Hi,
I recently upgraded to 5.6, and got problems with icmpv6
I have a gif tunnel for IPv6:
[root@fremen root]# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
description: Sixxs
priority: 0
groups: gif egress
tunnel: inet 78.194.94.73 -> 212.100.184.146
inet6 fe80::200:24ff:fecf:42ac%gif0 -> prefixlen 64 scopeid 0x10
inet6 2001:6f8:202:19c::2 -> 2001:6f8:202:19c::1 prefixlen 128
When I initiate a ping from this interface, it works as intended:
08:59:38.376107 2001:6f8:202:19c::2 > 2001:41d0:8:91a::1: icmp6: echo request
(id:392e seq:0) [icmp6 cksum ok] (len 16, hlim 64)
08:59:38.410385 2001:41d0:8:91a::1 > 2001:6f8:202:19c::2: icmp6: echo reply
(id:392e seq:0) [icmp6 cksum ok] (len 16, hlim 57)
08:59:39.389383 2001:6f8:202:19c::2 > 2001:41d0:8:91a::1: icmp6: echo request
(id:392e seq:1) [icmp6 cksum ok] (len 16, hlim 64)
08:59:39.421397 2001:41d0:8:91a::1 > 2001:6f8:202:19c::2: icmp6: echo reply
(id:392e seq:1) [icmp6 cksum ok] (len 16, hlim 57)
But when a ping from outside reached it, the echo reply is sent with a
bad (0) checksum, and the packet is dropped by te other side:
09:40:28.852102 2001:41d0:8:91a::1 > 2001:6f8:202:19c::2: icmp6: echo request
(id:6c10 seq:1) [icmp6 cksum ok] (len 64, hlim 57)
09:40:28.852251 2001:6f8:202:19c::2 > 2001:41d0:8:91a::1: icmp6: echo reply
(id:6c10 seq:1) [bad icmp6 cksum 0! -> 2d93] (len 64, hlim 64)
09:40:29.860327 2001:41d0:8:91a::1 > 2001:6f8:202:19c::2: icmp6: echo request
(id:6c10 seq:2) [icmp6 cksum ok] (len 64, hlim 57)
09:40:29.860432 2001:6f8:202:19c::2 > 2001:41d0:8:91a::1: icmp6: echo reply
(id:6c10 seq:2) [bad icmp6 cksum 0! -> 8a71] (len 64, hlim 64)
It works correctly with this pf rule disabled:
pass in on gif0 reply-to ( gif0 2001:6f8:202:19c::1 ) keep state
What's the correct way to handle correct return-path ?
Regards,
--
Bastien Durel
