On 06/19/11 12:09, Claudio Jeker wrote:
On Sun, Jun 19, 2011 at 11:30:19AM +0200, Andreas Bartelt wrote:
...
What surprises me is that although the correct outgoing (wireless)
interface is used, an IPv6 packet to 2001:db8:10:20::1 has the
source address of the wired interface 2001:db8:10:10::2.
Welcome to IPv6 where source address selection is so complex that nobody
understands it. In the end it often selects the address that is
numerically closest to the destination. So yes, IPv6 tends to do stupid
things and this is actually the way IETF wants it to be.
Another reason why most of the network stack hackers think IPv6 is broken
by design.
so this means 'antispoof' and 'urpf-failed' rules in pf.conf(5) won't
reliably work in the (IPv6) future?
Could please someone invent a new Internet?
Regards,
Andreas
