Roy Marples <roy%marples.name@localhost> writes: > It claims it's a IPv6 router with the address fe80::1 but with no > prefix information. Do you mean it is sending RAs? That seems odd. I wonder if we should be rejecting them, but we'd have to read the specs. > Interestingly enough it is serving DNS and DHCP on v6 as well. Can you explain more precisely? > Anyway, the problem is that because it's added a default route, various > programs will try IPv6 first. For each address tried, the router issues > an ICMPv6 unreachable message of code 0. This is displayed with ping -v > as well, so it is hitting userland. However, applications are ignoring > it. My simple test case is wget (available in pkgsrc). Three thoughts about what might be going on: I am unclear on codes in ICMPv6; it could be that 0 is irregular and getting filtered out by us, even though maybe it shouldn't be. It seems that the proper response of TCP to net/host unreachable is arguable. In the case you mention, it's best to abort, but a transient unreachable situation on a TCP connection shouldn't kill the connection. It strikes me as odd that without a public address TCP is being tried. Does your interface have any global addresses, or just the LL one? If the router is handing out global addresses which don't work, it's a much harder question about doing per-protocol black-hole detection (leading down the path to happy eyeballs).
Attachment:
pgp5h6qBNvMz8.pgp
Description: PGP signature