Description of problem: I began running rawhide around July 1, 2006, and finally got around to trying out IPv6 on it recently. I can't get it to work. It works fine between an FC5 and a Centos machine on my network, but any attempts to ssh using IPv6 to or from a rawhide system (x86_64 or i386) hangs and eventually times out. The TCP handshake never completes. This behavior appears to be present for any IPv6 TCP connection, not just for ssh. Also,the two rawhide machines under test use different NICs/drivers; the x86_64 system uses via-velocity, and the i386 system uses r8169. The following tcpdump output illustrates the characteristics. The relevant TCP flags can be seen at byte 0x35. I refer to hosts below by the last 4 digits of their IPv6 address, and I added the TCP flag to the right-hand margin of each packet. First, a good session: source=5fe6,fc5-i386 dest=5fd6,centos4.3-i386 Capture command was: tcpdump -xnf -i eth1 ip6 17:11:15.478447 IP6 fec0::2e0:4cff:fe77:5fe6.32781 > fec0::2e0:4cff:fe77:5fd6.ssh: S 542597506:542597506(0) win 5760 <mss 1440,sackOK,timestamp 4494879 0,nop,wscale 5> 0x0000: 6000 0000 0028 0640 fec0 0000 0000 0000 0x0010: 02e0 4cff fe77 5fe6 fec0 0000 0000 0000 0x0020: 02e0 4cff fe77 5fd6 800d 0016 2057 6182 0x0030: 0000 0000 a002 1680 3f49 0000 0204 05a0 SYN 0x0040: 0402 080a 0044 961f 0000 0000 0103 0305 17:11:15.478654 IP6 fec0::2e0:4cff:fe77:5fd6.ssh > fec0::2e0:4cff:fe77:5fe6.32781: S 517624334:517624334(0) ack 542597507 win 5712 <mss 1440,sackOK,timestamp 17282773 4494879,nop,wscale 2> 0x0000: 6000 0000 0028 0640 fec0 0000 0000 0000 0x0010: 02e0 4cff fe77 5fd6 fec0 0000 0000 0000 0x0020: 02e0 4cff fe77 5fe6 0016 800d 1eda 520e 0x0030: 2057 6183 a012 1650 16a6 0000 0204 05a0 SYN-ACK 0x0040: 0402 080a 0107 b6d5 0044 961f 0103 0302 17:11:15.478852 IP6 fec0::2e0:4cff:fe77:5fe6.32781 > fec0::2e0:4cff:fe77:5fd6.ssh: . ack 1 win 180 <nop,nop,timestamp 4494880 17282773> 0x0000: 6000 0000 0020 0640 fec0 0000 0000 0000 0x0010: 02e0 4cff fe77 5fe6 fec0 0000 0000 0000 0x0020: 02e0 4cff fe77 5fd6 800d 0016 2057 6183 0x0030: 1eda 520f 8010 00b4 5af4 0000 0101 080a ACK 0x0040: 0044 9620 0107 b6d5 A bad session: source=9069,rawhide-x86_64 dest=5fe6,fc5-i386 Capture command was: tcpdump -xnf -i eth1 ip6 In this capture, rawhide seems to ignore the syn-ack from fc5 and blindly sends another syn as if it never heard the syn-ack. 17:05:27.644243 IP6 fec0::250:8dff:feef:9069.49752 > fec0::2e0:4cff:fe77:5fe6.ssh: S 3838921278:3838921278(0) win 5760 <mss 1440,sackOK,timestamp 1554632 0,nop,wscale 7> 0x0000: 6000 0000 0028 0640 fec0 0000 0000 0000 0x0010: 0250 8dff feef 9069 fec0 0000 0000 0000 0x0020: 02e0 4cff fe77 5fe6 c258 0016 e4d1 4a3e 0x0030: 0000 0000 a002 1680 bbcd 0000 0204 05a0 SYN 0x0040: 0402 080a 0017 b8c8 0000 0000 0103 0307 17:05:27.644428 IP6 fec0::2e0:4cff:fe77:5fe6.ssh > fec0::250:8dff:feef:9069.49752: S 186535893:186535893(0) ack 3838921279 win 5712 <mss 1440,sackOK,timestamp 4408032 1554632,nop,wscale 5> 0x0000: 6000 0000 0028 0640 fec0 0000 0000 0000 0x0010: 02e0 4cff fe77 5fe6 fec0 0000 0000 0000 0x0020: 0250 8dff feef 9069 0016 c258 0b1e 4fd5 0x0030: e4d1 4a3f a012 1650 1dd8 0000 0204 05a0 SYN-ACK 0x0040: 0402 080a 0043 42e0 0017 b8c8 0103 0305 17:05:30.640085 IP6 fec0::250:8dff:feef:9069.49752 > fec0::2e0:4cff:fe77:5fe6.ssh: S 3838921278:3838921278(0) win 5760 <mss 1440,sackOK,timestamp 1555382 0,nop,wscale 7> 0x0000: 6000 0000 0028 0640 fec0 0000 0000 0000 0x0010: 0250 8dff feef 9069 fec0 0000 0000 0000 0x0020: 02e0 4cff fe77 5fe6 c258 0016 e4d1 4a3e 0x0030: 0000 0000 a002 1680 b8df 0000 0204 05a0 SYN 0x0040: 0402 080a 0017 bbb6 0000 0000 0103 0307 Another bad session: source=5fe6,fc5-i386 dest=9069,rawhide-x86_64 Capture command was: tcpdump -xnf -i eth0 ip6 In this example, rawhide never answers the inbound syn. 19:12:39.194446 IP6 fec0::2e0:4cff:fe77:5fe6.43859 > fec0::250:8dff:feef:9069.ssh: S 2597878623:2597878623(0) win 5760 <mss 1440,sackOK,timestamp 221036 0,nop,wscale 5> 0x0000: 6000 0000 0028 0640 fec0 0000 0000 0000 0x0010: 02e0 4cff fe77 5fe6 fec0 0000 0000 0000 0x0020: 0250 8dff feef 9069 ab53 0016 9ad8 7b5f 0x0030: 0000 0000 a002 1680 451d 0000 0204 05a0 SYN 0x0040: 0402 080a 0003 5f6c 0000 0000 0103 0305 19:12:42.190509 IP6 fec0::2e0:4cff:fe77:5fe6.43859 > fec0::250:8dff:feef:9069.ssh: S 2597878623:2597878623(0) win 5760 <mss 1440,sackOK,timestamp 221786 0,nop,wscale 5> 0x0000: 6000 0000 0028 0640 fec0 0000 0000 0000 0x0010: 02e0 4cff fe77 5fe6 fec0 0000 0000 0000 0x0020: 0250 8dff feef 9069 ab53 0016 9ad8 7b5f 0x0030: 0000 0000 a002 1680 422f 0000 0204 05a0 SYN 0x0040: 0402 080a 0003 625a 0000 0000 0103 0305 Version-Release number of selected component (if applicable): [root@osprey ~]# uname -rm 2.6.17-1.2437.fc6 x86_64 [root@gadwall ~]# uname -rm 2.6.17-1.2437.fc6 i686 How reproducible: Every time. Steps to Reproduce: 1. ssh <IPv6_ADDR> from or to a rawhide system 2. 3. Actual results: Login session hangs and eventually times out. [jcliburn@osprey ~]$ ssh fec0::2e0:4cff:fe77:5fe6 ssh: connect to host fec0::2e0:4cff:fe77:5fe6 port 22: Connection timed out [jcliburn@osprey ~]$ Expected results: Successful login. [jcliburn@petrel ~]$ uname -rm 2.6.17-1.2157_FC5 i686 [jcliburn@petrel ~]$ ssh fec0::2e0:4cff:fe77:5fd6 jcliburn@fec0::2e0:4cff:fe77:5fd6's password: Last login: Sat Jul 22 12:24:51 2006 from fec0::2e0:4cff:fe77:5fe6 [jcliburn@vireo ~]$ Additional info:
IPv6 remains nonfunctional in rawhide. [jcliburn@gadwall ~]$ uname -rm 2.6.17-1.2462.fc6 i686 [jcliburn@gadwall ~]$ ping6 fec0::2e0:4cff:fe77:5fe6 PING fec0::2e0:4cff:fe77:5fe6(fec0::2e0:4cff:fe77:5fe6) 56 data bytes 64 bytes from fec0::2e0:4cff:fe77:5fe6: icmp_seq=0 ttl=64 time=2.73 ms 64 bytes from fec0::2e0:4cff:fe77:5fe6: icmp_seq=1 ttl=64 time=0.249 ms --- fec0::2e0:4cff:fe77:5fe6 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 0.249/1.489/2.730/1.241 ms, pipe 2 [jcliburn@gadwall ~]$ ssh fec0::2e0:4cff:fe77:5fe6 ssh: connect to host fec0::2e0:4cff:fe77:5fe6 port 22: Connection timed out [jcliburn@gadwall ~]$
SOLVED. This is not a kernel issue; it's an ip6tables issue. If ip6tables is disabled, IPv6 works fine in rawhide. I've discovered, however, that ip6tables might have a problem insofar as not passing packets for RELATED or ESTABLISHED IPv6 connections, but that's a subject for another BZ. Please close this bug report. Thanks.
Closed per request of the submitter :)