Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 09 Nov 2005 19:02:26 -0800
From:      Sean McNeil <sean@mcneil.com>
To:        "J.R. Oldroyd" <jr@opal.com>
Cc:        ume@freebsd.org, current@freebsd.org
Subject:   Re: recent MFC code to 6-STABLE kills ipv6
Message-ID:  <1131591746.24065.3.camel@triton.mcneil.com>
In-Reply-To: <20051110024941.GA987@linwhf.opal.com>
References:  <1131161768.8571.9.camel@server.mcneil.com> <ygehdaqhnnv.wl%ume@mahoroba.org> <8427EC93-6788-4659-B769-3703FF2AAA9A@mcneil.com> <x7acgim9hi.wl%suz@alaxala.net> <1131359967.1874.6.camel@server.mcneil.com> <x7mzkfsy87.wl%suz@alaxala.net> <1131424479.1341.3.camel@server.mcneil.com> <20051110024941.GA987@linwhf.opal.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 2005-11-09 at 21:49 -0500, J.R. Oldroyd wrote:
> Experiencing the problem over here, too.
> 
> # ifconfig gif0
> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
>         tunnel inet 66.171.79.118 --> 64.86.88.116
>         inet6 2001:5c0:8fff:fffe::553 --> 2001:5c0:8fff:fffe::552 prefixlen 128 
>         inet6 fe80::20c:6eff:fe75:69aa%gif0 prefixlen 64 scopeid 0x5 
> 
> # ping6 2001:5c0:8fff:fffe::553
> PING6(56=40+8+8 bytes) 2001:5c0:8fff:fffe::553 --> 2001:5c0:8fff:fffe::553
> 16 bytes from 2001:5c0:8fff:fffe::553, icmp_seq=0 hlim=64 time=1.658 ms
> 16 bytes from 2001:5c0:8fff:fffe::553, icmp_seq=1 hlim=64 time=0.720 ms
> 16 bytes from 2001:5c0:8fff:fffe::553, icmp_seq=2 hlim=64 time=0.681 ms
> ^C
> 
> Ping6 works fine:
> 
> However TCP traffic is broke, for example, when I try to telnet to the POP3
> server here, I observe that pf is blocking the server's response packets with
> this error:
> 
> # telnet 2001:5c0:8fff:fffe::553 110
> Trying 2001:5c0:8fff:fffe::553...
> ^C
> 
> from pflog:
> 21:45:03.080452 rule 0/0(match): block in on gif0: 2001:5c0:8fff:fffe::553.110 > 2001:5c0:8fff:fffe::553.56716:  tcp 36 [bad hdr length 8 - too short, < 20]
> 
> This did not happen on earlier 6.0-current.

Oh Boy!  This is very interesting.  I took a look at my ipfw show during
a ping6 and see the problem.  The revpath is messed up.  I took out my
rule:

add deny all from any to any not verrevpath in via dc0

and ping6 now works.

Thanks for the clue!

This should be fixed.  I have no idea why the revpath is no longer
valid.

Cheers,
Sean

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1131591746.24065.3.camel>