Bug #7839
closedIPv6 ICMPv6 Type 3 Code 0 (hop limit exceeded in transit) reply uses wrong address.
0%
Description
Forum post here https://forum.pfsense.org/index.php?topic=136009.0
When pfsense receives a packet with a TTL of 1, it should respond with a ICMPv6 Type 3 packet with a source IP of the interface the packet came in on. It has always done this prior to 2.4 and every other router i have seen does this.
I.e. If it received the packet on an interface with an IP of fdda:535f:111b:114c::1 the source IP in the ICMPv6 Type 3 packet should be fdda:535f:111b:114c::1.
But what it is doing is if a packet comes in with a TTL = 1 it is sending a ICMPv6 Type 3 packet with the source IP of the interface that the packet would have been routed out had the TTL been more than 1, i.e. its sending the ICMP packet with a source IP of fdda:535f:111b:2000::1 (WAN)
For the example
LAN = fdda:535f:111b:114c::1
WAN = fdda:535f:111b:2000::1
This can be seen clearly in these traces.
From Lan system to Internet
Tracing route to google.com [2607:f8b0:4006:819::200e] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2001:470:7:yyy::2 <-pfsense "WAN" IP 2 29 ms 26 ms 28 ms 2001:470:7:yyy::1 3 21 ms 23 ms 21 ms 2001:470:0:90::1
what it should look like
Tracing route to google.com [2607:f8b0:4006:819::200e] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2001:470:xxxx:1::3 <-pfsense "LAN" IP 2 29 ms 26 ms 28 ms 2001:470:7:yyy::1 3 21 ms 23 ms 21 ms ge5-4.core1.ash1.he.net [2001:470:0:90::1]
From Looking Glass to LAN system
racing the route to IPv6 node 2001:470:xxxx:1:7dc5:db6f:aaf8:f195 from 1 to 30 hops 1 18 ms 18 ms 6 ms 2001:470:0:90::2 2 23 ms 20 ms 25 ms 2001:470:xxxx:1::3 <-pfsense "LAN" IP 3 24 ms 25 ms 74 ms 2001:470:xxxx:1:7dc5:db6f:aaf8:f195
what it should look like
Tracing the route to IPv6 node 2001:470:xxxx:1:7dc5:db6f:aaf8:f195 from 1 to 30 hops 1 18 ms 18 ms 6 ms 2001:470:0:90::2 2 23 ms 20 ms 25 ms 2001:470:7:yyy::2 <-pfsense "WAN" Ipv6 3 24 ms 25 ms 74 ms 2001:470:xxxx:1:7dc5:db6f:aaf8:f195