kern/40605: forwarded IPv6 TCP packets get mangled by gif0 interface

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/40605: forwarded IPv6 TCP packets get mangled by gif0 interface
From: Julien Oster <netbsd-pr%pool.julien-oster.de@localhost>
Date: Wed, 11 Feb 2009 01:00:01 +0000 (UTC)

>Number:         40605
>Category:       kern
>Synopsis:       forwarded IPv6 TCP packets get mangled by gif0 interface
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 11 01:00:01 +0000 2009
>Originator:     Julien Oster
>Release:        NetBSD 5.0_RC1
>Organization:
        
>Environment:
        
        
System: NetBSD xxx 5.0_RC1 NetBSD 5.0_RC1 (XXX) #0: Wed Feb 4 00:04:44 CET 2009 
root@xxx:/usr/src/sys/arch/amd64/compile/XXX amd64
Architecture: x86_64
Machine: amd64
>Description:
01:45 < julien> I think I found a bug in NetBSD 5.0RC1 gif interface 
(ipv6-over-ipv4 tunnel) code
01:45 < yyyy> julien: File a PR
01:45 < julien> yes, I will, no time right now however
01:46 < julien> 0x0000:  6000 0000 0028 ...
01:46 < julien> this is the start of an IPv6 header. when it contains ICMP 
(when I try to ping), it stays fine after being
                        encapsulated.
01:46 < julien> if it contains TCP, it suddenly looks like this:
01:47 < julien> 0x0000:  c699 0000 0028 ...
01:47 < julien> which is just plain wrong, and those packets get dropped
01:47 < yyyy> julien: What should it look like?
01:47 < yyyy> Or should it be the same?
01:47 < julien> yyyy, 6000 0000 0028
01:48 < julien> somehow, the first two bytes are changed.
01:48 < julien> only for packets which got forwarded bei the machine holding 
the gif tunnel, though!
01:48 < julien> TCP packets originating from that machine aren't mangled
01:48 < julien> the tcpdump on the gif0 interface itself is fine. on the output 
interface, not anymore.
01:48 < julien> you know what, I'll just paste this conversation %)
01:49 < yyyy> lol

pf compiled into kernel. Disabling pf completely with pfctl -d doesn't help, 
though.

So far, I could only observe this with TCP packets (which means IPv6 TCP 
doesn't work
at all here), but not with ICMP.

>How-To-Repeat:
Set up a NetBSD server with a gif0 IPv4-IPv6 tunnel interface, let it forward 
IPv6
packets, try to establish an IPv6 TCP connection from a machine behind it. 
Observe
valid packets on gif0, invalid encapsulated packets on the output interface (IP 
version
is even 9 instead of 6!)
>Fix:
        

>Unformatted:

Prev by Date: port-alpha/40604: AlphaServer DS20E loses HDs and other Drives when adding 1 GB more RAM
Next by Date: Re: kern/40586: rgephy(4) now selects incorrect speed for some re(4)
Previous by Thread: port-alpha/40604: AlphaServer DS20E loses HDs and other Drives when adding 1 GB more RAM
Next by Thread: port-i386/40606: vga restore broken on Gateway E5200 / ATI Rage128GL
Indexes:

Home | Main Index | Thread Index | Old Index