FQ_Codel IPv6 floating rule error

JeFizz · Feb 11, 2021, 2:35 PM

Good Morning,

I'm receiving the same error message as the above referenced post along with others I have found on the forum. none of them appear to have any resolution.

2.5.0-RC (amd64)
built on Thu Feb 11 03:07:23 EST 2021
FreeBSD 12.2-STABLE

After many months of waiting for a bug to be resolved in the 2.5.0-devel builds, I have finally re-enabled traffic limiters utilizing FQ_CODEL following the instructions defined in many guides that are out there. I used Lawrence Systems instructions, which is exactly the same as a few other guides I have found. HERE.

My pfSense system is on the fresh 2.5.0 RC release, as noted above, that now contains the proper fixes to allow FQ_CODEL to be used on both up and down directions in the floating rules. The squashed bug is #9643. I can confirm that the bug is fixed when using IPv4 only, but adding an IPv6 floating rule generates the error.

There were error(s) loading the rules: /tmp/rules.debug:326: no routing address with matching address family found. The line in question reads [326]: pass out quick on { igb0 } $GWWAN_DHCP6 inet6 from any to any tracker 1609523960 keep state dnqueue( 2,1) label &quot;USER_RULE: CoDel Limiters&quot;
@ 2021-02-11 07:39:56

As far as I know, my IPv6 configurations are functioning properly. (Comcast, IPv6 PD, etc.)

Maybe because the gateway is "Dynamic" for IPv6?

Please let me know what configurations you would like to see in order to assist.

Thanks,

aivxtla · Feb 11, 2021, 5:03 PM

I'm also getting similar errors on 2.5.0 RC:

There were error(s) loading the rules: /tmp/rules.debug:178: no routing address with matching address family found. - The line in question reads [178]: pass out quick on { ixl0 } $GWWAN_DHCP6 inet6 from any to any tracker 1613022598 keep state dnqueue( 2,1) label "USER_RULE"

No errors on IPv4 rules so far. I also want to add that this was on a fresh install with no other rulesets or packages other than defaults. I used the following settings for limiters and rules, which worked previously in 2.4.5.

Download Limiter:
Bandwidth: 1200 Mbps
Queue Management Algorithm: CoDel
Scheduler: FQ_Codel
Queue Length: 1000 also tried leaving blank
ECN: Enabled
—Download Queue:
Queue Management Algorithm: CoDel
ECN: Enabled

Upload Limiter:
Bandwidth: 36 Mbps
Queue Management Algorithm: CoDel
Scheduler: FQ_Codel
Queue Length: 1000 also tried leaving blank
ECN: Enabled
—Upload Queue:
Queue Management Algorithm: CoDel
ECN: Enabled

Firewall Floating Rule:
Action: Pass
Interface: WAN
Direction: Out
Address Family: IPv6 (Also have similar rule for IPv4)
Protocol: Any
Advanced:
Gateway: WAN_DHCP - (It shows Dynamic here for IPv6, similar to JeFizz I suspect this may be a cause)
In/Out Pipe: Upload Queue (In) / Download Queue (Out)

JeFizz · Feb 11, 2021, 5:04 PM

@aivxtla Yep, basically same settings as you...

Download Limiter:
Bandwidth: 960 Mbps
Queue Management Algorithm: CoDel
Scheduler: FQ_Codel
Queue Length: 4000
ECN: Enabled
—Download Queue:
Queue Management Algorithm: CoDel
ECN: Enabled

Upload Limiter:
Bandwidth: 39 Mbps
Queue Management Algorithm: CoDel
Scheduler: FQ_Codel
Queue Length: 3000
ECN: Enabled
—Upload Queue:
Queue Management Algorithm: CoDel
ECN: Enabled

Firewall Floating Rule (two rules, one for IPV4 and one for IPv6):
Action: Pass
Interface: WAN
Direction: Out
Address Family: IPv4 / IPv6
Protocol: Any
Advanced:
Gateway: WAN_DHCP / WAN_DHCP6
In/Out Pipe: Upload Queue (In) / Download Queue (Out)

bobbenheim · Feb 12, 2021, 8:28 AM

Getting the same error when making an IPv6 floating rule with gateway and limiters set. Selecting the gateway is enough to trigger the error and the rule works just fine if default gateway is set.
Tested with 2.5.0.r.20210211.0300 and 2.5.0.r.20210211.1637

JeFizz · Feb 12, 2021, 3:43 PM

@bobbenheim I'm not quite following you on this. I understand that you get the same error when creating the IPv6 floating rule and selecting the IPv6 gateway. What do you mean by "and the rule works just fine if default gateway is set."? I have to select a gateway or the rule will not save (and therefore will produce the error in the original post).
Routing:Gateways:

IPv6 Floating Rule with Limiters:

In Routing\Gateways I have to have a gateway selected due to Wireguard, I can't leave it at Automatic. FYI FWIW.

bobbenheim · Feb 12, 2021, 11:55 PM

@jefizz I meant that if i set Gateway to default and in/out pipe to none the rule works, if i set the Gateway to WAN_DHCP6 afterwards the error reappears.

Vollans · Feb 19, 2021, 1:26 AM

@aivxtla said in FQ_Codel IPv6 floating rule error:

Gateway: WAN_DHCP - (It shows Dynamic here for IPv6, similar to JeFizz I suspect this may be a cause)
In/Out Pipe: Upload Queue (In) / Download Queue (Out)

Same setup here with Aussie Broadband, dynamic IPv6 address, and the exact same error.

bobbenheim · Feb 19, 2021, 8:40 AM

Might be related to this as the problem occurs when selecting gateway in the floating rule.

heyj · Feb 20, 2021, 6:04 PM

I am also having this problem with the floating rule error and the dynamic IPv6 gateway throwing the error for the firewall rule on 2.5.

Masaq · Feb 20, 2021, 8:05 PM

Here too. Was working fine before update to Pfsense+ 21.02 Release on a SG-1100.

MikeV7896 · Feb 21, 2021, 2:36 PM

There is an issue that has been identified with dynamic IPv6 gateways (for example, if you use DHCPv6 to obtain an address/prefix). The gateway is not being populated properly behind-the-scenes, which has a ripple effect to other areas in pfSense, including gateway selection in rules, which I believe is what all here are experiencing.

There is no fix available yet (the fix for "dpinger" was to manually specify a monitor address, but that won't have an effect on gateway selection in rules), but if you want to track the bug: https://redmine.pfsense.org/issues/11454