From owner-freebsd-net@FreeBSD.ORG Mon Sep 26 09:57:32 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 948441065674 for ; Mon, 26 Sep 2011 09:57:32 +0000 (UTC) (envelope-from matt.xtaz@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 50BFF8FC16 for ; Mon, 26 Sep 2011 09:57:31 +0000 (UTC) Received: by vws11 with SMTP id 11so7059828vws.13 for ; Mon, 26 Sep 2011 02:57:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=k/eudqmMTf+nNVdSzn+iL4aL6EEb5E7qOtuT+avXsyo=; b=SHMuF2fHasCvJ8k8yyZfwS/8A8/9k8yLAs6urNkue8ym4d8UfrGvJE82dXmVdaPROW OFBJdBte8WXIo8tbhoExxUYRBADFJRhpKRDsr+JBFCfaUMAdke22fUYAV3tKl7ywXeR1 N0p/mpcKV5KZtaM0O17WTtnaZaSx+/XYRGHxQ= MIME-Version: 1.0 Received: by 10.52.66.235 with SMTP id i11mr6054635vdt.352.1317029273841; Mon, 26 Sep 2011 02:27:53 -0700 (PDT) Received: by 10.52.167.194 with HTTP; Mon, 26 Sep 2011 02:27:53 -0700 (PDT) Date: Mon, 26 Sep 2011 10:27:53 +0100 Message-ID: From: Matt Smith To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: gif interface not passing IPv6 packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 09:57:32 -0000 I have a very strange problem with a gif interface that has been confusing me all weekend. For the last six months I have had a gif tunnel setup to an ipv6 tunnel broker which has worked without any issues. On Friday I had a power cut. The power returned, the server restarted, and the tunnel has been down since. I have checked and rechecked the configuration and it all looks identical to what I would expect. I've even gone as far as running a buildworld/kernel in case the power outage corrupted something. The problem is that the gif interface doesn't appear to be processing any IPv6 packets at all, though it works fine with IPv4. I can't ping my side of the tunnel. For example: root@tao[~]# ifconfig gif0 gif0: flags=8051 metric 0 mtu 1280 tunnel inet 192.168.1.2 --> 77.75.104.126 inet6 fe80::240:63ff:fee8:793e%gif0 prefixlen 64 scopeid 0x5 inet6 2a01:348:6:45c::2 --> 2a01:348:6:45c::1 prefixlen 128 deprecated nd6 options=3 options=1 root@tao[~]# ping6 2a01:348:6:45c::2 PING6(56=40+8+8 bytes) 2a01:348:6:45c::2 --> 2a01:348:6:45c::2 root@tao[~]# tcpdump -i gif0 listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes 10:15:12.545930 IP6 cl-1117.lon-02.gb.sixxs.net > cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 0, length 16 10:15:13.546316 IP6 cl-1117.lon-02.gb.sixxs.net > cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 1, length 16 10:15:14.546220 IP6 cl-1117.lon-02.gb.sixxs.net > cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 2, length 16 I've deleted other lines from the tcpdump like neighbour solicitation and only shown the pings. But there is no ping response, only the request. Traceroute shows similar: root@tao[~]# traceroute6 2a01:348:6:45c::2 traceroute6 to 2a01:348:6:45c::2 (2a01:348:6:45c::2) from 2a01:348:6:45c::2, 64 hops max, 12 byte packets 1 * * * If I create an entire new interface, same problem, but as you can see works fine with IPv4: root@tao[~]# ifconfig gif1 create root@tao[~]# ifconfig gif1 tunnel 192.168.1.2 1.2.3.4 root@tao[~]# ifconfig gif1 inet6 2abc::2 2abc::1 prefixlen 128 root@tao[~]# ping6 2abc::2 PING6(56=40+8+8 bytes) 2abc::2 --> 2abc::2 ^C --- 2abc::2 ping6 statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss root@tao[~]# ifconfig gif1 10.1.1.1 10.1.1.2 root@tao[~]# ping 10.1.1.1 PING 10.1.1.1 (10.1.1.1): 56 data bytes 64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.105 ms 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.084 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.098 ms ^C --- 10.1.1.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.084/0.096/0.105/0.009 ms root@tao[~]# ifconfig gif1 destroy I'm running FreeBSD 8.2-RELEASE-p2. ipfw is compiled in the kernel however even if I flush all the rules so that it's just left with a default allow rule the same thing happens. And as I said before unless I'm being really blind and missed something obvious this config worked fine before my power outage! Here is my routing table for gif0: root@tao[~]# netstat -rn | grep gif0 default 2a01:348:6:45c::1 UGS gif0 2a01:348:6:45c::1 2a01:348:6:45c::2 UH gif0 fe80::%gif0/64 link#5 U gif0 fe80::240:63ff:fee8:793e%gif0 link#5 UHS lo0 ff01:5::/32 fe80::240:63ff:fee8:793e%gif0 U gif0 ff02::%gif0/32 fe80::240:63ff:fee8:793e%gif0 U gif0 And here are my firewall rules to prove it's flushed: root@tao[~]# ipfw list 65535 allow ip from any to any Thanks for any help or suggestions, Regards Matt.