Hi, On Wed, Aug 01, 2012 at 06:11:08PM +0200, Arne Schwabe wrote: > the getaddr6 and getaddr_mutli functions are duplicates of each other. Since > we always require getaddrinfo to be present both function are merge into one > openvpn_getaddrinfo. > > This functions also returns a standard struct addrinfo* so our resolve > interface is closer to the standard unix interface. The getaddr function is a > wrapper which provides backward compatibility for IPv4 addresses. Ipv6 calls > and calls to getaddr_multi are replaced with the new interface. >
ACK on the feature, but there's something weird in the implementation
(which I've not had time to track down yet).
When connecting to a TCP ipv6 server (--client --proto tcp6-client), things
fail in interesting ways:
$ openvpn --client --nobind --comp-lzo --verb 3 --dev tun --proto tcp6-client
--remote conn-test-server.openvpn.org --port 51194
...
Mon Aug 6 19:49:06 2012 Attempting to establish TCP connection with
[AF_INET6]2607:fc50:1001:5200:::51194 [nonblock]
This is buggy already, because "conn-test-server" is "2607:fc50:1001:5200::4",
and the ":4" got lost...
Mon Aug 6 19:49:16 2012 TCP: connect to [AF_INET6]2607:fc50:1001:5200:::51194
failed, will try again in 5 seconds: Operation timed out
Mon Aug 6 19:49:22 2012 TCP connection established with
[AF_INET6]2607:fc50:1001:5200::4:51194
Nevertheless, it eventually it *does* connect - and that looks really
weird in tcpdump:
20:29:53.410339 IP6 2001:608:0:814::f000:3.51581 > 2607:fc50:1001:5200::.51194:
S 3439435758:3439435758(0) win 65535 <mss 1440,nop,wscale 3,sackOK,timestamp
1696266663 0>
20:29:56.609888 IP6 2001:608:0:814::f000:3.51581 > 2607:fc50:1001:5200::.51194:
S 3439435758:3439435758(0) win 65535 <mss 1440,nop,wscale 3,sackOK,timestamp
1696266983 0>
20:29:59.809652 IP6 2001:608:0:814::f000:3.51581 > 2607:fc50:1001:5200::.51194:
S 3439435758:3439435758(0) win 65535 <mss 1440,sackOK,eol>
3 tries with "5200::"...
20:30:05.520033 IP6 2001:608:0:814::f000:3.52113 >
2607:fc50:1001:5200::4.51194: S 1364097067:1364097067(0) win 65535 <mss
1440,nop,wscale 3,sackOK,timestamp 1696267874 0>
20:30:05.658230 IP6 2607:fc50:1001:5200::4.51194 >
2001:608:0:814::f000:3.52113: S 278837698:278837698(0) ack 1364097068 win 65535
<mss 1440,nop,wscale 6,sackOK,timestamp 1030394651 1696267874>
20:30:05.658368 IP6 2001:608:0:814::f000:3.52113 >
2607:fc50:1001:5200::4.51194: . ack 1 win 8211 <nop,nop,timestamp 1696267887
1030394651>
... and then it tries the proper host, which answers...
After connecting, it then fails on verifying the remote (huh, for TCP?!):
Mon Aug 6 19:49:22 2012 TCPv6_CLIENT link local: [undef]
Mon Aug 6 19:49:22 2012 TCPv6_CLIENT link remote:
[AF_INET6]2607:fc50:1001:5200::4:51194
Mon Aug 6 19:49:22 2012 TCP/UDP: Incoming packet rejected from
[AF_INET6]2607:fc50:1001:5200::4:51194[28], expected peer address:
[AF_INET6]2607:fc50:1001:5200:::51194 (allow this incoming source address/port
by removing --remote or adding --float)
Mon Aug 6 19:49:22 2012 TCP/UDP: Incoming packet rejected from
[AF_INET6]2607:fc50:1001:5200::4:51194[28], expected peer address:
[AF_INET6]2607:fc50:1001:5200:::51194 (allow this incoming source address/port
by removing --remote or adding --float)
(and of course, from there on it will not go anywhere). This happens on
FreeBSD 7.4 with yesterday's "master" and patch2/4 applied - without
the patch, it works.
From the looks of it, "something" is overwriting the last few bits of
the IPv6 address with zeroes, but I haven't seen anything obvious in the
patch yet.
> + /* hostname resolve succeeded */
> +
> + /* Do not chose an IP Addresse by radnom or change the order *
Just for nag value, there's a typo here :-)
Connecting via "--client -proto udp6" fails as well, but not in such an
interesting way - it just sends packets to the ...5200:: address, which
never get responded to...
Mon Aug 6 20:42:37 2012 UDPv6 link local: [undef]
Mon Aug 6 20:42:37 2012 UDPv6 link remote:
[AF_INET6]2607:fc50:1001:5200:::51194
20:43:39.572839 IP6 2001:608:0:814::f000:3.51172 > 2607:fc50:1001:5200::.51194:
UDP, length 14
20:43:41.710033 IP6 2001:608:0:814::f000:3.51172 > 2607:fc50:1001:5200::.51194:
UDP, length 14
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgptQJyBPWLll.pgp
Description: PGP signature
