It seems there is a bug in tap.

In systems derived from 4.4BSD, the connected route should appear
automatically when adding an address. I would say it's a bug for
systems that have the concept of cloning route not to add it
automatically when configuring an address.

summary: I tried to replicate on sparc64. Both it and i386 seem to work
correctly.
up is implied by an address. Probably if you did up bare first, you'd
see the fe80:: routes.
This seems right.
This one seems wrong. I have no such entry but instead have an ND cache
entry. I suspect this and the missing cloning route are related.
I have those (well, 7 not 9, but that's the ifindex I'm pretty sure).
It is perhaps not disappearing, but not getting added.

Run 'route -n monitor' during this whole exercise to see what happens.
Note that you are doing this on sparc64, which is LP64, and big endian.
I predict that this will turn out to matter (but mine works).
What hardware?
The /56 route doesn't seem wrong, but I asked because it seems
unnecessary to illustrate the problem and I thought perhaps there was
something else that might turn out to matter.
I didn't mean to complain about what you sent so much as suggest that
looking more broadly would be helpful. Often I figure things out when
something I didn't think to look at jumps out at me. That leads me to
the general strategy of looking at everything and then filtering.
That UHL route on lo0 also seems wrong, but I suspect that it's a
consequence of the cloning route not getting added.
I just did this on a sparc64 running 5.1_RC3. (I know that's old, and I
will update to recent netbsd-5 and can try again if you're still having
trouble.). After "ifconfig tap0 inet6 2001:db8::1", diff -u of "netstat
-nr -f inet6" taken before and after shows:

+2001:db8::/64 link#7 UC 0 0 - tap0 =>

and route -n monitor showed (annotated):

got message of size 24 on Fri Sep 16 20:29:41 2011
RTM_IFANNOUNCE: iface arrival/departure: len 24, if# 7, what: arrival

From 'ifconfig tap0 create'

got message of size 108 on Fri Sep 16 20:29:55 2011
RTM_NEWADDR: address being added to iface: len 108, metric 0, flags:
sockaddrs: <NETMASK,IFP,IFA>
ffff:ffff:ffff:ffff:: tap0:f2.b.a4.0.d.3e 2001:db8::1

adding the address (a /64)

got message of size 168 on Fri Sep 16 20:29:55 2011
RTM_ADD: Add Route: len 168, pid 0, seq 0, errno 0, flags: <UP,HOST,LLINFO>
locks: inits:
sockaddrs: <DST,GATEWAY>
2001:db8::1 f2.b.a4.0.d.3e

adding the ND entry for ourselves, which ndp -an shows as:
2001:db8::1 f2:0b:a4:00:0d:3e tap0 permanent R

got message of size 248 on Fri Sep 16 20:29:55 2011
RTM_ADD: Add Route: len 248, pid 0, seq 0, errno 0, flags: <UP,DONE,CLONING>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
2001:db8:: ffff:ffff:ffff:ffff:: tap0:f2.b.a4.0.d.3e 2001:db8::1

This is the cloning route above.

got message of size 108 on Fri Sep 16 20:29:55 2011
RTM_NEWADDR: address being added to iface: len 108, metric 0, flags:
sockaddrs: <NETMASK,IFP,IFA>
ffff:ffff:ffff:ffff:: tap0:f2.b.a4.0.d.3e fe80::f00b:a4ff:fe00:d3e%tap0
got message of size 168 on Fri Sep 16 20:29:55 2011

link-local. apparently this is happening because the interface comes up
when I gave it an inet6 address

RTM_ADD: Add Route: len 168, pid 0, seq 0, errno 0, flags: <UP,HOST,LLINFO>
locks: inits:
sockaddrs: <DST,GATEWAY>
fe80::f00b:a4ff:fe00:d3e%tap0 f2.b.a4.0.d.3e
got message of size 248 on Fri Sep 16 20:29:55 2011

ND entry for our link-local address.

RTM_ADD: Add Route: len 248, pid 0, seq 0, errno 0, flags: <UP,DONE,CLONING>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
fe80::%tap0 ffff:ffff:ffff:ffff:: tap0:f2.b.a4.0.d.3e 2001:db8::1

link-local cloning route.


I deleted the 2001:db8::1 address, and on re-adding it, I see only
NEWADDR, ADD of ND entry and ADD of cloning route. Which all seems
fine.

So the big mystery is why your machine is not adding the cloning route.

Are you using that prefix on any other interface (you can't)???

Hi,

first of all, thanks for your insights. Learned a lot today
("route -n monitor" and the "cloning" route stuff).
Things seem to be a bit more complicated than thought...

I rebooted (to test whether different values of ip6mode have an effect,
and to clear whatever garbage my previous route/ifconfig fumbling might
have left somewhere), and that makes it work "for a while"(!):

# date
Sat Sep 17 09:14:57 CEST 2011
# ifconfig tap0 create
# ifconfig tap0 inet6 2001:608:4:a053::1:0/64
# date
Sat Sep 17 09:15:32 CEST 2011
# netstat -rn -f inet6 |grep :4:
2001:608:4:a053::/64 link#3 UC 0 0 - tap0
2001:608:4:a053::1:0 f2:0b:a4:00:02:7f UHL 0 0 - lo0

(I seem to get these "UHL / lo0" entries for all "local ip address"
values)

... and after a while:

# date
Sat Sep 17 09:19:16 CEST 2011
# netstat -rn -f inet6 |grep :4:
2001:608:4:a053::1:0 f2:0b:a4:00:02:7f UHL 0 0 - lo0

... and when that happens, it will stay that way "no /64 UC" even if
I destroy and recreate the tap0.


"route -n monitor" shows the withdrawal of the /64 UC route:

got message of size 248 on Sat Sep 17 09:19:05 2011
RTM_DELETE: Delete Route: len 248, pid 0, seq 0, errno 0, flags: <DONE,CLONING>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
2001:608:4:a053:: ffff:ffff:ffff:ffff:: tap0:f2.b.a4.0.2.7f 2001:608:4:a053::1:0
got message of size 108 on Sat Sep 17 09:19:05 2011
RTM_NEWADDR: address being added to iface: len 108, metric 0, flags:
sockaddrs: <NETMASK,IFP,IFA>
ffff:ffff:ffff:ffff:: hme0:8.0.20.c0.ff.ee 2001:608:8003:0:a00:20ff:fec0:ffee
got message of size 168 on Sat Sep 17 09:19:05 2011
RTM_ADD: Add Route: len 168, pid 0, seq 0, errno 0, flags: <UP,HOST,LLINFO>
locks: inits:
sockaddrs: <DST,GATEWAY>
2001:608:8003:0:a00:20ff:fec0:ffee 8.0.20.c0.ff.ee


... and that makes me suspect it has to do with "ip6mode=autohost", as
the tap0 route disappears the very moment a SLAAC'ed IPv6 address shows
up on hme0.


Trying again with "ip6mode=host"...

$ netstat -rn |grep :4:
2001:608:4:a053::/64 link#3 UC 0 0 - tap0
2001:608:4:a053::1:0 f2:0b:a4:00:04:a6 UHL 0 0 - lo0

... waiting for incoming RA...

09:31:33.962892 IP6 fe80::21d:73ff:feb1:919c > ff02::1: ICMP6, router advertisement, length 80

... route still there!

***@zeta.medat.de:/home/gert$ netstat -rn |grep :4:
2001:608:4:a053::/64 link#3 UC 0 0 - tap0
2001:608:4:a053::1:0 f2:0b:a4:00:04:a6 UHL 0 0 - lo0

... and in this scenario, OpenVPN-on-TAP does what I want (and the extra
"route" statement for the connected /64 properly gets rejected with
"route: writing to routing socket: File exists")


So now this brings up more questions :-)

- what exactly does "ip6mode=autohost" change?
- should it have this effect (UC routes on interface A going away
if a RA is seen on interface B, while the ipv6 address is still there)?


[..]
I see "UHL... lo0" routes for all IPv6 addresses that the system has,
and "UHLc" for ND (+arp) cache entries:

$ netstat -rn |grep UHL
10.100.53.1 6e:02:b7:bc:b7:1d UHLc 1 60 - tap0
172.30.1.1 e4:1f:13:8e:80:b0 UHLc 0 32 - hme0
172.30.1.5 e4:1f:13:8e:80:b0 UHLc 4 6179 - hme0
172.30.1.199 00:a0:f9:00:7c:fa UHLc 1 0 - hme0
2001:608:4:a053::1 6e:02:b7:bc:b7:1d UHLc 2 8 - tap0
2001:608:4:a053::1:0 f2:0b:a4:00:0a:32 UHL 1 0 - lo0
2001:608:8003::beef 08:00:20:c0:ff:ee UHL 0 0 - lo0
2001:608:8003::ffff 00:1d:73:b1:91:9c UHLc 1 14 - hme0
fe80::21d:73ff:feb1:919c%hme0 00:1d:73:b1:91:9c UHLc 0 45 - hme0
fe80::a00:20ff:fec0:ffee%hme0 08:00:20:c0:ff:ee UHL 0 0 - lo0
fe80::1%lo0 link#2 UHL 0 0 - lo0
fe80::f00b:a4ff:fe00:a32%tap0 f2:0b:a4:00:0a:32 UHL 0 0 - lo0


... I have no idea whether it should be that way or not, but it's
the same on other NetBSD machines I've checked.

[..]
Can't test on anything else, but this morning's test hint at "autohost"
side effects...

[..]
Also Sparc64. Right now, I don't have an i386 installation available.

But that machine has "ip6mode=host" (default setting).

[..]
Does this system has IPv6 on another interface, with incoming router
advertisements? How is "ip6mode" set? (Just cross-checking).

thanks again,

gert

Is the prefix you are using on the tap different than the one on your
real interface?

ip6mode=autohost is supposed to, more or less, configure a system to
accept router advertisements
send router solicitations

I think there's a general notion in the specs that an autoconfigured
host is only allowed to have one interface. But the kernel behavior
seems bad.

You can probably look at the code:
~/NetBSD-current/src/sys > egrep accept_rtadv */*.c

and maybe this will become clearer.
I see "UHL... lo0" routes for all IPv6 addresses that the system has,
and "UHLc" for ND (+arp) cache entries:

Sorry, I see those too, which makes sense.
Can't test on anything else, but this morning's test hint at "autohost"
side effects...

I withdraw my prediction :-)

Does this system has IPv6 on another interface, with incoming router
advertisements? How is "ip6mode" set? (Just cross-checking).

The system is an IPv6 router, with ip6mode=router. (That's all it
does, basically.)