Hi everyone, I have been looking into this problem for months.
I found that Linux kernel have difficulty determining source address for an icmp-ttl-exceeded packet if SADR is used. Sometimes it will return the primary address as if SADR route does not exist; sometimes it will just seallow the reply packet, showing as a "???" in the traceroute. In some rare random situation a machine with two routes like "default from 2001.../48" would report "no route to host" when you want to connect from it to some random (not all) hosts in the Internet, although the machine routes packets from others correctly. I found that icmp_errors_use_inbound_ifaddr does not work for IPv6, and have been trying to port that option to IPv6. I am not sure if it can fix the traceroute problem. But I am currently suspending this work, hopefully someone else is interested in it. I agree that we need such an option. That's simply because Linux kernel is buggy. (P.S. I typed this letter on my phone. Please forgive me if the layout is messy.) On Sat, Jul 7, 2018 at 05:38 Juliusz Chroboczek <[email protected]> wrote: > > The packets never traverse the 2a02-network yet it is showing up in the > > traceroute and that way the 2a02 addresses are leaking into the mesh > > revealing information about the node that should not be revealed. > > Sacondly packets originating from the node like DNS may leave the node > > with an inappropriate ipv6 address and could possibly be routed out > > through the wan interface of the node. > > I understand what you're trying to do. I want to understand why. > > Which interface is the address in 2a02 installed on? If it's a different > interface, then according to RFC 6724 Section 5 rule 5, the other address > should be chosen. If the address is installed on the same interface, then > I'd like to understand why. > > >> I have no objection (and I'd be glad to apply a well-written patch that > >> does that), but I don't think this should be necessary. > > > I opened a PR for this > > https://github.com/jech/babeld/pull/15 > > As I've said there, I don't think it should be a command-line option -- it > should live in the configuration file. If people want to put it on the > command-line, they should be using "-C". > > What's more, I don't think it makes sense for it to be a global option, > since with multiple interfaces you don't usually want to use the same > address with all interfaces. I can see the following: > > - it could be an interface option, in which case it would apply to all > routes going out through that interface; > - it could be a filter option, in which case it would apply to matching > routes. > > Perhaps the list could chime in? > > -- Juliusz > > _______________________________________________ > Babel-users mailing list > [email protected] > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
_______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
