Saturday, December 31, 2022

Re: "/bsd: cannot forward" ip6 traffic messages

Hi Brian,

I am not familiar with Apple devices, but I am familiar with IPv6.

The IPv6 addresses in your log file have the fc00::/7 prefix, that is,
they are from the RFC4193 "unique local unicast" range:
https://datatracker.ietf.org/doc/html/rfc4193#section-3.1
The L bit is 1, the next pseudorandom 40 bits are: 58:6af3:2ff, and the
two networks are distinguished by the next 16bits: 00aa and 00c0.

Does the last 64 bits change over time?

If yes, then my hypothesis is that perhaps the devices use RFC 8981
temporary IPv6 addresses in an uncoordinated way: they just generate a
new address and stop using the old one, whereas the other party still
tries to use the old one.

Best regards,

Gábor

12/31/2022 6:50 AM keltezéssel, Landy, Brian írta:
> I'm seeing messages like these frequently in /var/log/messages:
>
> /bsd: cannot forward from fd58:6af3:2ff6:aa:895:e4a:8bf9:5759 to
> fd58:6af3:2ff6:c8:97:5360:bd73:6a88 nxt 17 received on interface 9
>
> The two hosts are on separate networks (one is the lan, the other a
> vlan). I've tracked it down to traffic on udp port 3722 between
> Apple devices; the messages stop if I block traffic on that port.
> When unblocked, I can see the traffic is passed successfully by using
> tcpdump on both vlans. Maybe some packets are occsionally dropped?
>
> I'm wondering if anyone knows why this message is logged, and if there
> is anything I can tune with sysctl or pf to prevent it. I'm on 7.2
> with the latest patches.
>
> Thanks,
> Brian
>

No comments:

Post a Comment