On Fri, 9 Sep 2022, Russell Senior wrote:
I'm seeing bizarre behavior: host A initiates an ssh -6 to host B; host B
is a qemu-kvm guest of a kvm host, C. Tcpdump (on the initiating host A
shows A -> B TCP SYN packet, and a B -> A TCP SYN-ACK reply, but host A
apparently doesn't recognize it as valid (although, in wireshark they look
reasonable to an eyeball), because the connect syscall never returns (until
it times out), and the A -> B ACK handshake is never sent. Works fine for
ssh -4. If A and C are the same host, I see the same behavior. Another
wrinkle: if A is also a kvm guest of C, I don't see the SYN-ACK, just the
SYN. The kvm clients are connected via a network bridge on C, e.g. "brctl
show" sees N+1 real ethernet interfaces eth0, ... ethN, and the M+1
virtual interfaces associated with the kvm guests: vnet0 ... vnetM. There
are no netfilter rules to be seen on any of the hosts involved.
Oh, and A can ping6 B, and vice versa, just fine. I'm only seeing this
weirdness with TCP.
Anybody have any thoughts? This is violating my expectations.
That is weird. Weirder still is the fact that I can duplicate those
symptoms on my Mac that's hosting a Linux VM using the UTM hypervisor.
ssh -6 fails but ping6 succeeds.
--
Paul Heinlein
[email protected]
45°22'48" N, 122°35'36" W
