misc/174957: IPv6 Node Information Queries use old address format

Thomas Scheffler scheffler at beuth-hochschule.de
Thu Jan 3 22:00:00 UTC 2013 

>Number:         174957
>Category:       misc
>Synopsis:       IPv6 Node Information Queries use old address format
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 03 22:00:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Thomas Scheffler
>Release:        FreeBSD 9.1
>Organization:
Beuth Hochschule Berlin
>Environment:
FreeBSD nell.ipv6lab.beuth-hochschule.de 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10 UTC 2012     root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
FreeBSD joins the wrong IPv6 Node Information (NI) Group Address.
The ping6 tool also generates the wrong IPv6 NI Group Address, when using the NI option.


RFC4620 defines the prefix FF02:0:0:0:0:2:FF00::/104 for use of the NI Group Address
(http://tools.ietf.org/html/rfc4620).
Earlier versions of the draft specified the prefix FF02:0:0:0:0:2::/96.

FreeBSD  is using IPv6 network code derived from the KAME project that has not be updated to conform with RFC4620.

A patch for ping6.c and in6_ifattach.c is included that should fix this particular problem.
>How-To-Repeat:
> ping6 -I msk0 -N nell
PING6(56=40+8+8 bytes) fe80::21f:d0ff:fe3c:d32%msk0 --> ff02::2:6de0:771f
16 bytes from fe80::21f:d0ff:fe3c:d32%msk0, icmp_seq=0 hlim=64 time=0.224 ms

Expected Results:
ifmcstat should show:

msk0:
		group ff02::2:ff6d:e077:%msk0 mode exclude
			mcast-macaddr 33:33:6d:e0:77:1f


Actual Results:

msk0:
		group ff02::2:6de0:771f%msk0 mode exclude
			mcast-macaddr 33:33:6d:e0:77:1f


>Fix:
A patch against the current revisions (SVN) of ping6.c and in6_ifattach.c is included that should fix this particular problem.

Patch attached with submission follows:

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	in6_ifattach_rev231852.patch
#	ping6_rev241852.patch
#
echo x - in6_ifattach_rev231852.patch
sed 's/^X//' >in6_ifattach_rev231852.patch << 'END-of-in6_ifattach_rev231852.patch'
X--- in6_ifattach_rev231852.c	2013-01-03 21:41:25.000000000 +0100
X+++ in6_ifattach_rev231852_fix.c	2013-01-03 22:25:11.000000000 +0100
X@@ -616,7 +616,7 @@
X 
X /*
X  * compute NI group address, based on the current hostname setting.
X- * see draft-ietf-ipngwg-icmp-name-lookup-* (04 and later).
X+ * see RFC4620.
X  *
X  * when ifp == NULL, the caller is responsible for filling scopeid.
X  */
X@@ -667,7 +667,7 @@
X 			*q = *q - 'A' + 'a';
X 	}
X 
X-	/* generate 8 bytes of pseudo-random value. */
X+	/* generate 16 bytes of pseudo-random value. */
X 	bzero(&ctxt, sizeof(ctxt));
X 	MD5Init(&ctxt);
X 	MD5Update(&ctxt, &l, sizeof(l));
X@@ -677,7 +677,9 @@
X 	bzero(in6, sizeof(*in6));
X 	in6->s6_addr16[0] = IPV6_ADDR_INT16_MLL;
X 	in6->s6_addr8[11] = 2;
X-	bcopy(digest, &in6->s6_addr32[3], sizeof(in6->s6_addr32[3]));
X+	in6->s6_addr8[12] = 0xff;	
X+	/* copy first 3 bytes of hash value into address */
X+	bcopy(digest, &in6->s6_addr8[13], 3);
X 	if (in6_setscope(in6, ifp, NULL))
X 		return (-1); /* XXX: should not fail */
X 
END-of-in6_ifattach_rev231852.patch
echo x - ping6_rev241852.patch
sed 's/^X//' >ping6_rev241852.patch << 'END-of-ping6_rev241852.patch'
X--- ping6_rev241852.c	2013-01-03 22:15:26.000000000 +0100
X+++ ping6_rev241852_fix.c	2013-01-03 22:19:50.000000000 +0100
X@@ -2748,7 +2748,7 @@
X 			*q = tolower(*(unsigned char *)q);
X 	}
X 
X-	/* generate 8 bytes of pseudo-random value. */
X+	/* generate 16 bytes of pseudo-random value. */
X 	memset(&ctxt, 0, sizeof(ctxt));
X 	MD5Init(&ctxt);
X 	c = l & 0xff;
X@@ -2756,9 +2756,9 @@
X 	MD5Update(&ctxt, (unsigned char *)name, l);
X 	MD5Final(digest, &ctxt);
X 
X-	if (inet_pton(AF_INET6, "ff02::2:0000:0000", &in6) != 1)
X+	if (inet_pton(AF_INET6, "ff02::2:ff00:0000", &in6) != 1)
X 		return NULL;	/*XXX*/
X-	bcopy(digest, &in6.s6_addr[12], 4);
X+	bcopy(digest, &in6.s6_addr[13], 3);
X 
X 	if (inet_ntop(AF_INET6, &in6, hbuf, sizeof(hbuf)) == NULL)
X 		return NULL;
END-of-ping6_rev241852.patch
exit



>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list