Good evening everyone,
I am stuck with a IPv6 traceroute problem in an OSPFv3 environment.
Long story short :
- IPv6 routes are propagated using OSPFv3
- so they are installed with link-local gateways in the fib
- ICMPv6 "time exceeded" packets are generated with link-local source
address
- these packets are not to be routed so they do not get past the next
hop
- the endpoint never receives the "time exceeded packets"
This of course is only true if the router generating the icmp packet is
not the endpoint, but only a hop in the path.
I checked the code (or at least tried to).
It seems like it's in function icmp6_reflect in file icmp6.c at lines
1144/1147.
This code (if I understood it correctly) :
- fetches the route to the destination
- gets the interface source address for this route
- uses it as the source for the generated IP packet
As my routes are installed with link-local addresses by OSPFv3, I get a
generated packet with a link local source-address.
The problem is when the destination is not on the local subnet : the
generated packet is unroutable and never makes it to its destination
Would it be better to try to find another address on the interface that
is not link local if the destination address isn't on the interface
subnets ?
Sadly, I can't provide a patch, sorry, I'm not that skilled in OpenBSD.
I thought of a pf trickery like :
pass out quick inet6 proto icmp6 from fe80::/10 to any icmp6-type timex
nat-to lo1
but that won't work because the generated packet itself will be matching
a state and this rule won't even be evaluated.
Does anyone have an idea how I could get these icmp6 packets to reach
their destination ?
Thanks for your help !
Arnaud
