mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
a0efc4cfdc
As per the RFC, the IPv6 traffic class should be 1-to-1 translated to the IPv4 DSCP value. However, it appears that not all values here are valid. In particular, when attempting to reach GitHub over IPv6, we receive an IPv6 packet that has a traffic class value of 72 which is out-of-range for the IPv4 DSCP value, resulting in the following error on the Gateway: ``` Failed to translate packet: NAT64 failed: Error '72' is too big to be a 'IPv4 DSCP (Differentiated Services Code Point)' (maximum allowed value is '63') ``` The bigger scope of this issue is that this causes the ICMP packets returned to the client to be dropped which means that `ssh` spawned by `git` doesn't learn that the IPv6 address assigned by Firezone is not actually routable. Related: #7476.