kern/146534: [icmpv6] wrong source address in echo reply

Earl R. Lapus earl.lapus at gmail.com
Thu May 13 03:00:08 UTC 2010 

>Number:         146534
>Category:       kern
>Synopsis:       [icmpv6] wrong source address in echo reply
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 13 03:00:07 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Earl R. Lapus
>Release:        FreeBSD 8.0-STABLE
>Organization:
>Environment:
FreeBSD fbsd8-ndp.infoweapons.com 8.0-STABLE FreeBSD 8.0-STABLE #9: Wed May 12 21:50:07 PHT 2010     root at fbsd8-ndp.infoweapons.com:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
When pinging a Global Address of a host -- say host A -- from another machine -- say host B -- using the Link-Local Address as source, the echo reply message will use host A's Link-Local Address instead of it's Global Address as the source address (see how-to-repeat part for a more detailed description).

When removing a particular "fix" from the sys/netinet6/icmp6.c code, ping will now use the Global-Address as the source in the echo reply message (see fix-to-the-problem-if-known part for a more detailed description).

I'm using 8.0-STABLE as of 2010/04/28.
>How-To-Repeat:
The setup is as follows,

hostname: fbsd8-ndp
-----------------------
fbsd8-ndp# ifconfig fxp1
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
        ether 00:08:9b:10:07:3d
        inet6 fe80::208:9bff:fe10:73d%fxp1 prefixlen 64 scopeid 0x2
        inet6 3ffe:501:ffff:100:208:9bff:fe10:73d prefixlen 64                                                                                                 
        inet6 3ffe:501:ffff:100:: prefixlen 64 anycast
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

hostname: fbsd72-i386-tn
------------------------
fbd72-i386-tn# ifconfig fxp0
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether 00:03:47:de:f2:d8
        inet6 fe80::203:47ff:fede:f2d8%fxp0 prefixlen 64 scopeid 0x2
        inet6 3ffe:501:ffff:100::200 prefixlen 64
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

1) fbsd8-ndp's fxp1 interface is connected directly to fbd72-i386-tn's fxp0 interface (cross connect)
2) ping6 is sent from fbd72-i386-tn to fbsd8-ndp
3) when pinging, set the source address to fbd72-i386-tn's link-local address

Results:
fbsd72-i386-tn# ping6 -S fe80::203:47ff:fede:f2d8%fxp0 3ffe:501:ffff:100:208:9bff:fe10:73d
PING6(56=40+8+8 bytes) fe80::203:47ff:fede:f2d8%fxp0 --> 3ffe:501:ffff:100:208:9bff:fe10:73d
16 bytes from fe80::208:9bff:fe10:73d%fxp0, icmp_seq=0 hlim=64 time=0.383 ms
16 bytes from fe80::208:9bff:fe10:73d%fxp0, icmp_seq=1 hlim=64 time=0.236 ms
16 bytes from fe80::208:9bff:fe10:73d%fxp0, icmp_seq=2 hlim=64 time=0.208 ms
16 bytes from fe80::208:9bff:fe10:73d%fxp0, icmp_seq=3 hlim=64 time=0.199 ms
^C
--- 3ffe:501:ffff:100:208:9bff:fe10:73d ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.199/0.257/0.383/0.074 ms

** You can see that the echo reply from fbsd8-ndp uses fe80::208:9bff:fe10:73d%fxp0 as the source address
>Fix:
This modification (http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/icmp6.c.diff?r1=1.118;r2=1.119;f=h) was applied to 8.x branches. If the modification is not applied to the source, echo reply works as expected.

Since it was only applied to 8.x branches, I'm *assuming* that this behavior does not occur in 7.x branches.

Below is the ping result when kernel is recompiled without the said modiciation (source address is now the Global-Address):

fbd72-i386-tn# ifconfig fxp0
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500        options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
        ether 00:03:47:de:f2:d8
        inet6 fe80::203:47ff:fede:f2d8%fxp0 prefixlen 64 scopeid 0x2
        inet6 3ffe:501:ffff:100::200 prefixlen 64
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

fbsd72-i386-tn# ping6 -S fe80::203:47ff:fede:f2d8%fxp0 3ffe:501:ffff:100:208:9bff:fe10:73d
PING6(56=40+8+8 bytes) fe80::203:47ff:fede:f2d8%fxp0 --> 3ffe:501:ffff:100:208:9bff:fe10:73d
16 bytes from 3ffe:501:ffff:100:208:9bff:fe10:73d, icmp_seq=0 hlim=64 time=0.509 ms
16 bytes from 3ffe:501:ffff:100:208:9bff:fe10:73d, icmp_seq=1 hlim=64 time=0.209 ms
16 bytes from 3ffe:501:ffff:100:208:9bff:fe10:73d, icmp_seq=2 hlim=64 time=0.167 ms
16 bytes from 3ffe:501:ffff:100:208:9bff:fe10:73d, icmp_seq=3 hlim=64 time=0.172 ms
^C
--- 3ffe:501:ffff:100:208:9bff:fe10:73d ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.167/0.264/0.509/0.142 ms


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list