Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Sep 2006 14:36:42 +0900 (JST)
From:      JINMEI Tatuya <jinmei@kame.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   kern/103415: IPv6 packets arriving to stf are not accepted
Message-ID:  <200609200536.k8K5agKO050954@shuttle.wide.toshiba.co.jp>
Resent-Message-ID: <200609200540.k8K5eL0N096179@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         103415
>Category:       kern
>Synopsis:       IPv6 packets arriving to stf are not accepted
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 20 05:40:21 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     JINMEI Tatuya
>Release:        FreeBSD 6.2-PRERELEASE i386
>Organization:
KAME Project
>Environment:
System: FreeBSD impact.jinmei.org 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #1: Wed Sep 20 01:43:54 JST 2006 jinmei@impact.jinmei.org:/local/usr.local/freebsd/src-6.1S/sys/i386/compile/GBDE i386


	
>Description:

Recent FreeBSD kernels (6-STABLE and probably 5-STABLE also) fail to
accept IPv6 packets assigned on an stf (6to4) interface of the
receiving node.

This is a (buggy) side-effect of a fix to netinet6/in6.c (rev. 1.61).
With this fix the in6_ifaddr structure corresponding to the IPv6
address configured on the stf interface won't have the ifa_rtrequest
function (since nd6_need_cache() returns false for the interface).  As
a side-effect that was not expected at that time, the loopback route
to the configured address generated via in6_ifaddloop() is not
installed properly.

ip6_input() requires the loopback route to accept incoming packets to
the receiving node, so this change caused the problem reported here.

>How-To-Repeat:

# ifconfig stf0 create
# ifconfig stf0 inet6 2002:c000:0201::1 prefixlen 16
% ping6 2002:c000:0201::1

And you'll notice the ping6 doesn't receive the echo-replies.
netstat -s -p ip6 should indicate the echo-requests are dropped in
ip6_input().

>Fix:

Apply the patch below.

Index: in6.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6.c,v
retrieving revision 1.51.2.9
diff -u -r1.51.2.9 in6.c
--- in6.c	17 Jun 2006 17:58:33 -0000	1.51.2.9
+++ in6.c	20 Sep 2006 05:35:05 -0000
@@ -1720,8 +1720,12 @@
 
 	/* we could do in(6)_socktrim here, but just omit it at this moment. */
 
-	if (newhost && nd6_need_cache(ifp) != 0) {
-		/* set the rtrequest function to create llinfo */
+	if (newhost) {
+		/*
+		 * set the rtrequest function to create llinfo.  It also
+		 * adjust outgoing interface of the route for the local
+		 * address when called via in6_ifaddloop() below. 
+		 */
 		ia->ia_ifa.ifa_rtrequest = nd6_rtrequest;
 	}
 


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609200536.k8K5agKO050954>