Date: Fri, 28 Oct 2011 20:43:34 +0400 From: Sergey Matveychuk <sem@FreeBSD.org> To: Emil Muratov <gpm@hotplug.ru> Cc: freebsd-ipfw@freebsd.org, freebsd-net@freebsd.org Subject: Re: ipfw reass brakes ipv6 operation Message-ID: <4EAADBB6.5090901@FreeBSD.org> In-Reply-To: <4EAAC5C5.6090803@hotplug.ru> References: <4EAAC5C5.6090803@hotplug.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
28.10.2011 19:09, Emil Muratov wrote: > > Hi all > > I've got into some strange behavior with ipv6. Somehow ipfw reassembly > totally brakes it's operation. > As soon as I add a rule "ipfw add 100 reass all from any to any in" all > ipv6 operation is not available any more, > I can only ping6 localhost. Outgoing ipv6 packets are OK, I can see them > via tcpdump on an interface stf0 and after that leaving encapsulated in > ip4 through another interface. But all incoming ipv6 packets are > blackholed. I can see them arriving as an encapsulated payload in ip4 > and after that they disappear. I don't know if this a bug or a feature, > using "ipfw add reass ip4 from any to any in" works as a workaround. > Shouldn't reass just pass ipv6 packets intact? Or if it is a feature > than maybe there should be a note in IPFW(8) man page to not to use > reass for anything except ip4? Yes, reass implemented only for ipv4 and breaks ipv6 packets. It should be fixed, not documented.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EAADBB6.5090901>