Date: Wed, 22 Jul 2009 18:02:20 -0700 From: "Li, Qing" <qing.li@bluecoat.com> To: "Henri Hennebert" <hlh@restart.be> Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: RE: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections Message-ID: <B583FBF374231F4A89607B4D08578A4304CDAAEC@bcs-mail03.internal.cacheflow.com> In-Reply-To: <4A6469CE.4060907@restart.be> References: <4A5734C3.3000806@restart.be> <B583FBF374231F4A89607B4D08578A4304673660@bcs-mail03.internal.cacheflow.com> <4A5864DC.1070106@restart.be> <B583FBF374231F4A89607B4D08578A4304673665@bcs-mail03.internal.cacheflow.com> <4A6469CE.4060907@restart.be>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Just another case where the route must be created: >=20 That's probably because I explicitly disabled such route installation for PPP link type. Please apply patch http://people.freebsd.org/~qingli/patch and let me know if that solves your problem. Thanks, -- Qing > [root@avoriaz ~]# ifconfig gif0 > gif0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 > tunnel inet 212.239.166.57 --> 94.23.44.41 > inet6 fe80::21d:60ff:fead:2ace%gif0 prefixlen 64 scopeid 0x4 > inet6 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:0:ffff:: > prefixlen > 128 > options=3D1<ACCEPT_REV_ETHIP_VER> >=20 > [root@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff:: > PING6(56=3D40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: --> > 2001:41d0:2:2d29:1:ffff:: > ^C > --- 2001:41d0:2:2d29:1:ffff:: ping6 statistics --- > 4 packets transmitted, 0 packets received, 100.0% packet loss >=20 > [root@avoriaz ~]# route add -inet6 2001:41d0:2:2d29:1:ffff:: -interface > lo0 > add host 2001:41d0:2:2d29:1:ffff::: gateway lo0 >=20 > [root@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff:: > PING6(56=3D40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: --> > 2001:41d0:2:2d29:1:ffff:: > 16 bytes from ::1, icmp_seq=3D0 hlim=3D64 time=3D0.531 ms > 16 bytes from ::1, icmp_seq=3D1 hlim=3D64 time=3D0.884 ms > 16 bytes from ::1, icmp_seq=3D2 hlim=3D64 time=3D0.748 ms > ^C > --- 2001:41d0:2:2d29:1:ffff:: ping6 statistics --- > 3 packets transmitted, 3 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev =3D 0.531/0.721/0.884/0.145 ms >=20 > Thanks >=20 > Henri > > > > -----Original Message----- > > From: Henri Hennebert [mailto:hlh@restart.be] > > Sent: Sat 7/11/2009 3:09 AM > > To: Li, Qing > > Cc: freebsd-stable@freebsd.org; freebsd-net@freebsd.org > > Subject: Re: 8.0-BETA1 - for the record - different paths followed by > IPv4 and IPv6 for 'local' connections > > > > Li, Qing wrote: > >> Hi, > >> > >> Please try patch-7-10 in my home directory > http://people.freebsd.org/~qingli/ > >> and let me know how it works out for you. I thought I had committed > the patch > >> but turned out I didn't. > > > > I apply the patch, reset my pf.conf to its previous content and all > is > > running smoothly. By the way, I discover after my post that my > > "solution" was not working for long (many bytes) connections and this > is > > solved too. > > > > Many thank for your time > > > > Henri > > > > PS please commit as soon as possible > > > >>> On 8.0-BETA1 there is an assymetry: > >>> > >>> netstat -rn display > >>> > >>> 192.168.24.1 link#3 > >>> .... > >>> no entry for 2001:41d0:2:2d29:1:1:: > >>> > >> This is by design as part of the new architecture in 8.0, which > maintains > >> the L2 ARP/ND6 and L3 routing tables separately. > >> > >> -- Qing > >> > >> > >> > >> -----Original Message----- > >> From: owner-freebsd-stable@freebsd.org on behalf of Henri Hennebert > >> Sent: Fri 7/10/2009 5:32 AM > >> To: freebsd-stable@freebsd.org; freebsd-st@freebsd.org > >> Subject: 8.0-BETA1 - for the record - different paths followed by > IPv4 and IPv6 for 'local' connections > >> > >> Hello, > >> > >> After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem > when > >> connecting with firefox to a local apache server using the global > >> unicast IPv6 address of the local machine. pf.conf must be updated! > >> > >> My configuration: > >> > >> [root@avoriaz ~]# ifconfig em0 > >> > >> em0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu > 1500 > >> > options=3D19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO > 4> > >> ether 00:1d:60:ad:2a:ce > >> inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 > >> inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1 > >> inet6 2001:41d0:2:2d29:1:1:: prefixlen 80 > >> media: Ethernet 100baseTX (100baseTX <half-duplex>) > >> status: active > >> > >> [root@avoriaz ~]# host www.restart.bel > >> www.restart.bel is an alias for avoriaz.restart.bel. > >> avoriaz.restart.bel has address 192.168.24.1 > >> avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1:: > >> > >> pf.conf: > >> > >> int_if=3D"em0" > >> block in log all > >> block out log all > >> set skip on lo0 > >> antispoof quick for $int_if inet > >> # Allow trafic with physical internal network > >> pass in quick on $int_if from ($int_if:network) to ($int_if) keep > state > >> pass out quick on $int_if from ($int_if) to ($int_if:network) keep > state > >> > >> The problem: > >> > >> [root@avoriaz ~]# telnet -4 www.restart.bel 80 > >> Trying 192.168.24.1... > >> Connected to avoriaz.restart.bel. > >> Escape character is '^]'. > >> ^] > >> telnet> quit > >> Connection closed. > >> [root@avoriaz ~]# telnet -6 www.restart.bel 80 > >> Trying 2001:41d0:2:2d29:1:1::... > >> --->Never connect and get a timeout! > >> > >> tcpdump and logging in pf show me that > >> > >> For a IPv4 connection: > >> the packet from telnet to apache pass 2 times on lo0 (out and in) > >> the answer packet from apache to telnet pass 2 times on lo0 (out and > in) > >> > >> So no problem, there is `set skip on lo0' > >> > >> For a IPv6 connection: > >> The first packet from telnet to apache pass 2 times on lo0 (out and > in) > >> The answer packet from apache to telnet path on em0 and is rejected > >> due to the default flags S/SA. > >> > >> So I have to change pf.conf and replace the last line: > >> pass out quick on $int_if from ($int_if) to ($int_if:network) \ > >> keep state flags any > >> > >> Then all is OK > >> > >> By the way, on 7.2 > >> > >> netstat -rn display > >> > >> 192.168.24.1 00:1d:60:ad:2a:ce > >> .... > >> 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce > >> > >> > >> On 8.0-BETA1 there is an assymetry: > >> > >> netstat -rn display > >> > >> 192.168.24.1 link#3 > >> .... > >> no entry for 2001:41d0:2:2d29:1:1:: > >> > >> Hope it may help someone > >> > >> Henri > >> > >> _______________________________________________ > >> freebsd-stable@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable > >> To unsubscribe, send any mail to "freebsd-stable- > unsubscribe@freebsd.org" > >> > > > > > > _______________________________________________ > > freebsd-stable@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > > To unsubscribe, send any mail to "freebsd-stable- > unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B583FBF374231F4A89607B4D08578A4304CDAAEC>