From owner-freebsd-current@FreeBSD.ORG Sun Jul 12 19:28:29 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 820461065672; Sun, 12 Jul 2009 19:28:29 +0000 (UTC) (envelope-from qing.li@bluecoat.com) Received: from whisker.bluecoat.com (whisker.bluecoat.com [216.52.23.28]) by mx1.freebsd.org (Postfix) with ESMTP id 6176D8FC0C; Sun, 12 Jul 2009 19:28:29 +0000 (UTC) (envelope-from qing.li@bluecoat.com) Received: from bcs-mail03.internal.cacheflow.com ([10.2.2.95]) by whisker.bluecoat.com (8.14.2/8.14.2) with ESMTP id n6CJSSxL009745; Sun, 12 Jul 2009 12:28:28 -0700 (PDT) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Sun, 12 Jul 2009 12:21:32 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections Thread-Index: AcoCD7nm0QOYQHIsS0ibc0bZM9LvQwBFjzrm References: <4A5734C3.3000806@restart.be> <4A5864DC.1070106@restart.be> From: "Li, Qing" To: "Henri Hennebert" Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: RE: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Jul 2009 19:28:30 -0000 The patch has been committed, svn revision 195643. Thanks, -- Qing -----Original Message----- From: Henri Hennebert [mailto:hlh@restart.be] Sent: Sat 7/11/2009 3:09 AM To: Li, Qing Cc: freebsd-stable@freebsd.org; freebsd-net@freebsd.org Subject: Re: 8.0-BETA1 - for the record - different paths followed by = IPv4 and IPv6 for 'local' connections =20 Li, Qing wrote: > Hi, >=20 > Please try patch-7-10 in my home directory = http://people.freebsd.org/~qingli/ > and let me know how it works out for you. I thought I had committed = the patch=20 > but turned out I didn't. I apply the patch, reset my pf.conf to its previous content and all is=20 running smoothly. By the way, I discover after my post that my=20 "solution" was not working for long (many bytes) connections and this is = solved too. Many thank for your time Henri PS please commit as soon as possible >=20 >> On 8.0-BETA1 there is an assymetry: >> >> netstat -rn display >> >> 192.168.24.1 link#3 >> .... >> no entry for 2001:41d0:2:2d29:1:1:: >> >=20 > This is by design as part of the new architecture in 8.0, which = maintains=20 > the L2 ARP/ND6 and L3 routing tables separately. >=20 > -- Qing >=20 >=20 >=20 > -----Original Message----- > From: owner-freebsd-stable@freebsd.org on behalf of Henri Hennebert > Sent: Fri 7/10/2009 5:32 AM > To: freebsd-stable@freebsd.org; freebsd-st@freebsd.org > Subject: 8.0-BETA1 - for the record - different paths followed by IPv4 = and IPv6 for 'local' connections > =20 > Hello, >=20 > After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem = when=20 > connecting with firefox to a local apache server using the global=20 > unicast IPv6 address of the local machine. pf.conf must be updated! >=20 > My configuration: >=20 > [root@avoriaz ~]# ifconfig em0 >=20 > em0: flags=3D8843 metric 0 mtu = 1500 > options=3D19b > ether 00:1d:60:ad:2a:ce > inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 > inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1 > inet6 2001:41d0:2:2d29:1:1:: prefixlen 80 > media: Ethernet 100baseTX (100baseTX ) > status: active >=20 > [root@avoriaz ~]# host www.restart.bel > www.restart.bel is an alias for avoriaz.restart.bel. > avoriaz.restart.bel has address 192.168.24.1 > avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1:: >=20 > pf.conf: >=20 > int_if=3D"em0" > block in log all > block out log all > set skip on lo0 > antispoof quick for $int_if inet > # Allow trafic with physical internal network > pass in quick on $int_if from ($int_if:network) to ($int_if) keep = state > pass out quick on $int_if from ($int_if) to ($int_if:network) keep = state >=20 > The problem: >=20 > [root@avoriaz ~]# telnet -4 www.restart.bel 80 > Trying 192.168.24.1... > Connected to avoriaz.restart.bel. > Escape character is '^]'. > ^] > telnet> quit > Connection closed. > [root@avoriaz ~]# telnet -6 www.restart.bel 80 > Trying 2001:41d0:2:2d29:1:1::... > --->Never connect and get a timeout! >=20 > tcpdump and logging in pf show me that >=20 > For a IPv4 connection: > the packet from telnet to apache pass 2 times on lo0 (out and in) > the answer packet from apache to telnet pass 2 times on lo0 (out and = in) >=20 > So no problem, there is `set skip on lo0' >=20 > For a IPv6 connection: > The first packet from telnet to apache pass 2 times on lo0 (out and = in) > The answer packet from apache to telnet path on em0 and is rejected > due to the default flags S/SA. >=20 > So I have to change pf.conf and replace the last line: > pass out quick on $int_if from ($int_if) to ($int_if:network) \ > keep state flags any >=20 > Then all is OK >=20 > By the way, on 7.2 >=20 > netstat -rn display >=20 > 192.168.24.1 00:1d:60:ad:2a:ce > .... > 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce >=20 >=20 > On 8.0-BETA1 there is an assymetry: >=20 > netstat -rn display >=20 > 192.168.24.1 link#3 > .... > no entry for 2001:41d0:2:2d29:1:1:: >=20 > Hope it may help someone >=20 > Henri >=20 > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org" >=20