Re: Regression with jails/IPv6/pf

On 7/26/2012 2:45 PM, Matthew Seaman wrote:
> So, I tried to do a routine update to the latest stable/9 yesterday
> (r238771), and I found that access to the jail on my server had stopped
> working.  Everything else seemed to be fine, and reverting to the
> previous system (r237456 from 2012-06-22 (Boot Environments FTW)) bought
> it all back to life.
>
> After spending most of today bisecting versions and compiling kernels,
> I found:
>
>      r238177 worked absolutely fine
>
>      r238236 accessing the jail worked, but everything was slow, as if
>              DNS queries were timing out.
>
>      r238246 lots of network timeouts everywhere: accessing the jail
>              failed, but then so did accessing the main host.  So much
>              so that svn couldn't update properly.
>
>      r238256 worked fine for accessing the main host, but failed when
>              trying to access the jail.
>
> Looks like this seems to have been introduced in a batch of commits
> MFC'd by bz@ (CC'd) around then.
>
> Now, this jail is set up in an unusual way, which is why I guess I'm the
> first person to be affected.  For starters, it only has IPv6
> connectivity, and secondly, because I'm running some daemons there I
> don't want listening on an external network socket, it's bound to the
> loopback and I use firewall redirection to send traffic to it.

Sounds like what I hit and filed kern/170070 on -- basically a host not 
being able to talk to itself on IPv6, except on the ::1 address.

Workaround: ifconfig lo0 -txcsum6 -rxcsum6

or in /etc/rc.conf:

ifconfig_lo0="inet 127.0.0.1/8 -txcsum6 -rxcsum6"

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"