IPv6 READY test fail

leventelist · July 17, 2019, 9:00am

Dear all,

We are testing an OpenWRT against this test specification:

and it seems to fail TC v6lc.1.2.3/ 1.2.4 / 1.2.5 / 1.2.8. Is there any special settings to fix this problem?

Thanks,
Levente

lleachii · July 17, 2019, 2:58pm

To be clear, are you saying that OpenWrt (and no other Linux-based machines):

(1.2.3) fails to discard a packet with an unrecognized or unexpected next header in an extension header
(1.2.4) fails to properly processes the headers of an IPv6 packet in the correct order
(1.2.5) fails to properly processes the options in a single header in the order of occurrence
(1.2.8) fails to properly processes both known and unknown options, and acts in accordance with the highest order two bits of the option

...correct?

Are you able to show your test results?
Please clearly show how you have enabled any required sysctrl settings prior to your tests.
Out of curiosity, who is "we"?

mikma · July 17, 2019, 3:52pm

I tested (parts of) 1.2.3 on one of mine openwrt routers and it does respond with an "ICMP6, parameter problem, next header" error. Tested with:

echo Hello|socat PIPE:/dev/stdin IP-SENDTO:[<IPv6 address>]:143

I haven't run the other tests.

jeff · July 17, 2019, 5:47pm

In general, packet handling of this nature is done by the Linux kernel, not by OpenWrt. In general, OpenWrt does not modify the portions of the kernel associated with this functionality.

If you continue to have issues, you might want to search / consult with the Linux networking lists.

(Not pushing it off, just saying that any "problem" most likely comes from Linux itself and that group probably has greater knowledge.)

mikma · July 17, 2019, 6:23pm

Though it seems the packets first traverse netfilter before they are handled by the kernel since I'm able to DROP them before the kernel sends the ICMPv6 failures. I.e. the firewall configuration has impact on the test results.

jeff · July 17, 2019, 7:09pm

I agree, users could alter sysctls, firewall rules, or the like that impact the behavior of the kernel and its (upstream) modules, such as netfilter.

leventelist · August 8, 2019, 7:40am

Okay, thank you for your answers! I disabled all the firewall roules, and configured everything to ACCEPT. I hope this time we pass the test.

Thanks,
Lev