From owner-freebsd-net@FreeBSD.ORG Thu Apr 5 08:16:43 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4ADDE16A402 for ; Thu, 5 Apr 2007 08:16:43 +0000 (UTC) (envelope-from andrew@mcdonald.org.uk) Received: from widget.mcdonald.org.uk (widget.mcdonald.org.uk [81.187.72.227]) by mx1.freebsd.org (Postfix) with ESMTP id 0283E13C457 for ; Thu, 5 Apr 2007 08:16:42 +0000 (UTC) (envelope-from andrew@mcdonald.org.uk) Received: from admcd by widget.mcdonald.org.uk with local (Exim 4.63) (envelope-from ) id 1HZN95-00036H-Di; Thu, 05 Apr 2007 09:16:39 +0100 Date: Thu, 5 Apr 2007 09:16:39 +0100 From: Andrew McDonald To: "JINMEI Tatuya / ?$B?@L@C#:H" Message-ID: <20070405081639.GB6798@mcdonald.org.uk> References: <20070404211815.GA6798@mcdonald.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.13 (2006-08-11) Cc: freebsd-net@freebsd.org Subject: Re: IPv6 Router Alert breaks forwarding X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Apr 2007 08:16:43 -0000 On Thu, Apr 05, 2007 at 03:07:43PM +0900, JINMEI Tatuya / ?$B?@L@C#:H wrote: > At Wed, 4 Apr 2007 22:18:15 +0100, > Andrew McDonald wrote: > > > In the absence of a full fix, it would probably be a good idea to > > remove this unconditional check. This would avoid FreeBSD blocking IPv6 > > packets with router alert set. However, I'm not sure if this would have > > an impact on MLD. > > It does, so (while I see your point) the fix is not that trivial. > > Just out of curiosity, do you have any specific application that > relies on the router alert option and suffers from the current > behavior? Or are you just talking about stringent compliance with the > specification? I'm primarily interested in the current IETF NSIS work, which uses router alert for path-coupled signalling. Although my systems aren't using FreeBSD, I'm seeing problems from KAME-derived IPv6 stacks in routers on the path. Thinking about it a bit, there is a simple fix that leaves MLD working (but currently doesn't provide a way for other applications to use router alert). The IPv6 Router Alert Option (RAO) has a 16-bit value field. For MLD this is zero. Other uses would contain different values (as per RFC2711). rtalert contains the contents of this value field, or (u_int32_t)~0 if there is no router alert option. So, if we change the check to: /* * accept the packet if a router alert option with value 0 * is included and we act as an IPv6 router. */ if (rtalert == 0 && ip6_forwarding) ours = 1; we'll only pick up packets containing ipv6 router alerts with value 0 (i.e. MLD router alerted packets). -- Andrew McDonald E-mail: andrew@mcdonald.org.uk http://www.mcdonald.org.uk/andrew/