pfSense

Jim Pingle wrote:

Can you test this on a 2.4.4 snapshot? The base OS has been upgraded there, and most likely the behavior will be different.

Yup, I was able to repro on july 3rd 2.4.4 snapshot after removing my workaround.

When I do a "tcpdump -pni cpsw0 icmp6" I get nothing, when I do "tcpdump -ni cpsw0 icmp6" I see comcast's RAs every 4 seconds.

no such issue on pfSense 2.5.0.a.20200205.1753

pfSense 2.4.4-p3 on SG-3100 as DHCP6/RA server
SG-1000 cpsw0 interface can get IPv6 address via DHCP6/SLAAC without 'promisc' option

Viktor Gurov wrote:

no such issue on pfSense 2.5.0.a.20200205.1753

pfSense 2.4.4-p3 on SG-3100 as DHCP6/RA server
SG-1000 cpsw0 interface can get IPv6 address via DHCP6/SLAAC without 'promisc' option

I am seeing the same issue on my sg-1000. I have upgraded to 2.5 and it does not look like this has solved my issue. It seems like setting my WAN interface to PROMISC is still a required workaround to be able to view RA's from my ISP (Spectrum cable in US).

Is it possible this is a hardware or driver issue? I'd be happy to help debug this or provide any additional information from my end.

looks like bxe(4) driver bug, see #8324

Luiz Souza wrote:

Jim Pingle wrote:

On the 20201208.0803 snapshot I still have to put the interface in promiscuous mode or it doesn't receive an IPv6 default route.

I can't reproduce this, it seems to work okay for me.

Looks like it works OK on a bare interface but fails on a VLAN. I just happened to try it first on a device which used a VLAN for a WAN.

With promisc mode, it gets a default route:

: tcpdump -nei cpsw0.40 'ether host 68:9e:19:7f:f6:d7 and icmp6 and (ip6[40] = 133 or ip6[40] = 134)'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on cpsw0.40, link-type EN10MB (Ethernet), capture size 262144 bytes
10:45:07.825310 68:9e:19:7f:f6:d7 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::6a9e:19ff:fe7f:f6d7 > ff02::2: ICMP6, router solicitation, length 16
10:45:07.841564 00:08:a2:09:95:b5 > 68:9e:19:7f:f6:d7, ethertype IPv6 (0x86dd), length 190: fe80::208:a2ff:fe09:95b5 > fe80::6a9e:19ff:fe7f:f6d7: ICMP6, router advertisement, length 136

Without promisc mode, it doesn't get the default route (and it tries twice instead of once):

: tcpdump -pnei cpsw0.40 'ether host 68:9e:19:7f:f6:d7 and icmp6 and (ip6[40] = 133 or ip6[40] = 134)'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on cpsw0.40, link-type EN10MB (Ethernet), capture size 262144 bytes
10:46:30.301221 68:9e:19:7f:f6:d7 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::6a9e:19ff:fe7f:f6d7 > ff02::2: ICMP6, router solicitation, length 16
10:46:30.317627 00:08:a2:09:95:b5 > 68:9e:19:7f:f6:d7, ethertype IPv6 (0x86dd), length 190: fe80::208:a2ff:fe09:95b5 > fe80::6a9e:19ff:fe7f:f6d7: ICMP6, router advertisement, length 136
10:46:31.668277 68:9e:19:7f:f6:d7 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 70: fe80::6a9e:19ff:fe7f:f6d7 > ff02::2: ICMP6, router solicitation, length 16
10:46:31.683684 00:08:a2:09:95:b5 > 68:9e:19:7f:f6:d7, ethertype IPv6 (0x86dd), length 190: fe80::208:a2ff:fe09:95b5 > fe80::6a9e:19ff:fe7f:f6d7: ICMP6, router advertisement, length 136

On another SG-1000 that doesn't use a VLAN for WAN, it works without any extra intervention.