sendmail vs ipv6 broken after upgrade to 9.1

Hiroki Sato hrs at FreeBSD.org
Wed Jan 9 14:43:05 UTC 2013 

Ulrich Spörlein <uqs at FreeBSD.org> wrote
  in <20130109142111.GL35868 at acme.spoerlein.net>:

uq> On Wed, 2013-01-09 at 14:14:18 +0100, Michiel Boland wrote:
uq> > On 01/08/2013 23:33, Hiroki Sato wrote:
uq> > > Ulrich Spörlein <uqs at freebsd.org> wrote
uq> > >    in <20130108184051.GI35868 at acme.spoerlein.net>:
uq> > >
uq> > > uq> After setting this, it now looks like this:
uq> > > uq> root at acme: ~# ip6addrctl
uq> > > uq> Prefix                          Prec Label      Use
uq> > > uq> ::1/128                           50     0        0
uq> > > uq> ::/0                              40     1        0
uq> > > uq> 2002::/16                         30     2        0
uq> > > uq> ::/96                             20     3        0
uq> > > uq> ::ffff:0.0.0.0/96                 10     4        0
uq> > > uq>
uq> > > uq> And even sendmail is happily finding the sockets to bind to. Thanks for the hint!
uq> > >
uq> > >   I think this just hides the problem.  If gshapiro@'s explanation is
uq> > >   correct, no ::ffff:0.0.0.0/96 address should be returned if the name
uq> > >   resolution works fine...
uq> > >
uq> > > -- Hiroki
uq> > >
uq> > 
uq> > getipnodebyname(xx, AF_INET6, AI_DEFAULT|AI_ALL) does this:-
uq> > 
uq> > If a host has both IPv6 and IPv4 addresses, both are returned.
uq> > The IPv4 address is presented as a mapped address.
uq> > The order in which the addresses are returns depends on the
uq> > address selection policy (_hpreorder in lib/libc/net/name6.c)
uq> 
uq> Is this also supposed to work for selecting the source IP address for
uq> outgoing packets/sockets? And should it work for ping6?

 Yes.

uq> Using a tunnel for IPv6, I have this transfer net configured on my
uq> router, but for ACL purposes I would like to have all connections come
uq> from my real prefix, not the transfer net. So I wrote my own policy, yet
uq> ping6 seems to ignore it.

uq> As you can see, source prefix stays 2a02:2528:ff00, though I'd like it
uq> to be 2a02:2528:ff0d.

 This is because the prefix on the interface has the first priority.
 Why don't you use an fe80::/10 address to route packets to the other
 endpoint of tun0?

-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20130109/9e76bd36/attachment.sig>

More information about the freebsd-stable mailing list