From owner-freebsd-net@FreeBSD.ORG  Thu Mar 18 06:03:37 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 86C6116A4CE
	for <freebsd-net@freebsd.org>; Thu, 18 Mar 2004 06:03:37 -0800 (PST)
Received: from rincewind.c4inet.net (rincewind.c4inet.net [193.120.144.209])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8D0CA43D3F
	for <freebsd-net@freebsd.org>; Thu, 18 Mar 2004 06:03:36 -0800 (PST)
	(envelope-from lists@rincewind.c4inet.net)
Received: (qmail 35060 invoked from network); 18 Mar 2004 14:03:34 -0000
Received: from localhost.c4inet.net (HELO rincewind.c4inet.net) (127.0.0.1)
  by rincewind.c4inet.net with SMTP; 18 Mar 2004 14:03:34 -0000
Received: (from lists@localhost)
	by rincewind.c4inet.net (8.12.10/8.12.10/Submit) id i2IE3Ykn035058
	for freebsd-net@freebsd.org; Thu, 18 Mar 2004 14:03:34 GMT
	(envelope-from lists)
Date: Thu, 18 Mar 2004 14:03:34 +0000
From: C4INet lists <lists@c4inet.net>
To: freebsd-net@freebsd.org
Message-ID: <20040318140334.GA32442@rincewind.c4inet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Subject: ipv6 keep state on ipv6 ftp connections problem
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2004 14:03:37 -0000

Hi all,

I've now found the reason for the problems with ipv6 ftp transmissions. It seems to be a problem with pf and the "keep state" argument. 

The problem was that a ipv6 ftp download would stall after ~60 kBytes transmitted. pfctl -ss showed the TCP stream(s) as CLOSED:SYN SENT.
The box running pf is a DSL router/ v6 tunnel endpoint, running RELENG_5_1 and pf-2.03.

The offending pf.conf rules:

pass out on gif0 inet6 all keep state
pass in on gif0 inet6 all keep state

After removing the "keep state" argument, everything worked. Strangely, this seemed to only affect traffic from other hosts on the network, traffic originating on the router worked fine.

rgds,
Sascha