NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/40605: forwarded IPv6 TCP packets get mangled by gif0 interface

>Number:         40605
>Category:       kern
>Synopsis:       forwarded IPv6 TCP packets get mangled by gif0 interface
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 11 01:00:01 +0000 2009
>Originator:     Julien Oster
>Release:        NetBSD 5.0_RC1
System: NetBSD xxx 5.0_RC1 NetBSD 5.0_RC1 (XXX) #0: Wed Feb 4 00:04:44 CET 2009 
root@xxx:/usr/src/sys/arch/amd64/compile/XXX amd64
Architecture: x86_64
Machine: amd64
01:45 < julien> I think I found a bug in NetBSD 5.0RC1 gif interface 
(ipv6-over-ipv4 tunnel) code
01:45 < yyyy> julien: File a PR
01:45 < julien> yes, I will, no time right now however
01:46 < julien> 0x0000:  6000 0000 0028 ...
01:46 < julien> this is the start of an IPv6 header. when it contains ICMP 
(when I try to ping), it stays fine after being
01:46 < julien> if it contains TCP, it suddenly looks like this:
01:47 < julien> 0x0000:  c699 0000 0028 ...
01:47 < julien> which is just plain wrong, and those packets get dropped
01:47 < yyyy> julien: What should it look like?
01:47 < yyyy> Or should it be the same?
01:47 < julien> yyyy, 6000 0000 0028
01:48 < julien> somehow, the first two bytes are changed.
01:48 < julien> only for packets which got forwarded bei the machine holding 
the gif tunnel, though!
01:48 < julien> TCP packets originating from that machine aren't mangled
01:48 < julien> the tcpdump on the gif0 interface itself is fine. on the output 
interface, not anymore.
01:48 < julien> you know what, I'll just paste this conversation %)
01:49 < yyyy> lol

pf compiled into kernel. Disabling pf completely with pfctl -d doesn't help, 

So far, I could only observe this with TCP packets (which means IPv6 TCP 
doesn't work
at all here), but not with ICMP.

Set up a NetBSD server with a gif0 IPv4-IPv6 tunnel interface, let it forward 
packets, try to establish an IPv6 TCP connection from a machine behind it. 
valid packets on gif0, invalid encapsulated packets on the output interface (IP 
is even 9 instead of 6!)


Home | Main Index | Thread Index | Old Index