Re: "/bsd: cannot forward" ip6 traffic messages

2022-12-31 Thread Landy, Brian 
Hi Gábor,

Yes, these are ULA addresses I’ve assigned, each interface has a /64 
(fd58:6af3:2ff6:aa::1/64 and fd58:6af3:2ff6:c8::1/64).  Those two host 
addresses, however, have not changed.  They are still active as I write this.  
I believe Apple only assigns temporary addresses for globally routable prefixes.

I should have mentioned that these are not one-off messages.  For example, 
these two hosts generated this message 36 times over a ~45 minute period 
yesterday.  While that was happening I could see that both hosts are active.  
Traffic would pass and occasionally generate these messages.

Thanks,
Brian

> On Dec 31, 2022, at 5:45 AM, Gábor LENCSE  wrote:
> 
> Hi Brian,
> 
> I am not familiar with Apple devices, but I am familiar with IPv6.
> 
> The IPv6 addresses in your log file have the fc00::/7 prefix, that is, they 
> are from the RFC4193 "unique local unicast" range: 
> https://datatracker.ietf.org/doc/html/rfc4193#section-3.1
> The L bit is 1, the next pseudorandom 40 bits are: 58:6af3:2ff, and the two 
> networks are distinguished by the next 16bits: 00aa and 00c0.
> 
> Does the last 64 bits change over time?
> 
> If yes, then my hypothesis is that perhaps the devices use RFC 8981 temporary 
> IPv6 addresses in an uncoordinated way: they just generate a new address and 
> stop using the old one, whereas the other party still tries to use the old 
> one.
> 
> Best regards,
> 
> Gábor
> 
> 12/31/2022 6:50 AM keltezéssel, Landy, Brian írta:
>> I’m seeing messages like these frequently in /var/log/messages:
>> 
>>  /bsd: cannot forward from fd58:6af3:2ff6:aa:895:e4a:8bf9:5759 to
>>  fd58:6af3:2ff6:c8:97:5360:bd73:6a88 nxt 17 received on interface 9
>> 
>> The two hosts are on separate networks (one is the lan, the other a
>> vlan).  I’ve tracked it down to traffic on udp port 3722 between
>> Apple devices; the messages stop if I block traffic on that port.
>> When unblocked, I can see the traffic is passed successfully by using
>> tcpdump on both vlans. Maybe some packets are occsionally dropped?
>> 
>> I’m wondering if anyone knows why this message is logged, and if there
>> is anything I can tune with sysctl or pf to prevent it.  I’m on 7.2
>> with the latest patches.
>> 
>> Thanks,
>> Brian
>> 
>

"/bsd: cannot forward" ip6 traffic messages

2022-12-30 Thread Landy, Brian 
I’m seeing messages like these frequently in /var/log/messages:

  /bsd: cannot forward from fd58:6af3:2ff6:aa:895:e4a:8bf9:5759 to
  fd58:6af3:2ff6:c8:97:5360:bd73:6a88 nxt 17 received on interface 9

The two hosts are on separate networks (one is the lan, the other a
vlan).  I’ve tracked it down to traffic on udp port 3722 between
Apple devices; the messages stop if I block traffic on that port.
When unblocked, I can see the traffic is passed successfully by using
tcpdump on both vlans. Maybe some packets are occsionally dropped?

I’m wondering if anyone knows why this message is logged, and if there
is anything I can tune with sysctl or pf to prevent it.  I’m on 7.2
with the latest patches.

Thanks,
Brian