search

NICMx / Jool

SIIT and NAT64 for Linux
GNU General Public License v2.0
320 stars 66 forks source link

Incorrect ICMP error translation #370

Closed ydahhrk closed 2 years ago

ydahhrk commented 2 years ago

(This bug was already discussed on Matrix, and fixed on patch 725b0e125c911ad91bfe232967dfe455f8091c31. I'm uploading this copy for the sake of the upcoming 4.1.6 release's changelog.)

Packet exchange:

  1. IPv6 client pings an IPv4 server; packet is an ICMPv6 echo request.
  2. NAT64 Jool translates IPv6 to IPv4; packet is now an ICMPv4 echo request.
  3. Error happens, IPv4 router responds error. Packet is an ICMPv4 destination unreachable, containing the ICMPv4 echo request from step 2.
  4. Jool translates incorrectly. Packet is an ICMPv6 destination unreachable containing another ICMPv6 destination unreachable, instead of an ICMPv6 destination unreachable containing the ICMPv6 echo request from step 1.

Notably, this used to break traceroutes.

Thanks to @laura-zelenku for reporting this. (I'm actually assuming she's the same person, because I lost the contact on Matrix.)

ydahhrk commented 2 years ago

Jool was using the external ICMP type and code to translate both the external and internal types and codes.

It seems (though don't quote me on this) the bug affected both SIIT and NAT64.

Closing.