From owner-freebsd-net@FreeBSD.ORG Wed Apr 4 21:53:10 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 140E116A404 for ; Wed, 4 Apr 2007 21:53:10 +0000 (UTC) (envelope-from andrew@mcdonald.org.uk) Received: from widget.mcdonald.org.uk (widget.mcdonald.org.uk [81.187.72.227]) by mx1.freebsd.org (Postfix) with ESMTP id C2E0F13C48C for ; Wed, 4 Apr 2007 21:53:09 +0000 (UTC) (envelope-from andrew@mcdonald.org.uk) Received: from admcd by widget.mcdonald.org.uk with local (Exim 4.63) (envelope-from ) id 1HZCrv-0001vv-Gb for freebsd-net@freebsd.org; Wed, 04 Apr 2007 22:18:15 +0100 Date: Wed, 4 Apr 2007 22:18:15 +0100 From: Andrew McDonald To: freebsd-net@freebsd.org Message-ID: <20070404211815.GA6798@mcdonald.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.13 (2006-08-11) Subject: IPv6 Router Alert breaks forwarding X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Apr 2007 21:53:10 -0000 Hi, Currently the IPv6 stack, when acting as a router and forwarding traffic, treats any packet with a Router Alert hop-by-hop option as 'ours' and sends it to the local stack. This stops the packet from being forwarded any further, and also results in ICMPv6 Destination Unreachable message being sent back. This isn't the behaviour specified by RFC2711, where the intention is that "routers should examine this datagram more closely" with the router's interest and actions being specified by particular protocol RFCs. i.e. if the router isn't interested it should ignore the packet and forward it as normal. The responsible bit of code is in src/sys/netinet6/ip6_input.c: /* * accept the packet if a router alert option is included * and we act as an IPv6 router. */ if (rtalert != ~0 && ip6_forwarding) ours = 1; I'm not sure what the 'proper' fix should be, since it probably requires interactions with userspace to determine if there is something interested in processing the packet. Linux uses a sockopt to indicate that a raw socket should receive packets with the router alert option. In the absence of a full fix, it would probably be a good idea to remove this unconditional check. This would avoid FreeBSD blocking IPv6 packets with router alert set. However, I'm not sure if this would have an impact on MLD. For reference, the IPv4 stack ignores Router Alert options, though it does do special processing for IPPROTO_RSVP if there is a RSVP daemon running. -- Andrew McDonald E-mail: andrew@mcdonald.org.uk http://www.mcdonald.org.uk/andrew/