Date: Thu, 6 Sep 2012 04:17:24 +0300 From: Kimmo Paasiala <kpaasial@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: PF: matching gif(4) encapsulated IPv6 Message-ID: <CA%2B7WWSe3VVrL0ci9%2Bq9rK9WE7_FXNn5HSiEEPXjHt2x-WBPNfA@mail.gmail.com> In-Reply-To: <CA%2B7WWSdQeRUu85NjQtn7mQjRYRpRhwMqKHSk6CFLTjcagJvo9w@mail.gmail.com> References: <CA%2B7WWSdQeRUu85NjQtn7mQjRYRpRhwMqKHSk6CFLTjcagJvo9w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 6, 2012 at 2:13 AM, Kimmo Paasiala <kpaasial@gmail.com> wrote: > Hello, > > I'd like to prioritize gif(4) encapsulated IPv6 over other IPv4 > traffic on an interface. I have queues set up and the shaping works > for other types of IPv4 traffic but for some reason I can't find a way > to match outgoing protocol 41 (ipv6) on the interface. My rule is > simply: > > pass out log quick on $WAN proto ipv6 from <myendpoint> to > <remoteendpoint> queue(qWAN_proto41) > > The rule should match but gets no hits. What is really puzzling is > that pfctl -v -ss shows a state: > > all ipv6 <myendpoint> -> <remoteendpoint> MULTIPLE:MULTIPLE > age 28:01:28, expires in 00:00:59, 198282:210890 pkts, > 31007357:140434503 bytes > > What creates this state if it's not my rule? > > System details: 9-STABLE r239722 amd64. Pf(4) compiled with altq(4) > and loaded as modules. > > ifconfig gif0 shows: > > gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 > tunnel inet <myendpoint> --> <remoteendpoint> > inet6 fe80::6ef0:49ff:fed3:b400%gif0 prefixlen 64 scopeid 0x6 > inet6 <tunnelipv6local> --> <tunnelipv6remote> prefixlen 128 > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > options=1<ACCEPT_REV_ETHIP_VER > > ifconfig em0 (WAN): > > em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric > 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:14:ca:5e > inet6 fe80::21b:21ff:fe14:ca5e%em0 prefixlen 64 scopeid 0x2 > inet <myendpoint> netmask 0xfffff000 broadcast aa.bb.cc.dd > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active This was probably a failure to properly reset states after changing configuration. After a 'service pf restart' the rule works. Sorry for the noise. -Kimmo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2B7WWSe3VVrL0ci9%2Bq9rK9WE7_FXNn5HSiEEPXjHt2x-WBPNfA>