kern/103415: IPv6 packets arriving to stf are not accepted
JINMEI Tatuya
jinmei at kame.net
Tue Sep 19 22:40:22 PDT 2006
>Number: 103415
>Category: kern
>Synopsis: IPv6 packets arriving to stf are not accepted
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 20 05:40:21 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: JINMEI Tatuya
>Release: FreeBSD 6.2-PRERELEASE i386
>Organization:
KAME Project
>Environment:
System: FreeBSD impact.jinmei.org 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #1: Wed Sep 20 01:43:54 JST 2006 jinmei at impact.jinmei.org:/local/usr.local/freebsd/src-6.1S/sys/i386/compile/GBDE i386
>Description:
Recent FreeBSD kernels (6-STABLE and probably 5-STABLE also) fail to
accept IPv6 packets assigned on an stf (6to4) interface of the
receiving node.
This is a (buggy) side-effect of a fix to netinet6/in6.c (rev. 1.61).
With this fix the in6_ifaddr structure corresponding to the IPv6
address configured on the stf interface won't have the ifa_rtrequest
function (since nd6_need_cache() returns false for the interface). As
a side-effect that was not expected at that time, the loopback route
to the configured address generated via in6_ifaddloop() is not
installed properly.
ip6_input() requires the loopback route to accept incoming packets to
the receiving node, so this change caused the problem reported here.
>How-To-Repeat:
# ifconfig stf0 create
# ifconfig stf0 inet6 2002:c000:0201::1 prefixlen 16
% ping6 2002:c000:0201::1
And you'll notice the ping6 doesn't receive the echo-replies.
netstat -s -p ip6 should indicate the echo-requests are dropped in
ip6_input().
>Fix:
Apply the patch below.
Index: in6.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6.c,v
retrieving revision 1.51.2.9
diff -u -r1.51.2.9 in6.c
--- in6.c 17 Jun 2006 17:58:33 -0000 1.51.2.9
+++ in6.c 20 Sep 2006 05:35:05 -0000
@@ -1720,8 +1720,12 @@
/* we could do in(6)_socktrim here, but just omit it at this moment. */
- if (newhost && nd6_need_cache(ifp) != 0) {
- /* set the rtrequest function to create llinfo */
+ if (newhost) {
+ /*
+ * set the rtrequest function to create llinfo. It also
+ * adjust outgoing interface of the route for the local
+ * address when called via in6_ifaddloop() below.
+ */
ia->ia_ifa.ifa_rtrequest = nd6_rtrequest;
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list