From owner-freebsd-pf@FreeBSD.ORG  Wed Sep  5 23:13:18 2012
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 469CC106564A
	for <freebsd-pf@freebsd.org>; Wed,  5 Sep 2012 23:13:18 +0000 (UTC)
	(envelope-from kpaasial@gmail.com)
Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com
	[209.85.220.182])
	by mx1.freebsd.org (Postfix) with ESMTP id EFF5E8FC0C
	for <freebsd-pf@freebsd.org>; Wed,  5 Sep 2012 23:13:17 +0000 (UTC)
Received: by vcbgb30 with SMTP id gb30so2070981vcb.13
	for <freebsd-pf@freebsd.org>; Wed, 05 Sep 2012 16:13:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=HWS18vQq7C5RsE1HGHAHFMIQo0LGs7dQJ8FEEe8jWL8=;
	b=nNFMuEh/UXxHwVCnORh/PyIKHtwiEFDfWHRbI8+g63kKJmUQPnwZVKgH5SwHkYUq9u
	I8j6HTKL4xk2S9Kr0qWwMZ0EU4OjQWD03kck6VQC9yeF9v7O4N35zTto7r+t+QLAQjOL
	GPit0oB084rR/XYd3r5lNoY93MQsZ5MLGDDxoOqRE04J8FF3wRDSk1ijzBfiW3s0Bl/F
	70wvNtkv5ldaDmZN6DWCo6GWaG0cMKtApWn8kwYyEnQNPcsIPeC3xQBZo05OGCZSdIxv
	tJ5+pxfdtpxYgPLe8x2/DCgekoufzdOuYFTwgga3viIR9bYePQObeZkZfpEjxnWBQsGb
	yOSQ==
MIME-Version: 1.0
Received: by 10.220.142.79 with SMTP id p15mr135963vcu.24.1346886790940; Wed,
	05 Sep 2012 16:13:10 -0700 (PDT)
Received: by 10.58.230.134 with HTTP; Wed, 5 Sep 2012 16:13:10 -0700 (PDT)
Date: Thu, 6 Sep 2012 02:13:10 +0300
Message-ID: <CA+7WWSdQeRUu85NjQtn7mQjRYRpRhwMqKHSk6CFLTjcagJvo9w@mail.gmail.com>
From: Kimmo Paasiala <kpaasial@gmail.com>
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=UTF-8
Subject: PF: matching gif(4) encapsulated IPv6
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Sep 2012 23:13:18 -0000

Hello,

I'd like to prioritize gif(4) encapsulated IPv6 over other IPv4
traffic on an interface. I have queues set up and the shaping works
for other types of IPv4 traffic but for some reason I can't find a way
to match outgoing protocol 41 (ipv6) on the interface. My rule is
simply:

pass out log quick on $WAN proto ipv6 from <myendpoint> to
<remoteendpoint>  queue(qWAN_proto41)

The rule should match but gets no hits. What is really puzzling is
that pfctl -v -ss shows a state:

all ipv6 <myendpoint> -> <remoteendpoint>       MULTIPLE:MULTIPLE
   age 28:01:28, expires in 00:00:59, 198282:210890 pkts,
31007357:140434503 bytes

What creates this state if it's not my rule?

System details: 9-STABLE r239722 amd64. Pf(4) compiled with altq(4)
and loaded as modules.

ifconfig gif0 shows:

gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet <myendpoint> --> <remoteendpoint>
        inet6 fe80::6ef0:49ff:fed3:b400%gif0 prefixlen 64 scopeid 0x6
        inet6 <tunnelipv6local> --> <tunnelipv6remote> prefixlen 128
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        options=1<ACCEPT_REV_ETHIP_VER

ifconfig em0 (WAN):

em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
        options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether 00:1b:21:14:ca:5e
        inet6 fe80::21b:21ff:fe14:ca5e%em0 prefixlen 64 scopeid 0x2
        inet <myendpoint> netmask 0xfffff000 broadcast aa.bb.cc.dd
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active