The patch has been committed, svn revision 195643. Thanks, -- Qing -----Original Message----- From: Henri Hennebert [mailto:hlh_at_restart.be] Sent: Sat 7/11/2009 3:09 AM To: Li, Qing Cc: freebsd-stable_at_freebsd.org; freebsd-net_at_freebsd.org Subject: Re: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections Li, Qing wrote: > Hi, > > Please try patch-7-10 in my home directory http://people.freebsd.org/~qingli/ > and let me know how it works out for you. I thought I had committed the patch > but turned out I didn't. I apply the patch, reset my pf.conf to its previous content and all is running smoothly. By the way, I discover after my post that my "solution" was not working for long (many bytes) connections and this is solved too. Many thank for your time Henri PS please commit as soon as possible > >> On 8.0-BETA1 there is an assymetry: >> >> netstat -rn display >> >> 192.168.24.1 link#3 >> .... >> no entry for 2001:41d0:2:2d29:1:1:: >> > > This is by design as part of the new architecture in 8.0, which maintains > the L2 ARP/ND6 and L3 routing tables separately. > > -- Qing > > > > -----Original Message----- > From: owner-freebsd-stable_at_freebsd.org on behalf of Henri Hennebert > Sent: Fri 7/10/2009 5:32 AM > To: freebsd-stable_at_freebsd.org; freebsd-st_at_freebsd.org > Subject: 8.0-BETA1 - for the record - different paths followed by IPv4 and IPv6 for 'local' connections > > Hello, > > After upgrading from 7.2-STABLE to 8.0-BETA1 I encounter a problem when > connecting with firefox to a local apache server using the global > unicast IPv6 address of the local machine. pf.conf must be updated! > > My configuration: > > [root_at_avoriaz ~]# ifconfig em0 > > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4> > ether 00:1d:60:ad:2a:ce > inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 > inet6 fe80::21d:60ff:fead:2ace%em0 prefixlen 64 scopeid 0x1 > inet6 2001:41d0:2:2d29:1:1:: prefixlen 80 > media: Ethernet 100baseTX (100baseTX <half-duplex>) > status: active > > [root_at_avoriaz ~]# host www.restart.bel > www.restart.bel is an alias for avoriaz.restart.bel. > avoriaz.restart.bel has address 192.168.24.1 > avoriaz.restart.bel has IPv6 address 2001:41d0:2:2d29:1:1:: > > pf.conf: > > int_if="em0" > block in log all > block out log all > set skip on lo0 > antispoof quick for $int_if inet > # Allow trafic with physical internal network > pass in quick on $int_if from ($int_if:network) to ($int_if) keep state > pass out quick on $int_if from ($int_if) to ($int_if:network) keep state > > The problem: > > [root_at_avoriaz ~]# telnet -4 www.restart.bel 80 > Trying 192.168.24.1... > Connected to avoriaz.restart.bel. > Escape character is '^]'. > ^] > telnet> quit > Connection closed. > [root_at_avoriaz ~]# telnet -6 www.restart.bel 80 > Trying 2001:41d0:2:2d29:1:1::... > --->Never connect and get a timeout! > > tcpdump and logging in pf show me that > > For a IPv4 connection: > the packet from telnet to apache pass 2 times on lo0 (out and in) > the answer packet from apache to telnet pass 2 times on lo0 (out and in) > > So no problem, there is `set skip on lo0' > > For a IPv6 connection: > The first packet from telnet to apache pass 2 times on lo0 (out and in) > The answer packet from apache to telnet path on em0 and is rejected > due to the default flags S/SA. > > So I have to change pf.conf and replace the last line: > pass out quick on $int_if from ($int_if) to ($int_if:network) \ > keep state flags any > > Then all is OK > > By the way, on 7.2 > > netstat -rn display > > 192.168.24.1 00:1d:60:ad:2a:ce > .... > 2001:41d0:2:2d29:1:1:: 00:1d:60:ad:2a:ce > > > On 8.0-BETA1 there is an assymetry: > > netstat -rn display > > 192.168.24.1 link#3 > .... > no entry for 2001:41d0:2:2d29:1:1:: > > Hope it may help someone > > Henri > > _______________________________________________ > freebsd-stable_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe_at_freebsd.org" >Received on Sun Jul 12 2009 - 17:28:29 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:51 UTC