From owner-freebsd-pf@FreeBSD.ORG Sat Dec 4 19:13:10 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B3BB16A4E5 for ; Sat, 4 Dec 2004 19:13:10 +0000 (GMT) Received: from mx02.mucip.net (mx02.mucip.net [81.92.162.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id E4F2B43D31 for ; Sat, 4 Dec 2004 19:13:09 +0000 (GMT) (envelope-from berni@birkenwald.de) Received: from localhost (localhost [127.0.0.1]) by mx02.mucip.net (Postfix) with ESMTP id 2DF00520C; Sat, 4 Dec 2004 20:13:08 +0100 (CET) Received: from mx02.mucip.net ([127.0.0.1])10024) with ESMTP id 23731-02; Sat, 4 Dec 2004 20:13:07 +0100 (CET) Received: from cholera.birkenwald.intern (cholera.ipv6.birkenwald.de [IPv6:2001:a60:f001:1:2e0:18ff:fef4:5c37]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by mailout.mucip.net (Postfix) with ESMTP id 03757520B; Sat, 4 Dec 2004 20:13:06 +0100 (CET) From: Bernhard Schmidt To: Max Laier In-Reply-To: <200412041958.11601.max@love2party.net> References: <200412041958.11601.max@love2party.net> Content-Type: text/plain Date: Sat, 04 Dec 2004 20:13:06 +0100 Message-Id: <1102187586.12613.28.camel@cholera> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at mucip.net cc: freebsd-pf@freebsd.org Subject: Re: IPv6 MLD packets blocked X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Dec 2004 19:13:10 -0000 Hi, > > I'm currently trying to enable IPv6 multicast forwarding on my FreeBSD > > home gateway. With both pim6sd and xorp I had the problem that MLD (IGMP > > for IPv6) from clients did not come through to the appropriate daemon > > and therefor groups are never subscribed. > > > > This seems to be a problem with pf. When I disable pf with "pfctl -d" it > > works like a charm; when I enable pf again, even with the simple ruleset > > > > pass all > Does your setup include a 6to4 (stf(4)) device? If so then you should move to > a RELENG_5 with pf_if.c, rev. 1.5.2.2. (you can simply move that one file). No, but several gif-Interfaces. The interface I have troubles with receiving MLD messages is a plain ethernet, vr(4). > To debug a problem like this you should use a ruleset like: > > block log all > pass all > > and watch pflog on tcpdump. It'll give you information why a packet is > dropped. No packets are dropped according to tcpdump, but it still doesn't work. > Increasing the verbosity of pf's debug facilities might also be > helpful: # pfctl -xm Should that help when no packets are dropped? I can see no obvious error messages in syslog. Even setting the debug level to 'loud' doesn't give me anything. I would assume that pf is dropping because of the router alert option set in MLD messages (see the dump). > pf_if.c went in "Nov 24 16:57:32 2004 UTC" so you might have missed it. No changes for != stf, right? Bernhard