What is this sit0 device?

Question

I'm setting my computer (running Debian Buster) up for Hurricane Electric's IPv6 tunnel broker. They provide instructions for several configuration methods, but here's for iproute2, which I've been using for testing purposes:

ip tunnel add he-ipv6 mode sit remote 216.66.22.2 local <local-IP-addr> ttl 255
ip link set he-ipv6 up
ip addr add <IPv6-addr>/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

When I do this, a mysterious sit0 interface also appears. Clearly, it's something related to 6in4 tunneling, but I can't find much more about it except that it's somehow special and it exists whenever the sit module is loaded. Out of curiosity, I tried to configure it for the tunnel broker instead of creating a new interface, but it didn't seem to be able to do that.

What is this device?

Answer 1

Based on information I've found in this blog post from Red Hat, I think I understand the purpose. (I'm not a Linux networking expert, so if anyone more knowledgeable sees any mistakes, feel free to correct me in the comments or post your own answer.)

First, some background:

A sit device is a type of virtual network device that takes your IPv6 traffic, encapsulates/decapsulates it in IPv4 packets, and sends/receives it over the IPv4 Internet to another host (e.g. your IPv6 tunnel broker). The outer packets have a special protocol number: 41. (This is like a port number, but at the IP layer instead of the TCP/UDP layer.)

• Sending is fairly straightforward: The sit device has a local and remote IPv4 address associated with it, and these become the source and destination address in the outer IPv4 header. (The source address can also be "any" or 0.0.0.0, in which case Linux will pick a source address for you, based on the IPv4 interface the encapsulated packet is sent from.)

• Receiving is only slightly more complicated: When a protocol 41 packet arrives, Linux needs to determine which sit device it belongs to. It does this by looking at the packet's outer IPv4 source and destination addresses. It compares these against the local and remote addresses for each sit device, and whichever one matches is the device that gets the packet and decapsulates it.

How sit0 comes into play:

You might wonder what happens when Linux receives a protocol 41 packet that doesn't match any of the sit devices (e.g. it came from some random address). In this case, it gets delivered to sit0.

sit0 is a special "fallback" device set up by the sit kernel module to handle just these packets. It has local and remote addresses set to 0.0.0.0 (i.e. "any") and it's not attached to any particular physical device, so it will accept any protocol 41 packet that's not already handled by some other sit device.

Is this useful? Maybe in specific circumstances, but I imagine in the vast majority of cases, you would want to drop such packets. I'm not sure why it's not left up to the administrator whether such a catch-all device should be created. Perhaps there is some historical reason.