Re: Talking to yourself: redirect via lo?

To: tech-net%netbsd.org@localhost
Subject: Re: Talking to yourself: redirect via lo?
From: 神明達哉 <jinmei%wide.ad.jp@localhost>
Date: Thu, 6 Apr 2017 07:58:49 -0700

At Thu, 6 Apr 2017 13:54:47 +0200,
Edgar Fuß <ef%math.uni-bonn.de@localhost> wrote:

> I learned that traditional behaviour is that talking to yourself on any IP(v4)
> address gets redirected via loopback.
> I then learned that this seems not to hold for IPv6.

> Why does it matter? I have anti-spoofing ipf rules that, for each interface
> except lo0, reject incoming packets that pretend to originate form me.
> Now, ping-ing ypurself via IPv6 (on a non-loopback address) doesn't work.

"redirect via loopback" should be the same for IPv6, but I guess what
you actually meant in this context is that 'rcvif' passed to
ip6_input() is not loX when the destination is a node's own IPv6
address configured on a non-loopback interface.  If so,

> Is it on purpose that IPv4 and IPv6 behave differently in this respect?

Yes, it's on purpose.  The main (if not only) reason for this is
because ip6_input() needs to identify the correct link if the source
or destination address is link-local.  To determine whether a packet
is loopback-ed, the IPv6 stack uses a special mbuf flag, M_LOOP.  I
don't know if ipf can use this information, but if it can that would
be a workaround for you.

--
JINMEI, Tatuya

References:
- Talking to yourself: redirect via lo?
  - From: Edgar Fuß

Prev by Date: Talking to yourself: redirect via lo?
Next by Date: npf 'bpf.jit' errors out?
Previous by Thread: Talking to yourself: redirect via lo?
Next by Thread: npf 'bpf.jit' errors out?
Indexes:

Home | Main Index | Thread Index | Old Index