC 2018

On 01.07.2018 03:30, Rick Macklem via freebsd-net wrote:
>> [neighbor1 fe80::100]<-->[fe80::1%igb0 | fe80::1%igb1]<-->[fe80::100
>> neighbor2]
>>
>> neighbor1 can not reach neighbor2, since these addresses belongs to
>> different scope zones. On the host with two interfaces you as user can
>> use link-local addresses and can specify such addresses in application.
>> To disambiguate them you must specify scope zone identifier, "%igb0" or
>> "%igb1". E.g. if you want to connect with neighbor1, you can use "telnet
>> fe80::100%igb0 someport" and the kernel will initiate connection with
>> neighbor1 through igb0. inet_ntop() call doesn't support this.
> Ok, I think I follow that. I didn't explain what this case is...
> 
> The code for this patch runs on HostA.
> If looks up an address for HostB, but not so it can connect to HostB.
> It sends the address to HostC, so that HostC can connect to HostB.
> (So the address needed is the address that HostC would use to connect to
>  HostB.)
>
> I think what you are saying above is that a Link-local address won't work
> and that the address must be a global one?
> Should the code check for "fe8" at the start and skip over those ones?

It is possible that all hosts are in the same scope zone, e.g. they are
connected in the one broadcast domain through the switch.
In this case it is possible to use link-local addresses and they all
will be reachable.

> The "on-the-wire" address sent to HostC is specified in standard string form
> (can't remember the RFC#, but it is referenced by RFC5661), so I can't send
> any more than that to HostC.

So if I understand correctly, after formatting you are sending this
address string to the some foreign host?
The scope zone id specifier is only does matter for the host where it is
used. I.e. there is no sense to send "%ifname" to the foreign host,
because it can have different ifname for the link and that address
specification won't work.

I think for now we can leave the code as is (put some XXX with comment
here), and then in the future, if it will be needed, add better handling
for that :)

>> In the kernel when you operate with IPv6 link-local addresses you need
>> to properly prepare them in the IPv6 header, i.e. embed scope zone
>> identifier. Otherwise the kernel will fail to send such packets.
> How would HostA know what HostC should use?
> (I don't think it can know?)
> [stuff snipped]

The possible solution can be:
* for the sending host use scope zone id to determine proper interface
to send through;
* for the receiving host track the receiving interface and if given
address is link-local, recover the scope zone id from the receiving
interface.

-- 
WBR, Andrey V. Elsukov

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20180701/255961a1/attachment.sig>