Unless I'm doing something incredibly stupid, which is entirely possible, it doesn't seem like the sysctl net.inet6.icmp6.nd6_debug does anything on FreeBSD 12.0 p7. No output to kern.debug, console, dmesg, anything. Other similar ones, like sysctl net.inet.tcp.log_debug, work fine. Is there another knob I need to turn to get ND6 debugging enabled? If I need to build a custom kernel to do it, that's fine.
I'm trying to use it to track down an extremely weird situation where some cloud VMs cannot ping6 each other but others can, on the same /64. Ping6 on the link-local address works, ping6 on the public address sometimes does and sometimes doesn't (it's specific to certain VMs) unless you manually use "ndp -s" to add each broken pair of VMs to each other's neighbor list. tcpdump shows the ND solicits arrive but no ND announcement goes back out, which is why the cloud provider is pointing back at FreeBSD, which is why I wanted to use net.ient6.icmp6.nd6_debug to see why it was being dropped. (ipfw is not even loaded.)
I'm trying to use it to track down an extremely weird situation where some cloud VMs cannot ping6 each other but others can, on the same /64. Ping6 on the link-local address works, ping6 on the public address sometimes does and sometimes doesn't (it's specific to certain VMs) unless you manually use "ndp -s" to add each broken pair of VMs to each other's neighbor list. tcpdump shows the ND solicits arrive but no ND announcement goes back out, which is why the cloud provider is pointing back at FreeBSD, which is why I wanted to use net.ient6.icmp6.nd6_debug to see why it was being dropped. (ipfw is not even loaded.)