netbsd-bugs: kern/33901: ipf "express forward" to GRE interface gives byte order problem.

Subject: kern/33901: ipf "express forward" to GRE interface gives byte order problem.
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Lars-Johan Liman <liman@autonomica.se>
List: netbsd-bugs
Date: 07/03/2006 11:25:00

>Number:         33901
>Category:       kern
>Synopsis:       ipf "express forward" to GRE interface gives byte order problem.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 03 11:25:00 +0000 2006
>Originator:     Lars-Johan Liman
>Release:        NetBSD 3.99.21
>Organization:
Autonomica AB
#----------------------------------------------------------------------
# Lars-Johan Liman, M.Sc.	! E-mail: liman@autonomica.se
# Senior Systems Specialist     ! HTTP  : //www.autonomica.se/
# Autonomica AB, Stockholm 	! Voice : +46 8 - 615 85 72
#----------------------------------------------------------------------
>Environment:
System: NetBSD server.liman.net 3.99.21 NetBSD 3.99.21 (GENERIC) #0: Fri Jun  9 01:13:22 UTC 2006  builds@b3.netbsd.org:/home/builds/ab/HEAD/i386/200606080000Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:

	General design:

	i386 box. Inner Ethernet interface (fxp0), outer Ether
	interface (tlp0), GRE tunnel (gre0) over outer interface
	(tlp0).

	Working setup:

	Add normal routing entry that forwards packets for specific
	destination into GRE tunnel. If you just use normal packet
	forwarding everything works fine.

	Non-working setup:

	Add ipf.conf entry that "grabs" the packets from the incoming
	interface and "throws" them onto the GRE tunnel without kernel
	processing.

	pass in on fxp0 to gre0 from 192.168.1.0/24 to any

	(The important part is the "to gre0" above.)

	Now the _INNER_ packets in the outgoing GRE tunnel have the
	"total length" and "header cheksum" fields garbled, obviously
	byte swapped.

>How-To-Repeat:

	See above.

>Fix:

	Have no specific patch, but a wild guess (and it is exactly
	that) that the packet is plugged into the GRE queue in the
	wrong place, and that the GRE tunnel interface code does
	"htons()" on some fields of the packet, because usually the
	packet is stored by the kernel in host byte order. In the non-
	working case above, though, the packet was never
	converted to host byte order, because it was never processed
	by the kernel due to the "express forwarding" by ipf, so the
	GRE code does "convert to network byte order" on something
	that already _is_ in the right byte order.

	If I'm right, this problem should not be visible on BIG_ENDIAN
	machines where netork and host byte orders are the same.