I'm seeing bizarre behavior: host A initiates an ssh -6 to host B; host B is a qemu-kvm guest of a kvm host, C. Tcpdump (on the initiating host A shows A -> B TCP SYN packet, and a B -> A TCP SYN-ACK reply, but host A apparently doesn't recognize it as valid (although, in wireshark they look reasonable to an eyeball), because the connect syscall never returns (until it times out), and the A -> B ACK handshake is never sent. Works fine for ssh -4. If A and C are the same host, I see the same behavior. Another wrinkle: if A is also a kvm guest of C, I don't see the SYN-ACK, just the SYN. The kvm clients are connected via a network bridge on C, e.g. "brctl show" sees N+1 real ethernet interfaces eth0, ... ethN, and the M+1 virtual interfaces associated with the kvm guests: vnet0 ... vnetM. There are no netfilter rules to be seen on any of the hosts involved.
Oh, and A can ping6 B, and vice versa, just fine. I'm only seeing this weirdness with TCP. Anybody have any thoughts? This is violating my expectations. -- Russell Senior [email protected]
