From: Alexander Bluhm Subject: Re: Bug or feature? TCP chksum fails when IPv6 packet carries ext. headers To: Giovanni Pimpinella Cc: tech@openbsd.org Date: Fri, 28 Feb 2025 22:33:53 +0100 On Fri, Feb 28, 2025 at 07:18:24PM +0100, Giovanni Pimpinella wrote: > While working on some tests with IPv6 extension headers I noticed that > OpenBSD > drops TCP packets if there is any extension header (pf is disabled). Nobody uses extension headers for TCP and pf drops them per default. For that reason the problem was not noticed for a long time. > Applying the following diff fixed the issue. I think this diff is correct. > As this was a trivial mistake I was wondering whether it was intentional. > As such, in OpenBSD, > are IPv6 packets carrying TCP as the upper layer protocol NOT supposed to > also carry ext. headers? I digged into history and it might have worked until this commit. ---------------------------- revision 1.52 date: 1999/12/08 06:50:20; author: itojun; state: Exp; lines: +133 -40; bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon). ---------------------------- There ipv6_stripoptions(m, iphlen) was replaced with printf("extension headers are not allowed\n"); I did not find the ancient source of ipv6_stripoptions() but I guess it removed the extension headers before checksum calculation. It looks like the restriction for extension headers was also removed here. But until now the incorrect checksum calculation remained. ---------------------------- revision 1.162 date: 2004/04/15 02:59:22; author: itojun; state: Exp; lines: +15 -45; allow TCP packet with IPv4 option (we have been dropping these). simplify some of the codepath by using IP6_EXTHDR_GET. markus ok ---------------------------- Without pf, atomic fragment headers might run into this problem. Otherwise reassembly removes the fragment header and the old logic was lucky. Anyway, this is a bug. I will commit the diff below. I just fixed the formating. bluhm Index: netinet/tcp_input.c =================================================================== RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v diff -u -p -r1.431 tcp_input.c --- netinet/tcp_input.c 17 Feb 2025 08:56:33 -0000 1.431 +++ netinet/tcp_input.c 28 Feb 2025 20:47:37 -0000 @@ -469,8 +469,7 @@ tcp_input(struct mbuf **mp, int *offp, i break; #ifdef INET6 case AF_INET6: - sum = in6_cksum(m, IPPROTO_TCP, sizeof(struct ip6_hdr), - tlen); + sum = in6_cksum(m, IPPROTO_TCP, iphlen, tlen); break; #endif }