"kernel: cannot forward..." errors in system log
-
I run a RIPE Atlas probe on one of my networks, which is used to perform ping, traceroute, DNS lookups, and a variety of other diagnostic tests to a variety of hosts around the internet.
I checked my pfSense logs today and came across this...
The 2600:4040:... host is my RIPE Atlas Probe system.
Sep 8 09:16:13 kernel cannot forward src fe80:1::2a0:aaaa:bbbb:e1a0, dst 2600:4040:aaaa:bbbb:ccc:dddd:fe32:204c, nxt 58, rcvif ix0, outif ix3 Sep 8 09:16:21 kernel cannot forward src fe80:1::2a0:aaaa:bbbb:e1a0, dst 2600:4040:aaaa:bbbb:ccc:dddd:fe32:204c, nxt 58, rcvif ix0, outif ix3 Sep 8 09:21:12 kernel cannot forward src fe80:1::2a0:aaaa:bbbb:e1a0, dst 2600:4040:aaaa:bbbb:ccc:dddd:fe32:204c, nxt 58, rcvif ix0, outif ix3 Sep 8 09:21:20 kernel cannot forward src fe80:1::2a0:aaaa:bbbb:e1a0, dst 2600:4040:aaaa:bbbb:ccc:dddd:fe32:204c, nxt 58, rcvif ix0, outif ix3
Doing a packet capture on WAN, I see this...
09:21:12.091199 IP6 fe80::2a0:aaaa:bbbb:e1a0 > 2600:4040:aaaa:bbbb:ccc:dddd:fe32:204c: ICMP6, time exceeded in-transit for 2a00:74c0:a:b::20, length 104 09:21:16.092752 IP6 fe80::2a0:aaaa:bbbb:e1a0 > 2600:4040:aaaa:bbbb:ccc:dddd:fe32:204c: ICMP6, time exceeded in-transit for 2a00:74c0:a:b::20, length 104 09:21:20.093609 IP6 fe80::2a0:aaaa:bbbb:e1a0 > 2600:4040:aaaa:bbbb:ccc:dddd:fe32:204c: ICMP6, time exceeded in-transit for 2a00:74c0:a:b::20, length 104
Any thoughts on why these Time Exceeded packets wouldn't be able to be routed back to the host? Or how to get this stuff out of my system log?
-
client attempting to send traffic from a link-local address to a remote destination. it gets dropped and logged because you can't do that
for example
Scheda LAN wireless Wi-Fi: Suffisso DNS specifico per connessione: kiokoman.home Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:470:26:5dc:xxxx:xxxx:xxxx:xxxx Indirizzo IPv6 locale rispetto al collegamento . : fe80::64ee:8085:95b:32fc%9 Indirizzo IPv4. . . . . . . . . . . . : 192.168.10.22 Subnet mask . . . . . . . . . . . . . : 255.255.255.0 Gateway predefinito . . . . . . . . . : fe80::20c:29ff:fef6:cf61%9 192.168.10.254 C:\Users\Amministratore>ping -6 -S fe80::64ee:8085:95b:32fc www.google.com Esecuzione di Ping www.google.com [2a00:1450:4001:81d::2004] da fe80::64ee:8085:95b:32fc con 32 byte di dati: Errore generale. Errore generale. Errore generale. Errore generale. Statistiche Ping per 2a00:1450:4001:81d::2004: Pacchetti: Trasmessi = 4, Ricevuti = 0, Persi = 4 (100% persi), C:\Users\Amministratore>ping -6 -S 2001:470:26:5dc:xxxx:xxxx:xxxx:xxxx www.google.com Esecuzione di Ping www.google.com [2a00:1450:4001:81d::2004] da 2001:470:26:5dc:xxxx:xxxx:xxxx:xxxx con 32 byte di dati: Risposta da 2a00:1450:4001:81d::2004: durata=38ms Risposta da 2a00:1450:4001:81d::2004: durata=38ms Risposta da 2a00:1450:4001:81d::2004: durata=39ms Risposta da 2a00:1450:4001:81d::2004: durata=37ms Statistiche Ping per 2a00:1450:4001:81d::2004: Pacchetti: Trasmessi = 4, Ricevuti = 4, Persi = 0 (0% persi), Tempo approssimativo percorsi andata/ritorno in millisecondi: Minimo = 37ms, Massimo = 39ms, Medio = 38ms C:\Users\Amministratore>ping -6 -S fe80::64ee:8085:95b:32fc fe80::20c:29ff:fef6:cf61 Esecuzione di Ping fe80::20c:29ff:fef6:cf61 da fe80::64ee:8085:95b:32fc con 32 byte di dati: Risposta da fe80::20c:29ff:fef6:cf61: durata=1ms Risposta da fe80::20c:29ff:fef6:cf61: durata=1ms Risposta da fe80::20c:29ff:fef6:cf61: durata=1ms Risposta da fe80::20c:29ff:fef6:cf61: durata=1ms Statistiche Ping per fe80::20c:29ff:fef6:cf61: Pacchetti: Trasmessi = 4, Ricevuti = 4, Persi = 0 (0% persi), Tempo approssimativo percorsi andata/ritorno in millisecondi: Minimo = 1ms, Massimo = 1ms, Medio = 1ms
as you can see:
i can't ping from link-local to google,
I can ping from my ipv6 address to google,
i can ping from link local to another link local inside my network -
Right... so that's coming to my pfSense box from the internet... and the link-local address in those packets isn't my ISP's router (at least not the default gateway). So how is it getting from wherever it's originating from to me, if it has a link-local address as the source?
-
it comes from your network
check the MAC address to find out,
if you check my example from before,http://www.sput.nl/internet/ipv6/ll-mac.html
Link-local: fe80::20c:29ff:fef6:cf61
Mac: 00:0C:29:F6:CF:61
Manufacturer: VMware, Inc. ( https://macvendorlookup.com/ )vmx1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: LAN options=8500b8....... -> ether 00:0c:29:f6:cf:61
In IPv6, it is not allowed to route link local addresses (and no router will forward packets with such addresses as source or destination address).
-
Well... in the packet capture, the MAC address of the Ethernet frame matches the MAC address of the default gateway from my ISP (which is not unusual when dealing with packets being routed to you). But the IPv6 address is definitely not the same, and it doesn't appear to be an EUI64 address, so I can't match it to a MAC address. I do realize that I masked part of the address that would have identified that fact.
It's likely a misconfiguration on my ISP's part... they only just got IPv6 up and running about a week ago, and it may not even be completed yet (But I've figured out how to make it work with pfSense, not knowing whether their own routers even work with it).
It's kind-of annoying that this is logged in the general system log though...it'd be nice if it were in the routing log... but I assume since it's the kernel generating these messages, that's why it's in the system log.