Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Oct 2007 16:34:48 GMT
From:      Fabian Wenk <fabian@wenks.ch>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   bin/117214: ipfw(8) fwd with IPv6 treats input as IPv4
Message-ID:  <200710151634.l9FGYmvn072700@www.freebsd.org>
Resent-Message-ID: <200710151640.l9FGe0t3002889@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         117214
>Category:       bin
>Synopsis:       ipfw(8) fwd with IPv6 treats input as IPv4
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 15 16:40:00 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Fabian Wenk
>Release:        FreeBSD 6.2-RELEASE-p7
>Organization:
>Environment:
FreeBSD new-batman.home4u.ch 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #3: Tue Aug 21 16:11:16 CEST 2007     root@new-batman.home4u.ch:/usr/obj/usr/src/sys/BATMAN  amd64
>Description:
I have a setup with two Internet connections and doing source based routing
through ipfw fwd. This works perfectly for IPv4. The similar command lines
for IPv6 gives the following 2 variants of errors:

root@new-batman:~# ipfw add 25050 fwd 2002:d908:d3e3::1 ip6 from 2002:d908:d3e3:1:2e0:81ff:fe47:bb8c to not 2002:d908:d3e3:1::/64,2002:3e02:55b4:2::/64,::1/128
ipfw: illegal forwarding port ``d908:d3e3::1''
root@new-batman:~#

The error "illegal forwarding port" depends on the first parts of the used
IPv6 address, with the other IPv6 address the error is different (treats
and uses it as IPv4 address):

root@new-batman:~# ipfw add 25051 fwd 2002:3e02:55b4:2:2e0:81ff:fe47:bb87 ip6 from 2002:3e02:55b4:2:2e0:81ff:fe47:bb8d to not 2002:d908:d3e3:1::/64,2002:3e02:55b4:2::/64,::1/128
25051 fwd 0.0.7.210,3 ip6 from 2002:3e02:55b4:2:2e0:81ff:fe47:bb8d to not 2002:3e02:55b4:2::/64,2002:d908:d3e3:1::/64,::1
root@new-batman:~#

ipfw show presents the second error (source is something like a broken IPv4
address):

root@new-batman:~# ipfw show | grep 25051
25051  0    0 fwd 0.0.7.210,3 ip6 from 2002:3e02:55b4:2:2e0:81ff:fe47:bb8d to not 2002:3e02:55b4:2::/64,2002:d908:d3e3:1::/64,::1
root@new-batman:~#


This could be something similar like in PR bin/104921, but this does not fix
the fwd problem.
>How-To-Repeat:
ipfw add fwd <IPv6-address> ...
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710151634.l9FGYmvn072700>