Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to discard IPv6 martian packets #107

Closed
ydahhrk opened this issue Sep 8, 2014 · 2 comments
Closed

Need to discard IPv6 martian packets #107

ydahhrk opened this issue Sep 8, 2014 · 2 comments
Assignees
@ydahhrk
Milestone
3.3.0

Comments

@ydahhrk
Copy link
Member

ydahhrk commented Sep 8, 2014

For a long time, we've had a TODO we've been forgetting. That is because it's written away in the Basic Runs tutorial, not here.

Basically, the RFC wants us to always discard martian packets.

We currently avoid them by asking users to issue the following command: sysctl -w net.ipv4.conf.all.log_martians=1. From the name of that system control, one might conclude it only applies to IPv4 martian packets.

Not sure why I can't find an IPv6 equivalent. Perhaps they are always discarded, regardless of configuration. We need to make sure and update Jool or the documentation accordingly.
@ydahhrk ydahhrk added the Bug label Sep 8, 2014
@ydahhrk ydahhrk added this to the 3.2.1 milestone Sep 8, 2014
@ydahhrk
Copy link
Member Author

ydahhrk commented Oct 8, 2014

Update:

Logging martians does not actually discard them; we were oddly misinformed.

In practice, getting rid of martian packets is a firewall concern, which pretty much renders this issue a duplicate of #41.

As such, no code was added, but we're removing the log_martians sysctl from the manual.

@ydahhrk ydahhrk added Duplicate Already being addressed elsewhere and removed Merged (needs review) labels Oct 8, 2014
ydahhrk added a commit that referenced this issue Oct 8, 2014
@ydahhrk
Merging version 3.2.1 into master, hereby makingthe changes official.
3025ec2 
Version 3.2.1 is 3.2.0 with issues #57, #106, #108 and #109 fixed.
Issue #107 has been marked as duplicate and postponed to 3.3.0.

rting with '#' will be ignored, and an empty message aborts
@ydahhrk ydahhrk closed this as completed Oct 10, 2014
@ydahhrk
Copy link
Member Author

ydahhrk commented Dec 1, 2014

We forgot to remove log_martians from the INSTALL file. Reopening.

@ydahhrk ydahhrk reopened this Dec 1, 2014
@ydahhrk ydahhrk added Documentation and removed Bug Duplicate Already being addressed elsewhere labels Dec 1, 2014
@ydahhrk ydahhrk assigned ydahhrk and unassigned dhfelix Dec 1, 2014
@ydahhrk ydahhrk modified the milestones: 3.3.0, 3.2.1 Dec 1, 2014
ydahhrk added a commit that referenced this issue Dec 11, 2014
@ydahhrk
Moving Jool from Prerouting to Local In, Local Out and Forwarding.
fa8b0c2 
This is necessary so NAT64 happens after iptables does filtering.
It's also needed so Jool catches local traffic, which is needed by local CLATs.
As an added bonus, it invalidates issue #90. Woot!

Progress so far, summary:
- Issue #33: Done.
- Issue #41: Done.
- Issue #107: Done.
- Issue #111: dhfelix is done, but haven't even started to review.
- Issue #116: EAM done, moved from prerouting done, dummy interface done. Missing (off the top of my head):
	- Adapting the global packet processing pipeline for stateless mode.
	- Configuration options.
	- Review RFC 6145 and updaters.
- Issue #120: Done.
- Issue #121: Not done.

Everything needs testing. There are known bugs with fragmentation.
@ydahhrk ydahhrk closed this as completed Mar 9, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ydahhrk ydahhrk

Labels
None yet
Projects
None yet
Milestone
3.3.0
Development

No branches or pull requests
2 participants
@ydahhrk @dhfelix