kern/127057: Unable to send UDP packet via IPv6 socket to IPv4
mapped address
Marcin Cieslak
saper at SYSTEM.PL
Wed Sep 3 02:30:02 UTC 2008
>Number: 127057
>Category: kern
>Synopsis: Unable to send UDP packet via IPv6 socket to IPv4 mapped address
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 03 02:30:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Marcin Cieslak
>Release: FreeBSD 7.0-STABLE amd64
>Organization:
http://saper.info
>Environment:
System: FreeBSD radziecki.saper.info 7.0-STABLE FreeBSD 7.0-STABLE #0: Wed Jul 23 05:06:20 CEST 2008 saper at radziecki.saper.info:/usr/obj/usr/bsd/build/sys/VAIO amd64
$FreeBSD: src/sys/netinet6/dest6.c,v 1.11 2007/07/05 16:23:46 delphij Exp $
$FreeBSD: src/sys/netinet6/frag6.c,v 1.33 2007/07/05 16:29:39 delphij Exp $
$FreeBSD: src/sys/netinet6/icmp6.c,v 1.80 2007/07/05 16:29:39 delphij Exp $
$FreeBSD: src/sys/netinet6/icmp6.h,v 1.6 2000/07/04 16:35:09 itojun Exp $
$FreeBSD: src/sys/netinet6/in6.c,v 1.73.2.1 2008/03/09 19:01:50 bz Exp $
$FreeBSD: src/sys/netinet6/in6.h,v 1.51 2007/07/19 09:16:40 bz Exp $
$FreeBSD: src/sys/netinet6/in6_cksum.c,v 1.16 2007/07/05 16:23:47 delphij Exp $
$FreeBSD: src/sys/netinet6/in6_gif.c,v 1.29 2007/07/05 16:29:39 delphij Exp $
$FreeBSD: src/sys/netinet6/in6_gif.h,v 1.7 2005/01/07 02:30:34 imp Exp $
$FreeBSD: src/sys/netinet6/in6_ifattach.c,v 1.39 2007/07/05 16:23:47 delphij Exp $
$FreeBSD: src/sys/netinet6/in6_ifattach.h,v 1.7 2005/10/21 16:23:00 suz Exp $
$FreeBSD: src/sys/netinet6/in6_pcb.c,v 1.84.2.2 2008/04/27 14:39:32 rwatson Exp $
$FreeBSD: src/sys/netinet6/in6_pcb.h,v 1.19 2007/05/11 10:20:50 rwatson Exp $
$FreeBSD: src/sys/netinet6/in6_proto.c,v 1.46 2007/07/05 16:29:39 delphij Exp $
$FreeBSD: src/sys/netinet6/in6_rmx.c,v 1.18 2007/07/05 16:29:39 delphij Exp $
$FreeBSD: src/sys/netinet6/in6_src.c,v 1.46.2.1 2008/03/08 23:45:39 bz Exp $
$FreeBSD: src/sys/netinet6/in6_var.h,v 1.31 2007/06/02 08:02:36 jinmei Exp $
$FreeBSD: src/sys/netinet6/ip6.h,v 1.5 2000/07/04 16:35:09 itojun Exp $
$FreeBSD: src/sys/netinet6/ip6_ecn.h,v 1.6 2005/01/07 02:30:34 imp Exp $
$FreeBSD: src/sys/netinet6/ip6_forward.c,v 1.40 2007/07/05 16:29:40 delphij Exp $
$FreeBSD: src/sys/netinet6/ip6_id.c,v 1.8 2007/07/05 16:23:47 delphij Exp $
$FreeBSD: src/sys/netinet6/ip6_input.c,v 1.95 2007/07/05 16:29:40 delphij Exp $
$FreeBSD: src/sys/netinet6/ip6_ipsec.c,v 1.6.2.2 2008/03/21 23:08:36 bz Exp $
$FreeBSD: src/sys/netinet6/ip6_ipsec.h,v 1.2.2.1 2008/03/21 23:03:32 bz Exp $
$FreeBSD: src/sys/netinet6/ip6_mroute.c,v 1.46 2007/07/05 16:29:40 delphij Exp $
$FreeBSD: src/sys/netinet6/ip6_mroute.h,v 1.12 2007/07/05 16:29:40 delphij Exp $
$FreeBSD: src/sys/netinet6/ip6_output.c,v 1.109.2.6 2008/03/21 23:22:06 bz Exp $
$FreeBSD: src/sys/netinet6/ip6_var.h,v 1.39.2.1 2008/03/09 19:01:50 bz Exp $
$FreeBSD: src/sys/netinet6/ip6protosw.h,v 1.13 2005/01/07 02:30:34 imp Exp $
$FreeBSD: src/sys/netinet6/mld6.c,v 1.31 2007/07/05 16:29:40 delphij Exp $
$FreeBSD: src/sys/netinet6/mld6_var.h,v 1.7 2005/10/21 16:23:00 suz Exp $
$FreeBSD: src/sys/netinet6/nd6.c,v 1.83.2.1 2007/10/30 18:03:50 jhb Exp $
$FreeBSD: src/sys/netinet6/nd6.h,v 1.21 2005/10/21 16:23:00 suz Exp $
$FreeBSD: src/sys/netinet6/nd6_nbr.c,v 1.47 2007/07/05 16:29:40 delphij Exp $
$FreeBSD: src/sys/netinet6/nd6_rtr.c,v 1.36 2007/07/05 16:29:40 delphij Exp $
$FreeBSD: src/sys/netinet6/pim6.h,v 1.3 2005/01/07 02:30:35 imp Exp $
$FreeBSD: src/sys/netinet6/pim6_var.h,v 1.5 2005/08/10 07:10:02 obrien Exp $
$FreeBSD: src/sys/netinet6/raw_ip6.c,v 1.73.2.1 2008/03/09 19:01:50 bz Exp $
$FreeBSD: src/sys/netinet6/raw_ip6.h,v 1.2 2005/01/07 02:30:35 imp Exp $
$FreeBSD: src/sys/netinet6/route6.c,v 1.14 2007/07/05 16:23:48 delphij Exp $
$FreeBSD: src/sys/netinet6/scope6.c,v 1.17 2007/07/05 16:23:48 delphij Exp $
$FreeBSD: src/sys/netinet6/scope6_var.h,v 1.5 2005/07/25 12:31:42 ume Exp $
$FreeBSD: src/sys/netinet6/sctp6_usrreq.c,v 1.41.2.1 2008/04/29 09:26:32 rrs Exp $
$FreeBSD: src/sys/netinet6/sctp6_var.h,v 1.8 2007/09/13 10:36:43 rrs Exp $
$FreeBSD: src/sys/netinet6/tcp6_var.h,v 1.7 2005/01/07 02:30:35 imp Exp $
$FreeBSD: src/sys/netinet6/tcp6_var.h,v 1.7 2005/01/07 02:30:35 imp Exp $
$FreeBSD: src/sys/netinet6/udp6_usrreq.c,v 1.81.2.1 2008/03/09 19:01:50 bz Exp $
$FreeBSD: src/sys/netinet6/udp6_var.h,v 1.9 2007/07/23 07:58:58 rwatson Exp $
net.inet6.ip6.forwarding: 0
net.inet6.ip6.redirect: 1
net.inet6.ip6.hlim: 64
net.inet6.ip6.maxfragpackets: 6400
net.inet6.ip6.accept_rtadv: 0
net.inet6.ip6.keepfaith: 0
net.inet6.ip6.log_interval: 5
net.inet6.ip6.hdrnestlimit: 15
net.inet6.ip6.dad_count: 1
net.inet6.ip6.auto_flowlabel: 1
net.inet6.ip6.defmcasthlim: 1
net.inet6.ip6.gifhlim: 30
net.inet6.ip6.kame_version: FreeBSD
net.inet6.ip6.use_deprecated: 1
net.inet6.ip6.rr_prune: 5
net.inet6.ip6.v6only: 0
net.inet6.ip6.rtexpire: 3600
net.inet6.ip6.rtminexpire: 10
net.inet6.ip6.rtmaxcache: 128
net.inet6.ip6.use_tempaddr: 0
net.inet6.ip6.temppltime: 86400
net.inet6.ip6.tempvltime: 604800
net.inet6.ip6.auto_linklocal: 1
net.inet6.ip6.prefer_tempaddr: 0
net.inet6.ip6.use_defaultzone: 0
net.inet6.ip6.maxfrags: 6400
net.inet6.ip6.mcast_pmtu: 0
net.inet6.ip6.fw.enable: 1
net.inet6.ip6.fw.deny_unknown_exthdrs: 1
net.inet6.ipsec6.def_policy: 1
net.inet6.ipsec6.esp_trans_deflev: 1
net.inet6.ipsec6.esp_net_deflev: 1
net.inet6.ipsec6.ah_trans_deflev: 1
net.inet6.ipsec6.ah_net_deflev: 1
net.inet6.ipsec6.ecn: 0
net.inet6.ipsec6.debug: 0
net.inet6.ipsec6.esp_randpad: -1
net.inet6.icmp6.rediraccept: 1
net.inet6.icmp6.redirtimeout: 600
net.inet6.icmp6.nd6_prune: 1
net.inet6.icmp6.nd6_delay: 5
net.inet6.icmp6.nd6_umaxtries: 3
net.inet6.icmp6.nd6_mmaxtries: 3
net.inet6.icmp6.nd6_useloopback: 1
net.inet6.icmp6.nodeinfo: 3
net.inet6.icmp6.errppslimit: 100
net.inet6.icmp6.nd6_maxnudhint: 0
net.inet6.icmp6.nd6_debug: 0
net.inet6.icmp6.nd6_maxqueuelen: 1
>Description:
Calling bind() with an unspecified IPv6 address followed by connect() to an IPv4
mapped address causes EINVAL in sendto()
Same also on an i386 machine.
I think this problem is also concerning TCP.
This affects mostly Java programs, since Java sends IPv4 packets (by default)
via the IPv6 socket.
>How-To-Repeat:
A simple C program:
/**
* Sending UDP datagram from :: -> 2001:db8::1 (OK)
* Sending UDP datagram from :: -> ::ffff:192.168.101.23 (fails, EINVAL)
*/
#include <sys/socket.h>
#include <sys/types.h>
#include <stdio.h>
#include <netinet/in.h>
/*
* $40 = {him4 = {sin_len = 0 '\0', sin_family = 28 '\034', sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, him6 = {
* sin6_len = 0 '\0', sin6_family = 28 '\034', sin6_port = 0, sin6_flowinfo = 0, sin6_addr = {__u6_addr = {__u6_addr8 = '\0' <repeats 15 times>,
* __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, sin6_scope_id = 0}}
*/
static u_char bindaddr[] = {
0x00, 0x1c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00 };
/*
* $42 = {him4 = {sin_len = 0 '\0', sin_family = 28 '\034', sin_port = 13568, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, him6 = {
* sin6_len = 0 '\0', sin6_family = 28 '\034', sin6_port = 13568, sin6_flowinfo = 0, sin6_addr = {__u6_addr = {
* __u6_addr8 = "\000\000\000\000\000\000\000\000\000\000���e\027", __u6_addr16 = {0, 0, 0, 0, 0, 65535, 43200, 5989}, __u6_addr32 = {0, 0,
* 4294901760, 392538304}}}, sin6_scope_id = 0}}
*/
static u_char connectaddr4[] = {
0x1c, 0x1c, 0x00, 0x35, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0xff, 0xff, 0xc0, 0xa8, 0x65, 0x17,
0x00, 0x00, 0x00, 0x00 };
/* [2001:db8::1] */
static u_char connectaddr6[] = {
0x1c, 0x1c, 0x00, 0x35, 0x00, 0x00, 0x00, 0x00,
0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x00, 0x00, 0x00 };
/* IN SRV query _xmpp-server._tcp.google.com */
static u_char dns_packet[] = {
0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x0c, 0x5f, 0x78, 0x6d,
0x70, 0x70, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65,
0x72, 0x04, 0x5f, 0x74, 0x63, 0x70, 0x06, 0x67,
0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x03, 0x63, 0x6f,
0x6d, 0x00, 0x00, 0x21, 0x00, 0x01 };
void process_socket(struct sockaddr *bind_to,
struct sockaddr *connect_to)
{
int fd = socket(PF_INET6, SOCK_DGRAM, 17);
int optval, optlen, rc;
optlen = sizeof(optval);
bind(fd, bind_to, 28);
if (connect(fd, connect_to, 28) < 0)
perror("connect");
if (getsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &optval,
&optlen) == -1)
err(1, "getsockopt");
printf("IPV6_V6ONLY = %d\n", optval);
if ((rc = sendto(fd, dns_packet, 46, 0, NULL, 0)) < 0)
perror("sendto");
else
printf("Success, wrote %d bytes\n", rc);
close(fd);
}
int main() {
printf("Trying to send to 2001:db8::1\n");
process_socket( (struct sockaddr *) &bindaddr,
(struct sockaddr *) &connectaddr6);
printf("Trying to send to 192.168.101.23\n");
process_socket( (struct sockaddr *) &bindaddr,
(struct sockaddr *) &connectaddr4);
}
Output:
Trying to send to 2001:db8::1
IPV6_V6ONLY = 0
Success, wrote 46 bytes
Trying to send to 192.168.101.23
IPV6_V6ONLY = 0
sendto: Invalid argument
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list