HIPL

lsi processing with ICMPv4

Bug #654226 reported by Miika Komu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
HIPL
New
Low
Unassigned

Bug Description

I found a problem with LSIs and ICMPv4 with the following configuration:

* client running hipd and hipfw -klpFd
* server running just hipd (no hipfw)

The client pings the LSI of the server and the client observes "ICMP6, parameter problem" arriving from the server (according to tcpdump).

The problem does not occur if also the server is also running hipfw with the same options. The problem does not occur with TCP or UDP-based applications.

Revision history for this message
René Hummen (rene-hummen) wrote :

I guess, this is still valid. Can someone else than RWTH contribute to fix this issue?

Thanks.

Changed in hipl:
importance: Undecided → Medium
René Hummen (rene-hummen)
Changed in hipl:
importance: Medium → Low
Revision history for this message
Miika Komu (miika-iki) wrote :

Markus reported to me that he is having problems with this: ICMP messages have long delays, most of the are dropped and do not arrive to the application layer. Markus was running the firewall on both ends.

I tried this and I could ping successfully from one end but not from the other end. I was running firewall at both ends.

Revision history for this message
Miika Komu (miika-iki) wrote :

The automatic /proc forward rule was disabled earlier. One idea could be to allow all forward and (although dummy0 could be just enough) and icmp-related rules in e.g. /etc/sysctl.conf. Then reboot the machines and try if it changes the situation:

http://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/

Did not have a chance to try this out myself yet, so just scribbling notes here...

Revision history for this message
René Hummen (rene-hummen) wrote :

Can you please explain why forwarding is causing trouble here. LSI processing takes place only on the end-hosts. Hence, there should be no need for forwarding.

[If forwarding in /proc is the problem, we can re-add this functionality in hipfw. However, forwarding should not be enabled by default: I might want to run hipfw connection tracking on an end-host and not enable forwarding in this scenario. Instead, there should probably be yet another command-line option.]

Revision history for this message
Miika Komu (miika-iki) wrote :

The proc setting were not the issue (tested). Something else is causing this problem.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.