current-users: Re: IPv6 NDP and DAD bug in 1.5?

Subject: Re: IPv6 NDP and DAD bug in 1.5?
To: None <itojun@iijlab.net>
From: Feico Dillema <feico@pasta.cs.uit.no>
List: current-users
Date: 11/12/2000 17:37:25
On Mon, Nov 13, 2000 at 12:37:07AM +0900, itojun@iijlab.net wrote:
> 	it is way too late for major kernel changes like this.
> 	the only case you will have problem is:
> 	- your machine X uses an address A
> 	- X moved to some other subnet, now A is not yours
> 	- some other machine Y comes to the original subnet, and gets A again
> 	- X may have problem talking with Y
> 	but because of the way we do stateless autoconfiguration, the 3rd
> 	bullet is close to impossible.
Apologies, I thought this was important to me but as you say: it isn't.
Just confused it with something I had experienced elsewhere.

> 	please do not describe, please just attach the dump.  please have
> 	"-evv" flag on tcpdump so that we can know who is the real sender
> 	of the packet.
Ok, here's a lot of output. First ifconfigs of the three machines (thief
`drifter', router `server', and a third `home' for running extra tcpdump):

drifter# ifconfig tlp0
tlp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::210:a4ff:fead:43c0%tlp0 prefixlen 64 scopeid 0x6
        inet6 3ffe:2a00:100:3001:210:a4ff:fead:43c0 prefixlen 64

server# ifconfig ex0
ex0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (100baseTX)
        status: active
        inet 10.0.0.1 netmask 0xffff0000 broadcast 10.0.255.255
        inet6 fe80::250:4ff:feec:b149%ex0 prefixlen 64 scopeid 0x2
        inet6 3ffe:2a00:100:3001::2 prefixlen 64

home# ifconfig ex0
ex0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 10.0.0.10 netmask 0xffff0000 broadcast 10.0.255.255
        inet6 fe80::250:daff:fed8:39e9%ex0 prefixlen 64 scopeid 0x1
        inet6 3ffe:2a00:100:3001:250:daff:fed8:39e9 prefixlen 64

*** tcpdump -i ifn -evv -n icmp6, when at drifter the follwoing is performed:

	ifconfig tlp0 inet6 3ffe:2a00:100:3001::2 prefixlen 64 alias

# tcpdump at drifter (3ffe:2a00:100:3001:210:a4ff:fead:43c0):

17:13:43.026939 0:10:a4:ad:43:c0 33:33:ff:0:0:2 86dd 78: :: > ff02::1:ff00:2: icmp6: neighbor sol: who has 3ffe:2a00:100:3001::2 (len 24, hlim 255)
17:13:46.587773 0:50:4:ec:b1:49 0:10:a4:ad:43:c0 86dd 90: 3ffe:2a00:100:3001::2 > 3ffe:2a00:100:3001:210:a4ff:fead:43c0: icmp6: neighbor sol: who has 3ffe:2a00:100:3001:210:a4ff:fead:43c0(src lladdr: 0:50:4:ec:b1:49) (len 32, hlim 255) 
17:13:46.587855 0:10:a4:ad:43:c0 0:50:4:ec:b1:49 86dd 78: 3ffe:2a00:100:3001::2 > 3ffe:2a00:100:3001::2: icmp6: neighbor adv: tgt is 3ffe:2a00:100:3001:210:a4ff:fead:43c0(S) (len 24, hlim 255)
17:13:46.894224 0:10:a4:ad:43:c0 0:50:4:ec:b1:49 86dd 86: 3ffe:2a00:100:3001::2 > 3ffe:2a00:100:3001::2: icmp6: neighbor sol: who has 3ffe:2a00:100:3001::2(src lladdr: 0:10:a4:ad:43:c0) (len 32, hlim 255) 
17:13:46.894254 0:10:a4:ad:43:c0 0:50:4:ca:89:4e 86dd 86: fe80::210:a4ff:fead:43c0 > fe80::250:4ff:feca:894e: icmp6: neighbor sol: who has fe80::250:4ff:feca:894e(src lladdr: 0:10:a4:ad:43:c0) (len 32, hlim 255)
17:13:46.895558 0:50:4:ca:89:4e 0:10:a4:ad:43:c0 86dd 82: fe80::250:4ff:feca:894e > fe80::210:a4ff:fead:43c0: icmp6: neighbor adv: tgt is fe80::250:4ff:feca:894e(RS) (len 24, hlim 255)

# tcpdump at server (3ffe:2a00:100:3001::2)
17:13:41.588065 0:50:4:ec:b1:49 0:50:4:ca:89:4e 86dd 86: 3ffe:2a00:100:3001::2 > 3ffe:2a00:100:3001::3: icmp6: neighbor sol: who has 3ffe:2a00:100:3001::3(src lladdr: 0:50:4:ec:b1:49) (len 32, hlim 255)
17:13:41.589416 0:50:4:ca:89:4e 0:50:4:ec:b1:49 86dd 78: 3ffe:2a00:100:3001::3 > 3ffe:2a00:100:3001::2: icmp6: neighbor adv: tgt is 3ffe:2a00:100:3001::3(RS) (len 24, hlim 255)
17:13:46.588372 0:50:4:ec:b1:49 0:10:a4:ad:43:c0 86dd 86: 3ffe:2a00:100:3001::2 > 3ffe:2a00:100:3001:210:a4ff:fead:43c0: icmp6: neighbor sol: who has 3ffe:2a00:100:3001:210:a4ff:fead:43c0(src lladdr: 0:50:4:ec:b1:49) (len 32, hlim 255)
17:13:46.588577 0:10:a4:ad:43:c0 0:50:4:ec:b1:49 86dd 78: 3ffe:2a00:100:3001::2 > 3ffe:2a00:100:3001::2: icmp6: neighbor adv: tgt is 3ffe:2a00:100:3001:210:a4ff:fead:43c0(S) (len 24, hlim 255) 
17:13:46.895174 0:10:a4:ad:43:c0 0:50:4:ec:b1:49 86dd 86: 3ffe:2a00:100:3001::2 > 3ffe:2a00:100:3001::2: icmp6: neighbor sol: who has 3ffe:2a00:100:3001::2(src lladdr: 0:10:a4:ad:43:c0) (len 32, hlim 255)
17:13:47.895175 0:10:a4:ad:43:c0 0:50:4:ec:b1:49 86dd 86: 3ffe:2a00:100:3001::2 > 3ffe:2a00:100:3001::2: icmp6: neighbor sol: who has 3ffe:2a00:100:3001::2(src lladdr: 0:10:a4:ad:43:c0) (len 32, hlim 255)
17:13:48.895241 0:10:a4:ad:43:c0 0:50:4:ec:b1:49 86dd 86: 3ffe:2a00:100:3001::2 > 3ffe:2a00:100:3001::2: icmp6: neighbor sol: who has 3ffe:2a00:100:3001::2(src lladdr: 0:10:a4:ad:43:c0) (len 32, hlim 255)
Read from remote host server.pasta.cs.uit.no: Connection reset by peer
Connection to server.pasta.cs.uit.no closed.

(*note: this tcpdump ran over ssh connection from drifter. this time
there was no nd entry in cache for the server, and a permanent entry
for drifter was added. This caused the ssh connection to break.

drifter# ndp -an
Neighbor                        Linklayer Address  Netif Expire    St Flgs Prbs
3ffe:2a00:100:3001::2           0:10:a4:ad:43:c0    tlp0 permanent R      
...
*end note)

#tcpdump at home (3ffe:2a00:100:3001:250:daff:fed8:39e9)

17:13:47.895184 0:10:a4:ad:43:c0 0:50:da:d8:39:e9 86dd 86: 3ffe:2a00:100:3001:210:a4ff:fead:43c0 > 3ffe:2a00:100:3001:250:daff:fed8:39e9: icmp6: neighbor sol: who has 3ffe:2a00:100:3001:250:daff:fed8:39e9(src lladdr: 0:10:a4:ad:43:c0) (len 32, hlim 255)
17:13:47.895250 0:50:da:d8:39:e9 0:10:a4:ad:43:c0 86dd 78: 3ffe:2a00:100:3001:250:daff:fed8:39e9 > 3ffe:2a00:100:3001:210:a4ff:fead:43c0: icmp6: neighbor adv: tgt is 3ffe:2a00:100:3001:250:daff:fed8:39e9(S) (len 24, hlim 255)

*** tcpdump -i ifn -evv -n icmp6, when at drifter the follwoing is performed:

drifter# ping6 -n ff02::1:ff00:2
PING6(56=40+8+8 bytes) fe80::210:a4ff:fead:43c0%tlp0 --> ff02::1:ff00:2
16 bytes from fe80::250:4ff:feec:b149%tlp0, icmp_seq=0 hlim=64 time=0.354 ms
...

# tcpdump drifter:
17:24:54.704492 0:10:a4:ad:43:c0 33:33:ff:0:0:2 86dd 70: fe80::210:a4ff:fead:43c0 > ff02::1:ff00:2: icmp6: echo request (len 16, hlim 64) 
17:24:54.704696 0:50:4:ec:b1:49 0:10:a4:ad:43:c0 86dd 74: fe80::250:4ff:feec:b149 > fe80::210:a4ff:fead:43c0: icmp6: echo reply (len 16, hlim 64)
17:24:54.894235 0:10:a4:ad:43:c0 0:50:da:d8:39:e9 86dd 86: 3ffe:2a00:100:3001:210:a4ff:fead:43c0 > 3ffe:2a00:100:3001:250:daff:fed8:39e9: icmp6: neighbor sol: who has 3ffe:2a00:100:3001:250:daff:fed8:39e9(src lladdr: 0:10:a4:ad:43:c0) (len 32, hlim 255)
17:24:54.894261 0:10:a4:ad:43:c0 0:50:4:ca:89:4e 86dd 86: fe80::210:a4ff:fead:43c0 > fe80::250:4ff:feca:894e: icmp6: neighbor sol: who has fe80::250:4ff:feca:894e(src lladdr: 0:10:a4:ad:43:c0) (len 32, hlim 255)
17:24:54.894409 0:50:da:d8:39:e9 0:10:a4:ad:43:c0 86dd 82: 3ffe:2a00:100:3001:250:daff:fed8:39e9 > 3ffe:2a00:100:3001:210:a4ff:fead:43c0: icmp6: neighbor adv: tgt is 3ffe:2a00:100:3001:250:daff:fed8:39e9(S) (len 24, hlim 255)
17:24:54.895550 0:50:4:ca:89:4e 0:10:a4:ad:43:c0 86dd 82: fe80::250:4ff:feca:894e > fe80::210:a4ff:fead:43c0: icmp6: neighbor adv: tgt is fe80::250:4ff:feca:894e(RS) (len 24, hlim 255)
17:24:55.704496 0:10:a4:ad:43:c0 33:33:ff:0:0:2 86dd 70: fe80::210:a4ff:fead:43c0 > ff02::1:ff00:2: icmp6: echo request (len 16, hlim 64)

#tcpdump server
17:24:54.727534 0:10:a4:ad:43:c0 33:33:ff:0:0:2 86dd 70: fe80::210:a4ff:fead:43c0 > ff02::1:ff00:2: icmp6: echo request (len 16, hlim 64)
17:24:54.727612 0:50:4:ec:b1:49 0:10:a4:ad:43:c0 86dd 70: fe80::250:4ff:feec:b149 > fe80::210:a4ff:fead:43c0: icmp6: echo reply (len 16, hlim 64)
17:24:55.727580 0:10:a4:ad:43:c0 33:33:ff:0:0:2 86dd 70: fe80::210:a4ff:fead:43c0 > ff02::1:ff00:2: icmp6: echo request (len 16, hlim 64)

#tcpdump home
17:24:54.721652 0:10:a4:ad:43:c0 33:33:ff:0:0:2 86dd 70: fe80::210:a4ff:fead:43c0 > ff02::1:ff00:2: icmp6: echo request (len
16, hlim 64)
17:24:54.911399 0:10:a4:ad:43:c0 0:50:da:d8:39:e9 86dd 86: 3ffe:2a00:100:3001:210:a4ff:fead:43c0 > 3ffe:2a00:100:3001:250:daff:fed8:39e9: icmp6: neighbor sol: who has 3ffe:2a00:100:3001:250:daff:fed8:39e9(src lladdr: 0:10:a4:ad:43:c0) (len 32, hlim 255)
17:24:54.911462 0:50:da:d8:39:e9 0:10:a4:ad:43:c0 86dd 78: 3ffe:2a00:100:3001:250:daff:fed8:39e9 > 3ffe:2a00:100:3001:210:a4ff:fead:43c0: icmp6: neighbor adv: tgt is 3ffe:2a00:100:3001:250:daff:fed8:39e9(S) (len 24, hlim 255)
17:24:55.721687 0:10:a4:ad:43:c0 33:33:ff:0:0:2 86dd 70: fe80::210:a4ff:fead:43c0 > ff02::1:ff00:2: icmp6: echo request (len 16, hlim 64)


Well. I leave the interpretation of all this to you this time. Just a
few notes. The machines are interconnected through a (high-end) 100Mbs
switch (very unlikely it drops packets because of congestion). Before
I ran the above tests, I synced time on drifter and home with server
using ntpdate. So, the timestamps should be pretty much in sync.

Feico.