Date: Thu, 23 Jul 2009 12:01:11 +0200 From: Henri Hennebert <hlh@restart.be> To: "Li, Qing" <qing.li@bluecoat.com> Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: [SOLVED] 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections Message-ID: <4A6834E7.60704@restart.be> In-Reply-To: <B583FBF374231F4A89607B4D08578A4304CDAAEC@bcs-mail03.internal.cacheflow.com> References: <4A5734C3.3000806@restart.be> <B583FBF374231F4A89607B4D08578A4304673660@bcs-mail03.internal.cacheflow.com> <4A5864DC.1070106@restart.be> <B583FBF374231F4A89607B4D08578A4304673665@bcs-mail03.internal.cacheflow.com> <4A6469CE.4060907@restart.be> <B583FBF374231F4A89607B4D08578A4304CDAAEC@bcs-mail03.internal.cacheflow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Li, Qing wrote: >> Just another case where the route must be created: >> > > That's probably because I explicitly disabled such > route installation for PPP link type. > > Please apply patch http://people.freebsd.org/~qingli/patch and > let me know if that solves your problem. The problem is solved. Thanks a lot. Henri PS. the ipv4 ping was working fine before (and after) your patch, so I don't see why you have to patch in.c > > Thanks, > > -- Qing > > > >> [root@avoriaz ~]# ifconfig gif0 >> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 >> tunnel inet 212.239.166.57 --> 94.23.44.41 >> inet6 fe80::21d:60ff:fead:2ace%gif0 prefixlen 64 scopeid 0x4 >> inet6 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:0:ffff:: >> prefixlen >> 128 >> options=1<ACCEPT_REV_ETHIP_VER> >> >> [root@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff:: >> PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: --> >> 2001:41d0:2:2d29:1:ffff:: >> ^C >> --- 2001:41d0:2:2d29:1:ffff:: ping6 statistics --- >> 4 packets transmitted, 0 packets received, 100.0% packet loss >> >> [root@avoriaz ~]# route add -inet6 2001:41d0:2:2d29:1:ffff:: > -interface >> lo0 >> add host 2001:41d0:2:2d29:1:ffff::: gateway lo0 >> >> [root@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff:: >> PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: --> >> 2001:41d0:2:2d29:1:ffff:: >> 16 bytes from ::1, icmp_seq=0 hlim=64 time=0.531 ms >> 16 bytes from ::1, icmp_seq=1 hlim=64 time=0.884 ms >> 16 bytes from ::1, icmp_seq=2 hlim=64 time=0.748 ms >> ^C >> --- 2001:41d0:2:2d29:1:ffff:: ping6 statistics --- >> 3 packets transmitted, 3 packets received, 0.0% packet loss >> round-trip min/avg/max/std-dev = 0.531/0.721/0.884/0.145 ms >> >> Thanks >> >> Henri >>> -----Original Message----- >>> From: Henri Hennebert [mailto:hlh@restart.be] >>> Sent: Sat 7/11/2009 3:09 AM >>> To: Li, Qing >>> Cc: freebsd-stable@freebsd.org; freebsd-net@freebsd.org >>> Subject: Re: 8.0-BETA1 - for the record - different paths followed > by >> IPv4 and IPv6 for 'local' connections >>> Li, Qing wrote: >>>> Hi, >>>> >>>> Please try patch-7-10 in my home directory >> http://people.freebsd.org/~qingli/ >>>> and let me know how it works out for you. I thought I had committed >> the patch >>>> but turned out I didn't. >>> I apply the patch, reset my pf.conf to its previous content and all >> is >>> running smoothly. By the way, I discover after my post that my >>> "solution" was not working for long (many bytes) connections and > this >> is >>> solved too. >>> >>> Many thank for your time >>> >>> Henri >>> >>> PS please commit as soon as possible >>> >>>>> On 8.0-BETA1 there is an assymetry: >>>>> >>>>> netstat -rn display >>>>> >>>>> 192.168.24.1 link#3 >>>>> .... >>>>> no entry for 2001:41d0:2:2d29:1:1:: >>>>> >>>> This is by design as part of the new architecture in 8.0, which >> maintains >>>> the L2 ARP/ND6 and L3 routing tables separately. >>>> >>>> -- Qing >>>> >>>> >>>> >>>> -----Original Message----- >>>> From: owner-freebsd-stable@freebsd.org on behalf of Henri Hennebert >>>> Sent: Fri 7/10/2009 5:32 AM >>>> To: freebsd-stable@freebsd.org; freebsd-st@freebsd.org >>>> Subject: 8.0-BETA1 - for the record - different paths followed by >> IPv4 and IPv6 for 'local' connections >>>> Hello, >>>> >>>> After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem >> when >>>> connecting with firefox to a local apache server using the global >>>> unicast IPv6 address of the local machine. pf.conf must be updated! >>>> >>>> My configuration: >>>> >>>> [root@avoriaz ~]# ifconfig em0 >>>> >>>> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 > mtu >> 1500 > options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO >> 4> >>>> ether 00:1d:60:ad:2a:ce >>>> inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 >>>> inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1 >>>> inet6 2001:41d0:2:2d29:1:1:: prefixlen 80 >>>> media: Ethernet 100baseTX (100baseTX <half-duplex>) >>>> status: active >>>> >>>> [root@avoriaz ~]# host www.restart.bel >>>> www.restart.bel is an alias for avoriaz.restart.bel. >>>> avoriaz.restart.bel has address 192.168.24.1 >>>> avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1:: >>>> >>>> pf.conf: >>>> >>>> int_if="em0" >>>> block in log all >>>> block out log all >>>> set skip on lo0 >>>> antispoof quick for $int_if inet >>>> # Allow trafic with physical internal network >>>> pass in quick on $int_if from ($int_if:network) to ($int_if) keep >> state >>>> pass out quick on $int_if from ($int_if) to ($int_if:network) keep >> state >>>> The problem: >>>> >>>> [root@avoriaz ~]# telnet -4 www.restart.bel 80 >>>> Trying 192.168.24.1... >>>> Connected to avoriaz.restart.bel. >>>> Escape character is '^]'. >>>> ^] >>>> telnet> quit >>>> Connection closed. >>>> [root@avoriaz ~]# telnet -6 www.restart.bel 80 >>>> Trying 2001:41d0:2:2d29:1:1::... >>>> --->Never connect and get a timeout! >>>> >>>> tcpdump and logging in pf show me that >>>> >>>> For a IPv4 connection: >>>> the packet from telnet to apache pass 2 times on lo0 (out and in) >>>> the answer packet from apache to telnet pass 2 times on lo0 (out > and >> in) >>>> So no problem, there is `set skip on lo0' >>>> >>>> For a IPv6 connection: >>>> The first packet from telnet to apache pass 2 times on lo0 (out and >> in) >>>> The answer packet from apache to telnet path on em0 and is > rejected >>>> due to the default flags S/SA. >>>> >>>> So I have to change pf.conf and replace the last line: >>>> pass out quick on $int_if from ($int_if) to ($int_if:network) \ >>>> keep state flags any >>>> >>>> Then all is OK >>>> >>>> By the way, on 7.2 >>>> >>>> netstat -rn display >>>> >>>> 192.168.24.1 00:1d:60:ad:2a:ce >>>> .... >>>> 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce >>>> >>>> >>>> On 8.0-BETA1 there is an assymetry: >>>> >>>> netstat -rn display >>>> >>>> 192.168.24.1 link#3 >>>> .... >>>> no entry for 2001:41d0:2:2d29:1:1:: >>>> >>>> Hope it may help someone >>>> >>>> Henri >>>> >>>> _______________________________________________ >>>> freebsd-stable@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >>>> To unsubscribe, send any mail to "freebsd-stable- >> unsubscribe@freebsd.org" >>> >>> _______________________________________________ >>> freebsd-stable@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >>> To unsubscribe, send any mail to "freebsd-stable- >> unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A6834E7.60704>