wrong source address with neighbor solicitation from jail

Bernd Walter ticso at cicely7.cicely.de
Tue Sep 30 14:58:54 UTC 2014 

At first I'd thought it is the plain old broken multicast ethernet
support story, since I noticed it with an IPv6 only ARM system.
But multicast on all the system works fine, it is the neighbor solitictaion
request at fault selecting the wrong

My setup.
One client system, which failed to communication with a jail with an IP
configured as /128 on lo0.

The jail host itself with a LAN IP on em0 and the jail IP.

My gateway, used as defeault GW on the client and server and knows a route
for the /128 to the jail host.
It is in the route path from the client to the jail IP.
(unrelated question: isn't there some kind of redirect supprt as with IPv4?)

All systems are on the same LAN.


When I e.g. telnet from the jail host to the client I see the following:
16:41:23.970458 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2a02:21e0:16e0:2000::105 > ff02::1:ff00:1001: [icmp6 sum ok] ICMP6,
 neighbor solicitation, length 32, who has 2a02:21e0:16e0:2000::1001
          source link-address option (1), length 8 (1): 00:1e:8c:f2:41:2d
            0x0000:  001e 8cf2 412d
16:41:23.970792 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2a02:21e0:16e0:2000::1001 > 2a02:21e0:16e0:2000::105: [icmp6 sum ok
] ICMP6, neighbor advertisement, length 32, tgt is 2a02:21e0:16e0:2000::1001, Flags [solicited, override]
          destination link-address option (2), length 8 (1): 00:1f:7b:b4:0c:41
            0x0000:  001f 7bb4 0c41
16:41:23.970800 IP6 (flowlabel 0xe9bb0, hlim 64, next-header TCP (6) payload length: 40) 2a02:21e0:16e0:2000::105.50941 > 2a02:21e0:16e0:2000:
:1001.23: Flags [S], cksum 0xcaee (correct), seq 690679932, win 65535, options [mss 1440,nop,wscale 6,sackOK,TS val 291271812 ecr 0], length 0
16:41:23.971066 IP6 (hlim 64, next-header TCP (6) payload length: 20) 2a02:21e0:16e0:2000::1001.23 > 2a02:21e0:16e0:2000::105.50941: Flags [R.
], cksum 0xb889 (correct), seq 0, ack 690679933, win 0, length 0

The jail host issues a neighbor solicitaion request from his
LAN IP to the multicast IP for the required target IP.
It gets an answer and tries to connect.
Everything is perfectly OK.

Now if I do the same from the jail (after deleting the ndp entry):
16:43:30.686371 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) 2a02:21e0:16e0:20fe::101:6 > ff02::1:ff00:1001: [icmp6 sum ok] ICMP
6, neighbor solicitation, length 32, who has 2a02:21e0:16e0:2000::1001
          source link-address option (1), length 8 (1): 00:1e:8c:f2:41:2d
            0x0000:  001e 8cf2 412d

And this is where my problems starts.
It is issuing basicly the same NS packet, but this time with it's jail
address.
Now the other system won't answer to the request.
Maybe because it is not on the same LAN as the requesting address.

The jail host, which selects the wrong source address is running
9.1-STABLE r246590.
So maybe this is fixed already?
But since I've never heared about such a problem I guess it still exists.

-- 
B.Walter <bernd at bwct.de> http://www.bwct.de
Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm.

More information about the freebsd-net mailing list