Package: tayga Version: 0.9.2-10+b1 Severity: normal Tags: ipv6 upstream X-Debbugs-Cc: m...@glines.org
Some DNS servers respond to requests an empty checksum field. Tayga does not forward these responses, thus making those DNS servers inaccessible through Tayga. In IPv4, UDP checksums are optional. RFC768 says: > An all zero transmitted checksum value means that the transmitter > generated no checksum (for debugging or for higher level protocols > that don't care). UDP checksums are required in IPv6. Tayga doesn't know how to fix the checksum field in this case, so it drops such packets on the floor: > tck = (uint16_t *)(p->data + 6); > if (!*tck) > return -1; /* drop UDP packets with no checksum */ In practice, this limits access to sites whose DNS servers only speak IPv4 and don't include checksums. For example, ESA (the European Space Agency) uses the domain name "esa.int". This domain has 4 nameservers, all of which are IPv4-only, and all of which omit checksums. When I make a query, by running `host -t ns esa.int ns1.esa.int` on an ipv4-enabled host, `tshark -V` says this about the response: > User Datagram Protocol, Src Port: 53, Dst Port: 43557 > Source Port: 53 > Destination Port: 43557 > Length: 169 > Checksum: 0x0000 [zero-value ignored] > [Checksum Status: Not present] Making the equivalent query from behind Tayga never got an answer, because Tayga dropped the response packet. A recursive resolver running behind Tayga can never resolve "www.esa.int", because Tayga drops all the responses. I think Tayga should populate null UDP checksum fields when forwarding from v4 to v6. This would greatly improve interoperability with european space agencies, and possibly other sites and services too. -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing') Architecture: arm64 (aarch64) Kernel: Linux 6.12.0-beep-dirty (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages tayga depends on: ii init-system-helpers 1.66 ii libc6 2.38-11 ii sysvinit-utils [lsb-base] 3.09-1 tayga recommends no packages. tayga suggests no packages. -- Configuration Files: /etc/tayga.conf changed: tun-device nat64 ipv4-addr 172.29.255.2 prefix fd01:1004::/96 -- no debconf information
