Hi, I got a new firewall and had to do some plumbing, and _reused_ an IPv6 address block that was already on an interface (tun0). Everything worked still but I got these messages on the firewall (uranus):
Jan 7 16:55:47 uranus /bsd: nd6_ns_input: duplicate IP6 address 2001:0a60:f074:0004::0001 I googled this message and it seems some other people also have this message in their kernel. So I started to chase this message in the kernel and it turns out the old firewall (cordelia) was sending IPv6 Neighbour Solicitation packets with a source address of 2001:a60:f074:4::1. Since it's IP6 address was 2001:a60:f074:4::2 I don't know how it got the ::1 until I looked at an unused /etc/hostname.tun0 file and it was incorrectly set at 2001:a60:f074:4::1/64 too. So I was chasing why it would still send the solicitation with both source address and destination address being 2001:a60:f074:4::1 and I got lost in the code, but I produced this patch that may be useful? ---- Index: nd6_nbr.c =================================================================== RCS file: /cvs/src/sys/netinet6/nd6_nbr.c,v retrieving revision 1.55 diff -u -r1.55 nd6_nbr.c --- nd6_nbr.c 8 Feb 2010 11:56:09 -0000 1.55 +++ nd6_nbr.c 8 Jan 2011 10:18:25 -0000 @@ -474,6 +475,14 @@ */ bzero(&src_sa.sin6_addr, sizeof(src_sa.sin6_addr)); } + + if (IN6_ARE_ADDR_EQUAL(&src_sa.sin6_addr, &dst_sa.sin6_addr)) { + log(LOG_INFO, "nd6_ns_output: source is same" + "as destination: dst=%s\n", + ip6_sprintf(&dst_sa.sin6_addr)); + goto bad; + } + ip6->ip6_src = src_sa.sin6_addr; nd_ns = (struct nd_neighbor_solicit *)(ip6 + 1); nd_ns->nd_ns_type = ND_NEIGHBOR_SOLICIT; ---- With this patch the packet is stopped on the misconfigured machine and doesn't cause errors on another machine due to its misconfiguration, while hopefully still being a nagging pain in the dmesg. -peter