kern/60191: npf: map dynamic to localhost works for v4 but not for v6

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/60191: npf: map dynamic to localhost works for v4 but not for v6
From: "campbell+netbsd%mumble.net@localhost via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Mon, 13 Apr 2026 16:15:00 +0000 (UTC)

>Number:         60191
>Category:       kern
>Synopsis:       npf: map dynamic to localhost works for v4 but not for v6
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 13 16:15:00 +0000 2026
>Originator:     Taylor R Campbell
>Release:        current, 11, 10, 9, ...
>Organization:
The NetBSDv6 Forwarding
>Environment:
>Description:

	With npf, a dynamic inbound NAT mapping of

	map $if dynamic proto tcp 127.0.0.1 port 8000 <- $v4 port 80

	works, but

	map $if dynamic proto tcp ::1 port 8000 <- $v6 port 80

	does not -- the packets arrive but don't seem to go anywhere.

>How-To-Repeat:

	Host has a public IPv4 address and a public IPv6 address.

	httpd listens on 127.0.0.1:8000 and [::1]:8000, as confirmed by
	sockstat:

	# sockstat -n | grep 'httpd.*tcp'
	1001     httpd      4024   3 tcp    127.0.0.1.8000        *.*
	1001     httpd      4024   4 tcp6   ::1.8000              *.*
	1001     httpd      5965   3 tcp    127.0.0.1.8000        *.*
	1001     httpd      5965   4 tcp6   ::1.8000              *.*
	1001     httpd      12899  3 tcp    127.0.0.1.8000        *.*
	1001     httpd      12899  4 tcp6   ::1.8000              *.*
	1001     httpd      21211  3 tcp    127.0.0.1.8000        *.*
	1001     httpd      21211  4 tcp6   ::1.8000              *.*

	Complete npf.conf:

$primary_if = "xennet0"

$primary_addrs = ifaddrs($primary_if)
$primary_v4 = { inet4($primary_if) }
$primary_v6 = { inet6($primary_if) }

procedure "log" {
	log: npflog0
}

map $primary_if dynamic proto tcp 127.0.0.1 port 8000 <- $primary_v4 port 80
map $primary_if dynamic proto tcp ::1 port 8000 <- $primary_v6 port 80

group default {
	pass final on lo0 all
	pass final on $primary_if all
	block all apply "log"
}

	Querying the public address over IPv4 on port 80 works:

	$ curl -4 --head 'http://...'
	HTTP/1.1 200 ...

	But querying the public address over IPv6 on port 80 just hangs:

	$ curl -6 --head 'http://...'

	`tcpdump -i lo0 -s 0 -vvv -n tcp port 8000 or tcp port 80'
	produces no output in either case.

	`tcpdump -i xennet0 -s 0 -vvv -n tcp port 8000 or tcp port 80'
	in the IPv4 case shows the whole conversation as expected.

	`tcpdump -i xennet0 -s 0 -vvv -n tcp port 8000 or tcp port 80'
	in the IPv6 case shows incoming TCP SYN packets and nothing
	else.

>Fix:

	Yes, please!

Prev by Date: Re: kern/60189: physio() is unnecessarily brittle
Previous by Thread: kern/60189: physio() is unnecessarily brittle
Indexes:

Home | Main Index | Thread Index | Old Index