Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 5 Apr 2007 09:16:39 +0100
From:      Andrew McDonald <andrew@mcdonald.org.uk>
To:        "JINMEI Tatuya / ?$B?@L@C#:H" <jinmei@isl.rdc.toshiba.co.jp>
Cc:        freebsd-net@freebsd.org
Subject:   Re: IPv6 Router Alert breaks forwarding
Message-ID:  <20070405081639.GB6798@mcdonald.org.uk>
In-Reply-To: <m1d52jpd5c.wl%jinmei@isl.rdc.toshiba.co.jp>
References:  <20070404211815.GA6798@mcdonald.org.uk> <m1d52jpd5c.wl%jinmei@isl.rdc.toshiba.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Apr 05, 2007 at 03:07:43PM +0900, JINMEI Tatuya / ?$B?@L@C#:H wrote:
> At Wed, 4 Apr 2007 22:18:15 +0100,
> Andrew McDonald <andrew@mcdonald.org.uk> wrote:
> 
> > In the absence of a full fix, it would probably be a good idea to
> > remove this unconditional check. This would avoid FreeBSD blocking IPv6
> > packets with router alert set. However, I'm not sure if this would have
> > an impact on MLD.
> 
> It does, so (while I see your point) the fix is not that trivial.
> 
> Just out of curiosity, do you have any specific application that
> relies on the router alert option and suffers from the current
> behavior?  Or are you just talking about stringent compliance with the
> specification?

I'm primarily interested in the current IETF NSIS work, which uses
router alert for path-coupled signalling. Although my systems aren't
using FreeBSD, I'm seeing problems from KAME-derived IPv6 stacks in
routers on the path.

Thinking about it a bit, there is a simple fix that leaves MLD working
(but currently doesn't provide a way for other applications to use
router alert). The IPv6 Router Alert Option (RAO) has a 16-bit value
field. For MLD this is zero. Other uses would contain different values
(as per RFC2711).

rtalert contains the contents of this value field, or (u_int32_t)~0 if
there is no router alert option. So, if we change the check to:
	/*
	 * accept the packet if a router alert option with value 0
	 * is included and we act as an IPv6 router.
	 */
	if (rtalert == 0 && ip6_forwarding)
		ours = 1;
we'll only pick up packets containing ipv6 router alerts with value 0
(i.e. MLD router alerted packets).

-- 
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070405081639.GB6798>