Re: Ipfiler on ip.6to4tun0 interfaces? (Solaris)
This is a discussion on Re: Ipfiler on ip.6to4tun0 interfaces? (Solaris) within the IPFilter forums, part of the System Security and Security Related category; On Wed, 10 May 2006, Darren Reed wrote: > > On Wed, 10 May 2006, Darren Reed wrote: > > &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-10-2006
|
|||
|
|||
Re: Ipfiler on ip.6to4tun0 interfaces? (Solaris)
On Wed, 10 May 2006, Darren Reed wrote:
> > On Wed, 10 May 2006, Darren Reed wrote: > > > > # ndd -get /dev/pfil qif_status > > ifname ill q OTHERQ ipmp num sap hl nr nw bad copy copyfail drop notip nodata notdata > > ip.6to4tun.pfil0 0xf6147324 0xf6329a18 0xf6329a9c 0x0 13 86dd 0 0 0 0 0 0 0 0 0 0 > .. > > # ifconfig ip.6to4tun.pfil0 inet6 > > ip.6to4tun.pfil0: flags=2200041<UP,RUNNING,NONUD,IPv6> mtu 1480 index 8 > > inet tunnel src 81.216.104.103 > > tunnel hop limit 60 > > inet6 fe80::32:0:10/10 > > # ndd -get /dev/pfil qif_status | egrep 6to4tun > > ip.6to4tun.pfil0 0xf6348dac 0xf6082000 0xf6082084 0x0 13 86dd 0 0 0 0 0 0 0 0 0 0 > > # ping -ns fe80::32:0:10:1 > > PING fe80::32:0:10:1 (fe80::32:0:10:1): 56 data bytes > > ^C > > ----fe80::32:0:10:1 PING Statistics---- > > 6 packets transmitted, 0 packets received, 100% packet loss > > ip.6to4tun.pfil0 0xf6348dac 0xf6082000 0xf6082084 0x0 13 86dd 52 0 6 0 0 0 0 0 0 0 > > > > > > Ie, "nw" increases for each PING packet I try to send. > > That makes sense. > Are there any counters in "ipfstat" or "netstat -s" output that > increase in step with the "nw" column? It's kind of hard to separate normal traffic (running over the normal ethernets) but I think the following ones atleast seem to be in "sync" with 6 ping packets I just tried sending: # diff netstat.before netstat.after .... < rawipInCksumErrs = 0 rawipOutDatagrams = 377 --- > rawipInCksumErrs = 0 rawipOutDatagrams = 383 .... < icmp6OutMsgs = 1425 icmp6OutErrors = 0 < icmp6OutDestUnreachs= 981 icmp6OutAdminProhibs= 0 --- > icmp6OutMsgs = 1432 icmp6OutErrors = 0 > icmp6OutDestUnreachs= 982 icmp6OutAdminProhibs= 0 .... < icmp6OutPktTooBigs = 0 icmp6OutEchos = 22 --- > icmp6OutPktTooBigs = 0 icmp6OutEchos = 28 I don't see anything directly relevant in the output from "ipfstat" though: # diff ipfstat.before ipfstat.after < IPv6 packets: in 0 out 4641 < input packets: blocked 7038 passed 92817 nomatch 0 counted 0 short 0 < output packets: blocked 215 passed 95243 nomatch 666 counted 0 short 0 --- > IPv6 packets: in 0 out 4643 > input packets: blocked 7038 passed 93459 nomatch 0 counted 0 short 0 > output packets: blocked 215 passed 95794 nomatch 666 counted 0 short 0 Output from ndd: # diff ndd.before ndd.after|egrep tun < ip.6to4tun.pfil0 0xf6348dac 0xf6082000 0xf6082084 0x0 13 86dd 0 0 18 0 0 0 0 4 0 0 > ip.6to4tun.pfil0 0xf6348dac 0xf6082000 0xf6082084 0x0 13 86dd 0 0 24 0 0 0 0 4 0 0 > > I also got this kernel warning: > > > > May 9 22:23:57 bose tun: tun_wdata_v6: ip.6to4tun0 (inet6) tun: invalid IPv6 src (fe80::32:0:10) > > Do you get that if IPFilter/pfil isn't part of the equation? Dunno... Will check. But I assume it might be due to the fact that the tunnel isn't "running" so it can't really route the traffic anywhere. (Wild guess) -- Peter Eriksson <peter@grebo.net> 
|
Linear Mode
