Re: ipv6 gateway on different subnet

[Christof Meerwald <cmeerw%cmeerw.org@localhost>]

On Wed, Jan 22, 2025 at 09:30:31AM +0100, Christof Meerwald wrote:
> On Tue, Jan 21, 2025 at 08:31:58PM -0600, Peter Miller wrote:
> > On Tue, 21 Jan 2025 08:01:48 +0100
> > Christof Meerwald <cmeerw%cmeerw.org@localhost> wrote:
> > 
> > > 
> > > The main difference is that I don't see a neighbor solicitation from
> > > the router for the VPS's IPv6 address - maybe that was already
> > > somehow triggered when adding the IP address?
> > > 
> > > Could you re-run it one more time and make sure you start the tcpdump
> > > before adding the new IP address?
> > >   
> > 
> > It looks like there is a neighbor solicitation from the router this time around.
> 
> And comparing the neighbor advertisements:
> 
> Debian
> > 10:33:23.197053 00:16:3e:d7:cf:50 > d8:67:d9:58:3d:1b, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) 2602:fed2:7116:d82c::5 > fe80::da67:d9ff:fe58:3d1b: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2602:fed2:7116:d82c::5, Flags [solicited, override]
> 
> NetBSD
> > 05:01:13.467620 00:16:3e:d7:cf:50 > d8:67:d9:58:3d:1b, ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::216:3eff:fed7:cf50 > fe80::da67:d9ff:fe58:3d1b: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2602:fed2:7116:d82c::6, Flags [solicited, override]
> 
> I am seeing this difference:
> 
> 2602:fed2:7116:d82c::5 > fe80::da67:d9ff:fe58:3d1b
> vs.
> fe80::216:3eff:fed7:cf50 > fe80::da67:d9ff:fe58:3d1b

Want to try the attached patch to make NetBSD send a neighbor
advertisement that's similar to the one Linux sends to see if that
makes it work? (the patch seems to work on my VPS - although it
doesn't really make a difference there)

BTW, my wild guess would be that your VPS provider is too aggressively
filtering neighbor advertisements (so only allow those that Linux
would send).


Christof

-- 
https://cmeerw.org                             sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org                   xmpp:cmeerw at cmeerw.org

diff -ur sys.orig/netinet6/nd6_nbr.c sys/netinet6/nd6_nbr.c
--- sys.orig/netinet6/nd6_nbr.c	2021-08-02 12:56:25.000000000 +0000
+++ sys/netinet6/nd6_nbr.c	2025-01-22 20:18:19.846534986 +0000
@@ -899,7 +899,10 @@
 		struct sockaddr_in6	dst6;
 	} u;
 	struct in6_addr daddr6;
-	int icmp6len, maxlen, error;
+	int icmp6len, maxlen;
+#if 0
+	int error;
+#endif
 	const void *mac;
 	struct route ro;
 
@@ -966,6 +969,7 @@
 	/*
 	 * Select a source whose scope is the same as that of the dest.
 	 */
+#if 0
 	error = in6_selectsrc(satosin6(dst), NULL, NULL, &ro, NULL, NULL, NULL,
 	    &ip6->ip6_src);
 	if (error != 0) {
@@ -975,6 +979,13 @@
 		    IN6_PRINT(ip6buf, &satocsin6(dst)->sin6_addr), error);
 		goto bad;
 	}
+#else
+	/*
+	 * Use the target address from the neighbor solicitation as the
+	 * source address.
+	 */
+	ip6->ip6_src = *taddr6;
+#endif
 	nd_na = (struct nd_neighbor_advert *)(ip6 + 1);
 	nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
 	nd_na->nd_na_code = 0;