NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/46508: ipfilter marks ipv6 tcp packets as bad

>Number:         46508
>Category:       kern
>Synopsis:       ipfilter marks ipv6 tcp packets as bad
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 31 12:15:24 +0000 2012
>Originator:     Takahiro HAYASHI
>Release:        NetBSD 6.99.7 (201205270250Z)
>Organization:
>Environment:
        NetBSD ruin 6.99.7 NetBSD 6.99.7 (MONOLITHIC) #0: Sun May 27 10:16:46 
UTC 2012  
builds%b6.netbsd.org@localhost:/home/builds/ab/HEAD/i386/201205270250Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/MONOLITHIC
        IP Filter: v5.1.1
Architecture: i386
Machine: i386
>Description:
The ipfilter marks some of ipv6 tcp packets as bad (FI_BAD). This causes
stateful filtering won't work for ipv6 tcp.

I set the filter and did "telnet ::1" (see How-To-Repeat).
Then I see the word "bad" at the end of each ipv6 tcp packet log.

May 30 15:13:46 ruin ipmon[283]: 15:13:46.829095 lo0 @0:1 p ::1,65535 -> ::1,23 
PR tcp len 40 84 -S 3246345971 0 32768 OUT bad
May 30 15:13:46 ruin ipmon[283]: 15:13:46.829137 lo0 @0:1 p ::1,65535 -> ::1,23 
PR tcp len 40 84 -S 3246345971 0 32768 IN bad
May 30 15:13:46 ruin ipmon[283]: 15:13:46.829194 lo0 @0:1 p ::1,23 -> ::1,65535 
PR tcp len 40 60 -AR 0 3246345972 0 OUT
May 30 15:13:46 ruin ipmon[283]: 15:13:46.829205 lo0 @0:1 p ::1,23 -> ::1,65535 
PR tcp len 40 60 -AR 0 3246345972 0 IN
(and so on)

As far as i see the sources wrong protocol is specified in checksum
calculation of ipv6 tcp packet (see Fix).

>How-To-Repeat:
Set filter to log all ipv6 packets, for example:
pass in log quick family inet6 from ::/0 to any
pass out log quick family inet6 from ::/0 to any

Then execute "telnet ::1" and watch the log.

>Fix:
Following patch should fix the problem (from ipfilter 4.1.34).

Index: src/sys/external/bsd/ipf/netinet/fil.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/fil.c,v
retrieving revision 1.2
diff -u -p -r1.2 fil.c
--- src/sys/external/bsd/ipf/netinet/fil.c      23 Mar 2012 20:39:49 -0000      
1.2
+++ src/sys/external/bsd/ipf/netinet/fil.c      27 May 2012 23:26:55 -0000
@@ -992,7 +992,7 @@ ipf_pr_tcp6(fr_info_t *fin)
        if (ipf_pr_tcpcommon(fin) == 0) {
                u_char p = fin->fin_p;
 
-               fin->fin_p = IPPROTO_UDP;
+               fin->fin_p = IPPROTO_TCP;
                ipf_checkv6sum(fin);
                fin->fin_p = p;
        }
Home | Main Index | Thread Index | Old Index