On Fri, Jul 06, 2018 at 11:38:28PM +0200, Juliusz Chroboczek wrote:
The packets never traverse the 2a02-network yet it is showing up in the traceroute and that way the 2a02 addresses are leaking into the mesh revealing information about the node that should not be revealed. Sacondly packets originating from the node like DNS may leave the node with an inappropriate ipv6 address and could possibly be routed out through the wan interface of the node.I understand what you're trying to do. I want to understand why. Which interface is the address in 2a02 installed on? If it's a different interface, then according to RFC 6724 Section 5 rule 5, the other address should be chosen. If the address is installed on the same interface, then I'd like to understand why.
2a02 is assigned to br-wan2a06 is assigned to local-node which is a veth-pair bridged into br-client. The mesh is mesh0, mesh1 and so on. The node can be addressed by its 2a06 address. This is the default setup of gluon. When now communicating over the mesh, neither the 2a02 nor the 2a06 address is on the interface used for the communication so it seems that sometimes one or the other is chosen by the kernel. I have not followed this up in the code though.
This might be resolvable by applying network namespaces. I have to say though that I am not sure if we should be relying on that mechanism as it seems rather complex for such a seemingly simple thing.
> > I have no objection (and I'd be glad to apply a well-written patch > > that does that), but I don't think this should be necessary. > I opened a PR for this https://github.com/jech/babeld/pull/15 As I've said there, I don't think it should be a command-line option -- it should live in the configuration file. If people want to put it on the command-line, they should be using "-C". What's more, I don't think it makes sense for it to be a global option, since with multiple interfaces you don't usually want to use the same address with all interfaces. I can see the following: - it could be an interface option, in which case it would apply to all routes going out through that interface;- it could be a filter option, in which case it would apply to matching routes.
I agree that having this set as a global option is probably a little too crude. Between those two options I think the first should be sufficient for most use cases and I am willing to listen to other opinions here. Christof -- () ascii ribbon campaign - against html e-mail /\ against proprietary attachments
signature.asc
Description: PGP signature
_______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
