Re: exFAT support

2020-08-06 Thread Ingo Schwarze 
Hi John,

jo...@armadilloaerospace.com wrote on Thu, Aug 06, 2020 at 04:28:53PM -0700:

> I was considering making a kernel patch that reported it was
> an exFATfilesystem

Sounds like a layering violation.  The table of file system IDs
is in userland - /usr/src/sbin/fdisk/part.c - rather than in the
kernel, so the kernel is hardly a natural place for figuring out
what kind of filesystem is supposed to be on the partition.

> when the mount failed, which you would see if you were onttyC0, or could
> call up with dmesg, as with the kernel messages thathappen when you first
> plug a drive in.
> Is there a concise "philosophy" of when the kernel should print amessage
> post-boot?  Just when devices are dynamically configured?

I would put it as follows: kernel printf(9) is for
 1. boot messages (before init(8) starts)
(hotplugging hardware is similar even though it happens later)
 2. catastrophic kernel failures (like panics)
 3. catastrophic hardware failures (like a dying disk)
 4. debugging and data collection during active development

System-level errors (in particular from daemons) are usually reported
via syslog(3) instead.  Simply user errors like this one are reported
by the application program on stderr.

Yours,
  Ingo

Re: exFAT support

2020-08-06 Thread gwes 

On 8/6/20 5:47 PM, Bryan Steele wrote:

On Thu, Aug 06, 2020 at 02:16:11PM -0700, jo...@armadilloaerospace.com wrote:

With Microsoft's release of the [exFAT] spec last year, is the path open for
kernel support now, when someone gets around to it?

I don't know the details, but I believe one issue with exFAT has been
Microsoft and software patents, not just available documentation. Linux
may eventually get a kernel implementation but I'm not sure that helps
us.

https://www.zdnet.com/article/microsoft-readies-exfat-patents-for-linux-and-open-source/
The license as published tries very hard to restrict use only to "Linux 
systems."

There are two sentences that might allow additional licenses.
Lawyer would be involved.

geoff steckel

Re: exFAT support

2020-08-06 Thread johnc 
I was considering making a kernel patch that reported it was an exFATfilesystem
when the mount failed, which you would see if you were onttyC0, or could
call up with dmesg, as with the kernel messages thathappen when you first
plug a drive in.
Is there a concise "philosophy" of when the kernel should print amessage
post-boot?  Just when devices are dynamically configured?

   Original Message 
  Subject: Re: exFAT support
  From: Ingo Schwarze 
  Date: Thu, August 06, 2020 3:57 pm
  To: jo...@armadilloaerospace.com
  Cc: t...@openbsd.org

  Hi,

  in addition to what Bryan said...

  This message is wildly off-topic on tech@.
  If you reply, please reply to misc@.

  Quoting from https://www.openbsd.org/mail.html (please read that!):

  Developer lists:
  [...]
  t...@openbsd.org
  Discussion of technical topics for OpenBSD developers and advanced
  users. This is _not_ a "tech support" forum - do not use it as such.


  jo...@armadilloaerospace.com wrote on Thu, Aug 06, 2020 at 02:16:11PM
  -0700:

  > I tried to mount a 12TB USB drive, and was getting an
  "Inappropriate
  > file type or format" error.

  Even on misc@, when asking questions, please state what you are
  actually doing, showing the exact commands you type and the exact
  output you get, together in the original order, for example like
  this:

  isnote# mount -t msdos /dev/sd1a /mnt
  mount_msdos: /dev/sd1a on /mnt: Inappropriate file type or format

  > It turned out to be due to exFAT formatting, but it took me some
  > investigating to figure that out. Would it be reasonable to have
  the
  > kernel print

  You didn't say where you saw the message, but i assume it was the
  output of mount(8), not kernel output on the system console or in
  /var/log/messages. The kernel doesn't print such messages. The
  application program (e.g. mount(8)) prints them. All the kernel
  does is return an errno(2) to the mount(2) syscall. So you can
  find an exhaustive list of the messages that could be printed in
  the errno(2) manual page. Also, which errno(2) is returned from
  syscalls in which error case is not arbitrary and cannot be changed
  arbitrarily.

  > a more informative warning like "exFAT filesystem not
  > supported" when you try to mount it with mount_msdos, or are
  additional
  > kernel prints considered bad form?

  I bet if the kernel had printed anything, you wouldn't even have
  noticed. Besides, yes indeed, the kernel is absolutely not supposed
  to print anything when users type wrong commands.

  Yours,
  Ingo

Re: Way to find most active IPs for rate limiting with pf

2020-08-06 Thread philippe aubry 
Hi all

May be that can help, something like this :

pass in quick on $ext_if proto tcp from any to ($ext_if) port $tcp_services
(max-src-conn 50, max-src-conn-rate 5/5, overload  flush global)
I use it to black list ip that do to many ssh or other tcp services
simultaneous connections, but in your case you can get the ip source and do
something with it like limit the bandwidth with queueing.

max-src-conn 50 : this is the number of simultaneous connections you allow
from one host.
max-src-conn 10/5 : the rate of new connections allowed from any single
host here 10 connections per 5 seconds

>From https://man.openbsd.org/pf.conf#max-pkt-rate
*Queueing*  Queueing
provides rule-based bandwidth control.
max-pkt-rate 
number/seconds Measure
the rate of packets matching the rule and states created by it. When the
specified rate is exceeded, the rule stops matching. Only packets in the
direction in which the state was created are considered, so that typically
requests are counted and replies are not. For example, to pass up to 100
ICMP packets per 10 seconds:

block in proto icmp
pass in proto icmp max-pkt-rate 100/10

When the rate is exceeded, all ICMP is blocked until the rate falls below
100 per 10 seconds again.max-src-conn
 number Limits the maximum
number of simultaneous TCP connections which have completed the 3-way
handshake that a single host can make. max-src-conn-rate
 number/seconds Limit
the rate of new connections over a time interval. The connection rate is an
approximation calculated as a moving average.

Regards

Philippe

Le jeu. 6 août 2020 à 17:20, Jordan Geoghegan  a
écrit :

>
>
> On 2020-08-06 13:46, Alan McKay wrote:
> > So I want to implement rate limiting, and to determine a reasonable
> > rate based on current traffic patterns I'd like to be able to figure
> > out which source IPs are generating the most connections and at what
> > rate.
> >
> > Is there a way to do that?
> >
> >
>
> There is likely a better way to do it, but a quick and dirty method to
> check for number of states for an IP address would be something like:
>
>   $  doas pfctl -s state | grep -Fc "192.0.2.4"
>
> or if you wanted to check for the number of tcp or udp states specifically:
>
>$  doas pfctl -s state | grep "^all tcp" | grep -Fc "192.0.2.4"
>
>
> Regards,
>
> Jordan
>
>

Re: Way to find most active IPs for rate limiting with pf

2020-08-06 Thread Jordan Geoghegan 




On 2020-08-06 13:46, Alan McKay wrote:

So I want to implement rate limiting, and to determine a reasonable
rate based on current traffic patterns I'd like to be able to figure
out which source IPs are generating the most connections and at what
rate.

Is there a way to do that?




There is likely a better way to do it, but a quick and dirty method to 
check for number of states for an IP address would be something like:


 $  doas pfctl -s state | grep -Fc "192.0.2.4"

or if you wanted to check for the number of tcp or udp states specifically:

  $  doas pfctl -s state | grep "^all tcp" | grep -Fc "192.0.2.4"


Regards,

Jordan

Way to find most active IPs for rate limiting with pf

2020-08-06 Thread Alan McKay 
So I want to implement rate limiting, and to determine a reasonable
rate based on current traffic patterns I'd like to be able to figure
out which source IPs are generating the most connections and at what
rate.

Is there a way to do that?


-- 
"You should sit in nature for 20 minutes a day.
 Unless you are busy, then you should sit for an hour"
 - Zen Proverb

Re: Should/will OpenBSD support ODROID-C4 board? (ARM A55)

2020-08-06 Thread Janne Johansson 
Den tors 6 aug. 2020 kl 18:40 skrev :

> Hardkernel, a Korean company, make an alternative to the Raspberry Pi, the
> latest being the 'Odroid C4', CPU manufactured by Amlogic (American).
> I owned an ODROID board in the past and was impressed with the hardware.
> However, the software support for Linux is majorly lacking, and so quite
> buggy
> (basic things like USB, ethernet) unless using their self-released
> old-patched-up kernels.
>
> But perhaps this is an opportunity for OpenBSD? I don't know how much work
> it is
> to port OpenBSD to an ARM board, or if Hardkernel do a good job of making
> this
> task easy. I noticed the ODROID-N2 is supported by OpenBSD, which would
> give
> an indication (but the N2 has an A73 and so Spectre bugs).
>

Well, it is somewhat sad if they can't even get decent code in mainline for
linux, which I assume
was their intended target OS, the chances of getting support (or code, ha!)
for OpenBSD
seems very slim, or getting decent docs (which if they existed would have
allowed linux
to run fine on them too?) for the stuff around the cpu.

So it might get to work, but I would probably not have my hopes up too much
if it already did not
make it on linux.

-- 
May the most significant bit of your life be positive.

Should/will OpenBSD support ODROID-C4 board? (ARM A55)

2020-08-06 Thread cipher-hearts 
Hardkernel, a Korean company, make an alternative to the Raspberry Pi, the 
latest being the 'Odroid C4', CPU manufactured by Amlogic (American).

Unlike the Pi 4 which uses an A72, the C4 uses a CPU without Spectre bugs - the 
A55. This is an iteration onwards from the A53 which was used in the Pi 3 (and 
the later releases of the Pi 2, to get an idea of the age of the A53).

https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

It also comes with a good heatsink (Pi tends to overheat and underclock 
itself), 
and omits built-in wireless devices.

https://www.raspberrypi.org/blog/thermal-testing-raspberry-pi-4/

I owned an ODROID board in the past and was impressed with the hardware. 
However, the software support for Linux is majorly lacking, and so quite buggy 
(basic things like USB, ethernet) unless using their self-released 
old-patched-up kernels.

But perhaps this is an opportunity for OpenBSD? I don't know how much work it 
is 
to port OpenBSD to an ARM board, or if Hardkernel do a good job of making this 
task easy. I noticed the ODROID-N2 is supported by OpenBSD, which would give 
an indication (but the N2 has an A73 and so Spectre bugs).

Any thoughts?

Re: static IPv6 setup is not working stable

2020-08-06 Thread Peter Fröhlich 
Just to chime in uselessly, I am having no end of trouble with IPv6 on
various machines. I cannot get IPv6 to work either on my PC-ENGINES
APU connected to a FRITZ!box or my VPS at tinykvm.com; but for
whatever reason things work better (although not completely) at
vultr.com. As far as I know the setups are identical, but of course
the "upstream" network is different in each case. Luckily I don't
really need IPv6 so I just decided to ignore the issues. But that
doesn't feel very satisfying. (And my Google-fu must be terrible
because I cannot seem to find a single OpenBSD IPv6 tutorial that
actually works when I try to go with it.)

Re: static IPv6 setup is not working stable

2020-08-06 Thread kug1977 
Dear Janne,

traceroute6 -I ipv6.google.com
traceroute6 to ipv6.l.google.com (2a00:1450:4001:81b::200e), 64 hops max, 60 
byte packets
1  2a03:4000:24::3 (2a03:4000:24::3)  0.384 ms  0.558 ms  0.563 ms
2  2a00:11c0:47:3::20 (2a00:11c0:47:3::20)  0.887 ms  0.545 ms  0.421 ms
3  2a00:11c0:47:1:47::141 (2a00:11c0:47:1:47::141)  4.227 ms  3.486 ms  3.574 ms
4  2001:4860:1:1::6bc (2001:4860:1:1::6bc)  6.794 ms  5.098 ms  3.559 ms
5  2001:4860:0:11df::1 (2001:4860:0:11df::1)  4.243 ms  3.825 ms  3.843 ms
6  2001:4860:0:1::671 (2001:4860:0:1::671)  4.169 ms  3.866 ms  3.856 ms
7  fra15s16-in-x0e.1e100.net (2a00:1450:4001:81b::200e)  3.776 ms  3.889 ms  
3.867 ms

OpenBSD is learning the default route fe80:1%vio0 by NDP, so even without 
configure it as
gateway will be used.

And using somethings next hop is gw is not working either

route add -inet6 default 2a03:4000:24::3
add net default: gateway 2a03:4000:24::3: Network is unreachable

I have opened a ticket with NETcup … hopefully they will check.

-Kay-Uwe

> On 06 Aug 2020, at 16:10, Janne Johansson  wrote:
> 
> No, I think in my case it is Juniper multichassis LAG (link aggregation
> groups) getting confused by identical fe80::x for multiple local v6
> networks, or something to that effect.
> 
> How does the traceroute6's look when it "works"? If you get a "real" v6
> there you might (ab)use that as the gw ip?
> 
>> On 06 Aug 2020, at 16:04, kug1977  wrote:
>> 
>> Unfortuanatly, the Provider netcup doesn’t give out IPv6 gw address 
>> configuration other than fe80::1, so I cannot check these. But all 
>> virtualization there is based on KVM, too. So I guess the issue is with KVM?
>> 


signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: static IPv6 setup is not working stable

2020-08-06 Thread Janne Johansson 
No, I think in my case it is Juniper multichassis LAG (link aggregation
groups) getting confused by identical fe80::x for multiple local v6
networks, or something to that effect.

How does the traceroute6's look when it "works"? If you get a "real" v6
there you might (ab)use that as the gw ip?


Den tors 6 aug. 2020 kl 16:04 skrev kug1977 :

> Unfortuanatly, the Provider netcup doesn’t give out IPv6 gw address
> configuration other than fe80::1, so I cannot check these. But all
> virtualization there is based on KVM, too. So I guess the issue is with KVM?
>
>
> > On 06 Aug 2020, at 15:51, Janne Johansson  wrote:
> >
> > I have a setup where the virtualization (KVM) combined with the
> networking does present a IPv6 def-gw as both an fe80:: here> and the more normal 2001:a:b:c:d::1/64 and where the 2001-v6 ip works
> far better on virtual machines due to redundancy mac sync things on the
> network side, and since the ndp list showed the fe80::1 had a
> VRRP/CARP-lookalike mac, it could be the same.
> >
> > In my case both bsd and linux IPv6-using VMs suffer from ndp "drops"
> where it can take seconds for the discovery to figure the mac address out
> again after a drop.
> >
> > So if you can divine what the "real" v6 ip is of the default-gw, try
> setting this hard in the conf or /etc/mygate and retry v6.
> >
> >
> > Den tors 6 aug. 2020 kl 14:46 skrev Matthias Schmidt :
> > Hi,
> >
> > * kug1977 wrote:
> > >
> > > Is this something wrong configured on OpenBSD server or is this
> something
> > > the provider has to check on the gateway side?
> >
> > I also have a VM at the exact same provider (netcup) and face
> > the same problem.  Since all of my VMs at different providers are
> > identical (base install + conf via ansible) and I don't see the issue at
> > other providers (IONOS, Hetzner) I suspect it has nothing to do with
> > OpenBSD...
> >
> > --
> > May the most significant bit of your life be positive.
>
>

-- 
May the most significant bit of your life be positive.

Re: static IPv6 setup is not working stable

2020-08-06 Thread Janne Johansson 
I have a setup where the virtualization (KVM) combined with the networking
does present a IPv6 def-gw as both an fe80:: and
the more normal 2001:a:b:c:d::1/64 and where the 2001-v6 ip works far
better on virtual machines due to redundancy mac sync things on the network
side, and since the ndp list showed the fe80::1 had a VRRP/CARP-lookalike
mac, it could be the same.

In my case both bsd and linux IPv6-using VMs suffer from ndp "drops" where
it can take seconds for the discovery to figure the mac address out again
after a drop.

So if you can divine what the "real" v6 ip is of the default-gw, try
setting this hard in the conf or /etc/mygate and retry v6.


Den tors 6 aug. 2020 kl 14:46 skrev Matthias Schmidt :

> Hi,
>
> * kug1977 wrote:
> >
> > Is this something wrong configured on OpenBSD server or is this something
> > the provider has to check on the gateway side?
>
> I also have a VM at the exact same provider (netcup) and face
> the same problem.  Since all of my VMs at different providers are
> identical (base install + conf via ansible) and I don't see the issue at
> other providers (IONOS, Hetzner) I suspect it has nothing to do with
> OpenBSD...
>

-- 
May the most significant bit of your life be positive.

libxcb finding PID of window

2020-08-06 Thread ben 
Hello, misc;

I've been attempting to use OpenBSD libxcb to find the process ID of a window.
The function used to retrieve the PID is as follows:

pid_t
winpid(Window w)
{
pid_t result = 0;

xcb_res_client_id_spec_t spec = {0};
spec.client = w;
spec.mask = XCB_RES_CLIENT_ID_MASK_LOCAL_CLIENT_PID;

xcb_res_query_client_ids_cookie_t c = xcb_res_query_client_ids(xcon, 1, 
);
xcb_res_query_client_ids_reply_t *r = 
xcb_res_query_client_ids_reply(xcon, c, NULL);

if (!r)
return (pid_t)0;

xcb_res_client_id_value_iterator_t i = 
xcb_res_query_client_ids_ids_iterator(r);
for (; i.rem; xcb_res_client_id_value_next()) {
spec = i.data->spec;
if (spec.mask & XCB_RES_CLIENT_ID_MASK_LOCAL_CLIENT_PID) {
uint32_t *t = xcb_res_client_id_value_value(i.data);
result = *t;
break;
}
}

free(r);

if (result == (pid_t)-1)
result = 0;
return result;
}

The code compiles, however the function returns 0 as a result. I've checked
the value of i.rem; it's always 0. I've made sure that the XCB connection
(represented by xcon) exists.

Has anyone else encountered this error? Thank you in advance.

Ben Raskin.

libxcb finding winpid issues

2020-08-06 Thread Benjamin Raskin 
Hello, misc;

I've been attempting to use OpenBSD libxcb to find the process ID of a window.
The function used to retrieve the PID is as follows:

pid_t
winpid(Window w)
{
pid_t result = 0;

xcb_res_client_id_spec_t spec = {0};
spec.client = w;
spec.mask = XCB_RES_CLIENT_ID_MASK_LOCAL_CLIENT_PID;

xcb_res_query_client_ids_cookie_t c =
xcb_res_query_client_ids(xcon, 1, );
xcb_res_query_client_ids_reply_t *r =
xcb_res_query_client_ids_reply(xcon, c, NULL);

if (!r)
return (pid_t)0;

xcb_res_client_id_value_iterator_t i =
xcb_res_query_client_ids_ids_iterator(r);
for (; i.rem; xcb_res_client_id_value_next()) {
spec = i.data->spec;
if (spec.mask & XCB_RES_CLIENT_ID_MASK_LOCAL_CLIENT_PID) {
uint32_t *t = xcb_res_client_id_value_value(i.data);
result = *t;
break;
}
}

free(r);

if (result == (pid_t)-1)
result = 0;
return result;
}

The code compiles, however the function returns 0 as a result. I've checked
the value of i.rem; it's always 0. I've made sure that the XCB connection
(represented by xcon) exists.

Has anyone else encountered this error? Thank you in advance.

Ben Raskin.

Re: static IPv6 setup is not working stable

2020-08-06 Thread Matthias Schmidt 
Hi,

* kug1977 wrote:
> 
> Is this something wrong configured on OpenBSD server or is this something
> the provider has to check on the gateway side?

I also have a VM at the exact same provider (netcup) and face
the same problem.  Since all of my VMs at different providers are
identical (base install + conf via ansible) and I don't see the issue at
other providers (IONOS, Hetzner) I suspect it has nothing to do with
OpenBSD...

Cheers

Matthias

static IPv6 setup is not working stable

2020-08-06 Thread kug1977 
Hi @ all,

I have setup a virtual machine running OpenBSD 6.7 on a hosting
provider with public IPs on the machine. I’m not able to get IPv6
working stable which leads to the situation, that the server is not
usable with IPv6. And now I reached the end of my troubleshooting
skills and hope one of the OpenBSD community is able to help.

Sorry that this mail is so long, I tried to put in as much infor-
motion as possible.

The prefix assigned by the provider is 2a03:4000:24:82f::/64 with
gateway fe80::1. The machine's interface vio0 is configured with
static IPs:

ifconfig vio0
vio0: 
flags=e08843
 mtu 1500
lladdr d6:16:7b:a0:ce:63
description: svvbsd02.onedigitallife.net
index 1 priority 0 llprio 3
groups: _WAN_ egress
media: Ethernet autoselect
status: active
inet 185.233.106.251 netmask 0xfc00 broadcast 185.233.107.255
inet6 fe80::d416:7bff:fea0:ce63%vio0 prefixlen 64 scopeid 0x1
inet6 2a03:4000:24:82f:: prefixlen 64 anycast
inet6 2a03:4000:24:82f::1 prefixlen 128
inet6 2a03:40

cat /etc/hostname.vio0
inet185.233.106.251255.255.252.0 NONEdescription "WANv4"
inet6 alias 2a03:4000:24:82f:: 64anycast
inet6 alias 2a03:4000:24:82f::1128   description "WANv6"
inet6 alias 2a03:4000:24:82f::4500 128   description 
"gw2.onedigitallife.net"
inet6 alias 2a03:4000:24:82f::5353 128   description 
"ns2.onedigitallife.net"
inet6 alias 2a03:4000:24:82f::8022 128   description 
"svvbsd02.onedigitallife.net"
!ifconfig vio0 group _WAN_
!ifconfig vio0 inet6 -soii anycast autoconf
up

cat /etc/mygate
185.233.106.251
fe80::1%vio0

netstat -an -f inet6 -I vio0
NameMtu   Network Address  Ipkts IfailOpkts Ofail Colls
vio01500d6:16:7b:a0:ce:63  1991461 0   249640 0 0
vio01500  185.233.106 185.233.106.2511991461 0   249640 0 0
vio01500  fe80::%vio0 fe80::d416:7bff:f  1991461 0   249640 0 0
vio01500  2a03:4000:2 2a03:4000:24:82f:  1991461 0   249640 0 0
vio01500  2a03:4000:2 2a03:4000:24:82f:  1991461 0   249640 0 0
vio01500  2a03:4000:2 2a03:4000:24:82f:  1991461 0   249640 0 0
vio01500  2a03:4000:2 2a03:4000:24:82f:  1991461 0   249640 0 0
vio01500  2a03:4000:2 2a03:4000:24:82f:  1991461 0   249640 0 0

running ndp showing this:
ndp -an
Neighbor Linklayer Address   Netif ExpireS Flags
2a03:4000:3e:208::   9a:1f:7f:8a:f6:cfvio0 permanent R l
2a03:4000:3e:208::1  9a:1f:7f:8a:f6:cfvio0 permanent R l
2a03:4000:3e:208::4500   9a:1f:7f:8a:f6:cfvio0 permanent R l
2a03:4000:3e:208::5353   9a:1f:7f:8a:f6:cfvio0 permanent R l
2a03:4000:3e:208::8022   9a:1f:7f:8a:f6:cfvio0 permanent R l
fd91:24d4:fa4c:c4e3::1   9a:1f:7f:8a:f6:d0vio1 permanent R l
fe80::1%vio0 00:00:5e:00:02:02vio0 23h59m59s S R
fe80::22d8:b00:9dee:ff4%vio0 2c:6b:f5:a0:77:c0vio0 23h54m16s S R
fe80::22d8:b00:9dfa:424c%vio010:0e:7e:26:f1:c0vio0 23h55m45s S R
fe80::981f:7fff:fe8a:f6cf%vio0   9a:1f:7f:8a:f6:cfvio0 permanent R l
fe80::981f:7fff:fe8a:f6d0%vio1   9a:1f:7f:8a:f6:d0vio1 permanent R l

and seconds later it switches to

ndp -an
Neighbor Linklayer Address   Netif ExpireS Flags
2a03:4000:3e:208::   9a:1f:7f:8a:f6:cfvio0 permanent R l
2a03:4000:3e:208::1  9a:1f:7f:8a:f6:cfvio0 permanent R l
2a03:4000:3e:208::4500   9a:1f:7f:8a:f6:cfvio0 permanent R l
2a03:4000:3e:208::5353   9a:1f:7f:8a:f6:cfvio0 permanent R l
2a03:4000:3e:208::8022   9a:1f:7f:8a:f6:cfvio0 permanent R l
fd91:24d4:fa4c:c4e3::1   9a:1f:7f:8a:f6:d0vio1 permanent R l
fe80::1%vio0 00:00:5e:00:02:02vio0 43s   R R
fe80::22d8:b00:9dee:ff4%vio0 2c:6b:f5:a0:77:c0vio0 23h53m59s S R
fe80::22d8:b00:9dfa:424c%vio010:0e:7e:26:f1:c0vio0 23h55m28s S R
fe80::981f:7fff:fe8a:f6cf%vio0   9a:1f:7f:8a:f6:cfvio0 permanent R l
fe80::981f:7fff:fe8a:f6d0%vio1   9a:1f:7f:8a:f6:d0vio1 permanent R l

so fe80::1%vio0 has a really short lifetime. Might be the issue.



The machine can receive and send packages via IPv4 without an issue. IPv6
on the other side has a problem and  I cannot figure out what is wrong.
The machine is showing these behaviour with and without firewall enabled,
so  I’m under the impression, pf rules are ok and are firewall is not the
problem.

Starting the VM   or   connecting to it after a day is showing the same
issue. Checking the connection to the public  IPv6 addresses configured
showing 100% ping pks are lost, the services on that IPv6’s are not
reachable. Using the IPv6 addresses configured