From owner-freebsd-net@FreeBSD.ORG Fri Oct 31 17:40:38 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58E1E1065674 for ; Fri, 31 Oct 2008 17:40:38 +0000 (UTC) (envelope-from jay@jcornwall.me.uk) Received: from vps1.jcornwall.me.uk (vps1.jcornwall.me.uk [193.227.111.74]) by mx1.freebsd.org (Postfix) with ESMTP id EEB8E8FC21 for ; Fri, 31 Oct 2008 17:40:37 +0000 (UTC) (envelope-from jay@jcornwall.me.uk) Received: from [82.70.152.17] (deimos.home.jcornwall.me.uk [82.70.152.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vps1.jcornwall.me.uk (Postfix) with ESMTP id A11BE2C4554 for ; Fri, 31 Oct 2008 17:24:24 +0000 (GMT) Message-ID: <490B3F05.1030106@jcornwall.me.uk> Date: Fri, 31 Oct 2008 17:23:17 +0000 From: "Jay L. T. Cornwall" User-Agent: Thunderbird 2.0.0.17 (X11/20080925) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: gif(4) periodically fails to route packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Oct 2008 17:40:39 -0000 Hi, I'm running FreeBSD 7.0-RELEASE with an IPv6 tunnel through gif(4): gif0: flags=8151 metric 0 mtu 1280 tunnel inet 82.70.152.20 --> 77.75.104.126 inet6 fe80::20d:b9ff:fe14:1d18%gif0 prefixlen 64 scopeid 0x6 inet6 2a01:348:6:13a::2 --> 2a01:348:6:13a::1 prefixlen 128 The tunnel works correctly for much of the time. Periodically, however, it appears to stop routing inbound packets (outbound remains fine) for hours at a time before beginning to work again with no intervention. I initially suspected a problem with the tunnel endpoint but I now have a packet capture providing evidence to the contrary. For a ping6 to an IP routed through the tunnel these are the packets passing over the external (IPv4) interface: 17:10:51.640317 IP 82.70.152.20 > 77.75.104.126: IP6 2a01:348:6:13a::2 > 2001:4860:0:1001::68: ICMP6, echo request, seq 0, length 16 17:10:51.691653 IP 77.75.104.126 > 82.70.152.20: IP6 2001:4860:0:1001::68 > 2a01:348:6:13a::2: ICMP6, echo reply, seq 0, length 16 17:10:52.640631 IP 82.70.152.20 > 77.75.104.126: IP6 2a01:348:6:13a::2 > 2001:4860:0:1001::68: ICMP6, echo request, seq 1, length 16 17:10:52.683821 IP 77.75.104.126 > 82.70.152.20: IP6 2001:4860:0:1001::68 > 2a01:348:6:13a::2: ICMP6, echo reply, seq 1, length 16 Looks correct. Now the same packet capture on the gif0 interface: 17:10:51.640267 IP6 2a01:348:6:13a::2 > 2001:4860:0:1001::68: ICMP6, echo request, seq 0, length 16 17:10:52.640587 IP6 2a01:348:6:13a::2 > 2001:4860:0:1001::68: ICMP6, echo request, seq 1, length 16 It appears, for reasons beyond my understanding, that the tunnel is not aware of the return packets. No firewall is enabled that could be filtering the missing packets. Shortly after the ping6 is sent my endpoint appears to be trying to find the remote endpoint: 17:10:56.639517 IP6 2a01:348:6:13a::2 > 2a01:348:6:13a::1: ICMP6, neighbor solicitation, who has 2a01:348:6:13a::1, length 24 17:10:57.639513 IP6 2a01:348:6:13a::2 > 2a01:348:6:13a::1: ICMP6, neighbor solicitation, who has 2a01:348:6:13a::1, length 24 17:10:58.639499 IP6 2a01:348:6:13a::2 > 2a01:348:6:13a::1: ICMP6, neighbor solicitation, who has 2a01:348:6:13a::1, length 24 But I am not sure if this is related as it successfully sends the ping6 outbound regardless. radvd is running on the host if that makes a difference. To my knowledge its routing table is correct: default 2a01:348:6:13a::1 UGS gif0 2a01:348:6:13a::1 link#6 UHL gif0 2a01:348:6:13a::2 link#6 UHL lo0 Am I missing something? -- Jay L. T. Cornwall http://www.jcornwall.me.uk/