[Bug 247700] rtadvd: fails to generate error when iface lacks a link-local address

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247700

--- Comment #3 from Hiroki Sato <hrs at FreeBSD.org> ---
It is a valid situation for a unicast communication where a global-scope
address is the source address and a link-local-scope address is the destination
address though it is not recognized as valid as a Router Advertisement message.
 Limiting the address selection to the same zone as the destination's is too
restrictive.  The current implementation prefers a source scope whose scope is
larger than the destination's (c.f. Rule 2, Sec. 5, RFC 6724).  Even if the
source is smaller than the destination, an address is selected in any way. 
However, upon sending a packet, the network stack will discard the packet due
to an error "no destination".

So in the situation with src=GUA/dst=LLA, a unicast communication works and it
does not against the specifications.  Usually it does not happen because every
interface has at least one LLA configured (c.f. Sec. 2.1, RFC 4291) and the
source address selection algorithm always prefers a smaller scope.

For an interface with no LLA, I think NDP does not work in various ways because
it (and MLDv2) heavily depends on LLA.  It is not limited to Router
Advertisement messages.  For this reason, FreeBSD configures an EUI-64 LLA by
default.

There are some scenarios where only GUAs are configured on an interface,
however.  To prevent rtadvd(8) from sending invalid packets you reported, I
think rtadvd(8) should check if the interface has an LLA or not.  I believe
running rtadvd(8) on an interface with no LLA is a wrong configuration.

Please let me know if I understand your report correctly, and comments about my
understanding about the issue you pointed out.  If the additional check on
rtadvd(8) is sufficient, I will work on it.

-- 
You are receiving this mail because:
You are on the CC list for the bug.