Hi everyone,<br><br>I have been looking into this problem for months.<br><br>I found that Linux kernel have difficulty determining source address for an icmp-ttl-exceeded packet if SADR is used.<br><br>Sometimes it will return the primary address as if SADR route does not exist; sometimes it will just seallow the reply packet, showing as a "???" in the traceroute.<br><br>In some rare random situation a machine with two routes like "default from 2001.../48" would report "no route to host" when you want to connect from it to some random (not all) hosts in the Internet, although the machine routes packets from others correctly.<br><br>I found that icmp_errors_use_inbound_ifaddr does not work for IPv6, and have been trying to port that option to IPv6. I am not sure if it can fix the traceroute problem. But I am currently suspending this work, hopefully someone else is interested in it.<br><br>I agree that we need such an option. That's simply because Linux kernel is buggy.<br><br>(P.S. I typed this letter on my phone. Please forgive me if the layout is messy.)<br><div class="gmail_quote"><div dir="ltr">On Sat, Jul 7, 2018 at 05:38 Juliusz Chroboczek <<a href="mailto:jch@irif.fr">jch@irif.fr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">> The packets never traverse the 2a02-network yet it is showing up in the<br>
> traceroute and that way the 2a02 addresses are leaking into the mesh<br>
> revealing information about the node that should not be revealed.<br>
> Sacondly packets originating from the node like DNS may leave the node<br>
> with an inappropriate ipv6 address and could possibly be routed out<br>
> through the wan interface of the node.<br>
<br>
I understand what you're trying to do. I want to understand why.<br>
<br>
Which interface is the address in 2a02 installed on? If it's a different<br>
interface, then according to RFC 6724 Section 5 rule 5, the other address<br>
should be chosen. If the address is installed on the same interface, then<br>
I'd like to understand why.<br>
<br>
>> I have no objection (and I'd be glad to apply a well-written patch that<br>
>> does that), but I don't think this should be necessary.<br>
<br>
> I opened a PR for this<br>
<br>
<a href="https://github.com/jech/babeld/pull/15" rel="noreferrer" target="_blank">https://github.com/jech/babeld/pull/15</a><br>
<br>
As I've said there, I don't think it should be a command-line option -- it<br>
should live in the configuration file. If people want to put it on the<br>
command-line, they should be using "-C".<br>
<br>
What's more, I don't think it makes sense for it to be a global option,<br>
since with multiple interfaces you don't usually want to use the same<br>
address with all interfaces. I can see the following:<br>
<br>
- it could be an interface option, in which case it would apply to all<br>
routes going out through that interface;<br>
- it could be a filter option, in which case it would apply to matching<br>
routes.<br>
<br>
Perhaps the list could chime in?<br>
<br>
-- Juliusz<br>
<br>
_______________________________________________<br>
Babel-users mailing list<br>
<a href="mailto:Babel-users@alioth-lists.debian.net" target="_blank">Babel-users@alioth-lists.debian.net</a><br>
<a href="https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users" rel="noreferrer" target="_blank">https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users</a></blockquote></div>