-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-EN-07:02.net                                            Errata Notice
                                                          The FreeBSD Project

Topic:          IPv6 over Point-to-Point gif(4) tunnels

Category:       core
Module:         sys_netinet6
Announced:      2007-02-28
Credits:        Bruce A. Mah
Affects:        FreeBSD 6.2-RELEASE
Corrected:      2007-02-08 22:52:56 UTC (RELENG_6, 6.2-STABLE)
                2007-02-28 18:24:37 UTC (RELENG_6_2, 6.2-RELEASE-p2)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.FreeBSD.org/>.

I.   Background

The FreeBSD kernel provides basic networking services, including
(among other protocols) the IPv6 network protocol stack.

The gif(4) tunnel driver provides a generic tunnelling interface,
which is commonly used to carry IPv6 packets across an IPv4 internetwork.

II.  Problem Description

FreeBSD 6.2-RELEASE contains a regression in the behavior of IPv6
over gif(4) tunnels configured as point-to-point interfaces (in
other words, gif(4) interfaces with an explicitly-configured destination
address and a 128-bit prefix length).  When such an interface is
configured, a route to the destination address must be added implicitly
by the kernel to allow packets to traverse the tunnel properly.
FreeBSD 6.2-RELEASE does not do this.

III. Impact

In some cases, it may be impossible for a host to send IPv6 traffic over a
gif(4) tunnel interface due to the lack of an appropriate routing table
entry.

IV.  Workaround

One workaround is to add a route to the destination address explicitly
using the route(8) command, as in the following example:

# route add -host -inet6 ADDRESS -interface GIF -nostatic -llinfo

In the command line above, ADDRESS and GIF should be replaced by the
destination IPv6 address and the interface name of the gif(4) tunnel,
respectively.

In some cases, the host route to the destination may be added implicitly
as a side-effect of receiving inbound packets over the tunnel.

V.   Solution

Perform one of the following:

1) Upgrade your affected system to 6-STABLE or to the RELENG_6_2
security branch dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 6.2
systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/EN-07:02/net.patch
# fetch http://security.FreeBSD.org/patches/EN-07:02/net.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

Branch                                                           Revision
  Path
- ----------------------------------------------------------------------------
RELENG_6_2
  src/UPDATING                                                1.416.2.29.2.5
  src/sys/conf/newvers.sh                                      1.69.2.13.2.5
  src/sys/netinet6/nd6.c	                               1.48.2.15.2.1
- ----------------------------------------------------------------------------

The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-07:02.net.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)

iD8DBQFF5ct4FdaIBMps37IRAjN0AJ9llRTF/ccXBJDRqJeFDocSkIF5lQCdF2ww
y+4KLUVBRVLLQz0AJuKygfc=
=x04b
-----END PGP SIGNATURE-----