Date: Mon, 20 Jul 2009 14:57:50 +0200 From: Henri Hennebert <hlh@restart.be> To: "Li, Qing" <qing.li@bluecoat.com> Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: Re: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections Message-ID: <4A6469CE.4060907@restart.be> In-Reply-To: <B583FBF374231F4A89607B4D08578A4304673665@bcs-mail03.internal.cacheflow.com> References: <4A5734C3.3000806@restart.be> <B583FBF374231F4A89607B4D08578A4304673660@bcs-mail03.internal.cacheflow.com> <4A5864DC.1070106@restart.be> <B583FBF374231F4A89607B4D08578A4304673665@bcs-mail03.internal.cacheflow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Li, Qing wrote: > The patch has been committed, svn revision 195643. > > Thanks, > > -- Qing > Just another case where the route must be created: [root@avoriaz ~]# ifconfig gif0 gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 tunnel inet 212.239.166.57 --> 94.23.44.41 inet6 fe80::21d:60ff:fead:2ace%gif0 prefixlen 64 scopeid 0x4 inet6 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:0:ffff:: prefixlen 128 options=1<ACCEPT_REV_ETHIP_VER> [root@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff:: PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:1:ffff:: ^C --- 2001:41d0:2:2d29:1:ffff:: ping6 statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss [root@avoriaz ~]# route add -inet6 2001:41d0:2:2d29:1:ffff:: -interface lo0 add host 2001:41d0:2:2d29:1:ffff::: gateway lo0 [root@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff:: PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:1:ffff:: 16 bytes from ::1, icmp_seq=0 hlim=64 time=0.531 ms 16 bytes from ::1, icmp_seq=1 hlim=64 time=0.884 ms 16 bytes from ::1, icmp_seq=2 hlim=64 time=0.748 ms ^C --- 2001:41d0:2:2d29:1:ffff:: ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.531/0.721/0.884/0.145 ms Thanks Henri > > -----Original Message----- > From: Henri Hennebert [mailto:hlh@restart.be] > Sent: Sat 7/11/2009 3:09 AM > To: Li, Qing > Cc: freebsd-stable@freebsd.org; freebsd-net@freebsd.org > Subject: Re: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections > > Li, Qing wrote: >> Hi, >> >> Please try patch-7-10 in my home directory http://people.freebsd.org/~qingli/ >> and let me know how it works out for you. I thought I had committed the patch >> but turned out I didn't. > > I apply the patch, reset my pf.conf to its previous content and all is > running smoothly. By the way, I discover after my post that my > "solution" was not working for long (many bytes) connections and this is > solved too. > > Many thank for your time > > Henri > > PS please commit as soon as possible > >>> On 8.0-BETA1 there is an assymetry: >>> >>> netstat -rn display >>> >>> 192.168.24.1 link#3 >>> .... >>> no entry for 2001:41d0:2:2d29:1:1:: >>> >> This is by design as part of the new architecture in 8.0, which maintains >> the L2 ARP/ND6 and L3 routing tables separately. >> >> -- Qing >> >> >> >> -----Original Message----- >> From: owner-freebsd-stable@freebsd.org on behalf of Henri Hennebert >> Sent: Fri 7/10/2009 5:32 AM >> To: freebsd-stable@freebsd.org; freebsd-st@freebsd.org >> Subject: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections >> >> Hello, >> >> After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem when >> connecting with firefox to a local apache server using the global >> unicast IPv6 address of the local machine. pf.conf must be updated! >> >> My configuration: >> >> [root@avoriaz ~]# ifconfig em0 >> >> em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >> options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4> >> ether 00:1d:60:ad:2a:ce >> inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 >> inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1 >> inet6 2001:41d0:2:2d29:1:1:: prefixlen 80 >> media: Ethernet 100baseTX (100baseTX <half-duplex>) >> status: active >> >> [root@avoriaz ~]# host www.restart.bel >> www.restart.bel is an alias for avoriaz.restart.bel. >> avoriaz.restart.bel has address 192.168.24.1 >> avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1:: >> >> pf.conf: >> >> int_if="em0" >> block in log all >> block out log all >> set skip on lo0 >> antispoof quick for $int_if inet >> # Allow trafic with physical internal network >> pass in quick on $int_if from ($int_if:network) to ($int_if) keep state >> pass out quick on $int_if from ($int_if) to ($int_if:network) keep state >> >> The problem: >> >> [root@avoriaz ~]# telnet -4 www.restart.bel 80 >> Trying 192.168.24.1... >> Connected to avoriaz.restart.bel. >> Escape character is '^]'. >> ^] >> telnet> quit >> Connection closed. >> [root@avoriaz ~]# telnet -6 www.restart.bel 80 >> Trying 2001:41d0:2:2d29:1:1::... >> --->Never connect and get a timeout! >> >> tcpdump and logging in pf show me that >> >> For a IPv4 connection: >> the packet from telnet to apache pass 2 times on lo0 (out and in) >> the answer packet from apache to telnet pass 2 times on lo0 (out and in) >> >> So no problem, there is `set skip on lo0' >> >> For a IPv6 connection: >> The first packet from telnet to apache pass 2 times on lo0 (out and in) >> The answer packet from apache to telnet path on em0 and is rejected >> due to the default flags S/SA. >> >> So I have to change pf.conf and replace the last line: >> pass out quick on $int_if from ($int_if) to ($int_if:network) \ >> keep state flags any >> >> Then all is OK >> >> By the way, on 7.2 >> >> netstat -rn display >> >> 192.168.24.1 00:1d:60:ad:2a:ce >> .... >> 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce >> >> >> On 8.0-BETA1 there is an assymetry: >> >> netstat -rn display >> >> 192.168.24.1 link#3 >> .... >> no entry for 2001:41d0:2:2d29:1:1:: >> >> Hope it may help someone >> >> Henri >> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >> > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A6469CE.4060907>