From owner-freebsd-net@FreeBSD.ORG Mon Jul 20 12:57:55 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B3F701065670; Mon, 20 Jul 2009 12:57:55 +0000 (UTC) (envelope-from hlh@restart.be) Received: from tignes.restart.be (tignes.restart.be [IPv6:2001:41d0:2:2d29:0:1::]) by mx1.freebsd.org (Postfix) with ESMTP id 3B1928FC0C; Mon, 20 Jul 2009 12:57:55 +0000 (UTC) (envelope-from hlh@restart.be) Received: from restart.be (avoriaz.tunnel.bel [IPv6:2001:41d0:2:2d29:1:ffff::]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "avoriaz.restart.be", Issuer "CA master" (verified OK)) by tignes.restart.be (Postfix) with ESMTPS id 473166226; Mon, 20 Jul 2009 14:57:54 +0200 (CEST) Received: from morzine.restart.bel (morzine.restart.be [IPv6:2001:41d0:2:2d29:1:2::]) (authenticated bits=0) by restart.be (8.14.3/8.14.3) with ESMTP id n6KCvoKv002737; Mon, 20 Jul 2009 14:57:51 +0200 (CEST) (envelope-from hlh@restart.be) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=restart.be; s=avoriaz; t=1248094673; bh=6wWeVdLGTQEyXNYLsgpZFy3z83xPKbRWkuES/Fb4P5k=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=0AthG3DLvuQSnsNQCajTLrE+JRTgPhE2/zqYyMGxabNcFz9gRtS2OJw5U4w3yJrl+ 5UjaI/0mnrttI0aOSqb9Q== DomainKey-Signature: a=rsa-sha1; s=avoriaz; d=restart.be; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to:cc: subject:references:in-reply-to:content-type: content-transfer-encoding:x-scanned-by; b=mYWlQDiNUjYJVtyroypxxRhg+NZ8vat0P2g7kaF8+L0MYseTa8IzwjDC/R3Jm9JVc cFyJakPi4uen8ic/vCG5A== Message-ID: <4A6469CE.4060907@restart.be> Date: Mon, 20 Jul 2009 14:57:50 +0200 From: Henri Hennebert Organization: RestartSoft User-Agent: Thunderbird 2.0.0.22 (X11/20090717) MIME-Version: 1.0 To: "Li, Qing" References: <4A5734C3.3000806@restart.be> <4A5864DC.1070106@restart.be> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.64 on IPv6:2001:41d0:2:2d29:1:1:: Cc: freebsd-net@freebsd.org, freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: Re: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jul 2009 12:57:56 -0000 Li, Qing wrote: > The patch has been committed, svn revision 195643. > > Thanks, > > -- Qing > Just another case where the route must be created: [root@avoriaz ~]# ifconfig gif0 gif0: flags=8051 metric 0 mtu 1280 tunnel inet 212.239.166.57 --> 94.23.44.41 inet6 fe80::21d:60ff:fead:2ace%gif0 prefixlen 64 scopeid 0x4 inet6 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:0:ffff:: prefixlen 128 options=1 [root@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff:: PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:1:ffff:: ^C --- 2001:41d0:2:2d29:1:ffff:: ping6 statistics --- 4 packets transmitted, 0 packets received, 100.0% packet loss [root@avoriaz ~]# route add -inet6 2001:41d0:2:2d29:1:ffff:: -interface lo0 add host 2001:41d0:2:2d29:1:ffff::: gateway lo0 [root@avoriaz ~]# ping6 2001:41d0:2:2d29:1:ffff:: PING6(56=40+8+8 bytes) 2001:41d0:2:2d29:1:ffff:: --> 2001:41d0:2:2d29:1:ffff:: 16 bytes from ::1, icmp_seq=0 hlim=64 time=0.531 ms 16 bytes from ::1, icmp_seq=1 hlim=64 time=0.884 ms 16 bytes from ::1, icmp_seq=2 hlim=64 time=0.748 ms ^C --- 2001:41d0:2:2d29:1:ffff:: ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.531/0.721/0.884/0.145 ms Thanks Henri > > -----Original Message----- > From: Henri Hennebert [mailto:hlh@restart.be] > Sent: Sat 7/11/2009 3:09 AM > To: Li, Qing > Cc: freebsd-stable@freebsd.org; freebsd-net@freebsd.org > Subject: Re: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections > > Li, Qing wrote: >> Hi, >> >> Please try patch-7-10 in my home directory http://people.freebsd.org/~qingli/ >> and let me know how it works out for you. I thought I had committed the patch >> but turned out I didn't. > > I apply the patch, reset my pf.conf to its previous content and all is > running smoothly. By the way, I discover after my post that my > "solution" was not working for long (many bytes) connections and this is > solved too. > > Many thank for your time > > Henri > > PS please commit as soon as possible > >>> On 8.0-BETA1 there is an assymetry: >>> >>> netstat -rn display >>> >>> 192.168.24.1 link#3 >>> .... >>> no entry for 2001:41d0:2:2d29:1:1:: >>> >> This is by design as part of the new architecture in 8.0, which maintains >> the L2 ARP/ND6 and L3 routing tables separately. >> >> -- Qing >> >> >> >> -----Original Message----- >> From: owner-freebsd-stable@freebsd.org on behalf of Henri Hennebert >> Sent: Fri 7/10/2009 5:32 AM >> To: freebsd-stable@freebsd.org; freebsd-st@freebsd.org >> Subject: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections >> >> Hello, >> >> After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem when >> connecting with firefox to a local apache server using the global >> unicast IPv6 address of the local machine. pf.conf must be updated! >> >> My configuration: >> >> [root@avoriaz ~]# ifconfig em0 >> >> em0: flags=8843 metric 0 mtu 1500 >> options=19b >> ether 00:1d:60:ad:2a:ce >> inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 >> inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1 >> inet6 2001:41d0:2:2d29:1:1:: prefixlen 80 >> media: Ethernet 100baseTX (100baseTX ) >> status: active >> >> [root@avoriaz ~]# host www.restart.bel >> www.restart.bel is an alias for avoriaz.restart.bel. >> avoriaz.restart.bel has address 192.168.24.1 >> avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1:: >> >> pf.conf: >> >> int_if="em0" >> block in log all >> block out log all >> set skip on lo0 >> antispoof quick for $int_if inet >> # Allow trafic with physical internal network >> pass in quick on $int_if from ($int_if:network) to ($int_if) keep state >> pass out quick on $int_if from ($int_if) to ($int_if:network) keep state >> >> The problem: >> >> [root@avoriaz ~]# telnet -4 www.restart.bel 80 >> Trying 192.168.24.1... >> Connected to avoriaz.restart.bel. >> Escape character is '^]'. >> ^] >> telnet> quit >> Connection closed. >> [root@avoriaz ~]# telnet -6 www.restart.bel 80 >> Trying 2001:41d0:2:2d29:1:1::... >> --->Never connect and get a timeout! >> >> tcpdump and logging in pf show me that >> >> For a IPv4 connection: >> the packet from telnet to apache pass 2 times on lo0 (out and in) >> the answer packet from apache to telnet pass 2 times on lo0 (out and in) >> >> So no problem, there is `set skip on lo0' >> >> For a IPv6 connection: >> The first packet from telnet to apache pass 2 times on lo0 (out and in) >> The answer packet from apache to telnet path on em0 and is rejected >> due to the default flags S/SA. >> >> So I have to change pf.conf and replace the last line: >> pass out quick on $int_if from ($int_if) to ($int_if:network) \ >> keep state flags any >> >> Then all is OK >> >> By the way, on 7.2 >> >> netstat -rn display >> >> 192.168.24.1 00:1d:60:ad:2a:ce >> .... >> 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce >> >> >> On 8.0-BETA1 there is an assymetry: >> >> netstat -rn display >> >> 192.168.24.1 link#3 >> .... >> no entry for 2001:41d0:2:2d29:1:1:: >> >> Hope it may help someone >> >> Henri >> >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >> > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"