NetBSD Problem Report #52469

From www@NetBSD.org  Mon Aug  7 14:14:45 2017
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 215327A263
	for <gnats-bugs@gnats.NetBSD.org>; Mon,  7 Aug 2017 14:14:45 +0000 (UTC)
Message-Id: <20170807141443.B1C5F7A28A@mollari.NetBSD.org>
Date: Mon,  7 Aug 2017 14:14:43 +0000 (UTC)
From: ef@math.uni-bonn.de
Reply-To: ef@math.uni-bonn.de
To: gnats-bugs@NetBSD.org
Subject: ipf fails to return-rst (or panics) on a IPv6 link-local-address
X-Send-Pr-Version: www-1.0

>Number:         52469
>Category:       kern
>Synopsis:       ipf fails to return-rst (or panics) on a IPv6 link-local-address
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 07 14:15:00 +0000 2017
>Closed-Date:    Wed Jun 09 02:06:04 +0000 2021
>Last-Modified:  Wed Jun 09 02:06:04 +0000 2021
>Originator:     Edgar Fuß
>Release:        6.1 (ignored), 7.1 (panics)
>Organization:
Mathematisches Institut der Universität Bonn
>Environment:
>Description:
With a block rule qualified "return-rst", if that rule matches a link-local address, no RST is returned (on NetBSD-6) or the system panics (on NetBSD-7).
The problem is that ipf6_fastroute() consults the routing cache without having inserted the address's scope first.
>How-To-Repeat:
Add a block rule qualified "return-rst" that matches a link-local address. Make that rule match. Observe no RST being sent or the system panic.
>Fix:
Index: ip_fil_netbsd.c
===================================================================
RCS file: /cvsroot/src/sys/external/bsd/ipf/netinet/ip_fil_netbsd.c,v
retrieving revision 1.11
diff -u -p -r1.11 ip_fil_netbsd.c
--- ip_fil_netbsd.c	25 Jul 2014 08:10:39 -0000	1.11
+++ ip_fil_netbsd.c	20 Jul 2017 13:04:22 -0000
@@ -1378,6 +1378,9 @@ ipf_fastroute6(struct mbuf *m0, struct m
 		sockaddr_in6_init(&u.dst6, &fdp->fd_ip6.in6, 0, 0, 0);
 	else
 		sockaddr_in6_init(&u.dst6, &fin->fin_fi.fi_dst.in6, 0, 0, 0);
+	/* KAME */
+	if (IN6_IS_ADDR_LINKLOCAL(&u.dst6.sin6_addr))
+		u.dst6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
 	dst = &u.dst;
 	rtcache_setdst(ro, dst);

@@ -1389,6 +1392,9 @@ ipf_fastroute6(struct mbuf *m0, struct m
 	dst6->sin6_family = AF_INET6;
 	dst6->sin6_len = sizeof(struct sockaddr_in6);
 	dst6->sin6_addr = fin->fin_fi.fi_dst.in6;
+	/* KAME */
+	if (IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr))
+		dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);

 	if (fdp != NULL) {
 		if (IP6_NOTZERO(&fdp->fd_ip6))
@@ -1407,15 +1413,6 @@ ipf_fastroute6(struct mbuf *m0, struct m
 		goto bad;
 	}

-	/* KAME */
-# if __NetBSD_Version__ >= 499001100
-	if (IN6_IS_ADDR_LINKLOCAL(&u.dst6.sin6_addr))
-		u.dst6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# else
-	if (IN6_IS_ADDR_LINKLOCAL(&dst6->sin6_addr))
-		dst6->sin6_addr.s6_addr16[1] = htons(ifp->if_index);
-# endif
-
 	{
 # if (__NetBSD_Version__ >= 106010000) && !defined(IN6_LINKMTU)
 		struct in6_ifextra *ife;

>Release-Note:

>Audit-Trail:
From: Edgar =?iso-8859-1?B?RnXf?= <ef@math.uni-bonn.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/52469: ipf fails to return-rst (or panics) on a IPv6
 link-local-address
Date: Mon, 7 Aug 2017 16:21:15 +0200

 The problem may or may not be related to kern/50168.

From: Edgar =?iso-8859-1?B?RnXf?= <ef@math.uni-bonn.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/52469: ipf fails to return-rst (or panics) on a IPv6
 link-local-address
Date: Mon, 7 Aug 2017 16:26:08 +0200

 On tech-net@, JINMEI, Tatuya suggested the following improvement:

 I suggest using utility functions defined in scope6.c instead of
 manually tweaking sin6_addr:

 > +    /* KAME */
 > +    if (IN6_IS_ADDR_LINKLOCAL(&u.dst6.sin6_addr))
 > +        u.dst6.sin6_addr.s6_addr16[1] = htons(ifp->if_index);

 These two lines could (should) be:

     if ((error = in6_setscope(&u.dst6.sin6_addr, ifp,
         &u.dst6.sin6_scope_id)) != 0)
         goto bad;
     if ((error = sa6_embedscope(&u.dst6, 0)) != 0)
         goto bad;

 It tries to hide as many implementation details as possible, and also
 covers other types of IPv6 scoped addresses (in practice unicast
 link-local may be the only type you're interested in, but in principle
 you'd need to expect it could be, e.g., a scoped multicast address).

State-Changed-From-To: open->needs-pullups
State-Changed-By: maya@NetBSD.org
State-Changed-When: Mon, 04 Jun 2018 10:43:37 +0000
State-Changed-Why:
This did get committed (thanks for the patch & report), but records did not go into GNATS.
It's ip_fil_netbsd.c:1.24 - 1.26, and is in netbsd-8 (pullup-8 #206), but not in netbsd-7


State-Changed-From-To: needs-pullups->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 09 Jun 2021 02:06:04 +0000
State-Changed-Why:
pullups to -7 are no longer relevant


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.