From kensaku.masuda@fujixerox.co.jp  Fri May 20 06:11:06 2011
Return-Path: <kensaku.masuda@fujixerox.co.jp>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 797D61065670
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 May 2011 06:11:06 +0000 (UTC)
	(envelope-from kensaku.masuda@fujixerox.co.jp)
Received: from futunusi.skyfx.rdh.fujixerox.co.jp (unknown [IPv6:2002:caf9:e86::1])
	by mx1.freebsd.org (Postfix) with ESMTP id C22DB8FC1B
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 May 2011 06:11:05 +0000 (UTC)
Received: from futunusi.skyfx.rdh.fujixerox.co.jp (localhost [127.0.0.1])
	by futunusi.skyfx.rdh.fujixerox.co.jp (8.14.4/8.14.4) with ESMTP id p4K66wi9003037
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 20 May 2011 15:06:58 +0900 (JST)
	(envelope-from kensaku.masuda@fujixerox.co.jp)
Received: (from greg@localhost)
	by futunusi.skyfx.rdh.fujixerox.co.jp (8.14.4/8.14.4/Submit) id p4K66w2Z003036;
	Fri, 20 May 2011 15:06:58 +0900 (JST)
	(envelope-from greg)
Message-Id: <201105200606.p4K66w2Z003036@futunusi.skyfx.rdh.fujixerox.co.jp>
Date: Fri, 20 May 2011 15:06:58 +0900 (JST)
From: <kensaku.masuda@gmail.com>
Reply-To: <kensaku.masuda@gmail.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: stf(4) can not communication between other 6to4 preix holder
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         157200
>Category:       kern
>Synopsis:       [network.subr] [patch] stf(4) can not communicate between other 6to4 prefix holder
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-net
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 20 06:20:09 UTC 2011
>Closed-Date:    
>Last-Modified:  Wed Jun 01 05:12:43 UTC 2011
>Originator:     Kensaku MASUDA
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
>Environment:
System: FreeBSD futunusi.skyfx.rdh.fujixerox.co.jp 8.2-STABLE FreeBSD 8.2-STABLE #3: Thu May 19 12:57:19 JST 2011 root@futunusi.skyfx.rdh.fujixerox.co.jp:/usr/src/sys/amd64/compile/futunusi.skyfx.rdh.fujixerox.co.jp amd64


	

>Description:
	stf(4) is work fine between native prefixes. But other 6to4 prefix holder is not.
Case of with navtive prefix, stf send a packet(protocol 41) into anycast router.
But other 6to4 prefix, stf send a packet into its V4 address directly. and other side router drop it.

>How-To-Repeat:
	1) Setup stf:
		stf_interface_ipv4addr="XXX.XXX.XXX.XXX" <- Global V4 Address
		ipv6_defaultrouter="2002:c058:6301::1"   <- 192.88.99.1 6to4 anycast router
	2) ping to native v6 machine(Ex: www.kame.net)
	3) see protocol 41 packet, you see a packet that destination is 192.88.99.1.
	4) ping to some 6to4 prefix holder(2002::YYYY:YYYY:?????.....)
	5) see protocol 41 packet, you see a packet that destination is YY.YY.YY.YY.

>Fix:

	function stf_output(mbuf, dest, ro) in if_stf.c create a outgoing packet for stf(4).
And stf_output address IPv4 address from mbuf(outgoing IPv6 packet) or dest.
I think that it use only "dest", no need to refer raw IPv6 packet. 
because, "dest" was look like computed from routing table and interface prefix length.

And problem will clear,so delete routing information about 2002::/16 or above.
(Need to setup route using anycast router)

diff -ruN src.orig/etc/defaults/rc.conf src/etc/defaults/rc.conf
--- src.orig/etc/defaults/rc.conf	2011-05-20 14:19:34.341476080 +0900
+++ src/etc/defaults/rc.conf	2011-05-20 14:18:23.927534426 +0900
@@ -494,6 +494,7 @@
 stf_interface_ipv6_ifid="0:0:0:1"	# IPv6 interface id for stf0.
 				# If you like, you can set "AUTO" for this.
 stf_interface_ipv6_slaid="0000"	# IPv6 Site Level Aggregator for stf0
+stf_interface_mode="anycast"	# Anycast router or edge router
 ipv6_faith_prefix="NO"		# Set faith prefix to enable a FAITH
 				# IPv6-to-IPv4 TCP translator.  You also need
 				# faithd(8) setup.
diff -ruN src.orig/etc/network.subr src/etc/network.subr
--- src.orig/etc/network.subr	2011-05-20 14:19:50.528201421 +0900
+++ src/etc/network.subr	2011-05-20 14:17:59.467935221 +0900
@@ -1042,6 +1042,14 @@
 		route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
 		route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
 		route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
+		case ${stf_interface_mode} in
+		[Aa][Nn][Yy][Cc][Aa][Ss][Tt])
+			;;
+		[Ee][Dd][Gg][Ee])
+			route -q del -inet6 2002:${ipv4_in_hexformat}::/${stf_prefixlen}
+			route -q del -inet6 2002::/${stf_prefixlen}
+			;;
+			esac
 		;;
 	esac
 }
diff -ruN src.orig/sys/net/if_stf.c src/sys/net/if_stf.c
--- src.orig/sys/net/if_stf.c	2011-05-20 14:20:08.610057217 +0900
+++ src/sys/net/if_stf.c	2011-05-20 14:19:12.535445653 +0900
@@ -479,11 +479,18 @@
 	/*
 	 * Pickup the right outer dst addr from the list of candidates.
 	 * ip6_dst has priority as it may be able to give us shorter IPv4 hops.
+	 *
+	 * NOTICE: dst is computed by routing tables and network prefix.
+	 * In broadcast segment, ip6->ip6_dst and dst6->sin6_addr are same.
+	 * Othersise, dst is found from routeing table.
 	 */
 	ptr = NULL;
+/*
 	if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst))
 		ptr = GET_V4(&ip6->ip6_dst);
-	else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr))
+	else
+*/
+	if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr))
 		ptr = GET_V4(&dst6->sin6_addr);
 	else {
 		ifa_free(&ia6->ia_ifa);
>Release-Note:
>Audit-Trail:

From: "Kensaku MASUDA" <kensaku.masuda@fujixerox.co.jp>
To: <bug-followup@FreeBSD.org>, <kensaku.masuda@gmail.com>
Subject: Re: conf/157200: [network.subr] [patch] stf(4) can not communicate between other 6to4 prefix holder
Date: Thu, 26 May 2011 17:02:59 +0900

     I have checked about original KAME's code. And stf_output() in if_stf.c 
 are like this.
 
         if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst)) {
             ptr = GET_V4(sc, &ip6->ip6_dst);
         }
         if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr)) {
             ptr = GET_V4(sc, &dst6->sin6_addr);
         }
 
 This codes are not changed before three years.
 And freebsd's is
 
         if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst))
             ptr = GET_V4(&ip6->ip6_dst);
         else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr))
             ptr = GET_V4(&dst6->sin6_addr);
         else {
 
 Unnecessary "else" seems to be included, I think this difference is mistake 
 at back-porting from KAME.
 Is it correct ? 

From: Kensaku MASUDA <kensaku.masuda@gmail.com>
To: bug-followup@FreeBSD.org, kensaku.masuda@gmail.com
Cc:  
Subject: Re: conf/157200: [network.subr] [patch] stf(4) can not communicate
 between other 6to4 prefix holder
Date: Mon, 30 May 2011 15:27:42 +0900

 --20cf303f6cf87f07fd04a478626a
 Content-Type: text/plain; charset=UTF-8
 
     I had created a new fixes based on KAME. And this fixes seems to be
 perfect.
 Please commit.
 
 --20cf303f6cf87f07fd04a478626a
 Content-Type: application/octet-stream; name="stf-related.diff"
 Content-Disposition: attachment; filename="stf-related.diff"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_gob1bvwy0
 
 ZGlmZiAtcnVOIHNyYy5vcmlnL2V0Yy9kZWZhdWx0cy9yYy5jb25mIHNyYy9ldGMvZGVmYXVsdHMv
 cmMuY29uZgotLS0gc3JjLm9yaWcvZXRjL2RlZmF1bHRzL3JjLmNvbmYJMjAxMS0wNS0yMCAxNDox
 OTozNC4zNDE0NzYwODAgKzA5MDAKKysrIHNyYy9ldGMvZGVmYXVsdHMvcmMuY29uZgkyMDExLTA1
 LTIwIDE0OjE4OjIzLjkyNzUzNDQyNiArMDkwMApAQCAtNDk0LDYgKzQ5NCw3IEBACiBzdGZfaW50
 ZXJmYWNlX2lwdjZfaWZpZD0iMDowOjA6MSIJIyBJUHY2IGludGVyZmFjZSBpZCBmb3Igc3RmMC4K
 IAkJCQkjIElmIHlvdSBsaWtlLCB5b3UgY2FuIHNldCAiQVVUTyIgZm9yIHRoaXMuCiBzdGZfaW50
 ZXJmYWNlX2lwdjZfc2xhaWQ9IjAwMDAiCSMgSVB2NiBTaXRlIExldmVsIEFnZ3JlZ2F0b3IgZm9y
 IHN0ZjAKK3N0Zl9pbnRlcmZhY2VfbW9kZT0iYW55Y2FzdCIJIyBBbnljYXN0IHJvdXRlciBvciBl
 ZGdlIHJvdXRlcgogaXB2Nl9mYWl0aF9wcmVmaXg9Ik5PIgkJIyBTZXQgZmFpdGggcHJlZml4IHRv
 IGVuYWJsZSBhIEZBSVRICiAJCQkJIyBJUHY2LXRvLUlQdjQgVENQIHRyYW5zbGF0b3IuICBZb3Ug
 YWxzbyBuZWVkCiAJCQkJIyBmYWl0aGQoOCkgc2V0dXAuCmRpZmYgLXJ1TiBzcmMub3JpZy9ldGMv
 bmV0d29yay5zdWJyIHNyYy9ldGMvbmV0d29yay5zdWJyCi0tLSBzcmMub3JpZy9ldGMvbmV0d29y
 ay5zdWJyCTIwMTEtMDUtMjAgMTQ6MTk6NTAuNTI4MjAxNDIxICswOTAwCisrKyBzcmMvZXRjL25l
 dHdvcmsuc3VicgkyMDExLTA1LTIwIDE0OjE3OjU5LjQ2NzkzNTIyMSArMDkwMApAQCAtMTA0Miw2
 ICsxMDQyLDE0IEBACiAJCXJvdXRlIGFkZCAtaW5ldDYgMjAwMjo3ZjAwOjogLXByZWZpeGxlbiAy
 NCA6OjEgLXJlamVjdAogCQlyb3V0ZSBhZGQgLWluZXQ2IDIwMDI6MDAwMDo6IC1wcmVmaXhsZW4g
 MjQgOjoxIC1yZWplY3QKIAkJcm91dGUgYWRkIC1pbmV0NiAyMDAyOmZmMDA6OiAtcHJlZml4bGVu
 IDI0IDo6MSAtcmVqZWN0CisJCWNhc2UgJHtzdGZfaW50ZXJmYWNlX21vZGV9IGluCisJCVtBYV1b
 Tm5dW1l5XVtDY11bQWFdW1NzXVtUdF0pCisJCQk7OworCQlbRWVdW0RkXVtHZ11bRWVdKQorCQkJ
 cm91dGUgLXEgZGVsIC1pbmV0NiAyMDAyOiR7aXB2NF9pbl9oZXhmb3JtYXR9OjovJHtzdGZfcHJl
 Zml4bGVufQorCQkJcm91dGUgLXEgZGVsIC1pbmV0NiAyMDAyOjovJHtzdGZfcHJlZml4bGVufQor
 CQkJOzsKKwkJCWVzYWMKIAkJOzsKIAllc2FjCiB9CmRpZmYgLXJ1TiBzcmMub3JpZy9zeXMvbmV0
 L2lmX3N0Zi5jIHNyYy9zeXMvbmV0L2lmX3N0Zi5jCi0tLSBzcmMub3JpZy9zeXMvbmV0L2lmX3N0
 Zi5jCTIwMTEtMDUtMjAgMTQ6MjA6MDguNjEwMDU3MjE3ICswOTAwCisrKyBzcmMvc3lzL25ldC9p
 Zl9zdGYuYwkyMDExLTA1LTMwIDE0OjUwOjA0LjQ5MjUyNjYzOSArMDkwMApAQCAtNDgxLDExICs0
 ODEsMTMgQEAKIAkgKiBpcDZfZHN0IGhhcyBwcmlvcml0eSBhcyBpdCBtYXkgYmUgYWJsZSB0byBn
 aXZlIHVzIHNob3J0ZXIgSVB2NCBob3BzLgogCSAqLwogCXB0ciA9IE5VTEw7Ci0JaWYgKElONl9J
 U19BRERSXzZUTzQoJmlwNi0+aXA2X2RzdCkpCisJaWYgKElONl9JU19BRERSXzZUTzQoJmlwNi0+
 aXA2X2RzdCkpIHsKIAkJcHRyID0gR0VUX1Y0KCZpcDYtPmlwNl9kc3QpOwotCWVsc2UgaWYgKElO
 Nl9JU19BRERSXzZUTzQoJmRzdDYtPnNpbjZfYWRkcikpCisJfQorCWlmIChJTjZfSVNfQUREUl82
 VE80KCZkc3Q2LT5zaW42X2FkZHIpKSB7CiAJCXB0ciA9IEdFVF9WNCgmZHN0Ni0+c2luNl9hZGRy
 KTsKLQllbHNlIHsKKwl9CisJaWYocHRyID09IE5VTEwpIHsKIAkJaWZhX2ZyZWUoJmlhNi0+aWFf
 aWZhKTsKIAkJbV9mcmVlbShtKTsKIAkJaWZwLT5pZl9vZXJyb3JzKys7Cg==
 --20cf303f6cf87f07fd04a478626a--
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Jun 1 05:09:45 UTC 2011 
Responsible-Changed-Why:  
Actually this primarily affects sys/net/if_stf.c, with the conf files 
merely being an adjunct.  Thus, reclassify and assign it, as submitter 
requested. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=157200 
>Unformatted:
