Hi,
I got a new firewall and had to do some plumbing, and _reused_ an IPv6 address
block that was already on an interface (tun0). Everything worked still but
I got these messages on the firewall (uranus):
Jan 7 16:55:47 uranus /bsd: nd6_ns_input: duplicate IP6 address
2001:0a60:f074:0004::0001
I googled this message and it seems some other people also have this message
in their kernel.
So I started to chase this message in the kernel and it turns out the old
firewall (cordelia) was sending IPv6 Neighbour Solicitation packets with a
source address of 2001:a60:f074:4::1. Since it's IP6 address was
2001:a60:f074:4::2 I don't know how it got the ::1 until I looked at an
unused /etc/hostname.tun0 file and it was incorrectly set at
2001:a60:f074:4::1/64 too. So I was chasing why it would still send the
solicitation with both source address and destination address being
2001:a60:f074:4::1 and I got lost in the code, but I produced this patch
that may be useful?
----
Index: nd6_nbr.c
===================================================================
RCS file: /cvs/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.55
diff -u -r1.55 nd6_nbr.c
--- nd6_nbr.c 8 Feb 2010 11:56:09 -0000 1.55
+++ nd6_nbr.c 8 Jan 2011 10:18:25 -0000
@@ -474,6 +475,14 @@
*/
bzero(&src_sa.sin6_addr, sizeof(src_sa.sin6_addr));
}
+
+ if (IN6_ARE_ADDR_EQUAL(&src_sa.sin6_addr, &dst_sa.sin6_addr)) {
+ log(LOG_INFO, "nd6_ns_output: source is same"
+ "as destination: dst=%s\n",
+ ip6_sprintf(&dst_sa.sin6_addr));
+ goto bad;
+ }
+
ip6->ip6_src = src_sa.sin6_addr;
nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1);
nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT;
----
With this patch the packet is stopped on the misconfigured machine and doesn't
cause errors on another machine due to its misconfiguration, while hopefully
still being a nagging pain in the dmesg.
-peter
