kern/152791: ND, ICMPv6 Redirect vs Destination Cache failed in release 8.0

Ted Sun tsun at datatekcorp.com
Thu Dec 2 20:40:11 UTC 2010 

>Number:         152791
>Category:       kern
>Synopsis:       ND, ICMPv6 Redirect vs Destination Cache failed in release 8.0
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 02 20:40:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Ted Sun
>Release:        FreeBSD 8.0-RELEASE i386
>Organization:
Datatek
>Environment:
FreeBSD fosters.datatekcorp.com 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Thu Sep 9  14:52:35 EDT 2010 root at fosters.datatekcorp.com:/usr/obj/usr/src/sys/MYKERNEL i386
>Description:
The running OS is a 8.0-RELEASE FreeBSD with the IP-SEC support on.
Output of command "diff -U5 GENERIC MYKERNEL" at /usr/src/sys/i386/conf shows
---------------------------------------------------------------------
--- GENERIC     2009-11-09 18:48:01.000000000 -0500
+++ MYKERNEL    2010-09-09 13:15:51.000000000 -0400
@@ -330,5 +330,9 @@
 #device        sbp             # SCSI over FireWire (Requires scbus and da)
 device         fwe             # Ethernet over FireWire (non-standard!)
 device         fwip            # IP over FireWire (RFC 2734,3146)
 device         dcons           # Dumb console driver
 device         dcons_crom      # Configuration ROM for dcons
+
+#arndt added- IP-SEC support
+device         crypto
+options        IPSEC
---------------------------------------------------------------------

After receiving an ICMPv6 redirect package with Option ICMPv6_TLL which contains TargetAddress == DestinationAddress == 3ffe:501:fff:109:200:ff:fe00:1c5.

The "ndp -a" will output a corresponding entry as
"3ffe:501:fff:109:200:ff:fe00:1c5  0:0:0:0:a9:a9    vr0 23h58m38s S"

But the FreeBSD will continue to echo reply to the old MAC address 0:0:0:0:a0:a0 for IPv6 destination 3ffe:501:fff:109:200:ff:fe00:1c5

The correct echo reply should use the redirected MAC address 0:0:0:0:a9:a9.
>How-To-Repeat:
Needed test tool are the "IPv6 Conformance Test Tool v6eval-3.0.12.tar.gz or newer one" and the "ct-2.1.1.tar.gz" from "http://www.tahi.org/release".

Set up the TAHI "IPv6 conformance Test For Neighbor discovery" on a BSD machine.
Set up a IP-SEC enabled BSD 8.0 release PC as the NUT (node under test).
Cross connect the TAHI and the NUT with ethernet cable.

1. Start the TAHI test by "make test". Test will fail at item 66 "Redirect vs Destination Cache; Redirect to a host" should fail. or ..
2. Start the TAHI test of item 66 only by "make AROPT='-s 66 -e 66' test".
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list