[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 03179) Re: netfilter6: ICMPv6 type 143 doesn't match

To: pb@xxxxxxxxxxxx
Subject: (usagi-users 03179) Re: netfilter6: ICMPv6 type 143 doesn't match
From: Yasuyuki Kozakai <yasuyuki.kozakai@xxxxxxxxxxxxx>
Date: Mon, 27 Dec 2004 13:17:34 +0900 (JST)
Cc: netdev@xxxxxxxxxxx, usagi-users@xxxxxxxxxxxxxx, laforge@xxxxxxxxxxxx, kaber@xxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <6050E336B1A0D7D8E70C66F3@t1mobil.muc.aerasec.de>
References: <6050E336B1A0D7D8E70C66F3@t1mobil.muc.aerasec.de>
Reply-to: usagi-users@xxxxxxxxxxxxxx

From: Peter Bieringer <pb@xxxxxxxxxxxx>
Date: Sat, 25 Dec 2004 18:47:52 +0100

> I tried several rules (don't wonder about the wrong order, it was a try and 
> error -I insert, uppest rule was inserted last):
> 
> # ip6tables -vn -L OUTPUT
> Chain OUTPUT (policy DROP 4 packets, 4872 bytes)
>  pkts bytes target     prot opt in     out     source 
> destination
>     2   192 ACCEPT     all      *      eth0    ::/0                 ::/0
>     0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0
>     0     0 ACCEPT     icmpv6    *      *       ::/0                 ::/0 
> ipv6-icmp type 143
>     0     0 ACCEPT     icmpv6    *      *       ::/0 
> ff02::/16          ipv6-icmp type 143
>     0     0 ACCEPT     icmpv6    *      *       ::/0 
> ff02::/16          ipv6-icmp type 143
>     0     0 ACCEPT     icmpv6    *      *       ::/0 
> ff02::16/128       ipv6-icmp type 143
> 
> Packet dump:
> 
> 18:46:07.984044 :: > ff02::16: HBH (rtalert: 0x0000) (padn)[icmp6 sum ok] 
> icmp6: type-#143 [hlim 1] (len 56)
>         0x0000:  6000 0000 0038 0001 0000 0000 0000 0000  `....8..........
>         0x0010:  0000 0000 0000 0000 ff02 0000 0000 0000  ................
>         0x0020:  0000 0000 0000 0016 3a00 0502 0000 0100  ........:.......
>         0x0030:  8f00 6b6a 0000 0002 0400 0000 ff05 0000  ..kj............
>         0x0040:  0000 0000 0000 0000 0001 0003 0400 0000  ................
>         0x0050:  ff02 0000 0000 0000 0000 0000 0001 0002  ................
> 
> I wonder that only the proto "all" rule matches such packet.

Well, the Multicast Listener Report seems that skb->data != skb->nh.ipv6h
when interface is up. But IPv6 netfilter modules assumes that
skb->data == skb->nh.ipv6h like IPv4 netfilter modules.

folks, is this wrong or bad asumption ? If so, I'll fix this problem in
many modules as follows.

--- linux-2.6.10/net/ipv6/netfilter/ip6_tables.c	2004-12-27 11:26:57.000000000 +0900
+++ linux-2.6.10-fixed/net/ipv6/netfilter/ip6_tables.c	2004-12-27 11:28:23.000000000 +0900
@@ -222,7 +222,7 @@
 		u_int16_t hdrlen;	/* Header */
 		u_int16_t _fragoff = 0, *fp = NULL;
 
-		ptr = IPV6_HDR_LEN;
+		ptr = ((u8*)skb->nh.ipv6h - skb->data) + IPV6_HDR_LEN;
 
 		while (ip6t_ext_hdr(currenthdr)) {
 	                /* Is there enough space for the next ext header? */


Regards,

-----------------------------------------------------------------
Yasuyuki KOZAKAI @ USAGI Project <yasuyuki.kozakai@xxxxxxxxxxxxx>

Follow-Ups:
- (usagi-users 03334) Re: netfilter6: ICMPv6 type 143 doesn't match
  - From: Patrick McHardy
- (usagi-users 03180) Re: netfilter6: ICMPv6 type 143 doesn't match
  - From: YOSHIFUJI Hideaki / 吉藤英明

References:
- (usagi-users 03167) netfilter6: ICMPv6 type 143 doesn't match
  - From: Peter Bieringer

Prev by Date: (usagi-users 03178) Re: Major deadlock: unregister_netdevice: waiting for <device> to become free. Usage count = 1
Next by Date: (usagi-users 03180) Re: netfilter6: ICMPv6 type 143 doesn't match
Previous by thread: (usagi-users 03167) netfilter6: ICMPv6 type 143 doesn't match
Next by thread: (usagi-users 03180) Re: netfilter6: ICMPv6 type 143 doesn't match
Index(es):
- Date
- Thread