Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPv6 bug in IPFW in 2.1 beta 1

    2.1 Snapshot Feedback and Problems - RETIRED
    2
    4
    1473
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wwwdrich last edited by

      In helping someone to diagnose an IPv6 issue on a FreeBSD server the other day, I found that pfsense 2.1 beta 1 (release info shows built on Tue Jan 8 13:00:21 EST 2013 FreeBSD 8.3-RELEASE-p5) appears to be suffering from the same bug. This is described at:
        http://lists.freebsd.org/pipermail/freebsd-net/2011-February/027838.html
      I'm seeing this running the nanobsd (2g) image of the build mentioned above.

      As there is a patch for this available at http://svnweb.freebsd.org/base/head/sys/netpfil/ipfw/ip_fw2.c?r1=225032&r2=225033, is there any chance of getting this included in an upcoming nightly?

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        You sure that's not something entirely different? You're not using ipfw unless you have captive portal enabled, or have hacked it on manually for some reason. PF is missing v6 fragmentation handling completely at this time.

        1 Reply Last reply Reply Quote 0
        • W
          wwwdrich last edited by

          I'll dig around a bit more then. The system I'm testing from is also FreeBSD (9.1), but it doesn't run ipfw so shouldn't be showing this issue.

          If you want to see the same behaviour, try the following on a system with IPv6 enabled:
            telnet www.allstream.com 80
          On a system showing this issue the connection should just hang, until it eventually fails over to an IPv4 address. If you tcpdump the traffic you should see your system sending SYN but never receiving a SYNACK back.

          The patch I mentioned in the initial post fixed the issue on an system running FreeBSD 8.3.

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            Same problem, just in PF rather than ipfw.
            https://redmine.pfsense.org/issues/2762

            1 Reply Last reply Reply Quote 0
            • First post
              Last post