Bug#498498: iproute: adding route blackholes doesn't work for IPv6
Package: iproute Version: 2017-1 Followup-For: Bug #498498 ip -6 route add throw fd00::/8 does not work also michael@server:/etc/network/if-pre-up.d$ sudo ip -6 route add throw fd00::/8 RTNETLINK answers: No such device -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_HK.UTF-8, LC_CTYPE=en_HK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iproute depends on: ii libc6 2.13-23 ii libdb5.1 5.1.25-11 Versions of packages iproute recommends: ii libatm1 1:2.5.1-1.3 Versions of packages iproute suggests: pn iproute-doc none -- Configuration Files: /etc/iproute2/rt_tables changed: 255 local 254 main 253 default 0 unspec -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#498498: iproute: adding route blackholes doesn't work for IPv6
On ons, 2008-09-10 at 15:43 +0200, Thomas Jacob wrote: [...] # ip route add to blackhole 2001::1/128 RTNETLINK answers: No such device [...] Could you please try to specify a device name as well? Seems to work here: $ ping6 -c 1 2001::1 PING 2001::1(2001::1) 56 data bytes --- 2001::1 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms $ sudo ip route add to blackhole 2001::1/128 dev lo $ ip -6 ro sh | grep 2001::1 unreachable 2001::1 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 $ ping6 -c 1 2001::1 connect: Network is unreachable $ sudo ip ro del 2001::1 $ Please tell me if you still think this is a bug in iproute (and please describe it a bit more so I can understand the problem). -- Regards, Andreas Henriksson -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#498498: iproute: adding route blackholes doesn't work for IPv6
Hello, $ sudo ip route add to blackhole 2001::1/128 dev lo $ ip -6 ro sh | grep 2001::1 unreachable 2001::1 dev lo metric 1024 error -101 mtu 16436 advmss 16376 hoplimit 4294967295 $ ping6 -c 1 2001::1 connect: Network is unreachable Interestingly this work fine with lo interfaces, but not with real interfaces. (to ensure our default gw is not blackholed as per default) $ ip -6 route add default via fe80::1 dev eth0 $ ip route add to blackhole 2001::1/128 dev eth1 $ ip -6 route | grep 2001::1 2001::1 dev eth1 metric 1024 expires 21334286sec mtu 1500 advmss 1440 hoplimit 4294967295 (looks just like a normal route) $ ping6 -c 1 2001::1 PING 2001::1(2001::1) 56 data bytes From fe80::2e0:18ff:fe66:e24a icmp_seq=1 Destination unreachable: Address unreachable (at the same time) $ tcpdump -i eth1 -n -p ip6 listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 20:57:46.983658 IP6 fe80::::: ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001::1, length 32 no answer, obviously (afterwards) $ ip -6 neigh | grep 2001::1 2001::1 dev eth1 FAILED Hence this route is just a normal device route, despite the blackhole type being specified in the command. But of course, the device doesn't matter, so dev lo seems fine. On the other hand, unreachable is not the same as blackhole, at least in IPv4, so even the dev lo version doesn't really do what one would expect from the man page. So I'd still call this a bug, either in the documentation or the iproute/kernel implementation, albeit a less severe one, as the dev lo thing should be a valid alternative in most cases (unless you really just want those packets to be dropped instead of also sending out ICMP unreachable messages). Thomas signature.asc Description: This is a digitally signed message part
Bug#498498: iproute: adding route blackholes doesn't work for IPv6
Package: iproute Version: 20080725-2 Severity: normal Trying to set up routing black holes results in an error message: # ip route add to blackhole 2001::1/128 RTNETLINK answers: No such device The same thing happens on etch. This could mean that this feature is not implemented yet for IPv6, but there appears to be some code that deals with it in linux/net/ipv6/route.c on 2.6.26... Most likely an issue for upstream. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages iproute depends on: ii libc6 2.7-13 GNU C Library: Shared libraries ii libdb4.6 4.6.21-8 Berkeley v4.6 Database Libraries [ Versions of packages iproute recommends: ii libatm1 2.4.1-17.2 shared library for ATM (Asynchrono Versions of packages iproute suggests: pn iproute-doc none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]