Set the interface of non-interface aware commands.
Hello,
I am experimenting with link-local addresses for ipv6 p2p tunnels.
These are very nice to use because they also prevent leaking data to other interfaces.
However, while on most commands i can specify the interface by appending %interface to the address, some do not accept it. As such, packets never come out of the correct interface.
i was thinking about adding a route to the single IP address of the host on the other side ip -6 route add fe80::1010/128 dev eth3 but it looks like this does not affect anything and an interface still needs to be defined.
Is there any kind of mechanism to define the default interface system-wide or command-wide (maybe some wrapper?) without having to fiddle around with iptables or similar?
Comments
There are some LD_PRELOAD libraries, although that only works with dynamically linked programs (and maybe only with glibc), and there is the (rather complex) possibility to use network namespaces. But AFAIK there is no simple solution.
Yeah probably with namespaces:
Somewhat off-topic, did you mention that because of this VPN-for-privacy attack, that circumvents VPN-interfaces by creating rogue higher-priority routes? I read about that on Arstechnica. What's your impression?
In that case link-local addresses are not routable so you cannot add a rogue route to them.
Programs that do not accept %interface for ipv6 have not been developed to work with link-local addresses. Such programs most likely use the getaddrinfo() function that will return an error for link-local address without interface specifying, and your program will not send any packets in this case. Even if they directly use syscalls, for example, sendto(), it will also expect an interface in socket structure, and overall behavior will be the same. And this can't be solved with any kind of routes/firewall forwarding.
Sad. At the end i had to make a whole RFC4193 subnet