diff mbox

sit: 6to4: honour routing table

Message ID 200908241148.17012.contact@saschahlusiak.de
State Rejected, archived
Delegated to: David Miller
Headers show

Commit Message

Sascha Hlusiak Aug. 24, 2009, 9:48 a.m. UTC 
Hi Rémi,

> > default via 2002:c058:6301:: dev 6to4
> >
> > A package to 2001:: would fall through the try_6to4 check to the
> >
> > IPv4-compat check and die there.
>
> I don't understand what you're trying to fix. For a 6to4 tunnel, this has
>
> always worked fine for me, as far as I remember:
>
> default via ::192.88.99.1 dev 6to4
It does work, yes, but first of all IPv4-compatible addresses are mentioned to 
be deprecated in: 
http://tools.ietf.org/html/rfc4291#section-2.5.5.1

In http://tools.ietf.org/html/rfc3068#section-2.5 the IPv6 address of the 
router is recommended to be 2002:c058:6301:: but any route over a 6to4 address 
over the tunnel device would break with an "address unreachable", as described 
in the patch.

> > This patch makes try_6to4 use the address of the Next-Hop instead,
> >
> > respecting
> >
> > the routing table. Users are encouraged to have a route 2002::/16 to the
> >
> > tunnel device anyway, making all other 6to4 hosts direct neighbours.
>
> And where exactly is that "encouragement" coming from?
Some howtos stress the importance of the 6to4 prefixlen:
"Also note that that the prefix length for a 6to4 address is 16 because of from 
network point of view, all other 6to4 enabled hosts are on the same layer 2.":
http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/configuring-ipv6to4-tunnels.html

FreeBSD stf man page shows examples of configuring the 2002::/16 routes which 
would not work in Linux:
http://gsp.com/cgi-bin/man.cgi?section=4&topic=stf

Cisco configures routes to 2002::/16 over the interface:
http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a00801f3b4f.shtml#configs

Windows Vista automatically configures a route to 2002::/16 to the interface as 
well.

http://tools.ietf.org/html/rfc3056#section-5.3 does mention to use the target 
address as the next hop also to use the next-hop if the destination is not 
6to4 (I'd rather see it strictly following the routing table though and be 
able to restrict routing 6to4 traffic directly by altering the routing table). 

Attached patch is a compromise though which implements both but tries the 
destination address first and then the next hop. What would it break?

Cheers,
Sascha

Comments

Rémi Denis-Courmont Aug. 24, 2009, 10:02 a.m. UTC | #1 
On Mon, 24 Aug 2009 11:48:12 +0200, Sascha Hlusiak
<contact@saschahlusiak.de> wrote:
> Attached patch is a compromise though which implements both but tries the

> destination address first and then the next hop. What would it break?

I don't think it breaks anything per se. But userland will continue to use
compatible addresses forever anyway, so that it works with current kernel
versions.
David Miller Aug. 29, 2009, 6:55 a.m. UTC | #2 
From: Rémi Denis-Courmont <remi@remlab.net>
Date: Mon, 24 Aug 2009 12:02:51 +0200

> 
> 
> On Mon, 24 Aug 2009 11:48:12 +0200, Sascha Hlusiak
> <contact@saschahlusiak.de> wrote:
>> Attached patch is a compromise though which implements both but tries the
> 
>> destination address first and then the next hop. What would it break?
> 
> I don't think it breaks anything per se. But userland will continue to use
> compatible addresses forever anyway, so that it works with current kernel
> versions.

This is reason enough for me to not apply this patch.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

commit 05662965b9d55cc4e3d4f2a0445ba3083d05b12a
Author: Sascha Hlusiak <contact@saschahlusiak.de>
Date:   Mon Aug 24 11:32:48 2009 +0200

    sit: 6to4: honour routing table
    
    Using only the actual destination address to determine the IPv4 target in
    try_6to4(&iph6->daddr) seems wrong to me and breaks, if a 6to4 address is
    the next-hop, like ::192.88.99.1 written as 6to4:
    
    default via 2002:c058:6301:: dev 6to4
    
    A package to 2001:: would fall through the try_6to4 check to the
    IPv4-compat check and die there.
    
    This patch makes try_6to4 use the address of the Next-Hop as well, which
    could be a 6to4 address, if the final destination itself is no 6to4 address.
    
    Signed-off-by: Sascha Hlusiak <contact@saschahlusiak.de>

diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 98b7327..39059e8 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -658,6 +658,17 @@  static int ipip6_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
 
 	if (!dst)
 		dst = try_6to4(&iph6->daddr);
+	if (!dst) {
+		struct neighbour *neigh = NULL;
+
+		if (skb_dst(skb))
+			neigh = skb_dst(skb)->neighbour;
+
+		if (neigh) {
+			addr6 = (struct in6_addr *)&neigh->primary_key;
+			dst = try_6to4(addr6);
+		}
+	}
 
 	if (!dst) {
 		struct neighbour *neigh = NULL;