Date: Mon, 22 Jan 2007 09:51:37 -0800 (PST) From: Nick Johnson <freebsd@spatula.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/108216: ipv6 broken in 6.2 Message-ID: <20070122175137.4952117036@turing.morons.org> Resent-Message-ID: <200701221750.l0MHoJXx073793@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 108216 >Category: kern >Synopsis: ipv6 broken in 6.2 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 22 17:50:19 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Nick Johnson >Release: FreeBSD 6.2-STABLE i386 >Organization: morons.org >Environment: System: FreeBSD turing.morons.org 6.2-STABLE FreeBSD 6.2-STABLE #0: Sun Jan 21 16:53:54 PST 2007 root@turing.morons.org:/usr/src/sys/i386/compile/TURING i386 >Description: IPv6 in FreeBSD 6.2-RELEASE and -STABLE as of this writing is broken. The symptom is that any attempt to send a packet results in a "no route to host" message. This was tested using v6v4 over a gif interface using freenet6.net (which configures with the tspc daemon). >How-To-Repeat: Upgrade to 6.2. Create an ipv6 tunnel with any tunnel broker. Attempt to ping6 any ipv6 destination. >Fix: As mentioned in http://lists.freebsd.org/pipermail/freebsd-stable/2006-December/031853.html this problem can be traced to a single commit. The workaround is to back out this commit locally, by fetching the diff to the previous commit: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/nd6.c.diff?r1=1.48.2.15&r2=1.48.2.16 And then doing a patch -R against sys/netinet6/nd6.c , then recompiling the kernel. At the very least, this bug should be noted in the 6.2 errata (at the time of this writing it still wasn't) since it is complete breakage of major system functionality. Visual inspection suggests that the problem may be related to this change: lookup: - rt->rt_gwroute = rtalloc1(rt->rt_gateway, 1, 0UL); - if ((rt = rt->rt_gwroute) == 0) + RT_UNLOCK(rt0); + rt = rtalloc1(rt->rt_gateway, 1, 0UL); Note that the assignment changed from rt->gwroute to rt itself. This seems suspicious. Unfortunately I do not have a test system available at the moment to change this code to see if it corrects the trouble. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070122175137.4952117036>