[PLUG] IPv6 TCP connect timeout puzzler
Russell Senior
russell at personaltelco.net
Fri Sep 9 20:31:34 UTC 2022
I don't think so. The initiating host gets the SYN-ACK like it should, just
nothing happens to it.
On Fri, Sep 9, 2022 at 11:43 AM Tomas Kuchta <tomas.kuchta.lists at gmail.com>
wrote:
> Could the issue be that the ssh response is on ipv4, not on ipv6 as
> expected?
>
> -T
>
> On Fri, Sep 9, 2022, 10:34 Paul Heinlein <heinlein at madboa.com> wrote:
>
> > On Fri, 9 Sep 2022, Russell Senior wrote:
> >
> > > I'm seeing bizarre behavior: host A initiates an ssh -6 to host B;
> host B
> > > is a qemu-kvm guest of a kvm host, C. Tcpdump (on the initiating host A
> > > shows A -> B TCP SYN packet, and a B -> A TCP SYN-ACK reply, but host A
> > > apparently doesn't recognize it as valid (although, in wireshark they
> > look
> > > reasonable to an eyeball), because the connect syscall never returns
> > (until
> > > it times out), and the A -> B ACK handshake is never sent. Works fine
> for
> > > ssh -4. If A and C are the same host, I see the same behavior. Another
> > > wrinkle: if A is also a kvm guest of C, I don't see the SYN-ACK, just
> the
> > > SYN. The kvm clients are connected via a network bridge on C, e.g.
> "brctl
> > > show" sees N+1 real ethernet interfaces eth0, ... ethN, and the M+1
> > > virtual interfaces associated with the kvm guests: vnet0 ... vnetM.
> There
> > > are no netfilter rules to be seen on any of the hosts involved.
> > >
> > > Oh, and A can ping6 B, and vice versa, just fine. I'm only seeing this
> > > weirdness with TCP.
> > >
> > > Anybody have any thoughts? This is violating my expectations.
> >
> > That is weird. Weirder still is the fact that I can duplicate those
> > symptoms on my Mac that's hosting a Linux VM using the UTM hypervisor.
> > ssh -6 fails but ping6 succeeds.
> >
> > --
> > Paul Heinlein
> > heinlein at madboa.com
> > 45°22'48" N, 122°35'36" W
> >
>
More information about the PLUG
mailing list