From owner-freebsd-questions@freebsd.org Wed Mar 10 15:42:40 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8A6BA56F2BE for ; Wed, 10 Mar 2021 15:42:40 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from mail.sermon-archive.info (sermon-archive.info [47.181.130.121]) by mx1.freebsd.org (Postfix) with ESMTP id 4Dwbtl5p7Gz3lVZ for ; Wed, 10 Mar 2021 15:42:39 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from [10.0.1.251] (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 4DwCH53LLQz2fjVw for ; Tue, 9 Mar 2021 16:13:53 -0800 (PST) From: Doug Hardie Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\)) Subject: Re: IPv6 Startup Date: Tue, 9 Mar 2021 16:13:53 -0800 References: <3F059A72-F45B-43B1-8EE3-0176EE072054@sermon-archive.info> <07f8c8b6-fb5c-6662-66de-8d5ecd0cc1fd@cyberleo.net> To: FreeBSD Questions In-Reply-To: <07f8c8b6-fb5c-6662-66de-8d5ecd0cc1fd@cyberleo.net> Message-Id: <7DC550A6-F284-4247-9E43-D26D76AD91C5@sermon-archive.info> X-Mailer: Apple Mail (2.3654.60.0.2.21) X-Virus-Scanned: clamav-milter 0.103.0 at mail X-Virus-Status: Clean X-Rspamd-Queue-Id: 4Dwbtl5p7Gz3lVZ X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bc979@lafn.org designates 47.181.130.121 as permitted sender) smtp.mailfrom=bc979@lafn.org X-Spamd-Result: default: False [-2.70 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[47.181.130.121:from]; MV_CASE(0.50)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[lafn.org: no valid DMARC record]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[47.181.130.121:from:127.0.2.255]; TO_DN_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_ALLOW(-0.20)[+mx]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5650, ipnet:47.181.128.0/18, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Mar 2021 15:42:40 -0000 > On 9 March 2021, at 12:53, CyberLeo Kitsana = wrote: >=20 > On 3/9/21 3:58 AM, Doug Hardie wrote: >> I have two systems on the same ethernet. One is configured as a = router, the other as a host. rtadvd is running on the router, rtsold on = the host, and route6d on both. The router was up and running and I = initiated tcpdump of ip6 packets on the interface. Then I booted the = host. The results are interesting: >=20 > >=20 >> The question is, why are the host addresses being used before DAD is = attempted? It appears there could be some really interesting problems = if the link-layer address actually was duplicated. The problems would = happen before DAD was even attempted? >=20 > I would posit that this is because the fe80:: addresses used in the > initial solicitation are derived from the MAC address of the = interface, > and if you have two interfaces with the same MAC address on the same > subnet you have much bigger problems. While at first glance that makes sense, there is a problem with that. = The fe80:: addresses are no longer supposed to be tied to the MAC = address. Mac's and Windows no longer do that. They use random numbers = and there could easily be duplicates. The RFCs still show the MAC usage = though. Apparently there is a security issue that if you breach one = computer in a site, you quickly can get a working address to all the = others by using the MAC addresses that are easily available in ndp = tables. Also, if there were no need to do DAD, why bother to do it at all? -- Doug