On Wed, 21 Jan 2004, Andreas Jellinghaus wrote:
> This time I can ping each machine via wlan0
Yes, my patch should have fixed that :)
> but still on the gateway the ip6sec0 tunnel interface has no
> ipv6 address by default.
That is very odd. I'm not able to replicate this. The
ip6_tnl_add_linklocal() function in addrconf.c loops through the
interfaces looking for a link-local address to use and should print out
the error message if this fails. Could you put in some additional checks
in the function to see what it does on your gateway?
> no matter what I do: I pinging via the ip6sec0 interface,
> but never see any packet outgoing via wlan0. never, ever.
> I added real ipv6 addresses to wlan0 on both sides,
> and configured the tunnel using those: no success.
With this patch (below) I am now able to configure link-local endpoints to
the tunnel as well as global ones. Unfortunately I can't reproduce the
situation you have, since I don't get any of the problems you describe :(
Btw: did you have any IPsec policies loaded when you performed your test?
I don't have IPsec loaded, so that might perhaps be the reason for the
different results.
But let's check:
Both your laptop and gateway have a link-local (ll_laddr and ll_gwaddr for
short) and a have a global (g_laddr and g_gwaddr for short) IPv6 address
on wlan0.
On your laptop:
Do:
ipv6tunnel add ip6sec0 remote ll_gwaddr local ll_laddr dev wlan0
ip link set ip6sec0 up
ip -6 a dev ip6sec0
ipv6tunnel add ip6sec1 remote g_gwaddr local g_laddr dev wlan0
ip link set ip6sec1 up
ip -6 a dev ip6sec1
Now you should have ll_laddr on both ip6sec0 and ip6sec1
On your gateway:
Do:
ipv6tunnel add ip6sec0 remote ll_addr local ll_gwaddr dev wlan0
ip link set ip6sec0 up
ip -6 a dev ip6sec0
ipv6tunnel add ip6sec1 remote g_laddr local g_gwaddr dev wlan0
ip link set ip6sec1 up
ip -6 a dev ip6sec1
Now you *should* have ll_gaddr on both ip6sec0 and ip6sec1 Now you
*should* also be able to ping a link-local address on both ip6sec0 and
ip6sec1.
> > Hmm, strange. Do you have the string "init ip6-ip6: add_linklocal failed"
> > somewhere in your logs?
>
> no, neither "init" nor "ip6-ip6" nor "add_linklocal" are found.
The error message is printed at debug level. My debug messages go into
/var/log/messages, but do you log this level anywhere?
> > When I define global endpoints to the tunnel I can also ping link-local
> > addresses over the tunnel, but it seems that link-local over link-local
> > doesn't work at the moment. The packets reach the ip6_tunnel, but get
> > silently discarded after that.
> >
> > I'll look into this and see if anything can be done about it.
> >
> ah, great.
This patch allows you to configure tunnels between link-local addresses
and also prints out some more error messages if things go wrong while
tunneling packets.
Hope this helps,
Ville
===== net/ipv6/ip6_tunnel.c 1.15 vs edited =====
--- 1.15/net/ipv6/ip6_tunnel.c Wed Jan 7 22:17:40 2004
+++ edited/net/ipv6/ip6_tunnel.c Wed Jan 21 20:31:21 2004
@@ -428,12 +428,10 @@
}
break;
case ICMPV6_PARAMPROB:
- /* ignore if parameter problem not caused by a tunnel
- encapsulation limit sub-option */
- if (code != ICMPV6_HDR_FIELD) {
- break;
- }
- teli = parse_tlv_tnl_enc_lim(skb, skb->data);
+ if (code == ICMPV6_HDR_FIELD)
+ teli = parse_tlv_tnl_enc_lim(skb, skb->data);
+ else
+ teli = 0;
if (teli && teli == ntohl(info) - 2) {
tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli];
@@ -445,6 +443,10 @@
"tunnel!\n", t->parms.name);
rel_msg = 1;
}
+ } else if (net_ratelimit()) {
+ printk(KERN_WARNING
+ "%s: Recipient unable to parse tunneled "
+ "packet!\n ", t->parms.name);
}
break;
case ICMPV6_PKT_TOOBIG:
@@ -511,6 +513,10 @@
if ((t = ip6ip6_tnl_lookup(&ipv6h->saddr, &ipv6h->daddr)) != NULL) {
if (!(t->parms.flags & IP6_TNL_F_CAP_RCV)) {
+ if (net_ratelimit())
+ printk(KERN_WARNING
+ "%s: Tunnel not configured to receive "
+ "traffic!\n", t->parms.name);
t->stat.rx_dropped++;
read_unlock(&ip6ip6_lock);
goto discard;
@@ -620,10 +626,16 @@
goto tx_err;
}
if (skb->protocol != htons(ETH_P_IPV6) ||
- !(t->parms.flags & IP6_TNL_F_CAP_XMIT) ||
ip6ip6_tnl_addr_conflict(t, ipv6h)) {
goto tx_err;
}
+ if (!(t->parms.flags & IP6_TNL_F_CAP_XMIT)) {
+ if (net_ratelimit())
+ printk(KERN_WARNING
+ "%s: Tunnel not configured to transmit "
+ "traffic!\n", t->parms.name);
+ goto tx_err;
+ }
if ((offset = parse_tlv_tnl_enc_lim(skb, skb->nh.raw)) > 0) {
struct ipv6_tlv_tnl_enc_lim *tel;
tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->nh.raw[offset];
@@ -765,25 +777,19 @@
p->flags &= ~(IP6_TNL_F_CAP_XMIT|IP6_TNL_F_CAP_RCV);
- if (ltype != IPV6_ADDR_ANY && rtype != IPV6_ADDR_ANY &&
- ((ltype|rtype) &
- (IPV6_ADDR_UNICAST|
- IPV6_ADDR_LOOPBACK|IPV6_ADDR_LINKLOCAL|
- IPV6_ADDR_MAPPED|IPV6_ADDR_RESERVED)) == IPV6_ADDR_UNICAST) {
+ if (ltype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) &&
+ rtype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) &&
+ !((ltype|rtype) & IPV6_ADDR_LOOPBACK) &&
+ (!((ltype|rtype) & IPV6_ADDR_LINKLOCAL) || p->link)) {
struct net_device *ldev = NULL;
- int l_ok = 1;
- int r_ok = 1;
if (p->link)
ldev = dev_get_by_index(p->link);
- if ((ltype&IPV6_ADDR_UNICAST) && !ipv6_chk_addr(laddr, ldev))
- l_ok = 0;
-
- if ((rtype&IPV6_ADDR_UNICAST) && ipv6_chk_addr(raddr, NULL))
- r_ok = 0;
-
- if (l_ok && r_ok) {
+ if ((ltype&IPV6_ADDR_MULTICAST ||
+ ipv6_chk_addr(laddr, ldev)) &&
+ (rtype&IPV6_ADDR_MULTICAST ||
+ !ipv6_chk_addr(raddr, NULL))) {
if (ltype&IPV6_ADDR_UNICAST)
p->flags |= IP6_TNL_F_CAP_XMIT;
if (rtype&IPV6_ADDR_UNICAST)
--
Ville Nuorvala
Research Assistant, Institute of Digital Communications,
Helsinki University of Technology
email: vnuorval@tcs.hut.fi, phone: +358 (0)9 451 5257
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
