New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need to discard IPv6 martian packets #107

Closed
ydahhrk opened this Issue Sep 8, 2014 · 2 comments

Comments

Projects
None yet
2 participants
@ydahhrk
Member

ydahhrk commented Sep 8, 2014

For a long time, we've had a TODO we've been forgetting. That is because it's written away in the Basic Runs tutorial, not here.

Basically, the RFC wants us to always discard martian packets.

We currently avoid them by asking users to issue the following command: sysctl -w net.ipv4.conf.all.log_martians=1. From the name of that system control, one might conclude it only applies to IPv4 martian packets.

Not sure why I can't find an IPv6 equivalent. Perhaps they are always discarded, regardless of configuration. We need to make sure and update Jool or the documentation accordingly.

@ydahhrk

This comment has been minimized.

Show comment
Hide comment
@ydahhrk

ydahhrk Oct 8, 2014

Member

Update:

Logging martians does not actually discard them; we were oddly misinformed.

In practice, getting rid of martian packets is a firewall concern, which pretty much renders this issue a duplicate of #41.

As such, no code was added, but we're removing the log_martians sysctl from the manual.

Member

ydahhrk commented Oct 8, 2014

Update:

Logging martians does not actually discard them; we were oddly misinformed.

In practice, getting rid of martian packets is a firewall concern, which pretty much renders this issue a duplicate of #41.

As such, no code was added, but we're removing the log_martians sysctl from the manual.

ydahhrk added a commit that referenced this issue Oct 8, 2014

Merging version 3.2.1 into master, hereby makingthe changes official.
Version 3.2.1 is 3.2.0 with issues #57, #106, #108 and #109 fixed.
Issue #107 has been marked as duplicate and postponed to 3.3.0.

rting with '#' will be ignored, and an empty message aborts

@ydahhrk ydahhrk closed this Oct 10, 2014

@ydahhrk

This comment has been minimized.

Show comment
Hide comment
@ydahhrk

ydahhrk Dec 1, 2014

Member

We forgot to remove log_martians from the INSTALL file. Reopening.

Member

ydahhrk commented Dec 1, 2014

We forgot to remove log_martians from the INSTALL file. Reopening.

@ydahhrk ydahhrk reopened this Dec 1, 2014

@ydahhrk ydahhrk assigned ydahhrk and unassigned dhfelix Dec 1, 2014

@ydahhrk ydahhrk modified the milestones: 3.3.0, 3.2.1 Dec 1, 2014

ydahhrk added a commit that referenced this issue Dec 11, 2014

Moving Jool from Prerouting to Local In, Local Out and Forwarding.
This is necessary so NAT64 happens after iptables does filtering.
It's also needed so Jool catches local traffic, which is needed by local CLATs.
As an added bonus, it invalidates issue #90. Woot!

Progress so far, summary:
- Issue #33: Done.
- Issue #41: Done.
- Issue #107: Done.
- Issue #111: dhfelix is done, but haven't even started to review.
- Issue #116: EAM done, moved from prerouting done, dummy interface done. Missing (off the top of my head):
	- Adapting the global packet processing pipeline for stateless mode.
	- Configuration options.
	- Review RFC 6145 and updaters.
- Issue #120: Done.
- Issue #121: Not done.

Everything needs testing. There are known bugs with fragmentation.

@ydahhrk ydahhrk closed this Mar 9, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment