Re: IPv6 neighbor solicitations to use link-local source address
On Thu, 4 Sep 2014 09:04:00 +0900
mett <mett@pmars.jp> wrote:
> Hi,
>
> When pinging link-local addresses, u need to specify the exit
> interface. So maybe if u specify the exit interface and another
> link-local as destination, you might be able to do it:
>
>
> ----------------------
> mett@asus:~$ ip -6 add show
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> inet6 fe80::20c:6eff:fef8:7d1c/64 scope link
> valid_lft forever preferred_lft forever
> mett@asus:
> ----------------------
> root@tamirrsso:/var/log# ip -6 add show
> ....
> 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> inet6 fe80::207:95ff:fed5:2fda/64 scope link
> valid_lft forever preferred_lft forever
> root@tamirrsso:/var/log#
> ----------------------
> mett@asus:~$ ping6 -I eth0 fe80::207:95ff:fed5:2fda
> PING fe80::207:95ff:fed5:2fda(fe80::207:95ff:fed5:2fda) from
> fe80::20c:6eff:fef8:7d1c eth0: 56 data bytes 64 bytes from
> fe80::207:95ff:fed5:2fda: icmp_seq=1 ttl=64 time=0.433 ms 64 bytes
> from fe80::207:95ff:fed5:2fda: icmp_seq=2 ttl=64 time=0.205 ms 64
> bytes from fe80::207:95ff:fed5:2fda: icmp_seq=3 ttl=64 time=0.201 ms
> 64 bytes from fe80::207:95ff:fed5:2fda: icmp_seq=4 ttl=64 time=0.256
> ms 64 bytes from fe80::207:95ff:fed5:2fda: icmp_seq=5 ttl=64
> time=0.199 ms
>
>
>
> HTH!
>
>
>
> On Wed, 3 Sep 2014 15:55:38 +0200
> Julien boooo <jumboooh@gmail.com> wrote:
>
> > Hello everybody
> >
> > I'm very new to lists.debian.org so please appologize if I am doing
> > something wrong by sending this email. I'm just out of idea with a
> > behavior in NDP and must find a solution. I didn't find anything on
> > the internet.
> >
> > RFC4861 section 7.2.2 says that the source address in NDP neighbor
> > solicitations can be any one of the addresses assigned to the
> > interface. It also says that using the prompting packet's source
> > address ensures that the recipient installs it in its neighbor
> > cache. The latter is the behavior I can see on my boxes (a debian
> > 6.0.9 + custom kernel 3.2.14) and also on a Centos one.
> >
> > # ip -6 addr list
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
> > inet6 ::1/128 scope host
> > valid_lft forever preferred_lft forever
> > 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
> > inet6 2a10:7e40:edf6:100::32/64 scope global
> > valid_lft forever preferred_lft forever
> > inet6 fe80::a00:27ff:fe02:3cbd/64 scope link
> > valid_lft forever preferred_lft forever
> >
> > # ping6 2a10:7e40:edf6:100::33 -c 3 &>/dev/null &
> > # tcpdump -nli eth0 icmp6
> >
> > 18:09:04.726908 IP6 2a10:7e40:edf6:100::32 > ff02::1:ff00:33: ICMP6,
> > neighbor solicitation, who has 2a10:7e40:edf6:100::33, length 32
> > 18:09:04.727373 IP6 2a10:7e40:edf6:100::33 > 2a10:7e40:edf6:100::32:
> > ICMP6, neighbor advertisement, tgt is 2a10:7e40:edf6:100::33, length
> > 32
> > 18:09:04.727391 IP6 2a10:7e40:edf6:100::32 > 2a10:7e40:edf6:100::33:
> > ICMP6, echo request, seq 1, length 64
> > 18:09:04.727738 IP6 2a10:7e40:edf6:100::33 > 2a10:7e40:edf6:100::32:
> > ICMP6, echo reply, seq 1, length 64
> >
> >
> > My question is : How can I force ndp to use the link-local address
> > assigned to that outgoing device ? (in the trace above, ndp would
> > then send the neighbor solicitation with fe80::a00:27ff:fe02:3cbd
> > source address).
> >
> > This is requested by our customer for security reasons and as far as
> > I can see it complies with RFC4861 as well.
> >
> > If someone had a clue how to do that or if it's just impossible, I
> > would really appreciate your help.
> >
> > Thank you
> > Best resgards
> > Julien
>
>
By the way, sorry for top-posting...
Reply to: