[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Talking to yourself: redirect via lo?
At Thu, 6 Apr 2017 13:54:47 +0200,
Edgar Fuß <ef%math.uni-bonn.de@localhost> wrote:
> I learned that traditional behaviour is that talking to yourself on any IP(v4)
> address gets redirected via loopback.
> I then learned that this seems not to hold for IPv6.
> Why does it matter? I have anti-spoofing ipf rules that, for each interface
> except lo0, reject incoming packets that pretend to originate form me.
> Now, ping-ing ypurself via IPv6 (on a non-loopback address) doesn't work.
"redirect via loopback" should be the same for IPv6, but I guess what
you actually meant in this context is that 'rcvif' passed to
ip6_input() is not loX when the destination is a node's own IPv6
address configured on a non-loopback interface. If so,
> Is it on purpose that IPv4 and IPv6 behave differently in this respect?
Yes, it's on purpose. The main (if not only) reason for this is
because ip6_input() needs to identify the correct link if the source
or destination address is link-local. To determine whether a packet
is loopback-ed, the IPv6 stack uses a special mbuf flag, M_LOOP. I
don't know if ipf can use this information, but if it can that would
be a workaround for you.
Main Index |
Thread Index |