IPv6 and CARP crashes boxes

Damien Fleuriot ml at my.gd
Tue Jun 12 13:15:51 UTC 2012



On 6/12/12 3:03 PM, Pete French wrote:
>> Thanks for the feedback Pete, what are you running ?
>>
>> We're on 8-STABLE here.
> 
> Yup, same here - aactually running a very recent STABLE now,
> but for most of this year it's been on one from January. The
> one running on the firewalls is from May 7th, and that works
> beautifully.
> 

Hmmm you might want to update again then, 2 SAs published late in may:

http://security.freebsd.org/advisories/FreeBSD-SA-12:01.openssl.asc
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc



>> I've got some spare time on my hands actually, I'm gonna try some more
>> today, both on an ipv6-only carp, then on a v4+v6.
> 
> Ok, let us know how you get on - the config here is very simple, reproduced
> below for your viewing pleasure ;) This is from the 'active' firewall:
> 
> 	ifconfig_em0="inet 10.32.10.1/16"
> 	ipv6_ifconfig_em0="2a02:1658:1:2:a32f::1/64"
> 	ifconfig_em1="inet 178.250.73.196/27"
> 	ipv6_ifconfig_em1="2a02:1658:1:1::1:2/64"
> 
> 	ifconfig_carp0="vhid 10 pass xxxxyyyy 10.32.10.6/16"
> 	ifconfig_carp1="vhid 20 pass xxxxyyyy 178.250.73.198/27"
> 	ipv6_ifconfig_carp2="vhid 30 pass xxxxyyyy 2a02:1658:1:2:a32f::6/64"
> 	ipv6_ifconfig_carp3="vhid 40 pass xxxxyyyy 2a02:1658:1:1::1:1/64"
> 
> -pete.

Thanks, will keep the thread updated ;)


More information about the freebsd-stable mailing list