TCP6 problem

George Mitchell george+freebsd at m5p.com
Sun Apr 30 19:22:18 UTC 2017 

In certain cases, TCP6 stopped working between machines on my local
net and the outside world when I updated to 10.3-RELEASE-p18 on my
network.  Here is my network setup:

+--------------+                            +---------------+
| sullivan     |           +--------+       | haymarket     |
| 6-core       |           |        |       | 8-core        |
| amd64   alc0 +------+    | switch +-------+ re0    amd64  |
+--------------+      |    |   2    |       +---------------+
                      | +--+        +---+
+--------------+      | |  |        |   |   +---------------+
| scollay      |      | |  +--------+   |   | pi  Raspberry |
| 1-core       |      | |               |   |    Pi (orig.) |
| amd64   nfe0 +----+ | |               +---+ ue0   arm     |
+--------------+    | | |  +--------+       +---------------+
                    | | |  |        |
+--------------+    | | +--+ switch |       +---------------+
| parkstreet   |    | +----+   1    |       | mattapan      |
| 1-core       |    +------+        |       | 1-core amd64  |
| and64   nfe0 +-----------+        +-------+ alc0     gif0 +---IPv6
+--------------+           +------- +       +---------------+  world

Throughout this process, pi has been running 10.3-RELEASE and has not
had any problems.

All the other machines were running 10.3-RELEASE-p13 up until April 17,
when I upgraded them to 10.3-RELEASE-p18.  At this point, TCP6 still
worked normally, except on sullivan and scollay.  Even sullivan and
scollay can perform TCP6 to other local machines, but it fails in the
following manner when attempted to the outside world, as observed using
tcpdump on the alc0 interface of mattapan and either the alc0 interface
of sullivan or the nfe0 interface of scollay:

sullivan (or scollay) sends SYN.
outside machine replies with SYN/ACK, and sullivan (or scollay)
receives the SYN/ACK.
sullivan (or scollay) replies with ACK (as seen on sullivan or
scollay), but the ACK is not seen at mattapan alc0.  sullivan
(or scollay) fruitlessly retransmits the ACK, but it is never
seen at mattapan.

mattapan is using pf filtering on gif0 (which physically is on the
re0 interface), but no other machines are filtering packets.

My best guess at the moment is that somehow tcpdump is lying to me
about the captured packets, because I rebooted mattapan and sullivan
with my /boot/kernel.old and it did not fix the problem.  Any clues?

-- George

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20170430/08ceaf66/attachment.sig>

More information about the freebsd-hackers mailing list