Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 4 Dec 2004 21:03:13 +0100
From:      Daniel Hartmeier <daniel@benzedrine.cx>
To:        Bernhard Schmidt <berni@birkenwald.de>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: IPv6 MLD packets blocked
Message-ID:  <20041204200312.GE32076@insomnia.benzedrine.cx>
In-Reply-To: <slrncr28gr.ig8.berni@bschmidt.msgid.cybernet-ag.net>
References:  <slrncr28gr.ig8.berni@bschmidt.msgid.cybernet-ag.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Dec 04, 2004 at 02:34:03AM +0000, Bernhard Schmidt wrote:

> http://www.birkenwald.de/~berni/tmp/mld.dump

The decoded packet looks sane:

Dec 04 03:32:09.031473 0:e0:18:f4:5c:37 33:33:0:0:88:88 86dd 86:
fe80::2e0:18ff:fef4:5c37 > ff1e::8888: HBH (rtalert: 0x0000) icmp6:
multicast listener report max resp delay: 0 addr: ff1e::8888 [hlim 1]
(len 32)
  0000: 6000 0000 0020 0001 fe80 0000 0000 0000  `.... ..þ.......
  0010: 02e0 18ff fef4 5c37 ff1e 0000 0000 0000  .à.ÿþô\7ÿ.......
  0020: 0000 0000 0000 8888 3a00 0502 0000 0100  ........:.......
  0030: 8300 f7d1 0000 0000 ff1e 0000 0000 0000  ..÷Ñ....ÿ.......
  0040: 0000 0000 0000 8888                      ........

IPv6 header (ip6_hdr)

    ip6_flow	0x6000 0000
    ip6_plen	0x0020
    ip6_nxt	0x00 (IPPROTO_HOPOPTS)
    ip6_hlim	0x01
    ip6_src	0xfe80 0000 0000 0000 02e0 18ff fef4 5c37
    ip6_dst	0xff1e 0000 0000 0000 0000 0000 0000 8888

Extention header (ip6_ext)

    ip6e_nxt	0x3a (IPPROTO_ICMPV6)
    ip6e_len	0x00 (8 bytes)

ip6_opt

    ip6o_type	0x05 (IP6OPT_ROUTER_ALERT)
    ip6o_len	0x02
    ip6or_value	0x0000 (IP6_ALERT_MLD)

ICMPV6 (icmp6_hdr)

    icmp6_type	0x83 (MLD_LISTENER_REPORT)
    icmp6_code	0x00
    icmp6_cksum	0xf7d1

(mld_hdr)

    mld_maxdelay	0x0000
    mld_reserved	0x0000
    mld_addr		0xff1e 0000 0000 0000 0000 0000 0000 8888

This should not be dropped, at least I can't spot where it would be.

Can you make sure that you don't get _anything_ in /var/log/message with
pfctl -xm when such a packet is dropped? If you compare pfctl -si
counter before and after a drop, do any of them increase?

This makes sure we're looking in the right places. Thanks.

Daniel

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041204200312.GE32076>