Date: Mon, 3 Oct 2011 20:42:51 +0000 From: "Li, Qing" <qing.li@bluecoat.com> To: Matt Smith <matt.xtaz@gmail.com>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: RE: gif interface not passing IPv6 packets Message-ID: <B143A8975061C446AD5E29742C531723137D9D@PWSVL-EXCMBX-01.internal.cacheflow.com> In-Reply-To: <CAD0n1vG0fvHMkBxxLRq0Y%2Bx9rDt5AXb4WZhq-oxuqpti4mQC7w@mail.gmail.com> References: <CAD0n1vG0fvHMkBxxLRq0Y%2Bx9rDt5AXb4WZhq-oxuqpti4mQC7w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I saw the thread but I was traveling the whole of last week, did not=20 have a system to work on. The problem you encountered on gif was due to a bug in the IPv6 code. I believe have a patch but I need to do more testing. I will post it shortl= y. --Qing > -----Original Message----- > From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd- > net@freebsd.org] On Behalf Of Matt Smith > Sent: Monday, September 26, 2011 2:28 AM > To: freebsd-net@freebsd.org > Subject: gif interface not passing IPv6 packets >=20 > I have a very strange problem with a gif interface that has been > confusing me all weekend. For the last six months I have had a gif > tunnel setup to an ipv6 tunnel broker which has worked without any > issues. On Friday I had a power cut. The power returned, the server > restarted, and the tunnel has been down since. I have checked and > rechecked the configuration and it all looks identical to what I would > expect. I've even gone as far as running a buildworld/kernel in case > the power outage corrupted something. >=20 > The problem is that the gif interface doesn't appear to be processing > any IPv6 packets at all, though it works fine with IPv4. I can't ping > my side of the tunnel. For example: >=20 > root@tao[~]# ifconfig gif0 > gif0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280 > tunnel inet 192.168.1.2 --> 77.75.104.126 > inet6 fe80::240:63ff:fee8:793e%gif0 prefixlen 64 scopeid 0x5 > inet6 2a01:348:6:45c::2 --> 2a01:348:6:45c::1 prefixlen 128 > deprecated > nd6 options=3D3<PERFORMNUD,ACCEPT_RTADV> > options=3D1<ACCEPT_REV_ETHIP_VER> >=20 > root@tao[~]# ping6 2a01:348:6:45c::2 > PING6(56=3D40+8+8 bytes) 2a01:348:6:45c::2 --> 2a01:348:6:45c::2 >=20 > root@tao[~]# tcpdump -i gif0 > listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes > 10:15:12.545930 IP6 cl-1117.lon-02.gb.sixxs.net > > cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 0, length 16 > 10:15:13.546316 IP6 cl-1117.lon-02.gb.sixxs.net > > cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 1, length 16 > 10:15:14.546220 IP6 cl-1117.lon-02.gb.sixxs.net > > cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 2, length 16 >=20 > I've deleted other lines from the tcpdump like neighbour solicitation > and only shown the pings. But there is no ping response, only the > request. >=20 > Traceroute shows similar: >=20 > root@tao[~]# traceroute6 2a01:348:6:45c::2 > traceroute6 to 2a01:348:6:45c::2 (2a01:348:6:45c::2) from > 2a01:348:6:45c::2, 64 hops max, 12 byte packets > 1 * * * >=20 > If I create an entire new interface, same problem, but as you can see > works fine with IPv4: >=20 > root@tao[~]# ifconfig gif1 create > root@tao[~]# ifconfig gif1 tunnel 192.168.1.2 1.2.3.4 > root@tao[~]# ifconfig gif1 inet6 2abc::2 2abc::1 prefixlen 128 > root@tao[~]# ping6 2abc::2 > PING6(56=3D40+8+8 bytes) 2abc::2 --> 2abc::2 > ^C > --- 2abc::2 ping6 statistics --- > 3 packets transmitted, 0 packets received, 100.0% packet loss >=20 > root@tao[~]# ifconfig gif1 10.1.1.1 10.1.1.2 > root@tao[~]# ping 10.1.1.1 > PING 10.1.1.1 (10.1.1.1): 56 data bytes > 64 bytes from 10.1.1.1: icmp_seq=3D0 ttl=3D64 time=3D0.105 ms > 64 bytes from 10.1.1.1: icmp_seq=3D1 ttl=3D64 time=3D0.084 ms > 64 bytes from 10.1.1.1: icmp_seq=3D2 ttl=3D64 time=3D0.098 ms > ^C > --- 10.1.1.1 ping statistics --- > 3 packets transmitted, 3 packets received, 0.0% packet loss > round-trip min/avg/max/stddev =3D 0.084/0.096/0.105/0.009 ms > root@tao[~]# ifconfig gif1 destroy >=20 > I'm running FreeBSD 8.2-RELEASE-p2. ipfw is compiled in the kernel > however even if I flush all the rules so that it's just left with a > default allow rule the same thing happens. And as I said before unless > I'm being really blind and missed something obvious this config worked > fine before my power outage! >=20 > Here is my routing table for gif0: >=20 > root@tao[~]# netstat -rn | grep gif0 > default 2a01:348:6:45c::1 UGS > gif0 > 2a01:348:6:45c::1 2a01:348:6:45c::2 UH > gif0 > fe80::%gif0/64 link#5 U > gif0 > fe80::240:63ff:fee8:793e%gif0 link#5 UHS > lo0 > ff01:5::/32 fe80::240:63ff:fee8:793e%gif0 U > gif0 > ff02::%gif0/32 fe80::240:63ff:fee8:793e%gif0 U > gif0 >=20 > And here are my firewall rules to prove it's flushed: >=20 > root@tao[~]# ipfw list > 65535 allow ip from any to any >=20 > Thanks for any help or suggestions, Regards Matt. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B143A8975061C446AD5E29742C531723137D9D>