Bridge link-local IPv6 address assignment on startup

wallabybob · May 24, 2011, 1:55 PM

Today I upgraded from a snapshot built on 18-Apr-2011 to one built 21-May-2011. Since the IPV6 git repository had changed location I presumed I needed to sync again with the new repository. Then on the next reboot I noticed in the system log:

clog /var/log/system.log | grep bridge

May 24 18:27:08 pfsense kernel: pcib0: <acpi host-pci="" bridge="">port 0xcf8-0xcff on acpi0
May 24 18:27:08 pfsense kernel: agp0: <via 862x="" (cle266)="" host="" to="" pci="" bridge="">on hostb0
May 24 18:27:08 pfsense kernel: pcib1: <pci-pci bridge="">at device 1.0 on pci0
May 24 18:27:08 pfsense kernel: isab0: <pci-isa bridge="">at device 17.0 on pci0
May 24 18:27:29 pfsense php: : The command '/sbin/ifconfig bridge0 inet6 2a28:c4ff:fed7ba:91' returned exit code '1', the output was 'ifconfig: 2a28:c4ff:fed7ba:91: bad value'
May 24 18:27:52 pfsense bandwidthd: Opening bridge0
May 24 18:27:52 pfsense bandwidthd: Opening bridge0
May 24 18:27:52 pfsense bandwidthd: Opening bridge0
May 24 18:27:52 pfsense kernel: bridge0: promiscuous mode enabled
May 24 18:27:52 pfsense bandwidthd: Opening bridge0
#</pci-isa></pci-pci></via></acpi>

So looks like an attempt was made to set a link local address from the MAC address but the link local address was not well formed.

So I made a code change:

diff -b -C 3 /etc/inc/pfsense-utils.inc.orig /etc/inc/pfsense-utils.inc

*** /etc/inc/pfsense-utils.inc.orig Tue May 24 23:32:35 2011
–- /etc/inc/pfsense-utils.inc Tue May 24 23:39:01 2011

*** 2214,2220 ****
return false;

$i = 0;
! $ipv6 = "";
foreach($elements as $byte) {
if($i == 0) {
$hexadecimal = substr($byte, 1, 2);
--- 2214,2220 ----
return false;

$i = 0;
! $ipv6 = "fe80::";
foreach($elements as $byte) {
if($i == 0) {
$hexadecimal = substr($byte, 1, 2);

*** 2230,2241 ****
if($i == 3) {
$ipv6 .= ":";
}

if($i == 5) {

$ipv6 .= ":";

}
if($i == 2) {
$ipv6 .= "ff:fe";

$i++;
}

$i++;
--- 2230,2237 ----

and on reboot:

ifconfig bridge0

bridge0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
ether 2e:8c:16:76:ab:e9
inet 192.168.211.173 netmask 0xffffff80 broadcast 192.168.211.255
inet6 2001:470:1f05:14b3::1 prefixlen 64
inet6 fe80::2e8c:16ff:fe76:abe9%bridge0 prefixlen 64 scopeid 0xe
nd6 options=3 <performnud,accept_rtadv>id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vr0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 3 priority 128 path cost 200000
member: ath0_wlan0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 12 priority 128 path cost 370370</learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast>

So it looks like the bridge was successfully assigned a link-local IP address derived from its MAC address.

databeestje · May 24, 2011, 5:10 PM

comitted.

wallabybob · Aug 31, 2011, 11:51 PM

The patch seems to have been lost. Today I upgraded to 2.0-RC1-IPv6 (i386)
built on Fri Aug 26 18:54:18 EDT 2011 and git sync'd for IPv6. On reboot saw

Sep 1 08:25:46 pfsense php: : The command '/sbin/ifconfig bridge0 inet6 427d:dcff:fe45a8:cc' returned exit code '1', the output was 'ifconfig: 427d:dcff:fe45a8:cc: bad value'

databeestje · Sep 1, 2011, 5:34 AM

That's not current code, not sure what you are syncing against because the current version string is 2.1-DEVELOPMENT

wallabybob · Sep 1, 2011, 8:03 AM

@databeestje:

That's not current code, not sure what you are syncing against

I was running a snapshot 2.0 build from around 21 Jun 2011 and wanted to upgrade to something rather more current.

There doesn't seem to be a single "current" guide to getting something I can use for some basic IPv6 testing, firstly with a Hurricane Electric tunnel then (maybe) with my ISP. What should I do? Is a recent 2.0 snapshot build enough?

wallabybob · Sep 1, 2011, 11:33 AM

To try to answer my own question, I'll start again with the Jun snapshot I was running, upgrade to 26th Aug snapshot build then follow http://doc.pfsense.org/index.php/Using_IPv6_on_2.0 (dated 5th Aug) and take a bit more notice of what I'm doing and report back.

wallabybob · Sep 2, 2011, 1:57 AM

I restored my 2.0 snapshot build of 21 Jul. I cleared out the files from pfsense/pfSenseGITREPO/pfSenseGITREPO to get enough free space for the install. (I have a 1GB hard drive which was about 91% full. After clearing this directory utilisation fell to about 60%. The installs would quietly fail with the low disk free space. The failure was reported on the next boot as the bootloader getting a premature EOF on reading the kernel.)

After installation of the 26 Aug snapshot and its reboot, I connected to the console and followed http://doc.pfsense.org/index.php/Using_IPv6_on_2.0 and things worked better. Looks like I messed up the gitsync somehow.

MikeN · Oct 18, 2011, 1:56 PM

With the latest available snapshot (30 sep or so), my bridge doesn't get assigned a link-local address (causing routing issues, since i have a link-local address as gateway, and I cannot set it because it's not in the 'bridge net'). Is this intended behavior or should I file a bug?

jimp · Oct 24, 2011, 3:35 PM

I just posted a new set of images a few days ago, give it a try with up-to-date code.

johnpoz · Oct 24, 2011, 6:56 PM

jimp – so can we point our update url to http://files.pfsense.org/jimp/ipv6/

And have it grab updates as you post them? Mine currently says no updates available - etc.

Are these that you posted using the new freebsd 9?

2.1-DEVELOPMENT (i386)
built on Sun Sep 11 21:36:53 EDT 2011
FreeBSD 8.1-RELEASE-p4

Unable to check for updates.

Would be really nice if we could get an update of details for us wanting to use IPv6 and maintain using the lastest stuff for 2.1 line, where to grab updates/snaps - where to point for gitsync, etc.

An announcement of the all the required settings would be great!!

jimp · Oct 24, 2011, 7:40 PM

@johnpoz:

jimp – so can we point our update url to http://files.pfsense.org/jimp/ipv6/

And have it grab updates as you post them? Mine currently says no updates available - etc.

No - those are just individual files that can be downloaded and used for new installs/updates.

@johnpoz:

Are these that you posted using the new freebsd 9?

No, not yet.

@johnpoz:

–-
2.1-DEVELOPMENT (i386)
built on Sun Sep 11 21:36:53 EDT 2011
FreeBSD 8.1-RELEASE-p4

Unable to check for updates.

Would be really nice if we could get an update of details for us wanting to use IPv6 and maintain using the lastest stuff for 2.1 line, where to grab updates/snaps - where to point for gitsync, etc.

An announcement of the all the required settings would be great!!

The gitsync process is still the recommended way - just do a manual firmware update instead of an auto update. You aren't quite on 2.0-RELEASE there, but it should be close enough. You could upload a 2.0 firmware and it'll kick in, or if you just want to update the code, run gitsync on its own as described on the doc wiki.

MikeN · Oct 25, 2011, 3:21 PM

@jimp:

I just posted a new set of images a few days ago, give it a try with up-to-date code.

Same problem with the latest snapshot, (2.1-DEVELOPMENT (amd64) built on Fri Oct 21 12:51:15 EDT 2011). The bridge iface only gets assigned the global IPv6 IP and not a (generated) link-local IP. Since my gateway is a link-local address (due to HSRP), I don't have IPv6 connectivity.