On Wed, Feb 15, 2023 at 11:49:51AM +0100, tomas@tuxteam.de wrote:
On Tue, Feb 14, 2023 at 03:07:08PM -0500, Michael Stone wrote:On Fri, Feb 10, 2023 at 02:33:12PM +0000, Tim Woodall wrote: > On Fri, 10 Feb 2023, jeremy ardley wrote: > > you can ping them as in > > > > ping fe80::87d:c6ff:fea4:a6fc > > > > ooh, I didn't know that worked. > > Same as > ping fe80::87d:c6ff:fea4:a6fc%eth0 > > on my machines at least. No idea how it picks the interface when there's > more than one. > > The interface seems mandatory for ssh for me: > > tim@einstein(4):~ (none)$ ssh fe80::1 > ssh: connect to host fe80::1 port 22: Invalid argument > tim@einstein(4):~ (none)$ You actually have an fe80::1 IP address on your system? That would be highly unusual. If you don't, why would you expect it to respond?Whether it responds or not is, I think, irrelevant here. The thing gets cut short by the -EINVAL, which stems from the missing interface specification (well, "zone index" in IPv6 jargon). Without zone index, an IPv6LL is (may be?) underspecified. So it would be fe80::1%eth0 or something similar.
Ok, I didn't get what you were asking. Yes, a link local address must have a scope (interface) associated with it, by policy. You don't need it with ping because it's using a lower level raw socket (but, if there are multiple interfaces and you didn't specify one, the packets are likely going out the wrong one). The reason for this is that by definition the addresses are specific to a link, and there's no mechanism (e.g., route table with a default) for the kernel to determine which link to use. It's possible for the same link local address to be present on multiple links (the addresses are only required to be unique per link) so it's not a generally solvable problem, and given the purpose of link local addresses it doesn't really need to be.
I'd missed that the OP that started this suggested otherwise. There were no command outputs so I don't know if it actually works on that system or it was a simply a failure to remember to add the scope id in the mail. If it does work I have no idea how, but there'd have to be something in the stack adding a scope. When link local addresses are returned by nss-mymachines or nss-mynetworks the scope is included so it will "just work".