|
ICMPv6 echo reply dropped by kernel
![[de]](/s/countries/de.gif) Shadow Hawkins on Wednesday, 07 December 2011 19:49:30
Hi,
My tunnel (T83582, 2a01:1e8:e100:1b::2) is up and running but the kernel drops echo reply messages sent by my host in response to the echo request from the tunnel endpoint 2a01:1e8:e100:1b::1. I am using a Linksys WRT54GL router with Openwrt Backfire (10.03.1-RC6, r28680), kernel 2.6.32.27. The firewall is switched off to allow all incoming and outgoing traffic.
# tcpdump -vv -i ayiya0
19:37:52.694869 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 988) 2a01:1e8:e100:1b::1 > 2a01:1e8:e100:1b::2: [icmp6 sum ok] ICMP6, echo request, length 988, seq 8168
19:38:57.697333 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 988) 2a01:1e8:e100:1b::1 > 2a01:1e8:e100:1b::2: [icmp6 sum ok] ICMP6, echo request, length 988, seq 8169
19:40:02.698859 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 988) 2a01:1e8:e100:1b::1 > 2a01:1e8:e100:1b::2: [icmp6 sum ok] ICMP6, echo request, length 988, seq 8170
3 packets captured
6 packets received by filter
3 packets dropped by kernel
My tunnel configuration:
# cat aiccu-cfg024fa5.conf
username APX7-SIXXS
password xxx
server tic.sixxs.net
protocol tic
ipv6_interface ayiya0
tunnel_id T83582
daemonize true
pidfile /var/run/aiccu-cfg024fa5.pid
In the current state I guess I will never get credits for a subnet as the tunnel does not receive my replies and assumes the tunnel is down.
Thank you very much for your help in advance.
Regards,
Alexander
ICMPv6 echo reply dropped by kernel
the kernel drops echo reply messages sent by my host in response to the echo request from the tunnel endpoint 2a01:1e8:e100:1b::1.
How did you determine this?
The firewall is switched off to allow all incoming and outgoing traffic.
Which "firewall"? iptables, ip6tables or both? and how are these 'switched off'?
# tcpdump -vv -i ayiya0 19:37:52.694869 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 988) 2a01:1e8:e100:1b::1 > 2a01:1e8:e100:1b::2: [icmp6 sum ok] ICMP6, echo request, length 988, seq 8168
That is the PoP pinging you, nothing much to see there IMHO.
In the current state I guess I will never get credits for a subnet as the tunnel does not receive my replies and assumes the tunnel is down.
As your tunnel is on deleo01 you already have a /64 routed subnet, see your user home.
As for the non-pinging, well, that is on your side of the tunnel and thus something you'll need to resolve.
See the FAQ and of course the "Reporting Problems" checklist for things that you should look at and should list here in the forums if you want to receive help.
ICMPv6 echo reply dropped by kernel
Shadow Hawkins on Wednesday, 07 December 2011 21:57:55
Hi,
How did you determine this?
It was my assumption as the number of dropped packets the kernel equals the number of expected echo reply packages.
Which "firewall"? iptables, ip6tables or both? and how are these 'switched off'?
Only iptables installed and switched off means "/etc/init.d/firewall stop" to remove all zones and rules.
That is the PoP pinging you, nothing much to see there IMHO.
Exactly. I was worried that the PoP does not receive an echo reply message in return of the echo request. I tried again with
# tcpdump -i ayiya0 -n -s 1500
tcpdump: WARNING: ayiya0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ayiya0, link-type RAW (Raw IP), capture size 1500 bytes
21:38:07.763066 IP6 2a01:1e8:e100:1b::1 > 2a01:1e8:e100:1b::2: ICMP6, echo request, seq 8279, length 988
21:38:07.763401 IP6 2a01:1e8:e100:1b::2 > 2a01:1e8:e100:1b::1: ICMP6, echo reply, seq 8279, length 988
21:39:12.764852 IP6 2a01:1e8:e100:1b::1 > 2a01:1e8:e100:1b::2: ICMP6, echo request, seq 8280, length 988
21:39:12.765183 IP6 2a01:1e8:e100:1b::2 > 2a01:1e8:e100:1b::1: ICMP6, echo reply, seq 8280, length 988
21:40:17.767255 IP6 2a01:1e8:e100:1b::1 > 2a01:1e8:e100:1b::2: ICMP6, echo request, seq 8281, length 988
21:40:17.767574 IP6 2a01:1e8:e100:1b::2 > 2a01:1e8:e100:1b::1: ICMP6, echo reply, seq 8281, length 988
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
and now the echo replies are there. Problem solved or never existed in the first place!
As your tunnel is on deleo01 you already have a /64 routed subnet, see your user home.
Thanks nice so I don't need to wait any longer. I haven't actively requested this subnet though as I don't have the minimum credits yet.
Regards,
Alexander
ICMPv6 echo reply dropped by kernel
It was my assumption as the number of dropped packets the kernel equals the number of expected echo reply packages.
Dropped packets seen where? You mean the tcpdump? As that is totally irrelevant to what the kernel actually does, it just shows that pcap indicates that it was unable to capture that packet.
Only iptables installed and switched off means "/etc/init.d/firewall stop" to remove all zones and rules.
And the default is ACCEPT hopefully? Note that iptables controls IPv4, as such the tunnel in which your IPv6 get stuffed. ip6tables controls IPv6, as such, the IPv6 packets.
Both need to be correct, otherwise you filter out packets.
Thanks nice so I don't need to wait any longer. I haven't actively requested this subnet though as I don't have the minimum credits yet.
The /64 routed subnet is a default one and always there on v4 PoPs.
|
![[ch]](/s/countries/ch.gif)
on Wednesday, 07 December 2011 20:01:25
Posting is only allowed when you are