From owner-freebsd-ipfw@FreeBSD.ORG Fri Mar 6 21:23:20 2015 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D0BFB04 for ; Fri, 6 Mar 2015 21:23:20 +0000 (UTC) Received: from gate.pik.ru (gate.pik.ru [IPv6:2a03:5a00:31:40::25]) by mx1.freebsd.org (Postfix) with ESMTP id 0904D5EC for ; Fri, 6 Mar 2015 21:23:20 +0000 (UTC) Received: from delta.hotplug.ru (localhost [127.0.0.1]) by gate.pik.ru (Postfix) with ESMTP id 3A9AA1581D; Sat, 7 Mar 2015 00:23:16 +0300 (MSK) Received: from delta.hotplug.ru (unknown [141.101.202.35]) by gate.pik.ru (Postfix) with ESMTP id 04A931581C; Sat, 7 Mar 2015 00:23:14 +0300 (MSK) Received: from ghost-pc.home.lan (unknown [IPv6:2a02:290:2:1f9:cc19:1f11:abed:19fa]) by delta.hotplug.ru (Postfix) with ESMTPSA id 6AB064190; Sat, 7 Mar 2015 00:23:13 +0300 (MSK) Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-ipfw@freebsd.org, "Andrey V. Elsukov" Subject: Re: "reass all from any to any" kills IPv6 packets References: <54D0A623.6020009@FreeBSD.org> <54F875BD.1040007@hotplug.ru> <54F8805A.30809@yandex.ru> Date: Sat, 07 Mar 2015 00:23:13 +0300 MIME-Version: 1.0 Content-Transfer-Encoding: Quoted-Printable From: "Emil Muratov" Message-ID: In-Reply-To: <54F8805A.30809@yandex.ru> User-Agent: Opera Mail/12.17 (Win32) X-KLMS-Rule-ID: 1 X-KLMS-Message-Action: clean X-KLMS-AntiSpam-Lua-Profiles: 74206 [Mar 06 2015] X-KLMS-AntiSpam-Version: 5.5.4 X-KLMS-AntiSpam-Envelope-From: gpm@hotplug.ru X-KLMS-AntiSpam-Rate: 40 X-KLMS-AntiSpam-Status: not_detected X-KLMS-AntiSpam-Method: none X-KLMS-AntiSpam-Moebius-Timestamps: 3411485, 3411549, 3411380 X-KLMS-AntiSpam-Info: LuaCore: 166 2015-02-18_14-37-18 59b0fb5d1fe0bc13ab72a23d6aa445f4185e0a58, {relay has no DNS name}, Auth:dmarc=none header.from=hotplug.ru; spf=none smtp.mailfrom=hotplug.ru; dkim=none, {rdns complete}, {DNS response errors} X-KLMS-AntiSpam-Interceptor-Info: scan successful X-KLMS-AntiVirus: Kaspersky Security 8.0 for Linux Mail Server 8.0.0.455, not checked X-KLMS-AntiVirus-Status: NotChecked: not checked, skipped X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Mar 2015 21:23:20 -0000 Andrey V. Elsukov =D0=BF=D0=B8=D1=81=D0=B0=D0=BB(=D0= =B0) =D0=B2 =D1=81=D0=B2=D0=BE=D1=91=D0=BC =D0=BF=D0=B8=D1=81=D1=8C=D0=BC= =D0=B5 Thu, 05 Mar = 2015 19:12:10 +0300: > On 05.03.2015 18:26, Emil Muratov wrote: >> On 03.02.2015 13:42, Lev Serebryakov wrote: >>> >>> Recommended "reass all from any to any in" kills all incoming IPv6 >>> packets (at least, packets from 6in4 tunnel). "reass ip4 from any to= >>> any in" works as expected. >>> >>> Is it documentation bug or implementation bug? >> >> Both :) Hit this bug several years ago, seems it is still here > > AFAIR, I made the patch for such PR, but nobody wanted to test it :) > https://people.freebsd.org/~ae/ipfw_ip6reass.diff > > Probably now I can test it myself a bit later. > Still doesn't work for me. What was done: applied patch to = /usr/src/sys/netpfil/ipfw/ip_fw2.c, rebuilt & installed kernel & ipfw ad= d = 10 reass all from any to any in