-
Bug
-
Resolution: Open
-
Medium
-
None
-
None
-
None
OK. Three hosts:
1) VPP with two interfaces, one IPv4, one IPv6, configured for MAP-T
2) Host1 on an IPv6 net
3) Host2 on an IPv4 net
VPP Host2
TenGig 6/0/3 enp5s0f1
10.255.30.1/24 <----------------> 10.255.30.100/24
TenGig 6/0/1 ip addr add 10.255.30.100/24 dev enp5s0f1
2001:db8:10::1/64 ip link set enp5s0f1 up
^ ip route add 10.0.0.0/8 via 10.255.30.1 dev enp5s0f1
V
Host1
-------------
enp5s0f0
2001:db8:10::100/64
ip addr add 2001:db8:10::100/64 dev enp5s0f0
ip link set enp5s0f0 up
ip -6 route add default via 2001:db8:10::1 dev enp5s0f0
A packet is sent from Host2 port 8888 to Host1 port 10234. VPP maps it from IPv4 to
IPv6, and sends it out the IPv6 interface.
Host1 verifiably receives it. A response packet from Host1 is sent back to Host2.
VPP receives it on 6/0/1, maps it, but then drops it. It should be transmitted out
6/0/3 to Host2.
Note that, if the MAP-T configuration is allowed to use default PSID/Len of 0/0,
then the reverse packets are delivered correctly.
VPP's configuration via vppctl
--------------------
set interface ip address TenGigabitEthernet6/0/1 2001:db8:10::1/64
set interface state TenGigabitEthernet6/0/1 up
map interface TenGigabitEthernet6/0/1 map-t
set interface ip address TenGigabitEthernet6/0/3 10.255.30.1/24
set interface state TenGigabitEthernet6/0/3 up
map interface TenGigabitEthernet6/0/3 map-t
map add domain ip4-pfx 10.255.10.0/24 ip6-pfx 2001:db8::/48 ip6-src 2001:db8:ffff::/64 ea-bits-len 8 psid-offset 6 psid-len 8
ip route add 2001:db8::/48 via 2001:db8:10::100 TenGigabitEthernet6/0/1
Forward packet (Host2 port 888 --> Host1 port 10234)
-------------------------------------------------------
Packet 4
01:05:50:199108: dpdk-input
TenGigabitEthernet6/0/3 rx queue 0
buffer 0x8b94b: current data 0, length 74, buffer-pool 0, ref-count 1, totlen-nifb 0, trac\
e handle 0x3
ext-hdr-valid
l4-cksum-computed l4-cksum-correct
PKT MBUF: port 3, nb_segs 1, pkt_len 74
buf_len 2176, data_len 74, ol_flags 0x180, data_off 128, phys_addr 0xfc0e5340
packet_type 0x191 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Packet Types
RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
RTE_PTYPE_L3_IPV4_EXT_UNKNOWN (0x0090) IPv4 packet with or without extension headers
RTE_PTYPE_L4_TCP (0x0100) TCP packet
IP4: 00:1e:67:c2:5b:37 -> 00:08:a2:0b:21:35
TCP: 10.255.30.100 -> 10.255.10.100
tos 0x00, ttl 64, length 60, checksum 0x41d2
fragment id 0xba24, flags DONT_FRAGMENT
TCP: 8888 -> 10234
seq. 0xf27e4db7 ack 0x00000000
flags 0x02 SYN, tcp header: 40 bytes
window 29200, checksum 0xef59
01:05:50:199110: ethernet-input
frame: flags 0x3, hw-if-index 4, sw-if-index 4
IP4: 00:1e:67:c2:5b:37 -> 00:08:a2:0b:21:35
01:05:50:199111: ip4-input-no-checksum
TCP: 10.255.30.100 -> 10.255.10.100
tos 0x00, ttl 64, length 60, checksum 0x41d2
fragment id 0xba24, flags DONT_FRAGMENT
TCP: 8888 -> 10234
seq. 0xf27e4db7 ack 0x00000000
flags 0x02 SYN, tcp header: 40 bytes
window 29200, checksum 0xef59
01:05:50:199112: ip4-lookup
fib 0 dpo-idx 0 flow hash: 0x00000000
TCP: 10.255.30.100 -> 10.255.10.100
tos 0x00, ttl 64, length 60, checksum 0x41d2
fragment id 0xba24, flags DONT_FRAGMENT
TCP: 8888 -> 10234
seq. 0xf27e4db7 ack 0x00000000
flags 0x02 SYN, tcp header: 40 bytes
window 29200, checksum 0xef59
01:05:50:199112: ip4-drop
TCP: 10.255.30.100 -> 10.255.10.100
tos 0x00, ttl 64, length 60, checksum 0x41d2
fragment id 0xba24, flags DONT_FRAGMENT
TCP: 8888 -> 10234
seq. 0xf27e4db7 ack 0x00000000
flags 0x02 SYN, tcp header: 40 bytes
window 29200, checksum 0xef59
01:05:50:199112: error-drop
rx:TenGigabitEthernet6/0/3
01:05:50:199113: drop
ip4-sv-reassembly-feature: valid ip4 packets
Reverse packet (Host1 port 10234 ---> Host2 port 888)
---------------------------------------------------------
Packet 7
01:05:51:227604: dpdk-input
TenGigabitEthernet6/0/1 rx queue 0
buffer 0x98d6b: current data 0, length 75, buffer-pool 0, ref-count 1, totlen-nifb 0, trac\
e handle 0x6
ext-hdr-valid
l4-cksum-computed l4-cksum-correct
PKT MBUF: port 1, nb_segs 1, pkt_len 75
buf_len 2176, data_len 75, ol_flags 0x180, data_off 128, phys_addr 0xfbc35b40
packet_type 0x1e1 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Packet Types
RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
RTE_PTYPE_L3_IPV6_EXT_UNKNOWN (0x00e0) IPv6 packet with or without extension headers
RTE_PTYPE_L4_TCP (0x0100) TCP packet
IP6: 00:1e:67:c2:3f:ae -> 00:08:a2:0b:21:33
TCP: 2001:db8:0:64:0:aff:a64:0 -> 2001:db8:ffff:0:a:ff1e:6400:0
tos 0x00, flow label 0x0, hop limit 64, payload length 21
TCP: 10234 -> 8888
seq. 0x00000000 ack 0x00000000
flags 0x02 SYN, tcp header: 20 bytes
window 8192, checksum 0x3fcd
01:05:51:227605: ethernet-input
frame: flags 0x3, hw-if-index 2, sw-if-index 2
IP6: 00:1e:67:c2:3f:ae -> 00:08:a2:0b:21:33
01:05:51:227606: ip6-input
TCP: 2001:db8:0:64:0:aff:a64:0 -> 2001:db8:ffff:0:a:ff1e:6400:0
tos 0x00, flow label 0x0, hop limit 64, payload length 21
TCP: 10234 -> 8888
seq. 0x00000000 ack 0x00000000
flags 0x02 SYN, tcp header: 20 bytes
window 8192, checksum 0x3fcd
01:05:51:227609: ip6-lookup
fib 0 dpo-idx 1 flow hash: 0x00000000
TCP: 2001:db8:0:64:0:aff:a64:0 -> 2001:db8:ffff:0:a:ff1e:6400:0
tos 0x00, flow label 0x0, hop limit 64, payload length 21
TCP: 10234 -> 8888
seq. 0x00000000 ack 0x00000000
flags 0x02 SYN, tcp header: 20 bytes
window 8192, checksum 0x3fcd
01:05:51:227610: ip6-drop
TCP: 2001:db8:0:64:0:aff:a64:0 -> 2001:db8:ffff:0:a:ff1e:6400:0
tos 0x00, flow label 0x0, hop limit 64, payload length 21
TCP: 10234 -> 8888
seq. 0x00000000 ack 0x00000000
flags 0x02 SYN, tcp header: 20 bytes
window 8192, checksum 0x3fcd
01:05:51:227611: error-drop
rx:TenGigabitEthernet6/0/1
01:05:51:227611: drop
dpdk-input: no error
Various "show" commands from vppctl
-----------------------------------------
vpp# show int TenGigabitEthernet6/0/1 feat
Feature paths configured on TenGigabitEthernet6/0/1...
nsh-eth-output:
none configured
nsh-output:
none configured
mpls-output:
none configured
mpls-input:
mpls-not-enabled
arp:
arp-disabled
ip6-drop:
none configured
ip6-punt:
none configured
ip6-local:
none configured
ip6-output:
none configured
ip6-multicast:
ip6-unicast:
ip6-sv-reassembly-feature
ip6-map-t
ip4-drop:
none configured
ip4-punt:
none configured
ip4-local:
none configured
ip4-output:
none configured
ip4-multicast:
ip4-not-enabled
ip4-unicast:
ip4-sv-reassembly-feature
ip4-map-t
ip4-not-enabled
l2-output-nonip:
none configured
l2-input-nonip:
none configured
l2-output-ip6:
none configured
l2-input-ip6:
none configured
l2-output-ip4:
none configured
l2-input-ip4:
none configured
ethernet-output:
none configured
interface-output:
none configured
device-input:
none configured
l2-input:
none configured
l2-output:
none configured
vpp# show ip fib
ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] locks:[src:plugin-hi:2, src:\
adjacency:1, src:default-route:1, ]
0.0.0.0/0
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:1 buckets:1 uRPF:0 to:[15:900]]
[0] [@0]: dpo-drop ip4
0.0.0.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:2 buckets:1 uRPF:1 to:[0:0]]
[0] [@0]: dpo-drop ip4
10.255.30.0/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:15 buckets:1 uRPF:18 to:[0:0]]
[0] [@0]: dpo-drop ip4
10.255.30.0/24
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:14 buckets:1 uRPF:17 to:[0:0]]
[0] [@4]: ipv4-glean: TenGigabitEthernet6/0/3: mtu:9000 ffffffffffff0008a20b21350806
10.255.30.1/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:17 buckets:1 uRPF:22 to:[0:0]]
[0] [@2]: dpo-receive: 10.255.30.1 on TenGigabitEthernet6/0/3
10.255.30.100/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:20 buckets:1 uRPF:24 to:[10:410]]
[0] [@5]: ipv4 via 10.255.30.100 TenGigabitEthernet6/0/3: mtu:9000 001e67c25b370008a20b2\
1350800
10.255.30.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:16 buckets:1 uRPF:20 to:[0:0]]
[0] [@0]: dpo-drop ip4
224.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:4 buckets:1 uRPF:3 to:[0:0]]
[0] [@0]: dpo-drop ip4
240.0.0.0/4
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:3 buckets:1 uRPF:2 to:[0:0]]
[0] [@0]: dpo-drop ip4
255.255.255.255/32
unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:5 buckets:1 uRPF:4 to:[15370:5041360]]
[0] [@0]: dpo-drop ip4
vpp# show ip6 fib
ipv6-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] locks:[src:plugin-hi:1, src:\
default-route:1, ]
::/0
unicast-ip6-chain
[@0]: dpo-load-balance: [proto:ip6 index:6 buckets:1 uRPF:5 to:[276:25936]]
[0] [@0]: dpo-drop ip6
2001:db8::/48
unicast-ip6-chain
[@0]: dpo-load-balance: [proto:ip6 index:19 buckets:1 uRPF:26 to:[85:6660]]
[0] [@5]: ipv6 via 2001:db8:10::100 TenGigabitEthernet6/0/1: mtu:9000 001e67c23fae0008a2\
0b213386dd
2001:db8:10::/64
unicast-ip6-chain
[@0]: dpo-load-balance: [proto:ip6 index:12 buckets:1 uRPF:15 to:[0:0]]
[0] [@4]: ipv6-glean: TenGigabitEthernet6/0/1: mtu:9000 ffffffffffff0008a20b213386dd
2001:db8:10::1/128
unicast-ip6-chain
[@0]: dpo-load-balance: [proto:ip6 index:13 buckets:1 uRPF:16 to:[23:2360]]
[0] [@2]: dpo-receive: 2001:db8:10::1 on TenGigabitEthernet6/0/1
2001:db8:10::100/128
unicast-ip6-chain
[@0]: dpo-load-balance: [proto:ip6 index:21 buckets:1 uRPF:23 to:[22:2288]]
[0] [@5]: ipv6 via 2001:db8:10::100 TenGigabitEthernet6/0/1: mtu:9000 001e67c23fae0008a2\
0b213386dd
fe80::/10
unicast-ip6-chain
[@0]: dpo-load-balance: [proto:ip6 index:7 buckets:1 uRPF:6 to:[0:0]]
[0] [@14]: ip6-link-local
vpp# show int TenGigabitEthernet6/0/3 addr
TenGigabitEthernet6/0/3 (up):
L3 10.255.30.1/24
vpp# show int TenGigabitEthernet6/0/1 addr
TenGigabitEthernet6/0/1 (up):
L3 2001:db8:10::1/64
This command was used to send a packet from Host2 to Host1:
curl --noproxy "*" -I -m 5 --local-port 8888 10.255.10.100:10234
This command was used to send a return packet:
send_ipv6.py 2001:db8:0:64:0:aff:a64:0 2001:db8:ffff:0:a:ff1e:6400:0 TCP 10234 8888
This is the "send_ipv6.py" hacky script:
------------------------------------------------------------
- Usage examples:
- python send_ipv6.py src_ipv6 dst_ipv6 protocol srcport dstport
- python send_ipv6.py 2001:db8:0:64:0:a0a:a64:0 2001:db8:ffff:0:a:a1e:6400:0 TCP 10234
- python send_ipv6.py 2001:db8:0:64:0:a0a:a64:0 2001:db8:ffff:0:a:a1e:6400:0 UDP 10234
import sys
from scapy.all import send, sr1, IPv6, ICMPv6EchoRequest
from scapy.layers.inet import TCP, UDP
SOURCE = sys.argv[1]
DESTINATION = sys.argv[2]
TYPE = sys.argv[3]
SRCPORT = int(sys.argv[4])
DSTPORT = int(sys.argv[5])
def send_ipv6(src_ip, dst_ip, type, dstport, srcport):
if type.lower() == 'tcp':
sr1(IPv6(src=src_ip, dst=dst_ip) / TCP(sport=srcport, dport=dstport) / '1', verbose=True, timeout=3, retry= 3)
elif type.lower() == 'udp':
sr1(IPv6(src=src_ip, dst=dst_ip) / UDP(sport=srcport, dport=dstport) / '1', verbose=True, timeout=3, retry= 3)
else:
return 0
print('Packet with src IP {} for dst IP {} and port {} has been sent').format(src_ip, dst_ip, dstport)
if _name_ == '_main_':
send_ipv6(SOURCE, DESTINATION, TYPE, DSTPORT, SRCPORT)
--------------------------------------------
And, yeah, had I written that, I wouldn't have reversed the args like that.
Or, write your own scapy hack. fnord
Lots of detail here. Hope I got it all right.
Bob is your uncle. Epstien did commit suicide.
