From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 28 15:29:50 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5270E1065675 for ; Fri, 28 Oct 2011 15:29:50 +0000 (UTC) (envelope-from gpm@hotplug.ru) Received: from gate.pikinvest.ru (gate.pikinvest.ru [87.245.155.170]) by mx1.freebsd.org (Postfix) with ESMTP id 0BDD18FC15 for ; Fri, 28 Oct 2011 15:29:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mailgate.pik.ru (Postfix) with ESMTP id D3D451C0831; Fri, 28 Oct 2011 19:10:32 +0400 (MSD) Received: from EX03PIK.PICompany.ru (unknown [192.168.156.51]) by mailgate.pik.ru (Postfix) with ESMTP id D1B711C0822; Fri, 28 Oct 2011 19:10:32 +0400 (MSD) Received: from EX21PIK.PICompany.ru ([192.168.156.131]) by EX03PIK.PICompany.ru with Microsoft SMTPSVC(6.0.3790.4675); Fri, 28 Oct 2011 19:10:17 +0400 Received: from [192.168.148.9] (192.168.148.9) by EX21PIK.PICompany.ru (192.168.156.131) with Microsoft SMTP Server id 14.1.218.12; Fri, 28 Oct 2011 19:10:16 +0400 Message-ID: <4EAAC5C5.6090803@hotplug.ru> Date: Fri, 28 Oct 2011 19:09:57 +0400 From: Emil Muratov User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.23) Gecko/20110922 Thunderbird/3.1.15 MIME-Version: 1.0 To: , Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 28 Oct 2011 15:10:17.0059 (UTC) FILETIME=[B36F9330:01CC9583] Cc: Subject: ipfw reass brakes ipv6 operation X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Oct 2011 15:29:50 -0000 Hi all I've got into some strange behavior with ipv6. Somehow ipfw reassembly totally brakes it's operation. As soon as I add a rule "ipfw add 100 reass all from any to any in" all ipv6 operation is not available any more, I can only ping6 localhost. Outgoing ipv6 packets are OK, I can see them via tcpdump on an interface stf0 and after that leaving encapsulated in ip4 through another interface. But all incoming ipv6 packets are blackholed. I can see them arriving as an encapsulated payload in ip4 and after that they disappear. I don't know if this a bug or a feature, using "ipfw add reass ip4 from any to any in" works as a workaround. Shouldn't reass just pass ipv6 packets intact? Or if it is a feature than maybe there should be a note in IPFW(8) man page to not to use reass for anything except ip4? Thanks.