On Sat, Jul 07, 2001 at 10:04:19AM +0300, Pekka Savola wrote:
> On Sat, 7 Jul 2001, Kurt Roeckx wrote:
> > Jul 5 19:05:51 thunderbird kernel: ICMP NDISC: fake message with
> > non-255 Hop Limit received: 249
>
> The specs require that all IPv6 neighbour discovery messages MUST be
> originated in the same network. In your case, you're getting these
> messages from over the Internet.
It says that any node should silenty drop any with a hop
different then 255. It seems Linux is the only that drops it,
although not silently.
> Still, I'd suggest getting tcpdump 3.6.2 (compiled with ipv6), and
> capturing the traffic a bit if this happens again:
>
> # tcpdump -n -s 512 -vvv icmp6
>
> If you do capture something, please also describe your network topology.
It suddenly got very bad. I already have 44K of those packets in
the log.
They look like this:
12:15:29.332636 3ffe:8100:100:a::71d > 3ffe:80c0:220::b: icmp6:
neighbor sol: who has 3ffe:80c0:220::b (len 24, hlim 251)
This box I'm on only has 1 tunnel, and it's a /128. The user
from this packet is a tunnel broker user, which also has a /128.
All hosts between me and that users cisco router are running
FreeBSD, afaik.
>From what I understand, all hosts in between should have dropped
that packet for 2 reasons:
- The hop != 255
- It's not a multicast address. It should have send a packet
to ff02::1:0:b
Is that correct?
I tried to contact the end users, but none of them replied yet.
Do you have any question you would like me to ask them?
Kurt
PS: Please CC me, I'm not on the list.
|