I'm observing a problem with IPv6 over gif(4) tunnels on 6.2-RELEASE
and recent 6-STABLE, namely that I can't seem to be able to pass
traffic over them.
Essentially, when I configure a gif interface like this:
# ifconfig gif0 inet6 aaaa:bbbb:cccc:dddd::1 aaaa:bbbb:cccc:dddd::2 prefixlen
128
the interface should add a host route to aaaa:bbbb:cccc:dddd::2
through gif0. This is necessary to be able to pass traffic over the
tunnel, particularly since the source and destination addresses of the
link don't need to have any relationship to each other.
However, this route doesn't get installed on recent 6-STABLE.
Therefore there is no way to get an IPv6 packet to the other end of
the tunnel because there's no route for the destination. The most
obvious symptom is that I try to ping the other tunnel endpoint and
get:
ping6: UDP connect: No route to host
I know this worked on RELENG_6 as of June 2006; my home firewall has
been running this code for months without a hitch. It doesn't work in
6.2-RC2 or 6.2-RELEASE (fresh CD installs on i386, GENERIC kernels),
or this week's RELENG_6 (nanobsd on i386).
I somewhat suspect revs. 1.48.2.15 and 1.48.2.14 to
src/sys/netinet/nd6.c. If I locally revert these two changes (see
diff below), IPv6 over gif(4) works again.
There's another workaround for people stuck in this situation and who
aren't in a position to try this diff. That is to manually install
the host route like this:
# route add -host -inet6 aaaa:bbbb:cccc:dddd::2 -interface gif0 -nostatic
-llinfo
Comments?
Bruce.
Index: nd6.c
==================================================================RCS file:
/home/ncvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.48.2.16
diff -u -r1.48.2.16 nd6.c
--- nd6.c 29 Nov 2006 14:00:29 -0000 1.48.2.16
+++ nd6.c 20 Jan 2007 16:15:28 -0000
@@ -1316,7 +1316,7 @@
callout_init(&ln->ln_timer_ch, 0);
/* this is required for "ndp" command. - shin */
- if (req == RTM_ADD && (rt->rt_flags & RTF_STATIC)) {
+ if (req == RTM_ADD) {
/*
* gate should have some valid AF_LINK entry,
* and ln->ln_expire should have some lifetime
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070120/82ad3967/attachment.pgp
If memory serves me right, Hiroki Sato wrote:> "Bruce A. Mah" <bmah@freebsd.org> wrote > in <20070120162936.GA18104@tomcat.kitchenlab.org>: > > bm> I'm observing a problem with IPv6 over gif(4) tunnels on 6.2-RELEASE > bm> and recent 6-STABLE, namely that I can't seem to be able to pass > bm> traffic over them.[snip]> bm> I know this worked on RELENG_6 as of June 2006; my home firewall has > bm> been running this code for months without a hitch. It doesn't work in > bm> 6.2-RC2 or 6.2-RELEASE (fresh CD installs on i386, GENERIC kernels), > bm> or this week's RELENG_6 (nanobsd on i386). > bm> > bm> I somewhat suspect revs. 1.48.2.15 and 1.48.2.14 to > bm> src/sys/netinet/nd6.c. If I locally revert these two changes (see > bm> diff below), IPv6 over gif(4) works again.[snip]> I remember Dimitry Andric reported the same problem on -stable on 30 > Dec, and after he reverted rev.1.48.2.16 it worked fine again. Do > you have the symptom even on 6.2-RELEASE? Since RELENG_6_2_0_RELEASE > did not have the change, I thought there was no problem. > > I will try to reproduce it on my box anyway...Yep, even on 6.2-RELEASE. I did a setup with a couple of machines yesterday (6.2-RC2 and 6.2-RELEASE) that demonstrated the problem. On my 6-STABLE system (which appears to be working fine), I still have the change from 1.48.2.16, I only backed out .15 and .14. I didn't try my diff on the 6.2-RC2 and 6.2-RELEASE machines yet. Hmmm...I was looking for that bug report before, but I couldn't find it. It's not clear to me how 1.48.2.16 is involved...hmmm... Thanks, Bruce. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070120/b5081864/signature.pgp
"Bruce A. Mah" <bmah@freebsd.org> wrote in <20070120162936.GA18104@tomcat.kitchenlab.org>: bm> I'm observing a problem with IPv6 over gif(4) tunnels on 6.2-RELEASE bm> and recent 6-STABLE, namely that I can't seem to be able to pass bm> traffic over them. bm> bm> Essentially, when I configure a gif interface like this: bm> bm> # ifconfig gif0 inet6 aaaa:bbbb:cccc:dddd::1 aaaa:bbbb:cccc:dddd::2 prefixlen 128 bm> bm> the interface should add a host route to aaaa:bbbb:cccc:dddd::2 bm> through gif0. This is necessary to be able to pass traffic over the bm> tunnel, particularly since the source and destination addresses of the bm> link don't need to have any relationship to each other. bm> bm> However, this route doesn't get installed on recent 6-STABLE. bm> Therefore there is no way to get an IPv6 packet to the other end of bm> the tunnel because there's no route for the destination. The most bm> obvious symptom is that I try to ping the other tunnel endpoint and bm> get: bm> bm> ping6: UDP connect: No route to host bm> bm> I know this worked on RELENG_6 as of June 2006; my home firewall has bm> been running this code for months without a hitch. It doesn't work in bm> 6.2-RC2 or 6.2-RELEASE (fresh CD installs on i386, GENERIC kernels), bm> or this week's RELENG_6 (nanobsd on i386). bm> bm> I somewhat suspect revs. 1.48.2.15 and 1.48.2.14 to bm> src/sys/netinet/nd6.c. If I locally revert these two changes (see bm> diff below), IPv6 over gif(4) works again. bm> bm> There's another workaround for people stuck in this situation and who bm> aren't in a position to try this diff. That is to manually install bm> the host route like this: bm> bm> # route add -host -inet6 aaaa:bbbb:cccc:dddd::2 -interface gif0 -nostatic -llinfo bm> bm> Comments? I remember Dimitry Andric reported the same problem on -stable on 30 Dec, and after he reverted rev.1.48.2.16 it worked fine again. Do you have the symptom even on 6.2-RELEASE? Since RELENG_6_2_0_RELEASE did not have the change, I thought there was no problem. I will try to reproduce it on my box anyway... -- | Hiroki SATO -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070120/57cccd3f/attachment.pgp