Date: Mon, 26 Sep 2011 10:27:53 +0100 From: Matt Smith <matt.xtaz@gmail.com> To: freebsd-net@freebsd.org Subject: gif interface not passing IPv6 packets Message-ID: <CAD0n1vG0fvHMkBxxLRq0Y%2Bx9rDt5AXb4WZhq-oxuqpti4mQC7w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I have a very strange problem with a gif interface that has been
confusing me all weekend. For the last six months I have had a gif
tunnel setup to an ipv6 tunnel broker which has worked without any
issues. On Friday I had a power cut. The power returned, the server
restarted, and the tunnel has been down since. I have checked and
rechecked the configuration and it all looks identical to what I would
expect. I've even gone as far as running a buildworld/kernel in case
the power outage corrupted something.
The problem is that the gif interface doesn't appear to be processing
any IPv6 packets at all, though it works fine with IPv4. I can't ping
my side of the tunnel. For example:
root@tao[~]# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 192.168.1.2 --> 77.75.104.126
inet6 fe80::240:63ff:fee8:793e%gif0 prefixlen 64 scopeid 0x5
inet6 2a01:348:6:45c::2 --> 2a01:348:6:45c::1 prefixlen 128 deprecated
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
options=1<ACCEPT_REV_ETHIP_VER>
root@tao[~]# ping6 2a01:348:6:45c::2
PING6(56=40+8+8 bytes) 2a01:348:6:45c::2 --> 2a01:348:6:45c::2
root@tao[~]# tcpdump -i gif0
listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes
10:15:12.545930 IP6 cl-1117.lon-02.gb.sixxs.net >
cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 0, length 16
10:15:13.546316 IP6 cl-1117.lon-02.gb.sixxs.net >
cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 1, length 16
10:15:14.546220 IP6 cl-1117.lon-02.gb.sixxs.net >
cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 2, length 16
I've deleted other lines from the tcpdump like neighbour solicitation
and only shown the pings. But there is no ping response, only the
request.
Traceroute shows similar:
root@tao[~]# traceroute6 2a01:348:6:45c::2
traceroute6 to 2a01:348:6:45c::2 (2a01:348:6:45c::2) from
2a01:348:6:45c::2, 64 hops max, 12 byte packets
1 * * *
If I create an entire new interface, same problem, but as you can see
works fine with IPv4:
root@tao[~]# ifconfig gif1 create
root@tao[~]# ifconfig gif1 tunnel 192.168.1.2 1.2.3.4
root@tao[~]# ifconfig gif1 inet6 2abc::2 2abc::1 prefixlen 128
root@tao[~]# ping6 2abc::2
PING6(56=40+8+8 bytes) 2abc::2 --> 2abc::2
^C
--- 2abc::2 ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
root@tao[~]# ifconfig gif1 10.1.1.1 10.1.1.2
root@tao[~]# ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.105 ms
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.084 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.098 ms
^C
--- 10.1.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.084/0.096/0.105/0.009 ms
root@tao[~]# ifconfig gif1 destroy
I'm running FreeBSD 8.2-RELEASE-p2. ipfw is compiled in the kernel
however even if I flush all the rules so that it's just left with a
default allow rule the same thing happens. And as I said before unless
I'm being really blind and missed something obvious this config worked
fine before my power outage!
Here is my routing table for gif0:
root@tao[~]# netstat -rn | grep gif0
default 2a01:348:6:45c::1 UGS gif0
2a01:348:6:45c::1 2a01:348:6:45c::2 UH gif0
fe80::%gif0/64 link#5 U gif0
fe80::240:63ff:fee8:793e%gif0 link#5 UHS lo0
ff01:5::/32 fe80::240:63ff:fee8:793e%gif0 U gif0
ff02::%gif0/32 fe80::240:63ff:fee8:793e%gif0 U gif0
And here are my firewall rules to prove it's flushed:
root@tao[~]# ipfw list
65535 allow ip from any to any
Thanks for any help or suggestions, Regards Matt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD0n1vG0fvHMkBxxLRq0Y%2Bx9rDt5AXb4WZhq-oxuqpti4mQC7w>