8.0-BETA1 - for the record - different paths followed by IPv4
and IPv6 for 'local' connections
Henri Hennebert
hlh at restart.be
Mon Jul 20 12:57:56 UTC 2009
Li, Qing wrote:
> The patch has been committed, svn revision 195643.
>
> Thanks,
>
> -- Qing
>
Just another case where the route must be created:
[root at avoriaz ~]# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 212.239.166.57 --> 94.23.44.41
inet6 fe80::21d:60ff:fead:2ace%gif0 prefixlen 64 scopeid 0x4
inet6 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:0:ffff:: prefixlen
128
options=1<ACCEPT_REV_ETHIP_VER>
[root at avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff::
PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: -->
2001:41d0:2:2d29:1:ffff::
^C
--- 2001:41d0:2:2d29:1:ffff:: ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
[root at avoriaz ~]# route add -inet6 2001:41d0:2:2d29:1:ffff:: -interface lo0
add host 2001:41d0:2:2d29:1:ffff::: gateway lo0
[root at avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff::
PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: -->
2001:41d0:2:2d29:1:ffff::
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.531 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.884 ms
16 bytes from ::1, icmp_seq=2 hlim=64 time=0.748 ms
^C
--- 2001:41d0:2:2d29:1:ffff:: ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.531/0.721/0.884/0.145 ms
Thanks
Henri
>
> -----Original Message-----
> From: Henri Hennebert [mailto:hlh at restart.be]
> Sent: Sat 7/11/2009 3:09 AM
> To: Li, Qing
> Cc: freebsd-stable at freebsd.org; freebsd-net at freebsd.org
> Subject: Re: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections
>
> Li, Qing wrote:
>> Hi,
>>
>> Please try patch-7-10 in my home directory http://people.freebsd.org/~qingli/
>> and let me know how it works out for you. I thought I had committed the patch
>> but turned out I didn't.
>
> I apply the patch, reset my pf.conf to its previous content and all is
> running smoothly. By the way, I discover after my post that my
> "solution" was not working for long (many bytes) connections and this is
> solved too.
>
> Many thank for your time
>
> Henri
>
> PS please commit as soon as possible
>
>>> On 8.0-BETA1 there is an assymetry:
>>>
>>> netstat -rn display
>>>
>>> 192.168.24.1 link#3
>>> ....
>>> no entry for 2001:41d0:2:2d29:1:1::
>>>
>> This is by design as part of the new architecture in 8.0, which maintains
>> the L2 ARP/ND6 and L3 routing tables separately.
>>
>> -- Qing
>>
>>
>>
>> -----Original Message-----
>> From: owner-freebsd-stable at freebsd.org on behalf of Henri Hennebert
>> Sent: Fri 7/10/2009 5:32 AM
>> To: freebsd-stable at freebsd.org; freebsd-st at freebsd.org
>> Subject: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections
>>
>> Hello,
>>
>> After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem when
>> connecting with firefox to a local apache server using the global
>> unicast IPv6 address of the local machine. pf.conf must be updated!
>>
>> My configuration:
>>
>> [root at avoriaz ~]# ifconfig em0
>>
>> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>> options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
>> ether 00:1d:60:ad:2a:ce
>> inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255
>> inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1
>> inet6 2001:41d0:2:2d29:1:1:: prefixlen 80
>> media: Ethernet 100baseTX (100baseTX <half-duplex>)
>> status: active
>>
>> [root at avoriaz ~]# host www.restart.bel
>> www.restart.bel is an alias for avoriaz.restart.bel.
>> avoriaz.restart.bel has address 192.168.24.1
>> avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1::
>>
>> pf.conf:
>>
>> int_if="em0"
>> block in log all
>> block out log all
>> set skip on lo0
>> antispoof quick for $int_if inet
>> # Allow trafic with physical internal network
>> pass in quick on $int_if from ($int_if:network) to ($int_if) keep state
>> pass out quick on $int_if from ($int_if) to ($int_if:network) keep state
>>
>> The problem:
>>
>> [root at avoriaz ~]# telnet -4 www.restart.bel 80
>> Trying 192.168.24.1...
>> Connected to avoriaz.restart.bel.
>> Escape character is '^]'.
>> ^]
>> telnet> quit
>> Connection closed.
>> [root at avoriaz ~]# telnet -6 www.restart.bel 80
>> Trying 2001:41d0:2:2d29:1:1::...
>> --->Never connect and get a timeout!
>>
>> tcpdump and logging in pf show me that
>>
>> For a IPv4 connection:
>> the packet from telnet to apache pass 2 times on lo0 (out and in)
>> the answer packet from apache to telnet pass 2 times on lo0 (out and in)
>>
>> So no problem, there is `set skip on lo0'
>>
>> For a IPv6 connection:
>> The first packet from telnet to apache pass 2 times on lo0 (out and in)
>> The answer packet from apache to telnet path on em0 and is rejected
>> due to the default flags S/SA.
>>
>> So I have to change pf.conf and replace the last line:
>> pass out quick on $int_if from ($int_if) to ($int_if:network) \
>> keep state flags any
>>
>> Then all is OK
>>
>> By the way, on 7.2
>>
>> netstat -rn display
>>
>> 192.168.24.1 00:1d:60:ad:2a:ce
>> ....
>> 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce
>>
>>
>> On 8.0-BETA1 there is an assymetry:
>>
>> netstat -rn display
>>
>> 192.168.24.1 link#3
>> ....
>> no entry for 2001:41d0:2:2d29:1:1::
>>
>> Hope it may help someone
>>
>> Henri
>>
>> _______________________________________________
>> freebsd-stable at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>>
>
>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable
mailing list