Link-Local ICMP messages for Atlas probe
I've been hosting an Atlas probe since February 2019. I have native dual-stack gigabit fibre internet service and my router is pfSense. Recently, I noticed that there are hundreds of messages in the log of the router like the following: Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 The messages occur in groups of three, spaced a few seconds apart. All of the messages start with fe80:5. Even if I strip off the "5", none of them seem to convert into MAC addresses, so I can't use that to figure out what type of device is pinging the probe. There are no entries in the NDP table corresponding to these messages. I have no idea how long this has been happening. I only noticed it when I was setting up a new server to host pfsense. My probe is RIPE-Atlas-Probe-52209. I'm interested to know if anyone else has experienced this.
Hi Daryl, Can’t say I’ve seen it before, can the firewall be a bit too strict? I read ICMP messages, but I don’t see this in the log you post. Do you have any idea what sort of ICMP messages? Regards, Michel
On 14 Aug 2023, at 04:36, Daryl Morse <daryl_morse@telus.net> wrote:
I've been hosting an Atlas probe since February 2019. I have native dual-stack gigabit fibre internet service and my router is pfSense. Recently, I noticed that there are hundreds of messages in the log of the router like the following:
Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
The messages occur in groups of three, spaced a few seconds apart.
All of the messages start with fe80:5. Even if I strip off the "5", none of them seem to convert into MAC addresses, so I can't use that to figure out what type of device is pinging the probe.
There are no entries in the NDP table corresponding to these messages.
I have no idea how long this has been happening. I only noticed it when I was setting up a new server to host pfsense.
My probe is RIPE-Atlas-Probe-52209.
I'm interested to know if anyone else has experienced this. -- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
Hi, On Mon, Aug 14, 2023 at 09:57:22AM +0200, Michel Stam wrote:
Can???t say I???ve seen it before, can the firewall be a bit too strict?
If a device sends packets with link-local addresses towards off-link GUA addresses, such packets MUST be dropped. Unfortunately, not all implementations do that - but not doing so is a violation of one of the basic IPv6 RFCs. (Also, forwarding LLA sourced packets off-link has no use case really - where should the reply go to?) Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't forward packets from link local addresses, so I'd honestly just suppress the log message and leave it at that. On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse <daryl_morse@telus.net> wrote:
I've been hosting an Atlas probe since February 2019. I have native dual-stack gigabit fibre internet service and my router is pfSense. Recently, I noticed that there are hundreds of messages in the log of the router like the following:
Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
The messages occur in groups of three, spaced a few seconds apart.
All of the messages start with fe80:5. Even if I strip off the "5", none of them seem to convert into MAC addresses, so I can't use that to figure out what type of device is pinging the probe.
There are no entries in the NDP table corresponding to these messages.
I have no idea how long this has been happening. I only noticed it when I was setting up a new server to host pfsense.
My probe is RIPE-Atlas-Probe-52209.
I'm interested to know if anyone else has experienced this. -- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
On 14 Aug 2023, at 09:14, Sebastian Johansson <steamruler@gmail.com> wrote: [You don't often get email from steamruler@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't forward packets from link local addresses, so I'd honestly just suppress the log message and leave it at that. Maybe it’s to an internal system. But it would be good to find out why those messages happen. That format of link local address is very unusual to see and contravenes RFC 4291 (see https://www.rfc-editor.org/rfc/rfc4291#page-11). If the node really wants to talk to the ipv6.telus.net<http://ipv6.telus.net> system on 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global scope address. RFC 6724 prefers matched scope of addresses, because the destination can’t reply unless it happens to be on the same link as the sender. The standards now say the host past of the address should not be a MAC address, see RFC 7217 and other RFCs recommending its use. Tim On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse <daryl_morse@telus.net> wrote: I've been hosting an Atlas probe since February 2019. I have native dual-stack gigabit fibre internet service and my router is pfSense. Recently, I noticed that there are hundreds of messages in the log of the router like the following: Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 The messages occur in groups of three, spaced a few seconds apart. All of the messages start with fe80:5. Even if I strip off the "5", none of them seem to convert into MAC addresses, so I can't use that to figure out what type of device is pinging the probe. There are no entries in the NDP table corresponding to these messages. I have no idea how long this has been happening. I only noticed it when I was setting up a new server to host pfsense. My probe is RIPE-Atlas-Probe-52209. I'm interested to know if anyone else has experienced this. -- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas -- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
The global scope address targeted belongs to their probe, hence my suggestion to just suppress the log message - if I chased down every odd packet my probe received, I wouldn't have time for much else :) On Mon, Aug 14, 2023 at 10:51 AM Tim Chown <Tim.Chown@jisc.ac.uk> wrote:
On 14 Aug 2023, at 09:14, Sebastian Johansson <steamruler@gmail.com> wrote:
[You don't often get email from steamruler@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't forward packets from link local addresses, so I'd honestly just suppress the log message and leave it at that.
Maybe it’s to an internal system.
But it would be good to find out why those messages happen. That format of link local address is very unusual to see and contravenes RFC 4291 (see https://www.rfc-editor.org/rfc/rfc4291#page-11).
If the node really wants to talk to the ipv6.telus.net system on 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global scope address. RFC 6724 prefers matched scope of addresses, because the destination can’t reply unless it happens to be on the same link as the sender.
The standards now say the host past of the address should not be a MAC address, see RFC 7217 and other RFCs recommending its use.
Tim
On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse <daryl_morse@telus.net> wrote:
I've been hosting an Atlas probe since February 2019. I have native dual-stack gigabit fibre internet service and my router is pfSense. Recently, I noticed that there are hundreds of messages in the log of the router like the following:
Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
The messages occur in groups of three, spaced a few seconds apart.
All of the messages start with fe80:5. Even if I strip off the "5", none of them seem to convert into MAC addresses, so I can't use that to figure out what type of device is pinging the probe.
There are no entries in the NDP table corresponding to these messages.
I have no idea how long this has been happening. I only noticed it when I was setting up a new server to host pfsense.
My probe is RIPE-Atlas-Probe-52209.
I'm interested to know if anyone else has experienced this. -- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
-- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
On 14 Aug 2023, at 09:57, Sebastian Johansson <steamruler@gmail.com> wrote:
The global scope address targeted belongs to their probe, hence my suggestion to just suppress the log message - if I chased down every odd packet my probe received, I wouldn't have time for much else :)
Fair enough, it’s half a dozen messages a day after all. But that link-local prefix seems to indicate some misconfiguration somewhere, and were it on my network I’d want to find out why. Tim
On Mon, Aug 14, 2023 at 10:51 AM Tim Chown <Tim.Chown@jisc.ac.uk> wrote:
On 14 Aug 2023, at 09:14, Sebastian Johansson <steamruler@gmail.com> wrote:
[You don't often get email from steamruler@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't forward packets from link local addresses, so I'd honestly just suppress the log message and leave it at that.
Maybe it’s to an internal system.
But it would be good to find out why those messages happen. That format of link local address is very unusual to see and contravenes RFC 4291 (see https://www.rfc-editor.org/rfc/rfc4291#page-11).
If the node really wants to talk to the ipv6.telus.net system on 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global scope address. RFC 6724 prefers matched scope of addresses, because the destination can’t reply unless it happens to be on the same link as the sender.
The standards now say the host past of the address should not be a MAC address, see RFC 7217 and other RFCs recommending its use.
Tim
On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse <daryl_morse@telus.net> wrote:
I've been hosting an Atlas probe since February 2019. I have native dual-stack gigabit fibre internet service and my router is pfSense. Recently, I noticed that there are hundreds of messages in the log of the router like the following:
Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
The messages occur in groups of three, spaced a few seconds apart.
All of the messages start with fe80:5. Even if I strip off the "5", none of them seem to convert into MAC addresses, so I can't use that to figure out what type of device is pinging the probe.
There are no entries in the NDP table corresponding to these messages.
I have no idea how long this has been happening. I only noticed it when I was setting up a new server to host pfsense.
My probe is RIPE-Atlas-Probe-52209.
I'm interested to know if anyone else has experienced this. -- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
-- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
There are hundreds of these messages every day. I only copied a small selection to show the different addresses. I also would like to know where they are coming from, because they are strange. -----Original Message----- From: Tim Chown <Tim.Chown@jisc.ac.uk> On 14 Aug 2023, at 09:57, Sebastian Johansson <steamruler@gmail.com> wrote:
The global scope address targeted belongs to their probe, hence my suggestion to just suppress the log message - if I chased down every odd packet my probe received, I wouldn't have time for much else :)
Fair enough, it’s half a dozen messages a day after all. But that link-local prefix seems to indicate some misconfiguration somewhere, and were it on my network I’d want to find out why. Tim
The messages are definitely from external systems. I have a contact at the ISP, so I will be asking him if there is any way to track down the addresses. From: Tim Chown <Tim.Chown@jisc.ac.uk> On 14 Aug 2023, at 09:14, Sebastian Johansson <steamruler@gmail.com <mailto:steamruler@gmail.com> > wrote: [You don't often get email from steamruler@gmail.com <mailto:steamruler@gmail.com> . Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't forward packets from link local addresses, so I'd honestly just suppress the log message and leave it at that. Maybe it’s to an internal system. But it would be good to find out why those messages happen. That format of link local address is very unusual to see and contravenes RFC 4291 (see https://www.rfc-editor.org/rfc/rfc4291#page-11). If the node really wants to talk to the ipv6.telus.net <http://ipv6.telus.net> system on 2001:569:585f:b00:1:b3ff:fedd:9f24, it needs to have and use a global scope address. RFC 6724 prefers matched scope of addresses, because the destination can’t reply unless it happens to be on the same link as the sender. The standards now say the host past of the address should not be a MAC address, see RFC 7217 and other RFCs recommending its use. Tim On Mon, Aug 14, 2023 at 4:37 AM Daryl Morse <daryl_morse@telus.net <mailto:daryl_morse@telus.net> > wrote: I've been hosting an Atlas probe since February 2019. I have native dual-stack gigabit fibre internet service and my router is pfSense. Recently, I noticed that there are hundreds of messages in the log of the router like the following: Aug 12 22:38:54 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:36:06 kernel cannot forward src fe80:5::e65d:370f:fc45:b5ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 22:11:31 kernel cannot forward src fe80:5::3c01:20ff:fee5:f601, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 17:45:08 kernel cannot forward src fe80:5::2a0:a50f:fcdb:db7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 15:47:09 kernel cannot forward src fe80:5::2a0:a50f:fcb9:c28e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 08:13:04 kernel cannot forward src fe80:5::2a0:a50f:fc8a:8134, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 06:55:33 kernel cannot forward src fe80:5::bac2:530f:fc39:164a, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 03:39:05 kernel cannot forward src fe80:5::2a0:a50f:fc8a:85c0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 01:17:54 kernel cannot forward src fe80:5::e6fc:820f:fcea:2016, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 12 00:55:09 kernel cannot forward src fe80:5::ee9e:cd0f:fc0d:79d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:47:11 kernel cannot forward src fe80:5::4271:830f:fce5:7fa, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 15:25:42 kernel cannot forward src fe80:5::bac2:530f:fcd4:fdd2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 07:33:53 kernel cannot forward src fe80:5::cd08:c204:cc63:2d32, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 06:17:19 kernel cannot forward src fe80:5::fe33:420f:fcdc:5932, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 11 04:49:00 kernel cannot forward src fe80:5::7e25:860f:fc44:6742, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 22:41:25 kernel cannot forward src fe80:5::9ca0:15ff:fe87:842e, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 14:38:59 kernel cannot forward src fe80:5::c80a:daff:fe92:b8b7, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 10:55:07 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 08:57:19 kernel cannot forward src fe80:5::46aa:500f:fceb:ad66, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 05:47:09 kernel cannot forward src fe80:5::b68a:5f0f:fcb2:1040, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:24:58 kernel cannot forward src fe80:5::2a0:a50f:fcb6:5ea2, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 03:08:55 kernel cannot forward src fe80:5::2a0:a50f:fc90:9d4, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:17:07 kernel cannot forward src fe80:5::e65d:370f:fc44:15ba, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 Aug 10 00:07:07 kernel cannot forward src fe80:5::2a0:a50f:fcb7:7c, dst 2001:569:585f:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1 The messages occur in groups of three, spaced a few seconds apart. All of the messages start with fe80:5. Even if I strip off the "5", none of them seem to convert into MAC addresses, so I can't use that to figure out what type of device is pinging the probe. There are no entries in the NDP table corresponding to these messages. I have no idea how long this has been happening. I only noticed it when I was setting up a new server to host pfsense. My probe is RIPE-Atlas-Probe-52209. I'm interested to know if anyone else has experienced this. -- ripe-atlas mailing list ripe-atlas@ripe.net <mailto:ripe-atlas@ripe.net> https://lists.ripe.net/mailman/listinfo/ripe-atlas -- ripe-atlas mailing list ripe-atlas@ripe.net <mailto:ripe-atlas@ripe.net> https://lists.ripe.net/mailman/listinfo/ripe-atlas
hn0 is the WAN interface. It's correct that link-local addresses should not be forwarded. I'm not aware of any way to suppress the log messages and there are hundreds of them. -----Original Message----- From: Sebastian Johansson <steamruler@gmail.com> Is hn0 the LAN or WAN side? AFAIK it's correct that it shouldn't forward packets from link local addresses, so I'd honestly just suppress the log message and leave it at that.
participants (5)
-
Daryl Morse -
Gert Doering -
Michel Stam -
Sebastian Johansson -
Tim Chown