kern/38388: ipnat won't let GRE get redirected

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/38388: ipnat won't let GRE get redirected
From: cube%cubidou.net@localhost
Date: Tue, 8 Apr 2008 21:55:00 +0000 (UTC)

>Number:         38388
>Category:       kern
>Synopsis:       ipnat won't let GRE get redirected
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 08 21:55:00 +0000 2008
>Originator:     Quentin Garnier
>Release:        NetBSD 4.0
>Organization:
        NetBSD
>Environment:
NetBSD/i386
>Description:
        ipnat will drop incoming GRE packets if you try to redirect that
        protocol.

        Also, the PPTP proxy (undocumented of course) doesn't work.
        Maybe that's worth another PR, maybe not.
>How-To-Repeat:
        Redirect GRE in any way, specifically or not.

        E.g.:

                rdr on iface external/32 -> internal/32 gre
        or even
                rdr on iface external/32 -> internal/32

        And note that protocol 47 doesn't get through.  With the second
        line, protocol 46 and 48 do get through.
>Fix:
        Remove all the remaining references to IPPROTO_GRE in the code of
        ipfilter does solve the issue (but does not make the pptp proxy
        work of course).
        A lot of them are already commented out.  I'm not sure exactly
        which of the remaining ones is the culprit, but commenting them
        all out was enough for me.

Prev by Date: Re: kern/38374: fdfile leak
Next by Date: Re: kern/24887 (rename violates vnode locking order)
Previous by Thread: Re: kern/36712 (tar extraction cause cannot create pipe, too many open files)
Next by Thread: Re: kern/24887 (rename violates vnode locking order)
Indexes:

Home | Main Index | Thread Index | Old Index