Bug 245148 - ifconfig(8) tunnel destination not respecting CLI specified address_family
Summary: ifconfig(8) tunnel destination not respecting CLI specified address_family
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.1-STABLE
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-net (Nobody)
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2020-03-28 19:16 UTC by Jason Unovitch
Modified: 2020-03-29 02:28 UTC (History)
0 users

See Also:


Attachments
Proof of concept to pass getaddrinfo(3) hints (1013 bytes, patch)
2020-03-28 19:17 UTC, Jason Unovitch
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Unovitch freebsd_committer 2020-03-28 19:16:11 UTC
The following is observed on pfSense and the root cause appears to be ifconfig(8) does not make use of the specified "inet" or "inet6" when checking and setting tunnel remote destinations.

/status_services.php: The command '/sbin/ifconfig 'ipsec1000' inet tunnel 'x.x.x.203' 'distantend.example.com' up' returned exit code '1', the output was 'ifconfig: source and destination address families do not match'


Please see below for a simple point to point/same LAN configuration where this can be reproduced.

Host 1 configuration: "vm1"

/etc/hosts
10.100.82.107           vm2
x:x:x:x:a00:27ff:fe64:d5bd vm2

Host 2 configuration: "vm2"

/etc/hosts
10.100.82.105           vm1
x:x:x:x:a00:27ff:fec9:1f9e vm1

Host 1 CLI prep:

root@vm1:~ # ifconfig gre0 create
root@vm1:~ # ifconfig gre0 inet 10.0.0.1/30 10.0.0.2
root@vm1:~ # ifconfig gre0 inet tunnel 10.100.82.105 10.100.82.107

Host 2 CLI prep:

root@vm2:~ # ifconfig gre0 create
root@vm2:~ # ifconfig gre0 inet 10.0.0.2/30 10.0.0.1
root@vm2:~ # ifconfig gre0 inet tunnel 10.100.82.107 10.100.82.105
root@vm2:~ # ping -c 1 10.0.0.1

This produces a working configuration.  But in an environment with dual stack as in the case of my pfSense router the hostname fails to properly resolve respecting the passed 'inet' flag.

Host 2 (unpatched):

root@vm2:~ # ifconfig gre0 inet tunnel 10.100.82.107 vm1
ifconfig: source and destination address families do not match
root@vm2:~ # ifconfig gre0 inet6 tunnel x:x:x:x:a00:27ff:fe64:d5bd vm1

Host 1 (patched to pass getaddrinfo hints):

root@vm1:/usr/src/sbin/ifconfig # ifconfig gre0 inet tunnel 10.100.82.105 vm2
root@vm1:/usr/src/sbin/ifconfig # ifconfig gre0
gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1476
        options=80000<LINKSTATE>
        tunnel inet 10.100.82.105 --> 10.100.82.107
        inet6 fe80::a00:27ff:fec9:1f9e%gre0 prefixlen 64 scopeid 0x3
        inet 10.0.0.1 --> 10.0.0.2 netmask 0xfffffffc
        groups: gre
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
root@vm1:/usr/src/sbin/ifconfig # ifconfig gre0 inet6 tunnel x:x:x:x:a00:27ff:fec9:1f9e vm2
root@vm1:/usr/src/sbin/ifconfig # ifconfig gre0
gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1476
        options=80000<LINKSTATE>
        tunnel inet6 x:x:x:x:a00:27ff:fec9:1f9e --> x:x:x:x:a00:27ff:fe64:d5bd
        inet6 fe80::a00:27ff:fec9:1f9e%gre0 prefixlen 64 scopeid 0x3
        inet 10.0.0.1 --> 10.0.0.2 netmask 0xfffffffc
        groups: gre
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Comment 1 Jason Unovitch freebsd_committer 2020-03-28 19:17:47 UTC
Created attachment 212811 [details]
Proof of concept to pass getaddrinfo(3) hints

Simplistic proof of concept attached.  This is not my expertise in any way so please advise on a better solution.