Hi, On Sat, Jan 11, 2014 at 12:59:02AM +0100, Tore Anderson wrote: > FWIW: Now I also got to test git master with what I wanted to in the > first place, namely to see whether or not all the nice dualstack changes > had also made "multihome" work for IPv4-mapped clients coming in to the > server on an udp6 socket (ticket #306). Unfortunately that's still > broken, and it seems that for a server process "proto udp" is still > IPv4-only. So it doesn't appear to be possible to get a functioning > dual-stacked UDP server (that has multiple addresses/interfaces) at the > moment.
FWIW, that seems to be a Linux oddity.
I've extracted the "bind to an UDP socket, listen on it, print all
addresses I can find" out of openvpn to see whether I can more easily
debug all the multihome oddities people have seen, and that code
tells me that for IPv4-mapped clients, we are not actually receiving
any "ancilliary data" in recvmsg(), which is needed to see our local
socket address.
It works for IPv6 clients on IPv6 sockets, and for IPv4 clients on IPv4-only
sockets, but not for IPv4 (-mapped) clients on dual-stack IPv6 sockets.
This is made worse by the OpenVPN code assuming that it would always
receive data, so the "if not" case neither triggers a warning, nor is
the data structure properly cleaned in that case - so you'll see packet
info related to the last properly reported connection.
In case you want to test yourself, the code is appended. It's not pretty,
but gets the job done :-)
Compile with "gcc -o mhome mhome.c", run with
./mhome (4|6) <port>
like "./mhome 4 12345" or "./mhome 6 50001".
In lieu of a good tool to generate IPv6 UDP packets, I've used "traceroute6"
to trigger this ("traceroute6 -p 50000" generates 50001 and up :-) ).
A *working* sample is here, from FreeBSD 9.2:
$ ./mhome
AF_INET6/IPV6_RECVPKTINFO enabled
setsockopt(IPV6_V6ONLY=0)
Socket bound to local address [AF_INET6][undef]:50001
--
CMSG_NXTHDR=0x0, level=41, type=46
IPV6_PKTINFO
read: fromlen=28, r_len=12
from=[AF_INET6]2001:608:4::3:52613 (via 2001:608:0:814::f000:5%[undef])
--
CMSG_NXTHDR=0x0, level=41, type=46
IPV6_PKTINFO
read: fromlen=28, r_len=12
from=[AF_INET6]::ffff:193.149.48.167:59559 (via ::ffff:194.97.140.5%[undef])
--
A non-working example from a Linux 3.3.8 kernel:
$ ./mhome
AF_INET6/IPV6_RECVPKTINFO enabled
setsockopt(IPV6_V6ONLY=0)
Socket bound to local address [AF_INET6][undef]:50001
--
CMSG_NXTHDR=(nil), level=41, type=50
IPV6_PKTINFO
read: fromlen=28, r_len=12
from=[AF_INET6]2001:608:0:814::f000:5:61802 (via 2001:608:0:814::f000:11%eth0)
--
CMSG_FIRSTHDR()=NULL, no packet info available
read: fromlen=28, r_len=24
from=[AF_INET6]::ffff:194.97.140.5:54859 (via ::%[undef])
--
meh...
(So if someone really wants to make this work, the next step would be
to figure out why it's not working in the Linux IPv4-mapped case, and
get it fixed...)
More to come.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp5eqJdgScN0.pgp
Description: PGP signature
