Solved IPv6: how to bind a site-local source address?

PMc

PMc

In IPv6, when I connect (or ping) a site-local address, the source address is also choosen as site-local, and when I connect a remote address, the source address is chosen as global:
Code: 
$ ping -c 1 fd00::4202
PING6(56=40+8+8 bytes) fd00::4201 --> fd00::4202
16 bytes from fd00::4202, icmp_seq=0 hlim=64 time=0.498 ms

--- fd00::4202 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.498/0.498/0.498/0.000 ms
$ ping -c 1  2a00:1450:4001:82f::2003
PING6(56=40+8+8 bytes) 2003:e7:1710:55ff::1 --> 2a00:1450:4001:82f::2003
16 bytes from 2a00:1450:4001:82f::2003, icmp_seq=0 hlim=60 time=23.212 ms

--- 2a00:1450:4001:82f::2003 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 23.212/23.212/23.212/0.000 ms

I can override this for ping with the -S switch and force it to use a site-local source address
(which is 1-2 ms faster):

Code: 
$ ping -S fd00::111 -c 1  2a00:1450:4001:82f::2003
PING6(56=40+8+8 bytes) fd00::111 --> 2a00:1450:4001:82f::2003
16 bytes from 2a00:1450:4001:82f::2003, icmp_seq=0 hlim=60 time=21.221 ms

--- 2a00:1450:4001:82f::2003 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 21.221/21.221/21.221/0.000 ms

The problem is, firefox does not have such a -S switch. :(
They say, they do not bother and just let the routing layer (aka TCP stack) decide it all.

I tried to modify /etc/ip6addrctl.conf and remove any difference beween site-local and global addresses from there, but that does not change the behaviour. It doesn't seem to come from there.
 
Last edited:
Even if -S were to exist for a browser, it would be utterly stupid to bind it permanently to a site-local address (unless really all browser's traffic runs via proxy).
Are you sure that actually reached a Google server using a site-local source address in another city? How did you check that ping(1)'s output did not dupe you?
 
Incnis Mrsi said:
Even if -S were to exist for a browser, it would be utterly stupid to bind it permanently to a site-local address (unless really all browser's traffic runs via proxy).
Click to expand...
No proxy. Prefix translation (rfc 6296).

I have a couple of HE tunnels, and I route through one that currently happens to be upstate. So the browser needs to use a source address that belongs to that respective tunnel. But the browser does not know this, so the browser should use the site-local address, while routing and translation happens at the outbound point.

Incnis Mrsi said:
Are you sure that actually reached a Google server using a site-local source address in another city? How did you check that ping(1)'s output did not dupe you?
Click to expand...
Sure I know what I'm doing. ;)

BTW: the site-local prefix "FD" is hardcoded into firefox and needs to be patched there:
Code: 
--- netwerk/base/IPv6Utils.h.orig       2022-05-23 19:12:39.000000000 +0200
+++ netwerk/base/IPv6Utils.h    2022-06-27 22:13:25.132408000 +0200
@@ -22,7 +22,11 @@
   unsigned short w = (unsigned short)((b[0] << 8) | b[1]);
 
   if ((b[0] & 0xFE) == 0xFC) {
-    return IPV6_SCOPE_UNIQUELOCAL;
+    if(!getenv("FF_SITELOCAL_IS_GLOBAL")){
+      return IPV6_SCOPE_UNIQUELOCAL;
+    } else {
+      return IPV6_SCOPE_GLOBAL;
+    }
   }
   switch (w & 0xFFC0) {
     case 0xFE80:
 
You must log in or register to reply here.
Back
Top