From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) by passt.top (Postfix) with ESMTPS id 541C95A026D for ; Sun, 28 May 2023 18:27:19 +0200 (CEST) Date: Sun, 28 May 2023 16:27:13 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1685291238; x=1685550438; bh=EDXkB9RWTG7Dta6vVENp2OdiKeps78PiReQJ3aG0HE8=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=cVtRpBM7UwGoeEs+gRVhqSWCYykY2xVamiGzwR3bFYLoc769cMrMatEsVpJCE0mY7 c0Omo4oJ3tD27x+IJOplcMunQCjUXp4/eVYdA2/iGeYyhtpyqQh2wpryiLOH92m3XW RyjwgMYhFDlNIgpOhN1T/uP0I+C/2qMDgV4PU4Kan0TLWL56jXVVQuOpSlbw0LoFuZ BlA24y+knr8+k1eD812e5XpwZjK/1iQMVvYkwaz646HASQl/Cp/pmPSEXcVYozIQty t/32BrIuCMLeeOCwZVkTcfpCG1BVFnDAon3fDvEGYUgu/BNCeEwG2E+XmagzwOFHF5 zSMNCi2j+6s1w== To: Stefano Brivio From: Juan Orti Subject: Re: IPv6 UDP not working Message-ID: In-Reply-To: <20230528163812.69e359dd@elisabeth> References: <20230528163812.69e359dd@elisabeth> Feedback-ID: 45474451:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: DFTSHCAQ5WUKO2BHWYTXVOJGQJA2CC5P X-Message-ID-Hash: DFTSHCAQ5WUKO2BHWYTXVOJGQJA2CC5P X-MailFrom: jorti@pm.me X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson , "passt-user@passt.top" X-Mailman-Version: 3.3.8 Precedence: list List-Id: "For users: support, questions and answers" Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: ------- Original Message ------- El domingo, 28 de mayo de 2023 a las 16:38, Stefano Brivio escribi=C3=B3: > I guess that might come from the IPV6_PKTINFO ancillary data > (cmsg_type 0x32) -- I'm not sure how and why it's used here as strace > doesn't dump the CMSG_DATA content, but, having a look at > ip6_datagram_send_ctl() (net/ipv6/datagram.c), EINVAL might come from: >=20 > 1. a link-local address being passed along... I doubt that's the case >=20 > 2. a non-local address (or one we can't bind to anyway) being used. To > check if we're in this case, it would be helpful if you could share > the addressing information from the container (ip -6 address show), > and if you could try 'sysctl -w net.ipv6.ip_nonlocal_bind =3D 1', > again from the container. net.ipv6.ip_nonlocal_bind=3D1 is not helping. This is the container network= config: # ip -6 address show 1: lo: mtu 65536 state UNKNOWN qlen 1000 inet6 ::1/128 scope host=20 valid_lft forever preferred_lft forever 2: enp88s0: mtu 65520 state UNKNOWN qlen = 1000 inet6 fddc:f797:78ef:70::5/64 scope global flags 02=20 valid_lft forever preferred_lft forever inet6 fe80::5cef:4eff:fe6c:551f/64 scope link=20 valid_lft forever preferred_lft forever # ip -6 r show table all fddc:f797:78ef:70::/64 dev enp88s0 metric 256=20 fe80::/64 dev enp88s0 metric 256=20 default via fe80::ea9f:80ff:fe5d:3d6e dev enp88s0 metric 1024=20 local ::1 dev lo table local metric 0=20 local fddc:f797:78ef:70::5 dev enp88s0 table local metric 0=20 local fe80::5cef:4eff:fe6c:551f dev enp88s0 table local metric 0=20 multicast ff00::/8 dev enp88s0 table local metric 256=20 With a tcpdump inside the container I can see that the incoming packets are= actually arriving with the link-local address as the destination (is this = expected?). 16:18:26.248659 IP6 (hlim 255, next-header UDP (17) payload length: 63) fdd= c:f797:78ef:10::b46.42091 > fe80::5cef:4eff:fe6c:551f.53: [udp sum ok] 6215= + [1au] A? www.google.com. (55) 16:18:31.253942 IP6 (hlim 255, next-header UDP (17) payload length: 63) fdd= c:f797:78ef:10::b46.34965 > fe80::5cef:4eff:fe6c:551f.53: [udp sum ok] 6215= + [1au] A? www.google.com. (55) 16:18:36.257294 IP6 (hlim 255, next-header UDP (17) payload length: 63) fdd= c:f797:78ef:10::b46.55302 > fe80::5cef:4eff:fe6c:551f.53: [udp sum ok] 6215= + [1au] A? www.google.com. (55) TCP also uses the link-local address, however it works: 16:20:50.933652 IP6 (flowlabel 0x000e0, hlim 255, next-header TCP (6) paylo= ad length: 28) fddc:f797:78ef:10::b46.36213 > fe80::5cef:4eff:fe6c:551f.53:= Flags [S], cksum 0x8f00 (correct), seq 3612741141, win 65535, options [mss= 4096,nop,wscale 7], length 0 16:20:50.933670 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) = fe80::5cef:4eff:fe6c:551f > ff02::1:ff5d:3d6e: [icmp6 sum ok] ICMP6, neighb= or solicitation, length 32, who has fe80::ea9f:80ff:fe5d:3d6e =09 source link-address option (1), length 8 (1): 5e:ef:4e:6c:55:1f 16:20:50.933675 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) = fe80::5cef:4eff:fe6c:551f > ff02::1:ff5d:3d6e: [icmp6 sum ok] ICMP6, neighb= or solicitation, length 32, who has fe80::ea9f:80ff:fe5d:3d6e =09 source link-address option (1), length 8 (1): 5e:ef:4e:6c:55:1f 16:20:50.933910 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) = fe80::ea9f:80ff:fe5d:3d6e > fe80::5cef:4eff:fe6c:551f: [icmp6 sum ok] ICMP6= , neighbor advertisement, length 32, tgt is fe80::ea9f:80ff:fe5d:3d6e, Flag= s [router, solicited, override] =09 destination link-address option (2), length 8 (1): 48:21:0b:32:59:8e 16:20:50.933915 IP6 (flowlabel 0x57ab1, hlim 64, next-header TCP (6) payloa= d length: 28) fe80::5cef:4eff:fe6c:551f.53 > fddc:f797:78ef:10::b46.36213: = Flags [S.], cksum 0x6abe (correct), seq 3302060021, ack 3612741142, win 654= 60, options [mss 65460,nop,wscale 7], length 0 16:20:50.933921 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) = fe80::ea9f:80ff:fe5d:3d6e > fe80::5cef:4eff:fe6c:551f: [icmp6 sum ok] ICMP6= , neighbor advertisement, length 32, tgt is fe80::ea9f:80ff:fe5d:3d6e, Flag= s [router, solicited, override] =09 destination link-address option (2), length 8 (1): 48:21:0b:32:59:8e 16:20:50.933934 IP6 (flowlabel 0x000e0, hlim 255, next-header TCP (6) paylo= ad length: 77) fddc:f797:78ef:10::b46.36213 > fe80::5cef:4eff:fe6c:551f.53:= Flags [.], cksum 0x4e3d (correct), seq 1:58, ack 1, win 46080, length 57 2= 9365+ [1au] A? www.google.com. (55) 16:20:50.933943 IP6 (flowlabel 0x57ab1, hlim 64, next-header TCP (6) payloa= d length: 20) fe80::5cef:4eff:fe6c:551f.53 > fddc:f797:78ef:10::b46.36213: = Flags [.], cksum 0x8e07 (correct), ack 58, win 511, length 0 16:20:50.934239 IP6 (flowlabel 0x57ab1, hlim 64, next-header TCP (6) payloa= d length: 70) fe80::5cef:4eff:fe6c:551f.53 > fddc:f797:78ef:10::b46.36213: = Flags [P.], cksum 0x4c39 (correct), seq 1:51, ack 58, win 512, length 50 29= 365 1/0/0 www.google.com. A 216.239.38.120 (48) 16:20:50.934253 IP6 (flowlabel 0x000e0, hlim 255, next-header TCP (6) paylo= ad length: 20) fddc:f797:78ef:10::b46.36213 > fe80::5cef:4eff:fe6c:551f.53:= Flags [.], cksum 0x8e6c (correct), ack 51, win 360, length 0 16:20:50.934795 IP6 (flowlabel 0x000e0, hlim 255, next-header TCP (6) paylo= ad length: 20) fddc:f797:78ef:10::b46.36213 > fe80::5cef:4eff:fe6c:551f.53:= Flags [F.], cksum 0x8e6b (correct), seq 58, ack 51, win 360, length 0 16:20:50.934874 IP6 (flowlabel 0x57ab1, hlim 64, next-header TCP (6) payloa= d length: 20) fe80::5cef:4eff:fe6c:551f.53 > fddc:f797:78ef:10::b46.36213: = Flags [F.], cksum 0x8dd2 (correct), seq 51, ack 59, win 512, length 0 16:20:50.934888 IP6 (flowlabel 0x000e0, hlim 255, next-header TCP (6) paylo= ad length: 20) fddc:f797:78ef:10::b46.36213 > fe80::5cef:4eff:fe6c:551f.53:= Flags [.], cksum 0x8e6a (correct), ack 52, win 360, length 0