NHRP without security - NEED HELP!

vahid1980

Hello everyone,
would someone please help me with this:

I want to use nhrpd from FRR, to connect to a Cisco network.
I have an IPv4 network and want to use IPv6 with gre tunnels over IPv4.

the structure is as below:

Spoke1 ----- Switch ------Spoke2 (jentoo PC with Frr running)
|
HUB

Spoke1 : Cisco router configured with GRE and NHRP

HUB: Cisco router:
IP: 10.179.240.169
IPV6: 2a02:d20:e8:503::1

Spoke2 : FRR with below config:

interface gre1
description DSL-Payload-v6
ipv6 address 2a02:d20:e8:503::c/128
ipv6 nhrp holdtime 60
ipv6 nhrp map 2a02:d20:e8:503::1 10.179.240.169
ipv6 nhrp map multicast 10.179.240.169
ipv6 nhrp network-id 99
ipv6 nhrp nhs 2a02:d20:e8:503::1 nbma 10.179.240.169
ipv6 nhrp registration no-unique
ipv6 nhrp shortcut
no link-detect
tunnel source enp3s0
exit

also the interfaces on OS:

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.201.202 netmask 255.255.252.0 broadcast 192.168.203.255
inet6 fe80::e8f6:102d:1d27:d0ce prefixlen 64 scopeid 0x20<link>
ether 40:8d:5c:dd:09:cb txqueuelen 1000 (Ethernet)
RX packets 31262 bytes 23696880 (22.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 22327 bytes 3724978 (3.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

the tunnel:

gre1: flags=81<UP,POINTOPOINT,RUNNING> mtu 1472
inet6 2a02:d20:e8:503::c prefixlen 128 scopeid 0x0<global>
unspec 64-40-3C-67-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 2949 bytes 566208 (552.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2949 bytes 377472 (368.6 KiB)
TX errors 62 dropped 0 overruns 0 carrier 62 collisions 0

gre1: gre/ip remote 10.179.240.169 local 100.64.60.103 ttl 64 key 503

logs:

2022/04/05 11:14:09 NHRP: [KHACV-6YE92] Send Registration-Request(3) 2a02:d20:e8:503::c -> 2a02:d20:e8:503::1
2022/04/05 11:14:09 NHRP: [WSA6E-5GM0H] PACKET: Send 100.64.60.103 -> 10.179.240.169

Wireshark says:
Linux cooked capture v1
Next Hop Resolution Protocol (NHRP Registration Reply)

0000 00 01 86 dd 00 00 00 00 00 ff 00 c0 b0 3f 00 6c
0010 01 04 04 00 10 10 80 02 00 00 00 01 64 40 3c 67
0020 2a 02 0d 20 00 e8 05 03 00 00 00 00 00 00 00 0c
0030 2a 02 0d 20 00 e8 05 03 00 00 00 00 00 00 00 01
0040 00 00 00 00 00 00 00 3c 00 00 00 00 00 00 00 00
0050 26 f4 00 3c 00 00 10 00 fe 80 00 00 00 00 00 00
0060 be e7 12 ff fe 41 53 80 0a b3 f0 a9 80 04 00 00
0070 80 05 00 00 80 03 00 20 00 00 00 00 26 f4 00 3c
0080 04 00 10 ff 0a b3 f0 a9 2a 02 0d 20 00 e8 05 03
0090 00 00 00 00 00 00 00 01 00 09 00 20 00 80 00 00
00a0 00 00 00 00 04 00 10 00 0a b3 f0 a9 2a 02 0d 20
00b0 00 e8 05 03 00 00 00 00 00 00 00 01 80 00 00 00

on the HUB we can see both request and reply.
and IPv4 networks also works.

The Problem:
the spoke1 can ping HUB through the tunnel, but on the Frr we cannot!

is this structure correct? should it work or we need different configuration?

Some more info:
I looked into the code and it fails in function:
os_recvmsg(uint8_t *buf, size_t *len, int *ifindex, uint8_t *addr,
size_t *addrlen)

the addrlen should be 4 and it is 0 instead!!

the value of sockaddr_ll :

lladdr.sll_addr[] -> all zero ------------> this leads to addrlen be 0 later
lladdr.sll_family -> 0x11
lladdr.sll_protocol -> 0x120
lladdr.sll_ifindex -> 0x1a
lladdr.sll_hatype -> 0x30a
lladdr.sll_pkttype -> 0
lladdr.sll_halen -> 0
*addrlen -> 40

vahid1980

My problem solved, the problem was with filters in ip6tables