Date: Mon, 6 Aug 2007 11:53:21 +0300 (EEST) From: Pekka Savola <pekkas@netcore.fi> To: freebsd-ipfw@freebsd.org Subject: bug in 'ipfw: pullup failed' w/ ipv6-nonxt ? Message-ID: <Pine.LNX.4.64.0708061142570.28645@netcore.fi>
next in thread | raw e-mail | index | archive | help
Hi, Recently on FreeBSD-6.2 STABLE I've noticed over 100x increase of 'ipfw: pullup failed' messages. This coincides with me starting to run a Teredo relay which includes receiving pretty much arbitrary IPv6 packets from the network. This appears to trigger a problem in sys/netinet/ip_fw2.c code with a packet like: 11:35:48.327605 IP6 (hlim 255, next-header: unknown (59), length: 0) 2001:0:4136:xxxx:yyyy:zzzz:wwww:vvvv > fe80::fc31:b43b:679c:dcb9: no next header now, the code in ip_fw2.c appears to be: case IPPROTO_NONE: /* RFC 2460 */ PULLUP_TO(hlen, ulp, struct ip6_ext); /* Packet ends here. if ip6e_len!=0 octets * must be ignored. */ break; .. but struct ip6_ext is at least 2 bytes long. Am I reading the code correctly that it expects that even with IPPROTO_NONE, the IP header needs to include at least 2 bytes of content. This would probably be a bug, and instead of printing "pullup failed" it shouldn't try to pull more than the base IPv6 header. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.64.0708061142570.28645>