subject:"Re\: \[atlas\] Link\-Local ICMP messages for Atlas probe"

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-09-03 Thread Gert Doering

Hi,

On Thu, Aug 17, 2023 at 03:50:03PM -0700, Daryl Morse wrote:
> I used WireShark on the WAN interface and I can confirm that the messages
> are all ping requests. Further, I can confirm that all of the addresses have
> been mangled. They are logged as fe80:5::, but the correct addresses are
> fe80::. I created a bug report.

Now that might be an API artefact.  Some of the BSD based OSes report the
interface ID in bits 16..31 when returning a fe80:: address in a
sockaddr structure.

The usual code to deal with it does something like this... from OpenVPN's
"give me the current IPv6 default gateway via a routing socket query" code:

/* get gateway addr and interface name */

struct sockaddr_in6 *s6 = (struct sockaddr_in6 *)gate;
struct in6_addr gw = s6->sin6_addr;

/* You do not really want to know... from FreeBSD's route.c
 * (KAME encodes the 16 bit scope_id in s6_addr[2] + [3],
 * but for a correct link-local address these must be :: )
 */
if (gate->sa_len == sizeof(struct sockaddr_in6)
&& IN6_IS_ADDR_LINKLOCAL(&gw) )
{
gw.s6_addr[2] = gw.s6_addr[3] = 0;
}


Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 
ripe-atlas mailing list
ripe-atlas@ripe.net
https://lists.ripe.net/mailman/listinfo/ripe-atlas

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-08-17 Thread Daryl Morse

There are hundreds of these messages every day. I only copied a small selection 
to show the different addresses.

I also would like to know where they are coming from, because they are strange.

-Original Message-
From: Tim Chown  

On 14 Aug 2023, at 09:57, Sebastian Johansson  wrote:
> 
> The global scope address targeted belongs to their probe, hence my 
> suggestion to just suppress the log message - if I chased down every 
> odd packet my probe received, I wouldn't have time for much else :)

Fair enough, it’s half a dozen messages a day after all.  But that link-local 
prefix seems to indicate some misconfiguration somewhere, and were it on my 
network I’d want to find out why.

Tim

-- 
ripe-atlas mailing list
ripe-atlas@ripe.net
https://lists.ripe.net/mailman/listinfo/ripe-atlas

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-08-17 Thread Daryl Morse

The messages are definitely from external systems. I have a contact at the ISP, 
so I will be asking him if there is any way to track down the addresses. 

 

From: Tim Chown  



 

On 14 Aug 2023, at 09:14, Sebastian Johansson mailto:steamru...@gmail.com> > wrote:

 

[You don't often get email from steamru...@gmail.com 
 . Learn why this is important at 
https://aka.ms/LearnAboutSenderIdentification ]

Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't
forward packets from link local addresses, so I'd honestly just
suppress the log message and leave it at that.

 

Maybe it’s to an internal system. 

 

But it would be good to find out why those messages happen. That format of link 
local address is very unusual to see and contravenes RFC 4291 (see 
https://www.rfc-editor.org/rfc/rfc4291#page-11).  





If the node really wants to talk to the ipv6.telus.net   
system on 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global 
scope address.  RFC 6724 prefers matched scope of addresses, because the 
destination can’t reply unless it happens to be on the same link as the sender.

 

The standards now say the host past of the address should not be a MAC address, 
see RFC 7217 and other RFCs recommending its use. 

 

Tim





On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse mailto:daryl_mo...@telus.net> > wrote:




I've been hosting an Atlas probe since February 2019. I have native dual-stack 
gigabit fibre internet service and my router is pfSense. Recently, I noticed 
that there are hundreds of messages in the log of the router like the following:

Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nx

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-08-17 Thread Daryl Morse

hn0 is the WAN interface. It's correct that link-local addresses should not be 
forwarded. I'm not aware of any way to suppress the log messages and there are 
hundreds of them.

-Original Message-
From: Sebastian Johansson  

Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't forward 
packets from link local addresses, so I'd honestly just suppress the log 
message and leave it at that.


-- 
ripe-atlas mailing list
ripe-atlas@ripe.net
https://lists.ripe.net/mailman/listinfo/ripe-atlas

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-08-14 Thread Gert Doering

Hi,

On Mon, Aug 14, 2023 at 09:57:22AM +0200, Michel Stam wrote:
> Can???t say I???ve seen it before, can the firewall be a bit too strict?

If a device sends packets with link-local addresses towards off-link
GUA addresses, such packets MUST be dropped.

Unfortunately, not all implementations do that - but not doing so is
a violation of one of the basic IPv6 RFCs.

(Also, forwarding LLA sourced packets off-link has no use case really -
where should the reply go to?)

Gert Doering
-- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG  Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279


signature.asc
Description: PGP signature
-- 
ripe-atlas mailing list
ripe-atlas@ripe.net
https://lists.ripe.net/mailman/listinfo/ripe-atlas

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-08-14 Thread Tim Chown via ripe-atlas

On 14 Aug 2023, at 09:57, Sebastian Johansson  wrote:
> 
> The global scope address targeted belongs to their probe, hence my
> suggestion to just suppress the log message - if I chased down every
> odd packet my probe received, I wouldn't have time for much else :)

Fair enough, it’s half a dozen messages a day after all.  But that link-local 
prefix seems to indicate some misconfiguration somewhere, and were it on my 
network I’d want to find out why.

Tim

> On Mon, Aug 14, 2023 at 10:51 AM Tim Chown  wrote:
>> 
>> On 14 Aug 2023, at 09:14, Sebastian Johansson  wrote:
>> 
>> 
>> [You don't often get email from steamru...@gmail.com. Learn why this is 
>> important at https://aka.ms/LearnAboutSenderIdentification ]
>> 
>> Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't
>> forward packets from link local addresses, so I'd honestly just
>> suppress the log message and leave it at that.
>> 
>> 
>> Maybe it’s to an internal system.
>> 
>> But it would be good to find out why those messages happen. That format of 
>> link local address is very unusual to see and contravenes RFC 4291 (see 
>> https://www.rfc-editor.org/rfc/rfc4291#page-11).
>> 
>> If the node really wants to talk to the ipv6.telus.net system on 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global scope 
>> address.  RFC 6724 prefers matched scope of addresses, because the 
>> destination can’t reply unless it happens to be on the same link as the 
>> sender.
>> 
>> The standards now say the host past of the address should not be a MAC 
>> address, see RFC 7217 and other RFCs recommending its use.
>> 
>> Tim
>> 
>> On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse  wrote:
>> 
>> 
>> I've been hosting an Atlas probe since February 2019. I have native 
>> dual-stack gigabit fibre internet service and my router is pfSense. 
>> Recently, I noticed that there are hundreds of messages in the log of the 
>> router like the following:
>> 
>> Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 
>> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>> Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 
>> 2001:569:585f:b00:1:b3ff:fe

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-08-14 Thread Sebastian Johansson

The global scope address targeted belongs to their probe, hence my
suggestion to just suppress the log message - if I chased down every
odd packet my probe received, I wouldn't have time for much else :)

On Mon, Aug 14, 2023 at 10:51 AM Tim Chown  wrote:
>
> On 14 Aug 2023, at 09:14, Sebastian Johansson  wrote:
>
>
> [You don't often get email from steamru...@gmail.com. Learn why this is 
> important at https://aka.ms/LearnAboutSenderIdentification ]
>
> Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't
> forward packets from link local addresses, so I'd honestly just
> suppress the log message and leave it at that.
>
>
> Maybe it’s to an internal system.
>
> But it would be good to find out why those messages happen. That format of 
> link local address is very unusual to see and contravenes RFC 4291 (see 
> https://www.rfc-editor.org/rfc/rfc4291#page-11).
>
> If the node really wants to talk to the ipv6.telus.net system on 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global scope 
> address.  RFC 6724 prefers matched scope of addresses, because the 
> destination can’t reply unless it happens to be on the same link as the 
> sender.
>
> The standards now say the host past of the address should not be a MAC 
> address, see RFC 7217 and other RFCs recommending its use.
>
> Tim
>
> On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse  wrote:
>
>
> I've been hosting an Atlas probe since February 2019. I have native 
> dual-stack gigabit fibre internet service and my router is pfSense. Recently, 
> I noticed that there are hundreds of messages in the log of the router like 
> the following:
>
> Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 00:07:07 kernel can

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-08-14 Thread Tim Chown via ripe-atlas

On 14 Aug 2023, at 09:14, Sebastian Johansson  wrote:

[You don't often get email from steamru...@gmail.com. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't
forward packets from link local addresses, so I'd honestly just
suppress the log message and leave it at that.

Maybe it’s to an internal system.

But it would be good to find out why those messages happen. That format of link 
local address is very unusual to see and contravenes RFC 4291 (see 
https://www.rfc-editor.org/rfc/rfc4291#page-11).

If the node really wants to talk to the ipv6.telus.net 
system on 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global 
scope address.  RFC 6724 prefers matched scope of addresses, because the 
destination can’t reply unless it happens to be on the same link as the sender.

The standards now say the host past of the address should not be a MAC address, 
see RFC 7217 and other RFCs recommending its use.

Tim

On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse  wrote:

I've been hosting an Atlas probe since February 2019. I have native dual-stack 
gigabit fibre internet service and my router is pfSense. Recently, I noticed 
that there are hundreds of messages in the log of the router like the following:

Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 
2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1

The messages occur in groups of three, spaced a few seconds apart.

All of the messages start with fe80:5. Even if I strip off the "5", none of 
them seem to convert into MAC addresses, so I can't use that to figure out what 
type of device is pinging the probe.

There are no ent

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-08-14 Thread Sebastian Johansson

Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't
forward packets from link local addresses, so I'd honestly just
suppress the log message and leave it at that.

On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse  wrote:
>
> I've been hosting an Atlas probe since February 2019. I have native 
> dual-stack gigabit fibre internet service and my router is pfSense. Recently, 
> I noticed that there are hundreds of messages in the log of the router like 
> the following:
>
> Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
>
> The messages occur in groups of three, spaced a few seconds apart.
>
> All of the messages start with fe80:5. Even if I strip off the "5", none of 
> them seem to convert into MAC addresses, so I can't use that to figure out 
> what type of device is pinging the probe.
>
> There are no entries in the NDP table corresponding to these messages.
>
> I have no idea how long this has been happening. I only noticed it when I was 
> setting up a new server to host pfsense.
>
> My probe is RIPE-Atlas-Probe-52209.
>
> I'm interested to know if anyone else has experienced this.
> --
> ripe-atlas mailing list
> ripe-atlas@ripe.net
> https://lists.ripe.net/mailman/listinfo/ripe-atlas

-- 
ripe-atlas mailing list
ripe-atlas@ripe.net
https://lists.ripe.net/mailman/listinfo/ripe-atlas

Re: [atlas] Link-Local ICMP messages for Atlas probe

2023-08-14 Thread Michel Stam

Hi Daryl,

Can’t say I’ve seen it before, can the firewall be a bit too strict?

I read ICMP messages, but I don’t see this in the log you post. Do you have any 
idea what sort of ICMP messages?

Regards,

Michel

> On 14 Aug 2023, at 04:36, Daryl Morse  wrote:
> 
> I've been hosting an Atlas probe since February 2019. I have native 
> dual-stack gigabit fibre internet service and my router is pfSense. Recently, 
> I noticed that there are hundreds of messages in the log of the router like 
> the following:
> 
> Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 
> 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
> 
> The messages occur in groups of three, spaced a few seconds apart.
> 
> All of the messages start with fe80:5. Even if I strip off the "5", none of 
> them seem to convert into MAC addresses, so I can't use that to figure out 
> what type of device is pinging the probe.
> 
> There are no entries in the NDP table corresponding to these messages.
> 
> I have no idea how long this has been happening. I only noticed it when I was 
> setting up a new server to host pfsense.
> 
> My probe is RIPE-Atlas-Probe-52209.
> 
> I'm interested to know if anyone else has experienced this.
> -- 
> ripe-atlas mailing list
> ripe-atlas@ripe.net
> https://lists.ripe.net/mailman/listinfo/ripe-atlas


-- 
ripe-atlas mailing list
ripe-atlas@ripe.net
https://lists.ripe.net/mailman/listinfo/ripe-atlas

Re: [atlas] Link-Local ICMP messages for Atlas probe

Re: [atlas] Link-Local ICMP messages for Atlas probe

Re: [atlas] Link-Local ICMP messages for Atlas probe

Re: [atlas] Link-Local ICMP messages for Atlas probe

Re: [atlas] Link-Local ICMP messages for Atlas probe

Re: [atlas] Link-Local ICMP messages for Atlas probe

Re: [atlas] Link-Local ICMP messages for Atlas probe

Re: [atlas] Link-Local ICMP messages for Atlas probe

Re: [atlas] Link-Local ICMP messages for Atlas probe

Re: [atlas] Link-Local ICMP messages for Atlas probe

10 matches

Site Navigation

Mail list logo

Footer information