I don't think so. The initiating host gets the SYN-ACK like it should, just nothing happens to it.
On Fri, Sep 9, 2022 at 11:43 AM Tomas Kuchta <[email protected]> wrote: > Could the issue be that the ssh response is on ipv4, not on ipv6 as > expected? > > -T > > On Fri, Sep 9, 2022, 10:34 Paul Heinlein <[email protected]> wrote: > > > On Fri, 9 Sep 2022, Russell Senior wrote: > > > > > I'm seeing bizarre behavior: host A initiates an ssh -6 to host B; > host B > > > is a qemu-kvm guest of a kvm host, C. Tcpdump (on the initiating host A > > > shows A -> B TCP SYN packet, and a B -> A TCP SYN-ACK reply, but host A > > > apparently doesn't recognize it as valid (although, in wireshark they > > look > > > reasonable to an eyeball), because the connect syscall never returns > > (until > > > it times out), and the A -> B ACK handshake is never sent. Works fine > for > > > ssh -4. If A and C are the same host, I see the same behavior. Another > > > wrinkle: if A is also a kvm guest of C, I don't see the SYN-ACK, just > the > > > SYN. The kvm clients are connected via a network bridge on C, e.g. > "brctl > > > show" sees N+1 real ethernet interfaces eth0, ... ethN, and the M+1 > > > virtual interfaces associated with the kvm guests: vnet0 ... vnetM. > There > > > are no netfilter rules to be seen on any of the hosts involved. > > > > > > Oh, and A can ping6 B, and vice versa, just fine. I'm only seeing this > > > weirdness with TCP. > > > > > > Anybody have any thoughts? This is violating my expectations. > > > > That is weird. Weirder still is the fact that I can duplicate those > > symptoms on my Mac that's hosting a Linux VM using the UTM hypervisor. > > ssh -6 fails but ping6 succeeds. > > > > -- > > Paul Heinlein > > [email protected] > > 45°22'48" N, 122°35'36" W > > >
