ipv6 getting more and more broken

ipv6 getting more and more broken

[felix-linuxkernel]

ipv6 is broken for me with 2.6.9 (worked great with 2.6.7, less good but
still workable with 2.6.8).  Here are the symptoms:

I have a LAN with two machines.  No IPv6 routers, no radvd.

I have an application that announces itself via IPv6 multicast UDP
packets with a link-local scope.  I start this application on machine A
and then I have a program on machine B that looks for those and then
tcp-connects to the source IP.

In 2.6.7, everything works fine.  It does not matter whether I start
the announcer first or the listener.

In 2.6.8.1, it only works if I start the listener first.  For some
reason, if I start the listener and then start sending the
announcements, the listener won't see them.  Some bug in the IGMP
handling, I guess.

In 2.6.9, the machines don't even get a link-local address when bringing
an interface up!  This is so utterly and completely broken, how can it
be that nobody has noticed this yet?  I have compiled in ipv6
statically, not as a module, but that should not matter, right?

Also, I would like to have a way to do mss clamping for IPv6.  I am
running a Linux based PPPoE router using 6to4, and would like to
route IPv6 to the LAN behind it, but TCP connections keep getting stuck.
I now manually decreased the MTU on the tunnel interface, but that can't
possibly be the right way to do this.  Any suggestions?

I should mention that "worked great in 2.6.7" may be too kind a
statement as well.  Running both the listener and the announcer on the
same machine yields this bizarre bahviour: the listener gets told the
packet arrived on the lo device, not eth0 (via the scope_id), so the
return tcp connection is going to a link-local ethernet address with
scope_id for loopback and fails, of course.  But it does not fail in a
straightforward manner but simply sits there and does not return (the
connect() call, I mean).  That has been this way for ages and I complain
about it every now and then but so far nobody was appalled enough by
this obvious breakage to fix it.

Please do fix IPv6 now.  The BSD people at least fix their stack when I
complain.

Felix

Re: ipv6 getting more and more broken

[Aleksandar Milivojevic]

Quoting felix-linuxkernel@fefe.de
Date: Thu, 9 Dec 2004 03:46:49 
> In 2.6.9, the machines don't even get a link-local address when bringing
> an interface up!  This is so utterly and completely broken, how can it
> be that nobody has noticed this yet?  I have compiled in ipv6
> statically, not as a module, but that should not matter, right?

He, he.  I was complaining because of the opposite (2.6.x automatically loading
ipv6 module and assigning link-local IPv6 addresses to all interfaces -- I don't
use IPv6, so I don't want to see those assigned).  I've been putting "alias
net-pf-10 off" in modprobe.conf, so I haven't noticed if default behaviour was
changed to what we had in 2.4.x.  Which would be good thing, IMHO.  The reality
is that most people use prepackaged kernels, all of them include ipv6 module,
and probably most of the users don't realize that IPv6 firewall on Linux is
separate thing from IPv4 firewall (possible scenario: you hack DMZ machine, than
from it hack into firewall exploiting non-existant IPv6 firewall rules (site
doesn't use IPv6, so admin "forgot" to put them in place), and than you have
open path to internal network).

Have you attempted to put something like this in modprobe.conf to reenable
automatic loading of ipv6 module:

alias net-pf-10 ipv6

This worked with 2.4.x kernels (as soon as any application attempts to use IPv6,
or even starts listening on IPv6, ipv6 module gets loaded).

> I should mention that "worked great in 2.6.7" may be too kind a
> statement as well.  Running both the listener and the announcer on the
> same machine yields this bizarre bahviour: the listener gets told the
> packet arrived on the lo device, not eth0 (via the scope_id), so the
> return tcp connection is going to a link-local ethernet address with
> scope_id for loopback and fails, of course.  But it does not fail in a
> straightforward manner but simply sits there and does not return (the
> connect() call, I mean).  That has been this way for ages and I complain
> about it every now and then but so far nobody was appalled enough by
> this obvious breakage to fix it.

Hm, some of the things from above would probobly need fixing, but some are
normal.  If connection is made to address assigned to local interface (for
example, to eth0), it will go through lo, not through eth0.  Which is kind of
logical.  This is how the things worked with IPv4 for long time.  I don't see
why IPv6 packets would be exception.

-- 
Aleksandar Milivojevic <amilivojevic@pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

Re: ipv6 getting more and more broken

[David S. Miller]

On Thu, 9 Dec 2004 03:46:49 +0100
felix-linuxkernel@fefe.de wrote:

> In 2.6.9, the machines don't even get a link-local address when bringing
> an interface up!

This is fixed in current 2.6.10-rcX kernels.

Re: ipv6 getting more and more broken

[Jeff Garzik]

On Thu, Dec 09, 2004 at 03:46:49AM +0100, felix-linuxkernel@fefe.de wrote:
> In 2.6.9, the machines don't even get a link-local address when bringing
> an interface up!  This is so utterly and completely broken, how can it
> be that nobody has noticed this yet?  I have compiled in ipv6
> statically, not as a module, but that should not matter, right?

I've seen a couple link-local-addr-related bug reports.  Not sure if
those have been discussed yet.

In general, there have been a bunch of IPv6 fixes recently, can you
please test 2.6.10-rc3 (and/or 2.6.10-rc3-bk3)?

	Jeff

Re: ipv6 getting more and more broken

[Christian Kujau]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

felix-linuxkernel@fefe.de schrieb:
> ipv6 is broken for me with 2.6.9 (worked great with 2.6.7, less good but
> still workable with 2.6.8).  Here are the symptoms:

i *felt* something was wrong around 2.6.8.1 or 2.6.9 but i tried to blame
my (free) tunnel broker. having 2.6.10-BK for a while now, everything is
back to normal. link-local addresses assigned, radvd is working too.

> Also, I would like to have a way to do mss clamping for IPv6.  I am
> running a Linux based PPPoE router using 6to4, and would like to
> route IPv6 to the LAN behind it, but TCP connections keep getting stuck.

hm, no issues here. mss clamping is described very often, but i never
really needed it. my ipv6 clients are working fine ;)

Christian.
- --
BOFH excuse #221:

The mainframe needs to rest.  It's getting old, you know.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBuh/j+A7rjkF8z0wRAqTeAJ9+wV+hN7SQdqJvTqd5QVfs32SuDgCePh0e
ZGUUSKv1plfZg2TNvmihQPU=
=UpiK
-----END PGP SIGNATURE-----