Page MenuHomeFreeBSD
Differential D22631

Use IPv6 SAS algorithm for reflected ICMPv6 datagrams in NAT64
ClosedPublic
Actions

Authored by ae on Dec 2 2019, 11:39 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Apr 7, 6:37 AM
Unknown Object (File)
Feb 24 2024, 9:24 AM
Unknown Object (File)
Feb 24 2024, 9:24 AM
Unknown Object (File)
Feb 24 2024, 3:24 AM
Unknown Object (File)
Feb 24 2024, 3:24 AM
Unknown Object (File)
Feb 23 2024, 12:29 PM
Unknown Object (File)
Feb 12 2024, 9:10 AM
Unknown Object (File)
Jan 20 2024, 7:41 PM
View All 39 Files
Subscribers
imp
melifaro

Details

Reviewers
melifaro
Commits
rS355650: Follow RFC 4443 p2.2 and always use own addresses for reflected ICMPv6
Summary

NAT64 module uses own icmp6_reflect() function to be able make better accounting and use deferred and direct output.
It has used destination IPv6 address as source for reflected ICMPv6 datagrams. This mostly works, but can confuse some software.
E.g. traceroute's output looks wired.

[me@mylaptop ~]traceroute6 -w1 -n 64:ff9b::8.8.8.8
traceroute6 to 64:ff9b::8.8.8.8 (64:ff9b::808:808) from 2001:67c:64:49:a421:5045:508d:495a, 64 hops max, 12 byte packets
 1  64:ff9b::808:808  1.732 ms  2.166 ms  2.198 ms
 2  64:ff9b::c100:605  2.131 ms  2.308 ms  3.216 ms
 3  64:ff9b::50f9:d0f7  3.115 ms  4.114 ms  3.657 ms
 4  64:ff9b::6caa:f1c1  3.892 ms
    64:ff9b::6caa:f1a1  4.034 ms  5.465 ms
 5  64:ff9b::6caa:ec87  5.895 ms
    64:ff9b::480e:eef5  4.412 ms
    64:ff9b::d8ef:310d  4.358 ms
 6  64:ff9b::808:808  4.418 ms  3.498 ms  3.247 ms

This patch add:

  • ability use standard method to select source address for such datagrams
  • honor IP_STEALTH kernel option and don't decrement TTL/HLIM

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 28060
Build 26208: arc lint + arc unit

Event Timeline

ae created this revision.Dec 2 2019, 11:39 AM
Herald added a subscriber: imp. · View Herald TranscriptDec 2 2019, 11:39 AM
Harbormaster completed remote builds in B27884: Diff 65119.Dec 2 2019, 11:39 AM
melifaro added a subscriber: melifaro.Dec 2 2019, 11:51 AM
melifaro added inline comments.
sys/netpfil/ipfw/nat64/nat64_translate.c
97

Do we want it to be const? I'd expect it to be determined based on the V_ipstealth value.

728

Worth referencing RFC 4443 2.2 just in case?

734

RFC 4443 2.2b: "the Source Address of the ICMPv6 packet MUST be a unicast address belonging to the node"

1234

Nit: why explicit false? style(9) doesn't require that

melifaro added a reviewer: melifaro.Dec 2 2019, 12:03 PM
melifaro added inline comments.Dec 2 2019, 12:59 PM
sys/netpfil/ipfw/nat64/nat64_translate.c
650–651

Worth having another variable ("photo") for the result?

ae updated this revision to Diff 65455.Dec 10 2019, 1:19 PM

Update the patch.

Since ipstealth can be turned off/on in run-time, use the pointer to
specific kernel variable.
Initialize them explicitly for direct case, since variables are virtualized.

Harbormaster completed remote builds in B28060: Diff 65455.Dec 10 2019, 1:19 PM
ae marked 3 inline comments as done.Dec 10 2019, 1:21 PM
melifaro accepted this revision.Dec 10 2019, 1:34 PM
This revision is now accepted and ready to land.Dec 10 2019, 1:34 PM
Closed by commit rS355650: Follow RFC 4443 p2.2 and always use own addresses for reflected ICMPv6 (authored by ae). · Explain WhyDec 12 2019, 1:29 PM
This revision was automatically updated to reflect the committed changes.
ae added a commit: rS355650: Follow RFC 4443 p2.2 and always use own addresses for reflected ICMPv6.

Revision Contents
Changeset List

PathSize
sys/
modules/
ipfw_nat64/
1 line
netpfil/
ipfw/
nat64/
74 lines

Diff 65455

View Options

sys/modules/ipfw_nat64/Makefile

Loading...
View Options

sys/netpfil/ipfw/nat64/nat64_translate.c

Loading...