From owner-freebsd-net@FreeBSD.ORG  Fri Oct 28 17:02:43 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F1C851065672;
	Fri, 28 Oct 2011 17:02:43 +0000 (UTC) (envelope-from sem@FreeBSD.org)
Received: from mail.ciam.ru (mail.ciam.ru [91.209.218.18])
	by mx1.freebsd.org (Postfix) with ESMTP id A78448FC15;
	Fri, 28 Oct 2011 17:02:40 +0000 (UTC)
Received: from [46.242.19.18] (helo=[172.16.100.20])
	by mail.ciam.ru with esmtpa (Exim 4.x)
	id 1RJpWo-0005TO-Tw; Fri, 28 Oct 2011 20:43:35 +0400
Message-ID: <4EAADBB6.5090901@FreeBSD.org>
Date: Fri, 28 Oct 2011 20:43:34 +0400
From: Sergey Matveychuk <sem@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Emil Muratov <gpm@hotplug.ru>
References: <4EAAC5C5.6090803@hotplug.ru>
In-Reply-To: <4EAAC5C5.6090803@hotplug.ru>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org
Subject: Re: ipfw reass brakes ipv6  operation
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2011 17:02:44 -0000

28.10.2011 19:09, Emil Muratov wrote:
>
> Hi all
>
> I've got into some strange behavior with ipv6. Somehow ipfw reassembly
> totally brakes it's operation.
> As soon as I add a rule "ipfw add 100 reass all from any to any in" all
> ipv6 operation is not available any more,
> I can only ping6 localhost. Outgoing ipv6 packets are OK, I can see them
> via tcpdump on an interface stf0 and after that leaving encapsulated in
> ip4 through another interface. But all incoming ipv6 packets are
> blackholed. I can see them arriving as an encapsulated payload in ip4
> and after that they disappear. I don't know if this a bug or a feature,
> using "ipfw add reass ip4 from any to any in" works as a workaround.
> Shouldn't reass just pass ipv6 packets intact? Or if it is a feature
> than maybe there should be a note in IPFW(8) man page to not to use
> reass for anything except ip4?

Yes, reass implemented only for ipv4 and breaks ipv6 packets.
It should be fixed, not documented.