Re: IPv6: what is required of lower layers?

To: Mouse <mouse%rodents-montreal.org@localhost>
Subject: Re: IPv6: what is required of lower layers?
From: Gert Doering <gert%greenie.muc.de@localhost>
Date: Wed, 5 Apr 2023 18:16:00 +0200

Hi,

On Tue, Apr 04, 2023 at 02:37:17PM -0400, Mouse wrote:
> I have a thing I've been using for years now, passing IPv4 packets
> around, using tun interfaces to get packets into and out of the kernel
> networking stack.
> 
> But now I want to add support for IPv6.
> 
> At first I just added the code to userland and it simply didn't work; I
> never got any packets out of the tun device.  Adding debugging printfs
> to ip6_output(), I discovered that the problem was that the tun device
> was configured as IFF_BROADCAST but not IFF_MULTICAST.  So I added
> that, and now I'm getting packets, but they're addressed to a multicast
> address, ff02:3::1:ff02:2, not the address userland is sending to.

In OpenVPN we've avoided all the drama related to ND by configuring
the tun interfaces to IFF_POINTOPOINT|IFF_MULTICAST - so as far as
the kernel is concerned, there is no neighbour discovery, just a dumb
pipe "whatever is routed into the tun interface is sent to userland".

There is an additional quirk on all the BSDs regarding IPv6 packets
on tun interfaces, as "default tun interfaces" are IPv4 only, and need
the TUNSIFHEAD ioctl to enable "multi af mode" - which will add a 4-byte
address family to each packet.  I assume you already have that, otherwise
you won't see anything ("this is what I started with"), but I thought
I'd mention it.

> I've been having trouble finding the relevant specs to read to figure
> out what exactly IPv6 is expecting from the layers beneath it.  I
> assume the v6 stack is expecting some kind of response to these
> multicast packets before it's willing to send the real traffic, but
> it's not clear what.  The presence of the text "ff02" in nd6.c implies
> it has something to do with ND.  But I don't find any description of
> ff02:3::anything in RFC4291 (addressing architecture) or RFC4861
> (neighbour discovery), leaving me wondering what's going on here.

My guess is that this is a mapped multicast address - the real address
ND wants to know about is mapped to a multicast address because multicast
is oh so much better than just broadcast as ARP will do.  I am not at
a place with reasonable internet right now so can't easly search for it.

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert%greenie.muc.de@localhost

Follow-Ups:
- Re: IPv6: what is required of lower layers?
  - From: Mouse

References:
- IPv6: what is required of lower layers?
  - From: Mouse

Prev by Date: Re: IPv6: what is required of lower layers?
Next by Date: Re: IPv6: what is required of lower layers?
Previous by Thread: Re: IPv6: what is required of lower layers?
Next by Thread: Re: IPv6: what is required of lower layers?
Indexes:

Home | Main Index | Thread Index | Old Index