NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/40605: forwarded IPv6 TCP packets get mangled by gif0 interface
>Number: 40605
>Category: kern
>Synopsis: forwarded IPv6 TCP packets get mangled by gif0 interface
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Feb 11 01:00:01 +0000 2009
>Originator: Julien Oster
>Release: NetBSD 5.0_RC1
>Organization:
>Environment:
System: NetBSD xxx 5.0_RC1 NetBSD 5.0_RC1 (XXX) #0: Wed Feb 4 00:04:44 CET 2009
root@xxx:/usr/src/sys/arch/amd64/compile/XXX amd64
Architecture: x86_64
Machine: amd64
>Description:
01:45 < julien> I think I found a bug in NetBSD 5.0RC1 gif interface
(ipv6-over-ipv4 tunnel) code
01:45 < yyyy> julien: File a PR
01:45 < julien> yes, I will, no time right now however
01:46 < julien> 0x0000: 6000 0000 0028 ...
01:46 < julien> this is the start of an IPv6 header. when it contains ICMP
(when I try to ping), it stays fine after being
encapsulated.
01:46 < julien> if it contains TCP, it suddenly looks like this:
01:47 < julien> 0x0000: c699 0000 0028 ...
01:47 < julien> which is just plain wrong, and those packets get dropped
01:47 < yyyy> julien: What should it look like?
01:47 < yyyy> Or should it be the same?
01:47 < julien> yyyy, 6000 0000 0028
01:48 < julien> somehow, the first two bytes are changed.
01:48 < julien> only for packets which got forwarded bei the machine holding
the gif tunnel, though!
01:48 < julien> TCP packets originating from that machine aren't mangled
01:48 < julien> the tcpdump on the gif0 interface itself is fine. on the output
interface, not anymore.
01:48 < julien> you know what, I'll just paste this conversation %)
01:49 < yyyy> lol
pf compiled into kernel. Disabling pf completely with pfctl -d doesn't help,
though.
So far, I could only observe this with TCP packets (which means IPv6 TCP
doesn't work
at all here), but not with ICMP.
>How-To-Repeat:
Set up a NetBSD server with a gif0 IPv4-IPv6 tunnel interface, let it forward
IPv6
packets, try to establish an IPv6 TCP connection from a machine behind it.
Observe
valid packets on gif0, invalid encapsulated packets on the output interface (IP
version
is even 9 instead of 6!)
>Fix:
>Unformatted:
Home |
Main Index |
Thread Index |
Old Index