IPv6 bug in IPFW in 2.1 beta 1
-
In helping someone to diagnose an IPv6 issue on a FreeBSD server the other day, I found that pfsense 2.1 beta 1 (release info shows built on Tue Jan 8 13:00:21 EST 2013 FreeBSD 8.3-RELEASE-p5) appears to be suffering from the same bug. This is described at:
http://lists.freebsd.org/pipermail/freebsd-net/2011-February/027838.html
I'm seeing this running the nanobsd (2g) image of the build mentioned above.As there is a patch for this available at http://svnweb.freebsd.org/base/head/sys/netpfil/ipfw/ip_fw2.c?r1=225032&r2=225033, is there any chance of getting this included in an upcoming nightly?
-
You sure that's not something entirely different? You're not using ipfw unless you have captive portal enabled, or have hacked it on manually for some reason. PF is missing v6 fragmentation handling completely at this time.
-
I'll dig around a bit more then. The system I'm testing from is also FreeBSD (9.1), but it doesn't run ipfw so shouldn't be showing this issue.
If you want to see the same behaviour, try the following on a system with IPv6 enabled:
telnet www.allstream.com 80
On a system showing this issue the connection should just hang, until it eventually fails over to an IPv4 address. If you tcpdump the traffic you should see your system sending SYN but never receiving a SYNACK back.The patch I mentioned in the initial post fixed the issue on an system running FreeBSD 8.3.
-
Same problem, just in PF rather than ipfw.
https://redmine.pfsense.org/issues/2762