On Wed, Feb 15, 2023 at 11:49:51AM +0100, to...@tuxteam.de wrote:
On Tue, Feb 14, 2023 at 03:07:08PM -0500, Michael Stone wrote:
On Fri, Feb 10, 2023 at 02:33:12PM +0000, Tim Woodall wrote:
> On Fri, 10 Feb 2023, jeremy ardley wrote:
> > you can ping them as in
> >
> > ping fe80::87d:c6ff:fea4:a6fc
> >
>
> ooh, I didn't know that worked.
>
> Same as
> ping fe80::87d:c6ff:fea4:a6fc%eth0
>
> on my machines at least. No idea how it picks the interface when there's
> more than one.
>
> The interface seems mandatory for ssh for me:
>
> tim@einstein(4):~ (none)$ ssh fe80::1
> ssh: connect to host fe80::1 port 22: Invalid argument
> tim@einstein(4):~ (none)$
You actually have an fe80::1 IP address on your system? That would be highly
unusual. If you don't, why would you expect it to respond?
Whether it responds or not is, I think, irrelevant here. The thing
gets cut short by the -EINVAL, which stems from the missing interface
specification (well, "zone index" in IPv6 jargon). Without zone index,
an IPv6LL is (may be?) underspecified. So it would be fe80::1%eth0
or something similar.
Ok, I didn't get what you were asking. Yes, a link local address must
have a scope (interface) associated with it, by policy. You don't need
it with ping because it's using a lower level raw socket (but, if there
are multiple interfaces and you didn't specify one, the packets are
likely going out the wrong one). The reason for this is that by
definition the addresses are specific to a link, and there's no
mechanism (e.g., route table with a default) for the kernel to determine
which link to use. It's possible for the same link local address to
be present on multiple links (the addresses are only required to be
unique per link) so it's not a generally solvable problem, and given the
purpose of link local addresses it doesn't really need to be.
I'd missed that the OP that started this suggested otherwise. There were
no command outputs so I don't know if it actually works on that system
or it was a simply a failure to remember to add the scope id in the
mail. If it does work I have no idea how, but there'd have to be
something in the stack adding a scope. When link local addresses are
returned by nss-mymachines or nss-mynetworks the scope is included so it
will "just work".