Re: NPF, bridge and IPv6

To: netbsd-users%netbsd.org@localhost
Subject: Re: NPF, bridge and IPv6
From: Frédéric Fauberteau <triaxx%NetBSD.org@localhost>
Date: Thu, 19 Sep 2019 08:49:56 +0200

When I inspect the log, it seems there is a packet exchange between mydomU and the remote host:

dom0# tcpdump -i wm0 port 993

tcpdump: verbose output suppressed, use -v or -vv for full protocoldecode

listening on wm0, link-type EN10MB (Ethernet), capture size 262144 bytes

06:28:55.424438 IP6 2001:bc8:3807:1300:216:3eff:fe00:1e1a.64751 >2a01:e35:8b4a:9540:7271:bcff:fe94:3759.imaps: Flags [S], seq 3495055816,win 32768, options [mss 1440,nop,wscale 3,sackOK,TS val 1 ecr 0], length006:28:55.446971 IP6 2a01:e35:8b4a:9540:7271:bcff:fe94:3759.imaps >2001:bc8:3807:1300:216:3eff:fe00:1e1a.64751: Flags [S.], seq 1981280663,ack 3495055817, win 32768, options [mss 1420,nop,wscale 3,nop,nop,TS val1 ecr 1,sackOK,nop,nop], length 006:28:58.442775 IP6 2a01:e35:8b4a:9540:7271:bcff:fe94:3759.imaps >2001:bc8:3807:1300:216:3eff:fe00:1e1a.64751: Flags [S.], seq 1981280663,ack 3495055817, win 32768, options [mss 1420,nop,wscale 3,nop,nop,TS val7 ecr 1,sackOK,nop,nop], length 006:29:01.423904 IP6 2001:bc8:3807:1300:216:3eff:fe00:1e1a.64751 >2a01:e35:8b4a:9540:7271:bcff:fe94:3759.imaps: Flags [S], seq 3495055816,win 32768, options [mss 1440,nop,wscale 3,sackOK,TS val 13 ecr 0],length 006:29:01.446881 IP6 2a01:e35:8b4a:9540:7271:bcff:fe94:3759.imaps >2001:bc8:3807:1300:216:3eff:fe00:1e1a.64751: Flags [S.], seq 1981280663,ack 3495055817, win 32768, options [mss 1420,nop,wscale 3,nop,nop,TS val13 ecr 13,sackOK,nop,nop], length 006:29:04.446380 IP6 2a01:e35:8b4a:9540:7271:bcff:fe94:3759.imaps >2001:bc8:3807:1300:216:3eff:fe00:1e1a.64751: Flags [S.], seq 1981280663,ack 3495055817, win 32768, options [mss 1420,nop,wscale 3,nop,nop,TS val19 ecr 13,sackOK,nop,nop], length 0


But the connection is not established with telnet.

Even if I add the following rules:
%   pass in final family inet6 proto tcp from any port 993
%   pass out final family inet6 proto tcp to any port 993
telnet cannot connect.

The only way to connect from domU is to disable NPF.

Follow-Ups:
- Re: NPF, bridge and IPv6
  - From: Frédéric Fauberteau

References:
- NPF, bridge and IPv6
  - From: triaxx

Prev by Date: Re: uefi and i915drm
Next by Date: Installing 9.0_BETA on GPT disk
Previous by Thread: NPF, bridge and IPv6
Next by Thread: Re: NPF, bridge and IPv6
Indexes:

Home | Main Index | Thread Index | Old Index