Hi Juliusz, On Fri, Jul 06, 2018 at 11:19:03AM +0200, Juliusz Chroboczek wrote:
I opened a PR for this - whether it is well-written is up to your judgement. :)For multi-homed devices it would be interesting being able to specify a preferred source address for routes exported via babel. If the preferred src address is not specified, the kernel will select the src address and thus will leak ipv6 addresses into a network where they are foreign.The kernel will normally select an address that is assigned to the outgoing interface. Why is this mechanism not enough for your needs?This should be configurable and could be static for one babeld instance. Before going ahead and patching this into kernel_netlink.c (around line 1053 I think) I would like to get some feedback on the idea.I have no objection (and I'd be glad to apply a well-written patch that does that), but I don't think this should be necessary.
Could you please explain exactly why you need this feature?
Consider the following screenshot of a traceroute: Https://chat.sum7.eu/upload/4b2ab8b47d9551a701a91aa9e52f815cb7ff4a7b/7EqJP1J7fyiNL2ZYVvYMM1xQW6YcdimuQgTk0gCb/20180706_173921273_75eb.jpgThe hop having the address beginning with 2a02 is a node in the network 2a06:8782:ffbb:bab0:/64. It has two ipv6 addresses. The one that is visible in the screenshot: 2a02:8109:dc0:2b8:5054:ff:fe3e:caca on WAN
and 2a06:8782:ffbb:bab0:5054:ff:fe38:4b77 on the mesh.The packets never traverse the 2a02-network yet it is showing up in the traceroute and that way the 2a02 addresses are leaking into the mesh revealing information about the node that should not be revealed. Sacondly packets originating from the node like DNS may leave the node with an inappropriate ipv6 address and could possibly be routed out through the wan interface of the node. That means that mesh-internal ipv6 traffic is not routed mesh-internal.
This is odd at best.Specifying -P we can make sure to use the correct mesh-internal origin-address and path when reaching targets inside the mesh even on multi-homed devices.
Regards Christof -- () ascii ribbon campaign - against html e-mail /\ against proprietary attachments
signature.asc
Description: PGP signature
_______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
