[Jool-list] RFC: Limiting EAM algorithm to specific header fields
Tore Anderson
tore at fud.no
Thu Jun 18 01:42:41 CDT 2015
* Alberto Leiva <ydahhrk at gmail.com>
> I'll test yours tomorrow :)
Ok so now I re-did my test, and it works fine. Here's the setup:
Ubuntu 14.04.2, kernel 3.13.0-55-generic, Jool from Git branch
eam-disabled-fields (freshly fetched). One interface (eth0) with
185.47.41.5 and 2a02:c0:400:104:218:59ff:fe19:405 assigned, plus
default routes for both protocols.
Routing on upstream router:
ip route add 2a02:c0::46:43:0:0/96 via 2a02:c0:400:104:218:59ff:fe19:405
ip route add 185.47.43.0/24 via 185.47.41.5
Jool's init script:
modprobe jool_siit
/usr/local/bin/jool_siit -6 -f
/usr/local/bin/jool_siit -6 -a 2a02:c0::46:43:0:0/96
/usr/local/bin/jool_siit -e -f
/usr/local/bin/jool_siit -e -a 2a02:c0:200:104::1 185.47.43.1
/usr/local/bin/jool_siit -e -a 2a02:c0:400:108::1 185.47.43.2
/usr/local/bin/jool_siit --eam-enabled-fields 222
So rule 3 of the "Simple Hairpinning" isn't implemented, but that makes
no difference for the test below:
On the host 2a02:c0:200:104::1, I send a TCP SYN packet towards
[2a02:c0::46:43:185.47.43.2]:6145. This shows up in "tcpdump -i eth0
port 6145 -en" on the Jool node as follows:
08:29:27.102565 e4:11:5b:9b:8f:29 > 00:18:59:19:04:05, ethertype IPv6 (0x86dd), length 74: 2a02:c0:200:104::1.42097 > 2a02:c0::46:43:b92f:2b02.6145: Flags [S], seq 2846414660, win 1480, length 0
Initial packet received by Jool node (MAC 00:18:*) sent from the
upstream router (MAC e4:11:*). No translation yet.
08:29:27.102639 00:18:59:19:04:05 > e4:11:5b:9b:8f:29, ethertype IPv4 (0x0800), length 54: 185.47.43.1.42097 > 185.47.43.2.6145: Flags [S], seq 2846414660, win 1480, length 0
Standard IPv6 -> IPv4 translation has been performed by Jool and
translated packet is egressing the Jool node. No hairpinning stuff has
happened yet.
08:29:27.102747 e4:11:5b:9b:8f:29 > 00:18:59:19:04:05, ethertype IPv4 (0x0800), length 54: 185.47.43.1.42097 > 185.47.43.2.6145: Flags [S], seq 2846414660, win 1480, length 0
Same packet as the one preceding it, only that it has made a U-turn in
the upstream router (note how the MAC addresses have reversed).
08:29:27.102797 00:18:59:19:04:05 > e4:11:5b:9b:8f:29, ethertype IPv6 (0x86dd), length 74: 2a02:c0::46:43:b92f:2b01.42097 > 2a02:c0:400:108::1.6145: Flags [S], seq 2846414660, win 1480, length 0
IPv6 -> IPv4 translation has been performed by Jool and the resulting
packet is being forwarded back to the upstream router. The
--eam-enabled-fields stuff came into play here as the source address
was not translated according to the EAMT. Simple hairpinning success.
Since there's nothing listening on port 6145 of the destination host,
it originates a TCP reset which is hairpinned back the in the same way.
This TCP reset is received by 2a02:c0:200:104::1 and the application
gets a "Connection refused" error. So everything works just fine.
08:29:27.103374 e4:11:5b:9b:8f:29 > 00:18:59:19:04:05, ethertype IPv6 (0x86dd), length 74: 2a02:c0:400:108::1.6145 > 2a02:c0::46:43:b92f:2b01.42097: Flags [R.], seq 0, ack 2846414661, win 0, length 0
08:29:27.103387 00:18:59:19:04:05 > e4:11:5b:9b:8f:29, ethertype IPv4 (0x0800), length 54: 185.47.43.2.6145 > 185.47.43.1.42097: Flags [R.], seq 0, ack 2846414661, win 0, length 0
08:29:27.103481 e4:11:5b:9b:8f:29 > 00:18:59:19:04:05, ethertype IPv4 (0x0800), length 54: 185.47.43.2.6145 > 185.47.43.1.42097: Flags [R.], seq 0, ack 1, win 0, length 0
08:29:27.103495 00:18:59:19:04:05 > e4:11:5b:9b:8f:29, ethertype IPv6 (0x86dd), length 74: 2a02:c0::46:43:b92f:2b02.6145 > 2a02:c0:200:104::1.42097: Flags [R.], seq 0, ack 2846414661, win 0, length 0
The relevant sysctl settings on the Jool node is as follows
(rp_filter=1, even):
$ grep . /proc/sys/net/ipv*/conf/{eth0,all}/*
/proc/sys/net/ipv4/conf/eth0/accept_local:0
/proc/sys/net/ipv4/conf/eth0/accept_redirects:1
/proc/sys/net/ipv4/conf/eth0/accept_source_route:1
/proc/sys/net/ipv4/conf/eth0/arp_accept:0
/proc/sys/net/ipv4/conf/eth0/arp_announce:0
/proc/sys/net/ipv4/conf/eth0/arp_filter:0
/proc/sys/net/ipv4/conf/eth0/arp_ignore:0
/proc/sys/net/ipv4/conf/eth0/arp_notify:0
/proc/sys/net/ipv4/conf/eth0/bootp_relay:0
/proc/sys/net/ipv4/conf/eth0/disable_policy:0
/proc/sys/net/ipv4/conf/eth0/disable_xfrm:0
/proc/sys/net/ipv4/conf/eth0/force_igmp_version:0
/proc/sys/net/ipv4/conf/eth0/forwarding:0
/proc/sys/net/ipv4/conf/eth0/igmpv2_unsolicited_report_interval:10000
/proc/sys/net/ipv4/conf/eth0/igmpv3_unsolicited_report_interval:1000
/proc/sys/net/ipv4/conf/eth0/log_martians:0
/proc/sys/net/ipv4/conf/eth0/mc_forwarding:0
/proc/sys/net/ipv4/conf/eth0/medium_id:0
/proc/sys/net/ipv4/conf/eth0/promote_secondaries:0
/proc/sys/net/ipv4/conf/eth0/proxy_arp:0
/proc/sys/net/ipv4/conf/eth0/proxy_arp_pvlan:0
/proc/sys/net/ipv4/conf/eth0/route_localnet:0
/proc/sys/net/ipv4/conf/eth0/rp_filter:1
/proc/sys/net/ipv4/conf/eth0/secure_redirects:1
/proc/sys/net/ipv4/conf/eth0/send_redirects:1
/proc/sys/net/ipv4/conf/eth0/shared_media:1
/proc/sys/net/ipv4/conf/eth0/src_valid_mark:0
/proc/sys/net/ipv4/conf/eth0/tag:0
/proc/sys/net/ipv6/conf/eth0/accept_dad:1
/proc/sys/net/ipv6/conf/eth0/accept_ra:2
/proc/sys/net/ipv6/conf/eth0/accept_ra_defrtr:1
/proc/sys/net/ipv6/conf/eth0/accept_ra_pinfo:1
/proc/sys/net/ipv6/conf/eth0/accept_ra_rt_info_max_plen:0
/proc/sys/net/ipv6/conf/eth0/accept_ra_rtr_pref:1
/proc/sys/net/ipv6/conf/eth0/accept_redirects:1
/proc/sys/net/ipv6/conf/eth0/accept_source_route:0
/proc/sys/net/ipv6/conf/eth0/autoconf:1
/proc/sys/net/ipv6/conf/eth0/dad_transmits:1
/proc/sys/net/ipv6/conf/eth0/disable_ipv6:0
/proc/sys/net/ipv6/conf/eth0/force_mld_version:0
/proc/sys/net/ipv6/conf/eth0/force_tllao:0
/proc/sys/net/ipv6/conf/eth0/forwarding:1
/proc/sys/net/ipv6/conf/eth0/hop_limit:64
/proc/sys/net/ipv6/conf/eth0/max_addresses:16
/proc/sys/net/ipv6/conf/eth0/max_desync_factor:600
/proc/sys/net/ipv6/conf/eth0/mc_forwarding:0
/proc/sys/net/ipv6/conf/eth0/mldv1_unsolicited_report_interval:10000
/proc/sys/net/ipv6/conf/eth0/mldv2_unsolicited_report_interval:1000
/proc/sys/net/ipv6/conf/eth0/mtu:1500
/proc/sys/net/ipv6/conf/eth0/ndisc_notify:0
/proc/sys/net/ipv6/conf/eth0/proxy_ndp:0
/proc/sys/net/ipv6/conf/eth0/regen_max_retry:3
/proc/sys/net/ipv6/conf/eth0/router_probe_interval:60
/proc/sys/net/ipv6/conf/eth0/router_solicitation_delay:1
/proc/sys/net/ipv6/conf/eth0/router_solicitation_interval:4
/proc/sys/net/ipv6/conf/eth0/router_solicitations:3
/proc/sys/net/ipv6/conf/eth0/suppress_frag_ndisc:1
/proc/sys/net/ipv6/conf/eth0/temp_prefered_lft:86400
/proc/sys/net/ipv6/conf/eth0/temp_valid_lft:604800
/proc/sys/net/ipv6/conf/eth0/use_tempaddr:2
/proc/sys/net/ipv4/conf/all/accept_local:0
/proc/sys/net/ipv4/conf/all/accept_redirects:1
/proc/sys/net/ipv4/conf/all/accept_source_route:0
/proc/sys/net/ipv4/conf/all/arp_accept:0
/proc/sys/net/ipv4/conf/all/arp_announce:0
/proc/sys/net/ipv4/conf/all/arp_filter:0
/proc/sys/net/ipv4/conf/all/arp_ignore:0
/proc/sys/net/ipv4/conf/all/arp_notify:0
/proc/sys/net/ipv4/conf/all/bootp_relay:0
/proc/sys/net/ipv4/conf/all/disable_policy:0
/proc/sys/net/ipv4/conf/all/disable_xfrm:0
/proc/sys/net/ipv4/conf/all/force_igmp_version:0
/proc/sys/net/ipv4/conf/all/forwarding:0
/proc/sys/net/ipv4/conf/all/igmpv2_unsolicited_report_interval:10000
/proc/sys/net/ipv4/conf/all/igmpv3_unsolicited_report_interval:1000
/proc/sys/net/ipv4/conf/all/log_martians:0
/proc/sys/net/ipv4/conf/all/mc_forwarding:0
/proc/sys/net/ipv4/conf/all/medium_id:0
/proc/sys/net/ipv4/conf/all/promote_secondaries:0
/proc/sys/net/ipv4/conf/all/proxy_arp:0
/proc/sys/net/ipv4/conf/all/proxy_arp_pvlan:0
/proc/sys/net/ipv4/conf/all/route_localnet:0
/proc/sys/net/ipv4/conf/all/rp_filter:1
/proc/sys/net/ipv4/conf/all/secure_redirects:1
/proc/sys/net/ipv4/conf/all/send_redirects:1
/proc/sys/net/ipv4/conf/all/shared_media:1
/proc/sys/net/ipv4/conf/all/src_valid_mark:0
/proc/sys/net/ipv4/conf/all/tag:0
/proc/sys/net/ipv6/conf/all/accept_dad:1
/proc/sys/net/ipv6/conf/all/accept_ra:1
/proc/sys/net/ipv6/conf/all/accept_ra_defrtr:1
/proc/sys/net/ipv6/conf/all/accept_ra_pinfo:1
/proc/sys/net/ipv6/conf/all/accept_ra_rt_info_max_plen:0
/proc/sys/net/ipv6/conf/all/accept_ra_rtr_pref:1
/proc/sys/net/ipv6/conf/all/accept_redirects:1
/proc/sys/net/ipv6/conf/all/accept_source_route:0
/proc/sys/net/ipv6/conf/all/autoconf:1
/proc/sys/net/ipv6/conf/all/dad_transmits:1
/proc/sys/net/ipv6/conf/all/disable_ipv6:0
/proc/sys/net/ipv6/conf/all/force_mld_version:0
/proc/sys/net/ipv6/conf/all/force_tllao:0
/proc/sys/net/ipv6/conf/all/forwarding:1
/proc/sys/net/ipv6/conf/all/hop_limit:64
/proc/sys/net/ipv6/conf/all/max_addresses:16
/proc/sys/net/ipv6/conf/all/max_desync_factor:600
/proc/sys/net/ipv6/conf/all/mc_forwarding:0
/proc/sys/net/ipv6/conf/all/mldv1_unsolicited_report_interval:10000
/proc/sys/net/ipv6/conf/all/mldv2_unsolicited_report_interval:1000
/proc/sys/net/ipv6/conf/all/mtu:1280
/proc/sys/net/ipv6/conf/all/ndisc_notify:0
/proc/sys/net/ipv6/conf/all/proxy_ndp:0
/proc/sys/net/ipv6/conf/all/regen_max_retry:3
/proc/sys/net/ipv6/conf/all/router_probe_interval:60
/proc/sys/net/ipv6/conf/all/router_solicitation_delay:1
/proc/sys/net/ipv6/conf/all/router_solicitation_interval:4
/proc/sys/net/ipv6/conf/all/router_solicitations:3
/proc/sys/net/ipv6/conf/all/suppress_frag_ndisc:1
/proc/sys/net/ipv6/conf/all/temp_prefered_lft:86400
/proc/sys/net/ipv6/conf/all/temp_valid_lft:604800
/proc/sys/net/ipv6/conf/all/use_tempaddr:2
Hope that helps...
Tore
More information about the Jool-list
mailing list