With IPv4 the handling was simple: all local traffic would go in and out of the lo0 interface, no matter which ip-address was used or on which interface that address would be placed. This gets also obvious from the routing table:
While the network /27 appears with vtnet0, the local address itself is at lo0.
Practically it looks like this:
All traffic goes thru lo0 (and there we could filter it if e.g. we want to filter between non-vimage jails).
But now look at IPv6:
Upsala! What's the 'vtnet0' doing there??
But that's not yet the full story. This is RELEASE 13.0. And now RELEASE 12.2:
Urgs.
Lets conclude: the behaviour is
But how should I code that, when the behaviour is different with every usecase?
And whom might I ask how it would look if it finally settles? (The ipfw mailinglist seems mostly empty.)
Code:
root@xxxx:~ # ifconfig
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
inet 192.168.97.15 netmask 0xffffffe0 broadcast 192.168.97.31
inet6 fd00::1 prefixlen 64
root@xxxx:~ # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
127.0.0.1 link#2 UH lo0
192.168.97.0/27 link#1 U vtnet0
192.168.97.15 link#1 UHS lo0 <<<<<<
While the network /27 appears with vtnet0, the local address itself is at lo0.
Practically it looks like this:
Code:
root@xxxx:~ # ping 192.168.97.15
ipfw: 1 Accept ICMP:8.0 127.0.0.1 192.168.97.15 out via lo0
ipfw: 1 Accept ICMP:8.0 127.0.0.1 192.168.97.15 in via lo0
ipfw: 1 Accept ICMP:0.0 192.168.97.15 127.0.0.1 out via lo0
ipfw: 1 Accept ICMP:0.0 192.168.97.15 127.0.0.1 in via lo0
root@xxxx:~ # telnet 192.168.97.15 7777
ipfw: 1 Accept TCP 192.168.97.15:52401 192.168.97.15:7777 out via lo0
ipfw: 1 Accept TCP 192.168.97.15:52401 192.168.97.15:7777 in via lo0
ipfw: 1 Accept TCP 192.168.97.15:7777 192.168.97.15:52401 out via lo0
ipfw: 1 Accept TCP 192.168.97.15:7777 192.168.97.15:52401 in via lo0
All traffic goes thru lo0 (and there we could filter it if e.g. we want to filter between non-vimage jails).
But now look at IPv6:
Code:
root@xxxx:~ # ping fd00::1
ipfw: 1 Accept ICMPv6:128.0 [fd00::1] [fd00::1] out via lo0
ipfw: 1 Accept ICMPv6:128.0 [fd00::1] [fd00::1] in via lo0
ipfw: 1 Accept ICMPv6:129.0 [fd00::1] [fd00::1] out via lo0
ipfw: 1 Accept ICMPv6:129.0 [fd00::1] [fd00::1] in via lo0
root@xxxx:~ # telnet fd00::1 7777
ipfw: 1 Accept TCP [fd00::1]:53821 [fd00::1]:7777 out via lo0
ipfw: 1 Accept TCP [fd00::1]:53821 [fd00::1]:7777 in via vtnet0 <<<<<
ipfw: 1 Accept TCP [fd00::1]:7777 [fd00::1]:53821 out via lo0
ipfw: 1 Accept TCP [fd00::1]:7777 [fd00::1]:53821 in via lo0
Upsala! What's the 'vtnet0' doing there??
But that's not yet the full story. This is RELEASE 13.0. And now RELEASE 12.2:
Code:
root@yyyy:~ # ping6 fd00::1
ipfw: 1 Accept ICMPv6:128.0 [fd00::1] [fd00::1] out via lo0
ipfw: 1 Accept ICMPv6:128.0 [fd00::1] [fd00::1] in via vtnet0
ipfw: 1 Accept ICMPv6:129.0 [fd00::1] [fd00::1] out via lo0
ipfw: 1 Accept ICMPv6:129.0 [fd00::1] [fd00::1] in via vtnet0
root@yyyy:~ # telnet fd00::1 7777
ipfw: 1 Accept TCP [fd00::1]:60375 [fd00::1]:7777 out via lo0
ipfw: 1 Accept TCP [fd00::1]:60375 [fd00::1]:7777 in via vtnet0
ipfw: 1 Accept TCP [fd00::1]:7777 [fd00::1]:60375 out via lo0
ipfw: 1 Accept TCP [fd00::1]:7777 [fd00::1]:60375 in via vtnet0
Urgs.
Lets conclude: the behaviour is
- inkonsistent between incoming and outgoing
- inkonsistent between originate and answer flow
- inkonsistent between protocols (ICMP vs. TCP)
- inkonsistent between releases
But how should I code that, when the behaviour is different with every usecase?
And whom might I ask how it would look if it finally settles? (The ipfw mailinglist seems mostly empty.)