Re: kern/52554: IPv6 connections not routing to default gateway

[Ryota Ozaki <ozaki-r%netbsd.org@localhost>]

The following reply was made to PR bin/52554; it has been noted by GNATS.

From: Ryota Ozaki <ozaki-r%netbsd.org@localhost>
To: "gnats-bugs%NetBSD.org@localhost" <gnats-bugs%netbsd.org@localhost>
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/52554: IPv6 connections not routing to default gateway
Date: Fri, 6 Oct 2017 18:46:58 +0900

 On Tue, Sep 19, 2017 at 4:20 AM,  <rcbixler%nyx.net@localhost> wrote:
 >>Number:         52554
 >>Category:       kern
 >>Synopsis:       IPv6 connections not routing to default gateway
 >>Confidential:   no
 >>Severity:       serious
 >>Priority:       medium
 >>Responsible:    kern-bug-people
 >>State:          open
 >>Class:          sw-bug
 >>Submitter-Id:   net
 >>Arrival-Date:   Mon Sep 18 19:20:00 +0000 2017
 >>Originator:     Roy Bixler
 >>Release:        8.99.2
 >>Organization:
 >>Environment:
 > NetBSD localhost 8.99.2 NetBSD 8.99.2 (GENERIC) #0: Mon Sep 18 17:56:40 U=
 TC 2017  root@localhost:/usr/src/sys/arch/amd64/compile/obj/GENERIC amd64
 >>Description:
 > Problem system has IP addresses assigned via DHCP.  IPv4 works as expecte=
 d, but IPv6 connections to hosts outside the LAN hang.  The IPv6 address is=
  assigned as expected from DHCP and the routing table looks fine as well.  =
 The test system is in a QEMU KVM and I've verified that other operating sys=
 tems (Debian and Gentoo Linux, NetBSD 7.1) don't have the IPv6 routing prob=
 lem.  The issue only occurs when the guest OS is NetBSD-current or NetBSD-8=
 .
 >
 > My test connection was to do a command like the following:
 >
 > $ telnet netbsd.org www
 > Trying 2001:470:a085:999::80...
 >
 > and see whether it hangs.  When I do a "tcpdump" command on an affected s=
 ystem, I only see the outbound connection:
 >
 > 17:30:28.031786 IP6 2620:105:c000:3:60da:5ed:9c53:69cf.65531 > 2001:470:a=
 085:999::80.http: Flags [S], seq 3456172076, win 32768, options [mss 1440,n=
 op,wscale 3,sackOK,TS val 1 ecr 0], length 0
 > 1
 >
 > There are no neighbor solicitations.  I do see router advertisements sepa=
 rately.  To compare, I did a "tcpdump" on a good configuration, like NetBSD=
  7.1, and I see a neighbor solicitation and then an advertisement in respon=
 se before the outbound connection:
 >
 > 17:36:30.890177 IP6 2620:105:c000:3:9ae2:df9b:70eb:1894 > ff02::1:ffda:2d=
 f3: ICMP6, neighbor solicitation, who has fe80::ec4:7aff:feda:2df3, length =
 32
 > 17:36:30.890609 IP6 fe80::ec4:7aff:feda:2df3 > 2620:105:c000:3:9ae2:df9b:=
 70eb:1894: ICMP6, neighbor advertisement, tgt is fe80::ec4:7aff:feda:2df3, =
 length 32
 > 17:36:30.890744 IP6 2620:105:c000:3:9ae2:df9b:70eb:1894.65535 > 2001:470:=
 a085:999::80.http: Flags [S], seq 3981027458, win 32768, options [mss 1440,=
 nop,wscale 3,sackOK,nop,nop,nop,nop,TS val 1 ecr 0], length 0
 >
 > I decided to try the following change (on a slightly older version of Net=
 BSD-current):
 >
 > net.inet6.icmp6.nd6_useloopback=3D0
 
 BTW the option is broken even in netbsd-7; setting 0 to it prevents
 ping6 from working (an NS packet is sent but an incoming NA isn't
 handled well).
 
 If nobody wants to keep the option, I think we should turn the option alway=
 s on
 and get rid of it. There is no benefit to fix and maintain a unused functio=
 n.
 
   ozaki-r