I uploaded a patch last night for this issue, it's sitting at http://people.freebsd.org/~qingli/in6.c.diff
--Qing On Sat, Oct 15, 2011 at 1:49 PM, Matthew Seaman <m.sea...@infracaninophile.co.uk> wrote: > > So, this morning I updated to the latest stable/8 on my desktop box as > is my habit to do about fortnightly. Lo and behold, the jail I had > configured hanging off the loopback interface suddenly stopped being > able to communicate with the rest of the world. For reasons too trivial > to be worth explaining, this jail only has IPv6 connectivity. > > After much bisecting of versions and building of kernels I tracked the > problem down to r226240. > > http://svnweb.freebsd.org/base/stable/8/sys/netinet6/in6.c?r1=226235&r2=226240 > > After that commit, if I have the following IPv6 config on lo0: > > lucid-nonsense:~:% ifconfig lo0 inet6 > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xc > inet6 fd87:cd50:2103:1:57f9:9484:e8b0:12d1 prefixlen 128 > > Then the RFC4193 address becomes unpingable[*]: > > lucid-nonsense:~:% ping6 fd87:cd50:2103:1:57f9:9484:e8b0:12d1 > PING6(56=40+8+8 bytes) fd87:cd50:2103:1:57f9:9484:e8b0:12d1 --> > fd87:cd50:2103:1:57f9:9484:e8b0:12d1 > ^C > --- fd87:cd50:2103:1:57f9:9484:e8b0:12d1 ping6 statistics --- > 3 packets transmitted, 0 packets received, 100.0% packet loss > > I can't tell from the commit if this is an intended consequence or not, > but it seems a bit draconian if so. Surely this will cause problems for > such well known techniques as Direct Server Return? Not to mention my > favourite trick of hanging a jail off an internal interface where I can > experiment with all sorts of potentially vulnerable network bits without > exposing them to an external network. > > Cheers, > > Matthew > > [*] Ditto if I clone up a lo1 interface and move > fd87:cd50:2103:1:57f9:9484:e8b0:12d1 to there. Works fine for 226239 or > earlier, not for 226240 et seq. What's the point of being able to clone > lo(4) if you can't usefully configure it with arbitrary addresses? > > -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > JID: matt...@infracaninophile.co.uk Kent, CT11 9PW > > _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
