tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Talking to yourself: redirect via lo?

At Thu, 6 Apr 2017 13:54:47 +0200,
Edgar Fuß <> wrote:

> I learned that traditional behaviour is that talking to yourself on any IP(v4)
> address gets redirected via loopback.
> I then learned that this seems not to hold for IPv6.

> Why does it matter? I have anti-spoofing ipf rules that, for each interface
> except lo0, reject incoming packets that pretend to originate form me.
> Now, ping-ing ypurself via IPv6 (on a non-loopback address) doesn't work.

"redirect via loopback" should be the same for IPv6, but I guess what
you actually meant in this context is that 'rcvif' passed to
ip6_input() is not loX when the destination is a node's own IPv6
address configured on a non-loopback interface.  If so,

> Is it on purpose that IPv4 and IPv6 behave differently in this respect?

Yes, it's on purpose.  The main (if not only) reason for this is
because ip6_input() needs to identify the correct link if the source
or destination address is link-local.  To determine whether a packet
is loopback-ed, the IPv6 stack uses a special mbuf flag, M_LOOP.  I
don't know if ipf can use this information, but if it can that would
be a workaround for you.

JINMEI, Tatuya

Home | Main Index | Thread Index | Old Index