Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Mar 2021 16:13:53 -0800
From:      Doug Hardie <bc979@lafn.org>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: IPv6 Startup
Message-ID:  <7DC550A6-F284-4247-9E43-D26D76AD91C5@sermon-archive.info>
In-Reply-To: <07f8c8b6-fb5c-6662-66de-8d5ecd0cc1fd@cyberleo.net>
References:  <3F059A72-F45B-43B1-8EE3-0176EE072054@sermon-archive.info> <07f8c8b6-fb5c-6662-66de-8d5ecd0cc1fd@cyberleo.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> On 9 March 2021, at 12:53, CyberLeo Kitsana <cyberleo@cyberleo.net> =
wrote:
>=20
> On 3/9/21 3:58 AM, Doug Hardie wrote:
>> I have two systems on the same ethernet.  One is configured as a =
router, the other as a host.  rtadvd is running on the router, rtsold on =
the host, and route6d on both.  The router was up and running and I =
initiated tcpdump of ip6 packets on the interface.  Then I booted the =
host.  The results are interesting:
>=20
> <snip>
>=20
>> The question is, why are the host addresses being used before DAD is =
attempted?  It appears there could be some really interesting problems =
if the link-layer address actually was duplicated.  The problems would =
happen before DAD was even attempted?
>=20
> I would posit that this is because the fe80:: addresses used in the
> initial solicitation are derived from the MAC address of the =
interface,
> and if you have two interfaces with the same MAC address on the same
> subnet you have much bigger problems.

While at first glance that makes sense, there is a problem with that.  =
The fe80:: addresses are no longer supposed to be tied to the MAC =
address.  Mac's and Windows no longer do that.  They use random numbers =
and there could easily be duplicates.  The RFCs still show the MAC usage =
though.  Apparently there is a security issue that if you breach one =
computer in a site, you quickly can get a working address to all the =
others by using the MAC addresses that are easily available in ndp =
tables.

Also, if there were no need to do DAD, why bother to do it at all?

-- Doug





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?7DC550A6-F284-4247-9E43-D26D76AD91C5>