Re: weird IPv6 packet dropping with 6to4

[Taylor R Campbell <campbell%mumble.net@localhost>]

I hope I am not raising too much of a zombie by reviving this thread,
but I finally have time to work on this problem again, which, alas,
has not gone away by its own volition.

   Date: Sun, 6 Sep 2009 00:39:38 +0100
   From: Matthias Scheler <tron%zhadum.org.uk@localhost>

   So it looks like it is neither an MTU nor an MSS issues.

   Does "tcpdump -i pflog0" report any drop packets?

Yes.  I did a little more experimentation tonight, and observed a lot
of dropped packets on pflog, mostly SYN/ACK packets in IPv6 on the
stf0 interface.  I couldn't figure out why they were not being passed
by the rule

pass quick on stf0 inet6,

so I tried preceding the `block log all' rule by

pass quick log all,

and testing again.  And the same packets got dropped!  However, if I
comment out `block log all', then the packets get through.  I thought
that the `quick' keyword meant `don't look at the remaining rules', so
that putting `pass quick log all' before `block log all' would cause
every packet to be passed -- yet somehow, some packets are still being
blocked (and recorded to pflog as being blocked by rule 1, which is
the `block log all' rule).  My only remaining guess is that pf's state
may be interfering with my tests, but perhaps there is something about
my setup which I just don't understand (about which see the message
<http://mail-index.NetBSD.org/netbsd-users/2009/09/04/msg004468.html>;
all that has changed is my public IPv4 address).

Let me know if you'd like some packet dumps, or anything else I could
observe.