From owner-freebsd-stable@FreeBSD.ORG  Wed Jan  9 14:43:05 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@FreeBSD.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 088F0831;
 Wed,  9 Jan 2013 14:43:05 +0000 (UTC) (envelope-from hrs@FreeBSD.org)
Received: from mail.allbsd.org (gatekeeper.allbsd.org
 [IPv6:2001:2f0:104:e001::32])
 by mx1.freebsd.org (Postfix) with ESMTP id 85E8E2EB;
 Wed,  9 Jan 2013 14:43:04 +0000 (UTC)
Received: from alph.allbsd.org (p1137-ipbf1505funabasi.chiba.ocn.ne.jp
 [118.7.212.137]) (authenticated bits=128)
 by mail.allbsd.org (8.14.5/8.14.5) with ESMTP id r09EgdRL069433
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Wed, 9 Jan 2013 23:42:50 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Received: from localhost (localhost [127.0.0.1]) (authenticated bits=0)
 by alph.allbsd.org (8.14.5/8.14.5) with ESMTP id r09EgaGV015617;
 Wed, 9 Jan 2013 23:42:37 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Date: Wed, 09 Jan 2013 23:42:10 +0900 (JST)
Message-Id: <20130109.234210.397446040718957005.hrs@allbsd.org>
To: uqs@FreeBSD.org
Subject: Re: sendmail vs ipv6 broken after upgrade to 9.1
From: Hiroki Sato <hrs@FreeBSD.org>
In-Reply-To: <20130109142111.GL35868@acme.spoerlein.net>
References: <20130109.073354.730245417155474512.hrs@allbsd.org>
 <50ED6D2A.5080908@boland.org>
 <20130109142111.GL35868@acme.spoerlein.net>
X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-Mailer: Mew version 6.5 on Emacs 23.4 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Multipart/Signed; protocol="application/pgp-signature";
 micalg=pgp-sha1;
 boundary="--Security_Multipart(Wed_Jan__9_23_42_10_2013_078)--"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.4 at gatekeeper.allbsd.org
X-Virus-Status: Clean
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
 (mail.allbsd.org [133.31.130.32]); Wed, 09 Jan 2013 23:42:51 +0900 (JST)
X-Spam-Status: No, score=-97.2 required=13.0 tests=CONTENT_TYPE_PRESENT,
 FAKEDWORD_ATMARK,MIMEQENC,ONLY1HOPDIRECT,QENCPTR2,SAMEHELOBY2HOP,
 USER_IN_WHITELIST autolearn=no version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
 gatekeeper.allbsd.org
Cc: michiel@boland.org, stable@FreeBSD.org
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jan 2013 14:43:05 -0000

----Security_Multipart(Wed_Jan__9_23_42_10_2013_078)--
Content-Type: Text/Plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Ulrich Sp=F6rlein <uqs@FreeBSD.org> wrote
  in <20130109142111.GL35868@acme.spoerlein.net>:

uq> On Wed, 2013-01-09 at 14:14:18 +0100, Michiel Boland wrote:
uq> > On 01/08/2013 23:33, Hiroki Sato wrote:
uq> > > Ulrich Sp=F6rlein <uqs@freebsd.org> wrote
uq> > >    in <20130108184051.GI35868@acme.spoerlein.net>:
uq> > >
uq> > > uq> After setting this, it now looks like this:
uq> > > uq> root@acme: ~# ip6addrctl
uq> > > uq> Prefix                          Prec Label      Use
uq> > > uq> ::1/128                           50     0        0
uq> > > uq> ::/0                              40     1        0
uq> > > uq> 2002::/16                         30     2        0
uq> > > uq> ::/96                             20     3        0
uq> > > uq> ::ffff:0.0.0.0/96                 10     4        0
uq> > > uq>
uq> > > uq> And even sendmail is happily finding the sockets to bind to=
. Thanks for the hint!
uq> > >
uq> > >   I think this just hides the problem.  If gshapiro@'s explanat=
ion is
uq> > >   correct, no ::ffff:0.0.0.0/96 address should be returned if t=
he name
uq> > >   resolution works fine...
uq> > >
uq> > > -- Hiroki
uq> > >
uq> > =

uq> > getipnodebyname(xx, AF_INET6, AI_DEFAULT|AI_ALL) does this:-
uq> > =

uq> > If a host has both IPv6 and IPv4 addresses, both are returned.
uq> > The IPv4 address is presented as a mapped address.
uq> > The order in which the addresses are returns depends on the
uq> > address selection policy (_hpreorder in lib/libc/net/name6.c)
uq> =

uq> Is this also supposed to work for selecting the source IP address f=
or
uq> outgoing packets/sockets? And should it work for ping6?

 Yes.

uq> Using a tunnel for IPv6, I have this transfer net configured on my
uq> router, but for ACL purposes I would like to have all connections c=
ome
uq> from my real prefix, not the transfer net. So I wrote my own policy=
, yet
uq> ping6 seems to ignore it.

uq> As you can see, source prefix stays 2a02:2528:ff00, though I'd like=
 it
uq> to be 2a02:2528:ff0d.

 This is because the prefix on the interface has the first priority.
 Why don't you use an fe80::/10 address to route packets to the other
 endpoint of tun0?

-- Hiroki

----Security_Multipart(Wed_Jan__9_23_42_10_2013_078)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (FreeBSD)

iEYEABECAAYFAlDtgcIACgkQTyzT2CeTzy0IUwCgmqeFFxzQ74lvUi9RSM4U8xW7
H+4AoLiJOjVIvtXhXZDUrbATGTRAHVEd
=/ZnZ
-----END PGP SIGNATURE-----

----Security_Multipart(Wed_Jan__9_23_42_10_2013_078)----