ipv6toolkit icon indicating copy to clipboard operation
ipv6toolkit copied to clipboard

Published 20 hours ago verified publisher icon fgont

Interface selection on interface without IPv6 support / next hop lookup broken

Open T-X opened this issue 3 years ago • 0 comments

Hi,

On Linux 5.7.19 / Debian Sid I created a pair of veth interfaces and disabled IPv6 on them:

ip link add vethx type veth peer name vethy
ip link set up dev vethx
ip link set up dev vethy
echo 1 > /proc/sys/net/ipv6/conf/vethx/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/vethy/disable_ipv6

I then run icmp6 sender as follows:

icmp6 -v \
        -p ICMP6 \
        --interface $IFACE \
        --src-addr fe80::`ipv6calc --action geneui64 --mac_to_eui64 $SRCMAC` \
        --dst-addr ff02::1 \
        --icmp6 128:0 \
        --no-payload \
        --link-src-addr $SRCMAC \
        --link-dst-addr $DSTMAC

And the icmp6 listener as follows:

icmp6 -v -v \
        -p ICMP6 \
        -L \
        --interface $IFACE \
        --src-addr fe80::`ipv6calc --action geneui64 --mac_to_eui64 $SRCMAC` \
        --icmp6 128:0 \
        --no-payload \
        --link-src-addr $SRCMAC

I then run into the issue that the icmp6 listener installs the pcap handle on the wrong interface, on "lo"/loopback, instead of the given $IFACE. And that the listener then is not able to receive any of the packets from the icmp6 sender.

Changing this line here as follows helps:

Before:

if(load_dst_and_pcap(&idata, LOAD_SRC_NXT_HOP) == FAILURE){

After:

if(load_dst_and_pcap(&idata, idata.dstaddr_f?LOAD_SRC_NXT_HOP:LOAD_PCAP_ONLY) == FAILURE){

Which is similar to how mldq6.c, rd6.c, rs6.c, tcp6.c and udp6.c do it.

The issue seems to be caused by load_dst_and_pcap() changing the idata.iface two times. Once here (changes it from vethy to wlp61s0). And once here (changes it from wlp61s0 to lo).

Before submitting a patch like adding the idata.dstaddr_f check to icmp6.c, as present in other tools, I do not quite understand why the listening interface should be changed in the first place when --interface is given. Seems counter intuitive and confusing? And potentially annoying because it's done without informing the user. Am I missing a specific use-case?

My ultimate goal is to use the ipv6toolkit to exchange icmp6 echo requests/replies without depending on the kernel IPv6 stack. And without performing any neighbor discovery.

T-X avatar Jan 12 '21 17:01 T-X