IPv6 Router Alert breaks forwarding
Andrew McDonald
andrew at mcdonald.org.uk
Wed Apr 4 21:53:10 UTC 2007
Hi,
Currently the IPv6 stack, when acting as a router and forwarding
traffic, treats any packet with a Router Alert hop-by-hop option as
'ours' and sends it to the local stack. This stops the packet from
being forwarded any further, and also results in ICMPv6 Destination
Unreachable message being sent back.
This isn't the behaviour specified by RFC2711, where the intention is
that "routers should examine this datagram more closely" with the
router's interest and actions being specified by particular protocol
RFCs. i.e. if the router isn't interested it should ignore the packet
and forward it as normal.
The responsible bit of code is in src/sys/netinet6/ip6_input.c:
/*
* accept the packet if a router alert option is included
* and we act as an IPv6 router.
*/
if (rtalert != ~0 && ip6_forwarding)
ours = 1;
I'm not sure what the 'proper' fix should be, since it probably
requires interactions with userspace to determine if there is something
interested in processing the packet. Linux uses a sockopt to indicate
that a raw socket should receive packets with the router alert option.
In the absence of a full fix, it would probably be a good idea to
remove this unconditional check. This would avoid FreeBSD blocking IPv6
packets with router alert set. However, I'm not sure if this would have
an impact on MLD.
For reference, the IPv4 stack ignores Router Alert options, though it
does do special processing for IPPROTO_RSVP if there is a RSVP daemon
running.
--
Andrew McDonald
E-mail: andrew at mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/
More information about the freebsd-net
mailing list