From owner-freebsd-pf@FreeBSD.ORG Thu Sep 6 01:17:26 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF40D106564A for ; Thu, 6 Sep 2012 01:17:25 +0000 (UTC) (envelope-from kpaasial@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id A44AE8FC08 for ; Thu, 6 Sep 2012 01:17:25 +0000 (UTC) Received: by vbmv11 with SMTP id v11so1092027vbm.13 for ; Wed, 05 Sep 2012 18:17:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=Rdkhb/DMUVhQ6SXLGcK1WdoHmrQkCyg0J1ACsp/Dw+4=; b=B9Ih7ahcogj+oG56m04q8P8ocRy9fz8vdlaNz5rtfBqH4JE9qh9iEfYZE7qWJSpmir K5CXCKvJtNskCB4Ve48oNKgJ1ZQE9/iy2mpZVNSxYQVTKw1GwXyH6zUkrLf8JYy0em3D t5m9BvaszR1YK1Iy7XmApFvm7mVzQivZ7szbA/sTjL+1xoBCeiVChv20hDdURZkO+/Qu KgwvhzbAga1LAA488xyf/1NJGJqOQvdlQVrSoK8tGqxDvANYWfGOhnxRUCrMz4FbcRCx mMA8GT4MaE2g6ZOARWbz2E2v7kqKLLukrLQJNpIwuR+reJaGdFeEnKF6zZv4xedI/8OW m6xA== MIME-Version: 1.0 Received: by 10.220.220.203 with SMTP id hz11mr347774vcb.50.1346894244340; Wed, 05 Sep 2012 18:17:24 -0700 (PDT) Received: by 10.58.230.134 with HTTP; Wed, 5 Sep 2012 18:17:24 -0700 (PDT) In-Reply-To: References: Date: Thu, 6 Sep 2012 04:17:24 +0300 Message-ID: From: Kimmo Paasiala To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: Re: PF: matching gif(4) encapsulated IPv6 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2012 01:17:26 -0000 On Thu, Sep 6, 2012 at 2:13 AM, Kimmo Paasiala wrote: > Hello, > > I'd like to prioritize gif(4) encapsulated IPv6 over other IPv4 > traffic on an interface. I have queues set up and the shaping works > for other types of IPv4 traffic but for some reason I can't find a way > to match outgoing protocol 41 (ipv6) on the interface. My rule is > simply: > > pass out log quick on $WAN proto ipv6 from to > queue(qWAN_proto41) > > The rule should match but gets no hits. What is really puzzling is > that pfctl -v -ss shows a state: > > all ipv6 -> MULTIPLE:MULTIPLE > age 28:01:28, expires in 00:00:59, 198282:210890 pkts, > 31007357:140434503 bytes > > What creates this state if it's not my rule? > > System details: 9-STABLE r239722 amd64. Pf(4) compiled with altq(4) > and loaded as modules. > > ifconfig gif0 shows: > > gif0: flags=8051 metric 0 mtu 1280 > tunnel inet --> > inet6 fe80::6ef0:49ff:fed3:b400%gif0 prefixlen 64 scopeid 0x6 > inet6 --> prefixlen 128 > nd6 options=21 > options=1 > ifconfig em0 (WAN): > > em0: flags=8943 metric > 0 mtu 1500 > options=209b > ether 00:1b:21:14:ca:5e > inet6 fe80::21b:21ff:fe14:ca5e%em0 prefixlen 64 scopeid 0x2 > inet netmask 0xfffff000 broadcast aa.bb.cc.dd > nd6 options=21 > media: Ethernet autoselect (1000baseT ) > status: active This was probably a failure to properly reset states after changing configuration. After a 'service pf restart' the rule works. Sorry for the noise. -Kimmo