https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=284946
Bug ID: 284946
Summary: pf: af-to fails when IPv4 nexthop is an IPv6 address
Product: Base System
Version: 15.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: b...@freebsd.org
Reporter: l...@hemlock.eden.le-fay.org
interface configuration:
vtnet0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0
mtu 1500
options=4c00bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
ether 52:54:00:bb:17:50
inet 46.235.229.111/32 broadcast 46.235.229.111
inet6 fe80::5054:ff:febb:1750%vtnet0/64 scopeid 0x1
inet6 2a00:1098:6b::1/128
groups: arpa
media: Ethernet autoselect (10Gbase-T <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
note that the IPv4 address is a /32.
default route:
route to: 0.0.0.0
destination: 0.0.0.0
mask: 0.0.0.0
gateway: fe80::1%vtnet0
fib: 0
interface: vtnet0
flags: <UP,GATEWAY,DONE>
recvpipe sendpipe ssthresh rtt,msec mtu weight expire
0 0 0 0 1500 1 0
IPv4 connectivity works fine:
# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=57 time=1.241 ms
then i added this af-to rule:
pass in on { lf, ep.yarrow } inet6 from <lf> to 64:ff9b::/96 af-to inet from
46.235.229.111/32
when pinging 64:ff9b::1.1.1.1 from another machine, traffic appears on the
internal interface:
10:24:28.751677 IP6 2a00:1098:6b:100::2 > 64:ff9b::101:101: ICMP6, echo
request, id 4695, seq 0, length 16
10:24:29.771743 IP6 2a00:1098:6b:100::2 > 64:ff9b::101:101: ICMP6, echo
request, id 4695, seq 1, length 16
10:24:30.830451 IP6 2a00:1098:6b:100::2 > 64:ff9b::101:101: ICMP6, echo
request, id 4695, seq 2, length 16
however, the traffic disappears into a black hole; it does not appear on vtnet0
on the router or in pflog.
when this happens, the router logs:
Feb 21 10:24:28 yarrow kernel: arpresolve: can't allocate llinfo for 0.0.0.0 on
vtnet0
Feb 21 10:24:30 yarrow syslogd: last message repeated 2 times
the pf state entry:
all ipv6-icmp 46.235.229.111:4709 (2a00:1098:6b:100::2[4709]) -> 1.1.1.1:8
(64:ff9b::101:101[4709]) NO_TRAFFIC:NO_TRAFFIC
if i change the external IPv4 address to a /24 and add an IPv4 default route,
then the af-to rule starts working:
10:28:05.991764 IP 46.235.229.111 > 1.1.1.1: ICMP echo request, id 4725, seq
10, length 16
10:28:05.993141 IP 1.1.1.1 > 46.235.229.111: ICMP echo reply, id 4725, seq 10,
length 16
10:28:07.041611 IP 46.235.229.111 > 1.1.1.1: ICMP echo request, id 4725, seq
11, length 16
10:28:07.042860 IP 1.1.1.1 > 46.235.229.111: ICMP echo reply, id 4725, seq 11,
length 16
^C
and pf now has two state entries:
vtnet0 icmp 46.235.229.111:28946 -> 1.1.1.1:8 0:0
all ipv6-icmp 46.235.229.111:4725 (2a00:1098:6b:100::2[4725]) -> 1.1.1.1:8
(64:ff9b::101:101[4725]) NO_TRAFFIC:NO_TRAFFIC
however, that's the wrong configuration for this network, so i can't leave it
in place except for quick testing.
--
You are receiving this mail because:
You are the assignee for the bug.
