Saturday, December 31, 2022

Re: "/bsd: cannot forward" ip6 traffic messages

Hi Gábor,

Yes, these are ULA addresses I've assigned, each interface has a /64 (fd58:6af3:2ff6:aa::1/64 and fd58:6af3:2ff6:c8::1/64). Those two host addresses, however, have not changed. They are still active as I write this. I believe Apple only assigns temporary addresses for globally routable prefixes.

I should have mentioned that these are not one-off messages. For example, these two hosts generated this message 36 times over a ~45 minute period yesterday. While that was happening I could see that both hosts are active. Traffic would pass and occasionally generate these messages.

Thanks,
Brian

> On Dec 31, 2022, at 5:45 AM, Gábor LENCSE <lencse@hit.bme.hu> wrote:
>
> Hi Brian,
>
> I am not familiar with Apple devices, but I am familiar with IPv6.
>
> The IPv6 addresses in your log file have the fc00::/7 prefix, that is, they are from the RFC4193 "unique local unicast" range: https://datatracker.ietf.org/doc/html/rfc4193#section-3.1
> The L bit is 1, the next pseudorandom 40 bits are: 58:6af3:2ff, and the two networks are distinguished by the next 16bits: 00aa and 00c0.
>
> Does the last 64 bits change over time?
>
> If yes, then my hypothesis is that perhaps the devices use RFC 8981 temporary IPv6 addresses in an uncoordinated way: they just generate a new address and stop using the old one, whereas the other party still tries to use the old one.
>
> Best regards,
>
> Gábor
>
> 12/31/2022 6:50 AM keltezéssel, Landy, Brian írta:
>> I'm seeing messages like these frequently in /var/log/messages:
>>
>> /bsd: cannot forward from fd58:6af3:2ff6:aa:895:e4a:8bf9:5759 to
>> fd58:6af3:2ff6:c8:97:5360:bd73:6a88 nxt 17 received on interface 9
>>
>> The two hosts are on separate networks (one is the lan, the other a
>> vlan). I've tracked it down to traffic on udp port 3722 between
>> Apple devices; the messages stop if I block traffic on that port.
>> When unblocked, I can see the traffic is passed successfully by using
>> tcpdump on both vlans. Maybe some packets are occsionally dropped?
>>
>> I'm wondering if anyone knows why this message is logged, and if there
>> is anything I can tune with sysctl or pf to prevent it. I'm on 7.2
>> with the latest patches.
>>
>> Thanks,
>> Brian
>>
>

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)