Opened 3 weeks ago

Last modified 6 days ago

#2738 new defect

Better DS-Lite handling

Reported by: Eche|on Owned by: zzz
Priority: minor Milestone: 0.9.47
Component: router/transport Version: 0.9.45
Keywords: Cc:
Parent Tickets: Sensitive: no

Description

Better handling of DS-Lite is needed.

  1. in advanced network config under IPv6: Disable inbound (Firewalled by Carrier-grade NAT or DS-Lite)

Is wrong, with DS-Lite IPv4 is tunneled into IPv6, and IPv6 is reachable by external, IPv4 is not.
Disabling IPv6 is the wrong turn, IPv4 incoming should be disabled.

Also status bar shows network OK with DS-Lite, although IPv4 is not reachable from external (firewalled), while IPv6 is reachable from external.

It should show IPv4 firewalled, IPv6 OK.

Subtickets

Change History (8)

comment:1 Changed 3 weeks ago by zzz

Milestone: undecided0.9.46

Changed the text on /confignet on both the v4 and v6 options, in bb4a9b16978c0ff306aeec44d6a900344750d7e1 in 0.46-20. I believe the actual handling of the option is correct.

For the status display, I believe our philosophy was to not show a separate v4 or v6 status if the configuration for one of them is set to disable manually; we'll just show a single status since there's only one that applies.

We could do it differently if it seems wrong. Let's think about it.

comment:2 Changed 3 weeks ago by Eche|on

I did not/I do not disable IPV4 and/or IPv6 at all, both enabled.
But both were firewalled (DS-Lite) and it showed: "IPv4 OK, IPv6 firewalled" despite the fact IPv4 was firewalled, to (and NO incoming connections on IPv4 at all)

Now I did remove IPv6 firewall and IPv4 is still not reachable from external, but IPv6 is reachable from external, and it shows "Network OK".

Lets test -20. But IMHO the state of IPv4 in DS-Lite is not gathered correctly, hence the wish to set IPv4 firewalled (but not disabled).

comment:3 Changed 3 weeks ago by Eche|on

Ok, -20 runs, I can disable IPv4 inbound and it shows now IPv4 firewalled, IPv6 OK.

Wonder why it shows IPv4 reachable without that manual interaction.

comment:4 Changed 3 weeks ago by zzz

The only change in -20, as I said in comment 1, is the text next to the options on /confignet. There's no change to the logic or the status display text.

So there's two cases to test, and for both, you want to give it some time (a few hours) to see how things settle out.

Case 1) IPv4 firewalled box NOT checked on /confignet

Case 2) IPv6 firewalled box IS checked on /confignet

And then for each case, keep an eye on the /peers page, addresses tab, which shows both the status, and what addresses you are publishing in your netdb (IPv4 and/or v6, SSU and/or NTCP2).

Also, watch the event log /events where you can see all the Reachability Change transition history.

comment:5 Changed 2 weeks ago by Eche|on

Ok
working with -20, set the checkmark on "disable IPv4 incoming", but it blocks only TCP. I still get UDP IPv4 incoming connections (as seen on peers page).
Also I get floodfill and see warning "warning, Floodfill enabled while being firewalled".

I assumed if I disable IPv4 incoming, it disables TCP and UDP.
Also: if firewalled, why is floodfill enabled automaticly?

comment:6 Changed 2 weeks ago by Eche|on

Events log:
May 16, 2020, 2:20 PM Reachability change from IPv4: Firewalled; IPv6: OK to Firewalled
May 16, 2020, 2:11 PM Reachability change from Firewalled to IPv4: Firewalled; IPv6: OK
May 16, 2020, 2:01 PM Reachability change from IPv4: Firewalled; IPv6: OK to Firewalled
May 16, 2020, 12:57 PM Reachability change from Firewalled to IPv4: Firewalled; IPv6: OK
May 16, 2020, 12:55 PM Reachability change from IPv4: Firewalled; IPv6: OK to Firewalled
May 16, 2020, 11:49 AM Reachability change from Firewalled to IPv4: Firewalled; IPv6: OK
May 16, 2020, 11:48 AM Reachability change from IPv4: Firewalled; IPv6: OK to Firewalled
May 16, 2020, 5:15 AM Reachability change from Firewalled to IPv4: Firewalled; IPv6: OK

comment:7 Changed 2 weeks ago by Eche|on

Ok, a little further on.
UPnP does overrule the "disable IPv4 incoming" in my practival testing.
Thats why I get UDP IPv4 incoming despite this setting enabled.
With UPnP off, I do not get IPv4 incoming at all.
But even with UPnP I do not get TCP in. strange setup.

comment:8 Changed 6 days ago by zzz

Milestone: 0.9.460.9.47
Note: See TracTickets for help on using tickets.