Date: Wed, 09 Jan 2013 23:42:10 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: uqs@FreeBSD.org Cc: michiel@boland.org, stable@FreeBSD.org Subject: Re: sendmail vs ipv6 broken after upgrade to 9.1 Message-ID: <20130109.234210.397446040718957005.hrs@allbsd.org> In-Reply-To: <20130109142111.GL35868@acme.spoerlein.net> References: <20130109.073354.730245417155474512.hrs@allbsd.org> <50ED6D2A.5080908@boland.org> <20130109142111.GL35868@acme.spoerlein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Wed_Jan__9_23_42_10_2013_078)-- Content-Type: Text/Plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Ulrich Sp=F6rlein <uqs@FreeBSD.org> wrote in <20130109142111.GL35868@acme.spoerlein.net>: uq> On Wed, 2013-01-09 at 14:14:18 +0100, Michiel Boland wrote: uq> > On 01/08/2013 23:33, Hiroki Sato wrote: uq> > > Ulrich Sp=F6rlein <uqs@freebsd.org> wrote uq> > > in <20130108184051.GI35868@acme.spoerlein.net>: uq> > > uq> > > uq> After setting this, it now looks like this: uq> > > uq> root@acme: ~# ip6addrctl uq> > > uq> Prefix Prec Label Use uq> > > uq> ::1/128 50 0 0 uq> > > uq> ::/0 40 1 0 uq> > > uq> 2002::/16 30 2 0 uq> > > uq> ::/96 20 3 0 uq> > > uq> ::ffff:0.0.0.0/96 10 4 0 uq> > > uq> uq> > > uq> And even sendmail is happily finding the sockets to bind to= . Thanks for the hint! uq> > > uq> > > I think this just hides the problem. If gshapiro@'s explanat= ion is uq> > > correct, no ::ffff:0.0.0.0/96 address should be returned if t= he name uq> > > resolution works fine... uq> > > uq> > > -- Hiroki uq> > > uq> > = uq> > getipnodebyname(xx, AF_INET6, AI_DEFAULT|AI_ALL) does this:- uq> > = uq> > If a host has both IPv6 and IPv4 addresses, both are returned. uq> > The IPv4 address is presented as a mapped address. uq> > The order in which the addresses are returns depends on the uq> > address selection policy (_hpreorder in lib/libc/net/name6.c) uq> = uq> Is this also supposed to work for selecting the source IP address f= or uq> outgoing packets/sockets? And should it work for ping6? Yes. uq> Using a tunnel for IPv6, I have this transfer net configured on my uq> router, but for ACL purposes I would like to have all connections c= ome uq> from my real prefix, not the transfer net. So I wrote my own policy= , yet uq> ping6 seems to ignore it. uq> As you can see, source prefix stays 2a02:2528:ff00, though I'd like= it uq> to be 2a02:2528:ff0d. This is because the prefix on the interface has the first priority. Why don't you use an fe80::/10 address to route packets to the other endpoint of tun0? -- Hiroki ----Security_Multipart(Wed_Jan__9_23_42_10_2013_078)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iEYEABECAAYFAlDtgcIACgkQTyzT2CeTzy0IUwCgmqeFFxzQ74lvUi9RSM4U8xW7 H+4AoLiJOjVIvtXhXZDUrbATGTRAHVEd =/ZnZ -----END PGP SIGNATURE----- ----Security_Multipart(Wed_Jan__9_23_42_10_2013_078)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130109.234210.397446040718957005.hrs>