From nobody Sat Apr 19 23:36:41 2025 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Zg7Lz6wssz5tdWL for ; Sat, 19 Apr 2025 23:36:43 +0000 (UTC) (envelope-from paige@paige.bio) Received: from outbound.ms.icloud.com (p-west3-cluster6-host9-snip4-10.eps.apple.com [57.103.75.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Zg7Lz0Kj0z3Q6R for ; Sat, 19 Apr 2025 23:36:43 +0000 (UTC) (envelope-from paige@paige.bio) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=paige.bio header.s=sig1 header.b=b88wXXUC; dmarc=pass (policy=reject) header.from=paige.bio; spf=pass (mx1.freebsd.org: domain of paige@paige.bio designates 57.103.75.93 as permitted sender) smtp.mailfrom=paige@paige.bio DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paige.bio; s=sig1; bh=Hs8ay+keII8qlVMmejuCF6B2gF+GWhobwK+b05CIJt8=; h=To:From:Subject:Date:Message-id:Content-Type:MIME-Version:x-icloud-hme; b=b88wXXUCOtoCDb2aKzZ9NAUp/li6jvvVEav532zjJHfkDRT1XJopQ972iBGiyJ8SW PBf+UkZn5ZHTlhtWm/6yaRMPX37aOUjZkUCjfaIz7Ef4K+QiHlf9kPxIvfRD0fFkgZ cNb5mA/iYWQVfKmN7RnJ6wmnsspAdQS9WsUcTWufAaidlMuyexzOBAtecG3nsDKdm/ AVStHPnD+O2WhA7VEg01yUsTgqJNLsb14e/elyZq8inKdhYlbOzOOOJzU/oUWuf1xr CGyqBciRH/Nwh2rzqXXOy+cs+20nPSc/KtapFYrsNdvbYr6ONXNwIcwWxA+dx19sXC ctJQzFOgQCiYw== Received: from outbound.ms.icloud.com (localhost [127.0.0.1]) by outbound.ms.icloud.com (Postfix) with ESMTPS id B914B1802C49; Sat, 19 Apr 2025 23:36:41 +0000 (UTC) Received: from p00-mailws2-5f5cb8d549-xt4hk (ms-asmtpout-k8s.p00.prod.me.com [10.52.196.11]) by outbound.ms.icloud.com (Postfix) with ESMTPSA id 31D5B18004D3; Sat, 19 Apr 2025 23:36:41 +0000 (UTC) To: freebsd-net@freebsd.org Cc: zlei@FreeBSD.org, freebsd@oldach.net From: Paige Thompson Subject: FIBs with IPv6 Date: Sat, 19 Apr 2025 23:36:41 +0000 (UTC) X-Client-IP: 76.147.176.23 X-Mailer: iCloud MailClientcurrent MailServer2502B13.7c5914c7dad3 Message-id: <83cc7ce5-70b6-4578-8e1a-f5ee04f2c7b9@me.com> Content-Type: multipart/alternative; boundary=Apple-Webmail-42--690faeae-763d-4d50-954d-ddd8fd12e2ed List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 X-Spamd-Result: default: False [-4.73 / 15.00]; RBL_SENDERSCORE_REPUT_9(-1.00)[57.103.75.93:from]; NEURAL_HAM_LONG(-1.00)[-0.999]; NEURAL_HAM_SHORT(-1.00)[-0.995]; NEURAL_HAM_MEDIUM(-0.73)[-0.734]; DMARC_POLICY_ALLOW(-0.50)[paige.bio,reject]; R_SPF_ALLOW(-0.20)[+ip4:57.103.64.0/18:c]; R_DKIM_ALLOW(-0.20)[paige.bio:s=sig1]; MIME_GOOD(-0.10)[multipart/alternative,text/plain,multipart/related]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]; ARC_NA(0.00)[]; ASN(0.00)[asn:714, ipnet:57.103.72.0/22, country:US]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[paige.bio:+] X-Rspamd-Queue-Id: 4Zg7Lz0Kj0z3Q6R X-Spamd-Bar: ---- --Apple-Webmail-42--690faeae-763d-4d50-954d-ddd8fd12e2ed Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8; format=flowed Hey yall, I came across a thread today on the forum regarding an issue wit= h trying to get IPv6 to work on something like a epair interface, I'm havi= ng the same issue myself when one end of the epair is assigned to a FIB th= at differs from the other. I replied to this thread, but it's pending mod.= In any case I glossed over the tests of this in /usr/src/tests/sys/netine= t6/ndp.sh and proxy_ndp.sh but nothing about them would lead me to believe= that they're also testing with a FIB, nothing in the man page would lead = me to believe that FIBs have ever been considered with regards to NDP eith= er. IPv4 works fine, I can assign a /31 to both ends of the epair with one= interface using a different FIB from the other and both are able to reach= each other end to end, and also looking at a packet dump seemed to confir= m that with IPv4 ARP is working correctly. I thought I was going crazy for= a minute because I remember this exact configuration (or something nearly= identical at least) worked for me on OpenBSD. Linux is another story but = as I recall if you don't factor in the problems that netfilter adds (like = trying to use ct_zones as an after thought for coalescing the identity of = a VRF from fwmark) I recall this at least worked as one would expect. I do= n't really see anything in the git log about FIB for NDP, thing is I can p= robably create a static NDP entry and make this work, will have to try lat= er but I'm just wondering if maybe this just got overlooked. setfib would = seem to be older than NDP but I don't know... looking at ndp.c I'm very un= familiar with it but it does look like it's querying routing tables at cer= tain points. I'll try turning on debugverbose later and see if anything co= mes up but I just wanted to mention this just in case this stands out to a= nybody. Thanks -Paige --Apple-Webmail-42--690faeae-763d-4d50-954d-ddd8fd12e2ed Content-Type: multipart/related; type="text/html"; boundary=Apple-Webmail-86--690faeae-763d-4d50-954d-ddd8fd12e2ed --Apple-Webmail-86--690faeae-763d-4d50-954d-ddd8fd12e2ed Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8;
Hey yall,

I came across a thread t= oday on the forum =0Aregarding an issue with trying to get IPv6 to work on= something like a =0Aepair interface, I'm having the same issue myself whe= n one end of the =0Aepair is assigned to a FIB that differs from the other= . I replied to =0Athis thread, but it's pending mod.

In any case I glossed over =0Athe tests of this in /usr/src/tests= /sys/netinet6/ndp.sh and proxy_ndp.sh=0A but nothing about them would lead= me to believe that they're also =0Atesting with a FIB, nothing in the man= page would lead me to believe =0Athat FIBs have ever been considered with= regards to NDP either.

IPv4=0A works fine, = I can assign a /31 to both ends of the epair with one =0Ainterface using a= different FIB from the other and both are able to =0Areach each other end= to end, and also looking at a packet dump seemed to=0A confirm that with = IPv4 ARP is working correctly.

I thought I =0A= was going crazy for a minute because I remember this exact configuration=0A= (or something nearly identical at least) worked for me on OpenBSD. =0ALin= ux is another story but as I recall if you don't factor in the =0Aproblems= that netfilter adds (like trying to use ct_zones as an after =0Athought f= or coalescing the identity of a VRF from fwmark) I recall this =0Aat least= worked as one would expect.

I don't really = see anything=0A in the git log about FIB for NDP, thing is I can probably = create a =0Astatic NDP entry and make this work, will have to try later bu= t I'm just=0A wondering if maybe this just got overlooked. setfib would se= em to be =0Aolder than NDP but I don't know... looking at ndp.c I'm very u= nfamiliar =0Awith it but it does look like it's querying routing tables at= certain =0Apoints. I'll try turning on debugverbose later and see if anyt= hing comes=0A up but I just wanted to mention this just in case this stand= s out to =0Aanybody.


Thanks
-Paige
--Apple-Webmail-86--690faeae-763d-4d50-954d-ddd8fd12e2ed-- --Apple-Webmail-42--690faeae-763d-4d50-954d-ddd8fd12e2ed--