> On Apr 20, 2025, at 7:51 AM, Paige Thompson <pa...@paige.bio> wrote: > > I forgot to mention the post I was referring to on the forums: > > https://forums.freebsd.org/threads/fibs-with-ipv6.95984/ > <https://forums.freebsd.org/threads/fibs-with-ipv6.95984/> I did a quick overview about the HE tunnel setup mentioned in the forum, and I think that is wrong.
> >> On Apr 19, 2025, at 7:36 PM, Paige Thompson <pa...@paige.bio> wrote: >> >> >> Hey yall, >> >> I came across a thread today on the forum regarding an issue with trying to >> get IPv6 to work on something like a epair interface, I'm having the same >> issue myself when one end of the epair is assigned to a FIB that differs >> from the other. I replied to this thread, but it's pending mod. NDP do not need to consult the fib to work correctly IIRC. >> >> In any case I glossed over the tests of this in >> /usr/src/tests/sys/netinet6/ndp.sh and proxy_ndp.sh but nothing about them >> would lead me to believe that they're also testing with a FIB, nothing in >> the man page would lead me to believe that FIBs have ever been considered >> with regards to NDP either. >> >> IPv4 works fine, I can assign a /31 to both ends of the epair with one >> interface using a different FIB from the other and both are able to reach >> each other end to end, and also looking at a packet dump seemed to confirm >> that with IPv4 ARP is working correctly. >> >> I thought I was going crazy for a minute because I remember this exact >> configuration (or something nearly identical at least) worked for me on >> OpenBSD. Linux is another story but as I recall if you don't factor in the >> problems that netfilter adds (like trying to use ct_zones as an after >> thought for coalescing the identity of a VRF from fwmark) I recall this at >> least worked as one would expect. >> >> I don't really see anything in the git log about FIB for NDP, thing is I can >> probably create a static NDP entry and make this work, will have to try >> later but I'm just wondering if maybe this just got overlooked. setfib would >> seem to be older than NDP but I don't know... looking at ndp.c I'm very >> unfamiliar with it but it does look like it's querying routing tables at >> certain points. I'll try turning on debugverbose later and see if anything >> comes up but I just wanted to mention this just in case this stands out to >> anybody. By implementation, setfib(1) set the fib number to current thread ( context ). Commonly used network utils such as netstat(1) and route(8) have already support querying / operating on different fibs. So no need to `setfib N netstat ...` . >> >> >> Thanks >> -Paige > > Best regards, Zhenlei
