kern/157239: ipfw + dummynet corrupts ipv6 packets
Jan Bramkamp
crest at tzi.de
Sat May 21 14:00:27 UTC 2011
>Number: 157239
>Category: kern
>Synopsis: ipfw + dummynet corrupts ipv6 packets
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat May 21 14:00:21 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Jan Bramkamp
>Release: 8.2-RELEASE
>Organization:
>Environment:
FreeBSD test7.crest.dn42 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
Setting two boxes up as described 'how to repeat' results in all IPv6 packets matching rule 100 leaving corrupted with invalid IPv6 option headers (header type = 64 or 255).
>How-To-Repeat:
# Reproduce 8.2-RELEASE amd64
# on both boxes /etc/rc.conf
# ipv6_enable="YES"
# ipv6_gateway_enable="YES"
# box1 <--ethernet--> box2
# box1:
ifconfig em0 inet6 fc00::1
# box2:
ifconfig re0 inet6 fc00::2
# box1:
ping6 fc00::2 # works, tcpdump shows icmp6 traffic
# box1:
ping6 fc00::2 # works, tcpdump shows icmp6 traffic
# box1:
kldload ipfw && kldload dummynet
ipfw pipe 1 config
ipfw add 100 pipe 1 ip6 from fc00::/64 to fc00::/64 out via em0
ipfw add 200 allow ip from any to any
# box2:
ping6 fc00::2 # broken
# box1:
ping6 fc00::1 # broken
# box1:
sysctl net.inet.ip.fw.one_pass=0
sysctl net.inet6.ip6.fw.deny_unknown_exthdrs=0 # packets leave corrupted
>Fix:
unknown
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list