(moving from misc to tech)
On 2019-05-11, Rachel Roch <[email protected]> wrote:
> I'm still learning IPv6 intricacies, so forgive me if this is a silly
> question.
>
> When I have interfaces set in the standard manner, e.g.:
>
> inet6 2001:DB8:beef::1 128
> up
>
> NSD and Unbound will bind to that address without problem.
>
> However if I add the anycast flag:
> inet6 2001:DB8:beef::1 128 anycast
> up
>
> and then destroy and re-create the interfaces and pkill and relaunch unbound
> and NSD, they both complain bitterly:
>
> [2019-05-11 21:00:51.665] nsd[43360]: notice: nsd starting (NSD 4.1.27)
> [2019-05-11 21:00:51.666] nsd[43360]: error: can't bind udp socket: Can't
> assign requested address
> [2019-05-11 21:00:51.666] nsd[43360]: error: server initialization failed,
> nsd could not be started
> [1557604863] unbound[69433:0] error: can't bind socket: Can't assign
> requested address for 2001:DB8:beef::1 port 53[1557604863] unbound[69433:0]
> fatal error: could not open ports
>
> The interface shows correctly in ifconfig so I don't know what the problem is
> ?
>
> This is on OpenBSD 6.5 if it makes any difference.
>
>
RFC3513 says this:
o An anycast address must not be used as the source address of
an IPv6 packet.
o An anycast address must not be assigned to an IPv6 host, that
is, it may be assigned to an IPv6 router only.
And to help ensure this, the kernel denies binding to an address marked
with the anycast flag (see netinet6/in6_pcb.c).
This was obsoleted by RFC4291, including this change:
o The restrictions on using IPv6 anycast addresses were removed because
there is now sufficient experience with the use of anycast addresses,
the issues are not specific to IPv6, and the GROW working group is
working in this area.
So I think this restriction can now be removed, at least with this
change, but more might be needed.
Index: in6_pcb.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6_pcb.c,v
retrieving revision 1.108
diff -u -p -r1.108 in6_pcb.c
--- in6_pcb.c 4 Oct 2018 17:33:41 -0000 1.108
+++ in6_pcb.c 13 May 2019 07:28:02 -0000
@@ -185,10 +185,6 @@ in6_pcbaddrisavail(struct inpcb *inp, st
sin6->sin6_port = lport;
/*
- * bind to an anycast address might accidentally
- * cause sending a packet with an anycast source
- * address, so we forbid it.
- *
* We should allow to bind to a deprecated address,
* since the application dare to use it.
* But, can we assume that they are careful enough
@@ -197,8 +193,8 @@ in6_pcbaddrisavail(struct inpcb *inp, st
* flag to control the bind(2) behavior against
* deprecated addresses (default: forbid bind(2)).
*/
- if (ifa && ifatoia6(ifa)->ia6_flags & (IN6_IFF_ANYCAST|
- IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED|IN6_IFF_DETACHED))
+ if (ifa && ifatoia6(ifa)->ia6_flags & (IN6_IFF_TENTATIVE|
+ IN6_IFF_DUPLICATED|IN6_IFF_DETACHED))
return (EADDRNOTAVAIL);
}
if (lport) {
