From owner-freebsd-stable@FreeBSD.ORG Thu Jul 26 23:10:43 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0E691065670 for ; Thu, 26 Jul 2012 23:10:43 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 13EB28FC12 for ; Thu, 26 Jul 2012 23:10:42 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id q6QNAcVd004047 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Fri, 27 Jul 2012 00:10:38 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: OpenDKIM Filter v2.5.2 smtp.infracaninophile.co.uk q6QNAcVd004047 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1343344238; bh=d2wITY40ga5w5aes5FIRZ2BgUi1nyt2JWecAuHeTVyA=; h=Date:From:To:Subject:References:In-Reply-To:Cc:Content-Type: Message-ID:Mime-Version; b=zpnzW44hSqTfRjRL70a8IkwMv7BouynZcVmFGHmjlaWq5tSOFPyeuo/B2jTtL9yKD UBEd4Tna1Vaqd9KDGPw1OyZiqrSbKaYY1iNQBsumgmrYJhG6HH8QI4oPQN2tRgopiQ 6B7tjyRfbkSQ8W+zqLKq+mbm27YM282reMG36WHs= Message-ID: <5011CE66.4080509@infracaninophile.co.uk> Date: Fri, 27 Jul 2012 00:10:30 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <5011902C.1070600@infracaninophile.co.uk> <5011ADE6.7010602@bit0.com> In-Reply-To: <5011ADE6.7010602@bit0.com> X-Enigmail-Version: 1.4.3 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig0614E881BA0D03D1DB20187C" X-Virus-Scanned: clamav-milter 0.97.5 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_ADSP_ALL,DKIM_SIGNED,T_DKIM_INVALID autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Subject: Re: Regression with jails/IPv6/pf X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2012 23:10:43 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig0614E881BA0D03D1DB20187C Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 26/07/2012 21:51, Mike Andrews wrote: > Sounds like what I hit and filed kern/170070 on -- basically a host not= > being able to talk to itself on IPv6, except on the ::1 address. >=20 > Workaround: ifconfig lo0 -txcsum6 -rxcsum6 >=20 > or in /etc/rc.conf: >=20 > ifconfig_lo0=3D"inet 127.0.0.1/8 -txcsum6 -rxcsum6" Unfortunately that doesn't help. It's not that traffic is not getting anywhere: I'm seeing SSH packets going in both directions when trying to log in, but the handshaking fails because of bad checksums on the response packets. If it's not obvious, I'm trying to ssh from seedling to xenophobe, and this is what the package exchange looks like: seedling:~:% sudo tcpdump -vvi en1 host xenophobe tcpdump: listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes 00:06:14.814804 IP6 (hlim 64, next-header TCP (6) payload length: 44) seedling.black-earth.co.uk.61608 > xenophobe.infracaninophile.co.uk.ssh: Flags [S], cksum 0xcc56 (correct), seq 1949604450, win 65535, options [mss 1440,nop,wscale 2,nop,nop,TS val 648835584 ecr 0,sackOK,eol], length= 0 00:06:15.814223 IP6 (hlim 64, next-header TCP (6) payload length: 44) seedling.black-earth.co.uk.61608 > xenophobe.infracaninophile.co.uk.ssh: Flags [S], cksum 0xcc4d (correct), seq 1949604450, win 65535, options [mss 1440,nop,wscale 2,nop,nop,TS val 648835593 ecr 0,sackOK,eol], length= 0 00:06:16.341018 IP6 (flowlabel 0xf3c22, hlim 64, next-header TCP (6) payload length: 40) xenophobe.infracaninophile.co.uk.ssh > seedling.black-earth.co.uk.61608: Flags [S.], cksum 0xee83 (incorrect -> 0x7237), seq 2817652559, ack 1949604451, win 65535, options [mss 1440,nop,wscale 9,sackOK,TS val 1898338980 ecr 648835584], length 0 00:06:16.359176 IP6 (flowlabel 0xf3c22, hlim 64, next-header TCP (6) payload length: 40) xenophobe.infracaninophile.co.uk.ssh > seedling.black-earth.co.uk.61608: Flags [S.], cksum 0xee7a (incorrect -> 0x722e), seq 2817652559, ack 1949604451, win 65535, options [mss 1440,nop,wscale 9,sackOK,TS val 1898338980 ecr 648835593], length 0 00:06:16.815012 IP6 (hlim 64, next-header TCP (6) payload length: 44) seedling.black-earth.co.uk.61608 > xenophobe.infracaninophile.co.uk.ssh: Flags [S], cksum 0xcc43 (correct), seq 1949604450, win 65535, options [mss 1440,nop,wscale 2,nop,nop,TS val 648835603 ecr 0,sackOK,eol], length= 0 00:06:17.815463 IP6 (hlim 64, next-header TCP (6) payload length: 44) seedling.black-earth.co.uk.61608 > xenophobe.infracaninophile.co.uk.ssh: Flags [S], cksum 0xcc39 (correct), seq 1949604450, win 65535, options [mss 1440,nop,wscale 2,nop,nop,TS val 648835613 ecr 0,sackOK,eol], length= 0 00:06:17.826830 IP6 (flowlabel 0xf3c22, hlim 64, next-header TCP (6) payload length: 40) xenophobe.infracaninophile.co.uk.ssh > seedling.black-earth.co.uk.61608: Flags [S.], cksum 0xee70 (incorrect -> 0x7224), seq 2817652559, ack 1949604451, win 65535, options [mss 1440,nop,wscale 9,sackOK,TS val 1898338980 ecr 648835603], length 0 00:06:17.827062 IP6 (flowlabel 0xf3c22, hlim 64, next-header TCP (6) payload length: 40) xenophobe.infracaninophile.co.uk.ssh > seedling.black-earth.co.uk.61608: Flags [S.], cksum 0xee66 (incorrect -> 0x721a), seq 2817652559, ack 1949604451, win 65535, options [mss 1440,nop,wscale 9,sackOK,TS val 1898338980 ecr 648835613], length 0 00:06:18.816761 IP6 (hlim 64, next-header TCP (6) payload length: 44) seedling.black-earth.co.uk.61608 > xenophobe.infracaninophile.co.uk.ssh: Flags [S], cksum 0xcc2f (correct), seq 1949604450, win 65535, options [mss 1440,nop,wscale 2,nop,nop,TS val 648835623 ecr 0,sackOK,eol], length= 0 00:06:19.362251 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) seedling.black-earth.co.uk > xenophobe.infracaninophile.co.uk: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has xenophobe.infracaninophile.co.uk source link-address option (1), length 8 (1): f8:1e:df:da:c0:bb 0x0000: f81e dfda c0bb 00:06:19.526659 IP6 (class 0x06, flowlabel 0xf3c22, hlim 64, next-header TCP (6) payload length: 40) xenophobe.infracaninophile.co.uk.ssh > seedling.black-earth.co.uk.61608: Flags [S.], cksum 0xee5c (incorrect -> 0x7210), seq 2817652559, ack 1949604451, win 65535, options [mss 1440,nop,wscale 9,sackOK,TS val 1898338980 ecr 648835623], length 0 00:06:19.817464 IP6 (hlim 64, next-header TCP (6) payload length: 44) seedling.black-earth.co.uk.61608 > xenophobe.infracaninophile.co.uk.ssh: Flags [S], cksum 0xcc25 (correct), seq 1949604450, win 65535, options [mss 1440,nop,wscale 2,nop,nop,TS val 648835633 ecr 0,sackOK,eol], length= 0 Looks like the checksumming is a bit toast there. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig0614E881BA0D03D1DB20187C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlARzm4ACgkQ8Mjk52CukIxf4QCbBj8pveO5e9sVlmcs3FzDzeLO FD0An1wLscEv00yfE/IasZwVBc7IzUUq =eXgL -----END PGP SIGNATURE----- --------------enig0614E881BA0D03D1DB20187C--