Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Aug 2007 06:51:37 GMT
From:      Pekka Savola <pekkas@netcore.fi>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/115293: ip6_fw doesn't count base IPv6 header in byte statistics
Message-ID:  <200708080651.l786pbTq002089@www.freebsd.org>
Resent-Message-ID: <200708080700.l78705AY083247@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         115293
>Category:       kern
>Synopsis:       ip6_fw doesn't count base IPv6 header in byte statistics
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 08 07:00:04 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Pekka Savola
>Release:        6.2-STABLE
>Organization:
>Environment:
FreeBSD sixpack.funet.fi 6.2-STABLE FreeBSD 6.2-STABLE #10: Tue Aug  7 10:59:15 EEST 2007     root@sixpack.funet.fi:/usr/obj/usr/src/sys/SIXPACK  i386

>Description:
I noticed that in contrast to IPv4, 'ip6fw -ta l' output doesn't seem to include the base IPv6 header in byte statistics as evidenced by the following stats line:

00004      38913          0 Wed Aug  8 09:46:00 2007 deny ipv6 from 2001::/32 to fe80::/10

Digging around, this seems to be a problem in netinet6/ip6_fw.c:

                /* Update statistics */
                f->fw_pcnt += 1;
                f->fw_bcnt += ntohs(ip6->ip6_plen)

. but "ip6_plen" only includes the length of the next header.  This is incorrect in two ways: 1) it doesn't include the base header itself, and 2) if there are multiple next headers (chained extension headers), this will only list the length of the first one.

Looking at IPv4 code, the latter should probably be something like (not tested):

 f->fw_bcnt += (*m)->m_pkthdr.len;

. which should fix both the problems above.

>How-To-Repeat:
Create an ip6fw rule (e.g. TCP RST reject rule is good) with with it's easy to create just one hit.  Run tcpdump and check the byte counter.
>Fix:
Probably replace fw_bcnt with m_pkthdr.len.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708080651.l786pbTq002089>