* [BUG] Any-IP IPv6 support broken
@ 2015-10-29 15:00 Gilberto Bertin
2015-10-29 15:34 ` Eric Dumazet
2015-10-29 18:39 ` Hannes Frederic Sowa
0 siblings, 2 replies; 8+ messages in thread
From: Gilberto Bertin @ 2015-10-29 15:00 UTC (permalink / raw)
To: netdev
Hello,
testing Any-IP on my machine, I noticed that it's not working with IPv6
addresses.
Tests are performed on a 4.1 kernel.
Steps to reproduce the bug:
1- make sure Any-IP is working with IPv4 addresses:
# ip -4 route add local 4.4.4.0/24 dev eth0
with this command every packets with an IP in the subnet 4.4.4.0/24 will
be delivered to the eth0 interface.
We can test this:
$ ping 4.4.4.1 -c 1 | grep received
1 packets transmitted, 1 received, 0% packet loss, time 0ms
$ ping 4.4.4.50 -c 1 | grep received
1 packets transmitted, 1 received, 0% packet loss, time 0ms
$ ping 4.4.4.200 -c 1 | grep received
1 packets transmitted, 1 received, 0% packet loss, time 0ms
2- note that it's not actually working with IPv6 addresses:
# ip -6 route add local abcd:abcd:abcd:abcd::/64 dev eth0
$ ping6 -c 1 abcd:abcd:abcd:abcd::1 | grep received
1 packets transmitted, 0 received, 100% packet loss, time 0ms
$ ping6 -c 1 abcd:abcd:abcd:abcd::50 | grep received
1 packets transmitted, 0 received, 100% packet loss, time 0ms
$ ping6 -c 1 abcd:abcd:abcd:abcd::100 | grep received
1 packets transmitted, 0 received, 100% packet loss, time 0ms
Since the kernel should support Any-IP with IPv6 addresses (the patch
was submitted/accepted years ago [1]) I suspect this is a bug.
Even trying with the commands suggested by the patch [1]:
# ip -6 rule add from all iif eth0 lookup 200
# ip -6 route add local default dev lo table 200
I was not able to get it working.
Thank you.
[1] http://www.spinics.net/lists/netdev/msg141994.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [BUG] Any-IP IPv6 support broken
2015-10-29 15:00 [BUG] Any-IP IPv6 support broken Gilberto Bertin
@ 2015-10-29 15:34 ` Eric Dumazet
2015-10-30 0:44 ` Maciej Żenczykowski
2015-10-29 18:39 ` Hannes Frederic Sowa
1 sibling, 1 reply; 8+ messages in thread
From: Eric Dumazet @ 2015-10-29 15:34 UTC (permalink / raw)
To: Gilberto Bertin, Maciej Żenczykowski; +Cc: netdev
On Thu, 2015-10-29 at 15:00 +0000, Gilberto Bertin wrote:
> Hello,
> testing Any-IP on my machine, I noticed that it's not working with IPv6
> addresses.
> Tests are performed on a 4.1 kernel.
>
> Steps to reproduce the bug:
>
> 1- make sure Any-IP is working with IPv4 addresses:
>
> # ip -4 route add local 4.4.4.0/24 dev eth0
>
> with this command every packets with an IP in the subnet 4.4.4.0/24 will
> be delivered to the eth0 interface.
> We can test this:
>
> $ ping 4.4.4.1 -c 1 | grep received
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> $ ping 4.4.4.50 -c 1 | grep received
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> $ ping 4.4.4.200 -c 1 | grep received
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
>
> 2- note that it's not actually working with IPv6 addresses:
>
> # ip -6 route add local abcd:abcd:abcd:abcd::/64 dev eth0
>
> $ ping6 -c 1 abcd:abcd:abcd:abcd::1 | grep received
> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
> $ ping6 -c 1 abcd:abcd:abcd:abcd::50 | grep received
> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
> $ ping6 -c 1 abcd:abcd:abcd:abcd::100 | grep received
> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
>
> Since the kernel should support Any-IP with IPv6 addresses (the patch
> was submitted/accepted years ago [1]) I suspect this is a bug.
>
> Even trying with the commands suggested by the patch [1]:
> # ip -6 rule add from all iif eth0 lookup 200
> # ip -6 route add local default dev lo table 200
>
> I was not able to get it working.
>
>
> Thank you.
>
> [1] http://www.spinics.net/lists/netdev/msg141994.html
>
CC Maciej
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [BUG] Any-IP IPv6 support broken
2015-10-29 15:00 [BUG] Any-IP IPv6 support broken Gilberto Bertin
2015-10-29 15:34 ` Eric Dumazet
@ 2015-10-29 18:39 ` Hannes Frederic Sowa
2015-10-29 18:58 ` Gilberto Bertin
1 sibling, 1 reply; 8+ messages in thread
From: Hannes Frederic Sowa @ 2015-10-29 18:39 UTC (permalink / raw)
To: Gilberto Bertin, netdev
Hello,
On Thu, Oct 29, 2015, at 16:00, Gilberto Bertin wrote:
> 2- note that it's not actually working with IPv6 addresses:
>
> # ip -6 route add local abcd:abcd:abcd:abcd::/64 dev eth0
Try the loopback interface:
ip -6 route add local abcd:abcd:abcd:abcd::/64 dev *lo*
Otherwise packets should end up in neighbor subsystem and you don't want
that, still. ;)
Bye,
Hannes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [BUG] Any-IP IPv6 support broken
2015-10-29 18:39 ` Hannes Frederic Sowa
@ 2015-10-29 18:58 ` Gilberto Bertin
2015-10-29 19:09 ` Hannes Frederic Sowa
0 siblings, 1 reply; 8+ messages in thread
From: Gilberto Bertin @ 2015-10-29 18:58 UTC (permalink / raw)
To: Hannes Frederic Sowa; +Cc: netdev
> On 29 Oct 2015, at 18:39, Hannes Frederic Sowa <hannes@stressinduktion.org> wrote:
>
> Try the loopback interface:
>
> ip -6 route add local abcd:abcd:abcd:abcd::/64 dev *lo*
>
> Otherwise packets should end up in neighbor subsystem and you don't want
> that, still. ;)
>
Thanks for the reply.
I know it’s working on the lo interface, but unluckily I need it on
other interfaces (and aliasing lo is not an option).
Moreover:
- the IPv6 patch explicitly refers to the possibility to do this with
eth0 interface (i.e. it's not a lo-only feature)
- should it be consistent with the IPv4 behaviour? (or maybe it's not
supposed to work even with IPv4 addresses, and so this is a bug)
thank you,
Gilberto.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [BUG] Any-IP IPv6 support broken
2015-10-29 18:58 ` Gilberto Bertin
@ 2015-10-29 19:09 ` Hannes Frederic Sowa
0 siblings, 0 replies; 8+ messages in thread
From: Hannes Frederic Sowa @ 2015-10-29 19:09 UTC (permalink / raw)
To: Gilberto Bertin; +Cc: netdev
On Thu, Oct 29, 2015, at 19:58, Gilberto Bertin wrote:
>
> > On 29 Oct 2015, at 18:39, Hannes Frederic Sowa <hannes@stressinduktion.org> wrote:
> >
> > Try the loopback interface:
> >
> > ip -6 route add local abcd:abcd:abcd:abcd::/64 dev *lo*
> >
> > Otherwise packets should end up in neighbor subsystem and you don't want
> > that, still. ;)
> >
>
> Thanks for the reply.
>
> I know it’s working on the lo interface, but unluckily I need it on
> other interfaces (and aliasing lo is not an option).
>
> Moreover:
> - the IPv6 patch explicitly refers to the possibility to do this with
> eth0 interface (i.e. it's not a lo-only feature)
> - should it be consistent with the IPv4 behaviour? (or maybe it's not
> supposed to work even with IPv4 addresses, and so this is a bug)
The routing commands won't automatically enable the ndisc layer to
answer neighbour discovery requests for that. The rule thing should work
but your clients somehow need to route all packets over the box with the
"anyip" route setup.
Bye,
Hannes
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [BUG] Any-IP IPv6 support broken
2015-10-29 15:34 ` Eric Dumazet
@ 2015-10-30 0:44 ` Maciej Żenczykowski
2015-11-02 18:45 ` Gilberto Bertin
0 siblings, 1 reply; 8+ messages in thread
From: Maciej Żenczykowski @ 2015-10-30 0:44 UTC (permalink / raw)
To: Eric Dumazet; +Cc: Gilberto Bertin, Linux NetDev
What are you trying to do?
The intent of the patch is to be able to terminate connections from
outside the machine that are reaching the machine (perhaps delivered
inside a tunnel or via some other mechanism: static arp entries,
routing via the machine, etc), that the kernel wouldn't normally think
were destined for the host.
You can't really test it from within the machine (unless you use
network namespaces).
Does what you're trying to do work on an older kernel? Which kernel
version does it break at?
btw. afaik any-ip doesn't work with IPv4 on any un-patched kernel (the
IPv4 support patch was reverted).
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [BUG] Any-IP IPv6 support broken
2015-10-30 0:44 ` Maciej Żenczykowski
@ 2015-11-02 18:45 ` Gilberto Bertin
2015-11-02 21:30 ` Maciej Żenczykowski
0 siblings, 1 reply; 8+ messages in thread
From: Gilberto Bertin @ 2015-11-02 18:45 UTC (permalink / raw)
To: Maciej Żenczykowski; +Cc: Eric Dumazet, Linux NetDev
> On 29 Oct 2015, at 17:44, Maciej Żenczykowski <zenczykowski@gmail.com> wrote:
>
> What are you trying to do?
I would like to have a "bind-to-subnet" semantic with IPv6.
This is currently working with IPv4, and the setup is the follow:
- setup a dummy network device configured with any-IP
- add an any-IP route
- bind() on the dummy device
in this way we can effectively bind a process to a particular subnet
(by binding it to a dummy device which is receiving all the packets
from a particular subnet).
The point of using dummy devices is that we can configure multiple ones
(and so we can bind multiple processes to multiple subnets).
>
> Does what you're trying to do work on an older kernel? Which kernel
> version does it break at?
>
> btw. afaik any-ip doesn't work with IPv4 on any un-patched kernel (the
> IPv4 support patch was reverted).
This is actually working with IPv4 (as I said I'm using a recent kernel,
4.1), and the fact that you say it's not supposed to work leads me to
think that maybe we are not talking about the same feature.
Cheers,
gilberto
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [BUG] Any-IP IPv6 support broken
2015-11-02 18:45 ` Gilberto Bertin
@ 2015-11-02 21:30 ` Maciej Żenczykowski
0 siblings, 0 replies; 8+ messages in thread
From: Maciej Żenczykowski @ 2015-11-02 21:30 UTC (permalink / raw)
To: Gilberto Bertin; +Cc: Eric Dumazet, Linux NetDev
> I would like to have a "bind-to-subnet" semantic with IPv6.
Ah, this is something that I have reason to suspect may indeed be
broken for IPv6.
A coworker did some one-off testing on this a few months back, and
didn't get it to trivially work.
We didn't debug it, nor try to figure out what (if anything) was wrong.
Specifically what we were trying to get is a replacement for the
127.0.0.1/8 subnet on lo, ie. more than one IPv6 loopback IP.
> This is currently working with IPv4, and the setup is the follow:
>
> - setup a dummy network device configured with any-IP
> - add an any-IP route
> - bind() on the dummy device
I'm not entirely sure why you have a dummy device.
Couldn't you use 'lo'? How are you configuring this?
Any-ip routing configuration explicitly uses iif which should never
trigger here.
> in this way we can effectively bind a process to a particular subnet
> (by binding it to a dummy device which is receiving all the packets
> from a particular subnet).
How can a dummy device receive packets?
> The point of using dummy devices is that we can configure multiple ones
> (and so we can bind multiple processes to multiple subnets).
Interesting, I had no idea something like this was possible.
I'm not convinced this is even working as intended.
Naively I'd expect dummy devices to never be the source of packets,
and thus binding to a dummy device to cause a socket to not receive
any traffic. But obviously I must be wrong.
> This is actually working with IPv4 (as I said I'm using a recent kernel,
> 4.1), and the fact that you say it's not supposed to work leads me to
> think that maybe we are not talking about the same feature.
Yeah, certainly seems like it.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-11-02 21:30 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-29 15:00 [BUG] Any-IP IPv6 support broken Gilberto Bertin
2015-10-29 15:34 ` Eric Dumazet
2015-10-30 0:44 ` Maciej Żenczykowski
2015-11-02 18:45 ` Gilberto Bertin
2015-11-02 21:30 ` Maciej Żenczykowski
2015-10-29 18:39 ` Hannes Frederic Sowa
2015-10-29 18:58 ` Gilberto Bertin
2015-10-29 19:09 ` Hannes Frederic Sowa
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).