Re: IPv6 and masq patch, 2.1.131

Stuart Lynne (sl@whiskey.fireplug.net)
21 Dec 1998 23:14:29 GMT

In article <19981221161532.25174.qmail@mail.ocs.com.au>,
Keith Owens <kaos@ocs.com.au> wrote:
>If both IPv6 and masq are active, incoming v6-in-v4 packets are
>discarded by masq. Quick and dirty workaround against 2.1.131, by no
>means the full fix for masq and tunnels.
>
>Index: linux/net/ipv4/ip_masq.c
>--- linux/net/ipv4/ip_masq.c Sun, 29 Nov 1998 22:22:10 +1100 keith (linux-2.1/C/40_ip_masq.c 1.1.1.7 644)
>+++ linux/net/ipv4/ip_masq.c Tue, 22 Dec 1998 03:01:29 +1100 keith (linux-2.1/C/40_ip_masq.c 1.1.1.7 644)
>@@ -993,6 +993,10 @@
> }
>
> break;
>+ case IPPROTO_IPV6:
>+ if (size >= sizeof(struct ipv6hdr))
>+ ret = sizeof(struct ipv6hdr);
>+ break;
> }
> if (ret < 0)
> IP_MASQ_DEBUG(0, "mess proto_doff for proto=%d, size =%d\n",

Similiar problems exist with tunnels and masquerading. In some cases incoming
tunnel packets can end up being checked by ip_fw_demasquerade() which will
fail causing the packet to be dropped.

The following works but it would be more appropriate to change the code so
that ip_fw_demasquerade() only attempts to demasquerade a specific
set of protocols: IPPROTO_ICMP, IPPROTO_UDP, IPPROTO_TCP and IPPROTO_IPV6 etc.

--- ip_masq.c.save Mon Dec 21 10:47:21 1998
+++ ip_masq.c Mon Dec 21 10:56:24 1998
@@ -1776,7 +1776,11 @@
size = ntohs(iph->tot_len) - (iph->ihl * 4);

doff = proto_doff(iph->protocol, h.raw, size);
- if (doff < 0) {
+ /* added check for tunnels,
+ * Wouldn't it be better to only do demasquerading if protocol is
+ * IPPROTO_ICMP, IPPROTO_UDP, IPPROTO_TCP?
+ */
+ if (iph->protocol != IPPROTO_IPIP && iph->protocol != IPPROTO_GRE && doff < 0) {
IP_MASQ_DEBUG(0, "I-pkt invalid packet data size\n");
return -1;
} 

-- 
Stuart Lynne <sl@fireplug.net>      604-461-7532      <http://edge.fireplug.net>
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00  88 EC A3 EE 2D 1C 15 68
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu