On Mon, Oct 15, 2007 at 09:44:36AM -0400, Greg Troxel wrote:
>   Currently the NetBSD IPv6 stack, when acting as a router and forwarding
>   traffic, treats any packet with a Router Alert hop-by-hop option as
>   'ours' and sends it to the local stack. This stops the packet from
>   being forwarded any further, and also results in ICMPv6 Destination
>   Unreachable message being sent back.
> 
> That's definitely broken.
> 
> My understanding, which may be a bit off, is that router alert is
> essentially a method to enable routers to skip a whole bunch of checks
> that may be costly when the option is *not* present.

Yes. It's designed to be a quick way, implementable in the fast path,
for routers to decide whether or not the packet is potentially
'interesting' to them.

> Do you know if MLD packets would be handled properly if there were no
> router alert special treatment?

My understanding is that the router alert handling is needed for MLD to
work properly.

> I would be inclined to commit a version of the FreeBSD patch (the one I
> looked at since you listed it first).  Are you set up to prepare and
> test such a patch on NetBSD-current?

The FreeBSD and KAME patches are identical (it was written by JINMEI
Tatuya after some discussion on the FreeBSD list earlier in the year).

Unfortunately I haven't got the ability to test on NetBSD at the
moment. My end systems are running Linux - I'm seeing the problems from
other people's BSD boxes on the path.

However, I do have some test code which will generate packets with
router alert options, and so get the problem to manifest itself. I'm
using it on Linux, but I believe it should also run on NetBSD (it uses
the IPv6 advanced sockets API). Let me know if you would like a copy.

thanks for your help,

Andrew