Bug 245148

Summary:

ifconfig(8) tunnel destination not respecting CLI specified address_family

Product:

Base System

Reporter:

Jason Unovitch <junovitch>

Component:

bin

Assignee:

freebsd-net (Nobody) <net>

Status:

New ---

Severity:

Affects Some People

Priority:

---

Version:

12.1-STABLE

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Proof of concept to pass getaddrinfo(3) hints	none

Description Jason Unovitch freebsd_committer

2020-03-28 19:16:11 UTC

The following is observed on pfSense and the root cause appears to be ifconfig(8) does not make use of the specified "inet" or "inet6" when checking and setting tunnel remote destinations.

/status_services.php: The command '/sbin/ifconfig 'ipsec1000' inet tunnel 'x.x.x.203' 'distantend.example.com' up' returned exit code '1', the output was 'ifconfig: source and destination address families do not match'


Please see below for a simple point to point/same LAN configuration where this can be reproduced.

Host 1 configuration: "vm1"

/etc/hosts
10.100.82.107           vm2
x:x:x:x:a00:27ff:fe64:d5bd vm2

Host 2 configuration: "vm2"

/etc/hosts
10.100.82.105           vm1
x:x:x:x:a00:27ff:fec9:1f9e vm1

Host 1 CLI prep:

root@vm1:~ # ifconfig gre0 create
root@vm1:~ # ifconfig gre0 inet 10.0.0.1/30 10.0.0.2
root@vm1:~ # ifconfig gre0 inet tunnel 10.100.82.105 10.100.82.107

Host 2 CLI prep:

root@vm2:~ # ifconfig gre0 create
root@vm2:~ # ifconfig gre0 inet 10.0.0.2/30 10.0.0.1
root@vm2:~ # ifconfig gre0 inet tunnel 10.100.82.107 10.100.82.105
root@vm2:~ # ping -c 1 10.0.0.1

This produces a working configuration.  But in an environment with dual stack as in the case of my pfSense router the hostname fails to properly resolve respecting the passed 'inet' flag.

Host 2 (unpatched):

root@vm2:~ # ifconfig gre0 inet tunnel 10.100.82.107 vm1
ifconfig: source and destination address families do not match
root@vm2:~ # ifconfig gre0 inet6 tunnel x:x:x:x:a00:27ff:fe64:d5bd vm1

Host 1 (patched to pass getaddrinfo hints):

root@vm1:/usr/src/sbin/ifconfig # ifconfig gre0 inet tunnel 10.100.82.105 vm2
root@vm1:/usr/src/sbin/ifconfig # ifconfig gre0
gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1476
        options=80000<LINKSTATE>
        tunnel inet 10.100.82.105 --> 10.100.82.107
        inet6 fe80::a00:27ff:fec9:1f9e%gre0 prefixlen 64 scopeid 0x3
        inet 10.0.0.1 --> 10.0.0.2 netmask 0xfffffffc
        groups: gre
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
root@vm1:/usr/src/sbin/ifconfig # ifconfig gre0 inet6 tunnel x:x:x:x:a00:27ff:fec9:1f9e vm2
root@vm1:/usr/src/sbin/ifconfig # ifconfig gre0
gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1476
        options=80000<LINKSTATE>
        tunnel inet6 x:x:x:x:a00:27ff:fec9:1f9e --> x:x:x:x:a00:27ff:fe64:d5bd
        inet6 fe80::a00:27ff:fec9:1f9e%gre0 prefixlen 64 scopeid 0x3
        inet 10.0.0.1 --> 10.0.0.2 netmask 0xfffffffc
        groups: gre
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Comment 1 Jason Unovitch freebsd_committer

2020-03-28 19:17:47 UTC

Created attachment 212811 [details]
Proof of concept to pass getaddrinfo(3) hints

Simplistic proof of concept attached.  This is not my expertise in any way so please advise on a better solution.