[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: "/bsd: cannot forward" ip6 traffic messages
From:       "Landy, Brian" <landy () alumni ! caltech ! edu>
Date:       2022-12-31 16:42:29
Message-ID: F40402CF-017C-4720-8B1C-8EDF0FD58324 () alumni ! caltech ! edu
[Download RAW message or body]

Hi Gábor,

Yes, these are ULA addresses I've assigned, each interface has a /64 \
(fd58:6af3:2ff6:aa::1/64 and fd58:6af3:2ff6:c8::1/64).  Those two host addresses, \
however, have not changed.  They are still active as I write this.  I believe Apple \
only assigns temporary addresses for globally routable prefixes.

I should have mentioned that these are not one-off messages.  For example, these two \
hosts generated this message 36 times over a ~45 minute period yesterday.  While that \
was happening I could see that both hosts are active.  Traffic would pass and \
occasionally generate these messages.

Thanks,
Brian

> On Dec 31, 2022, at 5:45 AM, Gábor LENCSE <lencse@hit.bme.hu> wrote:
> 
> Hi Brian,
> 
> I am not familiar with Apple devices, but I am familiar with IPv6.
> 
> The IPv6 addresses in your log file have the fc00::/7 prefix, that is, they are \
> from the RFC4193 "unique local unicast" range: \
> https://datatracker.ietf.org/doc/html/rfc4193#section-3.1 The L bit is 1, the next \
> pseudorandom 40 bits are: 58:6af3:2ff, and the two networks are distinguished by \
> the next 16bits: 00aa and 00c0. 
> Does the last 64 bits change over time?
> 
> If yes, then my hypothesis is that perhaps the devices use RFC 8981 temporary IPv6 \
> addresses in an uncoordinated way: they just generate a new address and stop using \
> the old one, whereas the other party still tries to use the old one. 
> Best regards,
> 
> Gábor
> 
> 12/31/2022 6:50 AM keltezéssel, Landy, Brian írta:
> > I'm seeing messages like these frequently in /var/log/messages:
> > 
> > /bsd: cannot forward from fd58:6af3:2ff6:aa:895:e4a:8bf9:5759 to
> > fd58:6af3:2ff6:c8:97:5360:bd73:6a88 nxt 17 received on interface 9
> > 
> > The two hosts are on separate networks (one is the lan, the other a
> > vlan).  I've tracked it down to traffic on udp port 3722 between
> > Apple devices; the messages stop if I block traffic on that port.
> > When unblocked, I can see the traffic is passed successfully by using
> > tcpdump on both vlans. Maybe some packets are occsionally dropped?
> > 
> > I'm wondering if anyone knows why this message is logged, and if there
> > is anything I can tune with sysctl or pf to prevent it.  I'm on 7.2
> > with the latest patches.
> > 
> > Thanks,
> > Brian
> > 
> 


[prev in list] [next in list] [prev in thread] [next in thread]