Date: Fri, 21 Feb 2025 10:31:42 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 284946] pf: af-to fails when IPv4 nexthop is an IPv6 address Message-ID: <bug-284946-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D284946 Bug ID: 284946 Summary: pf: af-to fails when IPv4 nexthop is an IPv6 address Product: Base System Version: 15.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: lexi@hemlock.eden.le-fay.org interface configuration: vtnet0: flags=3D1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> me= tric 0 mtu 1500 =20=20=20=20=20=20=20 options=3D4c00bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU= M,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6> ether 52:54:00:bb:17:50 inet 46.235.229.111/32 broadcast 46.235.229.111 inet6 fe80::5054:ff:febb:1750%vtnet0/64 scopeid 0x1 inet6 2a00:1098:6b::1/128 groups: arpa media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL> note that the IPv4 address is a /32. default route: route to: 0.0.0.0 destination: 0.0.0.0 mask: 0.0.0.0 gateway: fe80::1%vtnet0 fib: 0 interface: vtnet0 flags: <UP,GATEWAY,DONE> recvpipe sendpipe ssthresh rtt,msec mtu weight expire 0 0 0 0 1500 1 0=20 IPv4 connectivity works fine: # ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1): 56 data bytes 64 bytes from 1.1.1.1: icmp_seq=3D0 ttl=3D57 time=3D1.241 ms then i added this af-to rule: pass in on { lf, ep.yarrow } inet6 from <lf> to 64:ff9b::/96 af-to inet from 46.235.229.111/32 when pinging 64:ff9b::1.1.1.1 from another machine, traffic appears on the internal interface: 10:24:28.751677 IP6 2a00:1098:6b:100::2 > 64:ff9b::101:101: ICMP6, echo request, id 4695, seq 0, length 16 10:24:29.771743 IP6 2a00:1098:6b:100::2 > 64:ff9b::101:101: ICMP6, echo request, id 4695, seq 1, length 16 10:24:30.830451 IP6 2a00:1098:6b:100::2 > 64:ff9b::101:101: ICMP6, echo request, id 4695, seq 2, length 16 however, the traffic disappears into a black hole; it does not appear on vt= net0 on the router or in pflog. when this happens, the router logs: Feb 21 10:24:28 yarrow kernel: arpresolve: can't allocate llinfo for 0.0.0.= 0 on vtnet0 Feb 21 10:24:30 yarrow syslogd: last message repeated 2 times the pf state entry: all ipv6-icmp 46.235.229.111:4709 (2a00:1098:6b:100::2[4709]) -> 1.1.1.1:8 (64:ff9b::101:101[4709]) NO_TRAFFIC:NO_TRAFFIC if i change the external IPv4 address to a /24 and add an IPv4 default rout= e, then the af-to rule starts working: 10:28:05.991764 IP 46.235.229.111 > 1.1.1.1: ICMP echo request, id 4725, seq 10, length 16 10:28:05.993141 IP 1.1.1.1 > 46.235.229.111: ICMP echo reply, id 4725, seq = 10, length 16 10:28:07.041611 IP 46.235.229.111 > 1.1.1.1: ICMP echo request, id 4725, seq 11, length 16 10:28:07.042860 IP 1.1.1.1 > 46.235.229.111: ICMP echo reply, id 4725, seq = 11, length 16 ^C and pf now has two state entries: vtnet0 icmp 46.235.229.111:28946 -> 1.1.1.1:8 0:0 all ipv6-icmp 46.235.229.111:4725 (2a00:1098:6b:100::2[4725]) -> 1.1.1.1:8 (64:ff9b::101:101[4725]) NO_TRAFFIC:NO_TRAFFIC however, that's the wrong configuration for this network, so i can't leave = it in place except for quick testing. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-284946-227>