I came back from the Wireshark Sharkfest '11 Conference excited to try some of the things I had learned. Imagine my dismay when I fired up my Windows 7-64 test box only to find that certain parts of NetScanTools Pro 11 that are IPv6 aware ceased working. Immediately I was able to see that it was the parts of the program that depended on the getaddrinfo function call that were failing. How did I know that? I used the other 'home-grown' NetScanTools resolver functions to talk with DNS (they bypass Windows resolver entirely and talk directly to any DNS) and by using Wireshark I could see the AAAA records coming back from DNS. I could see that the getaddrinfo function was not getting and reporting the IPv6 AAAA records. Very strange.
So I looked at a couple of things. First I did a cursory check of the network settings with ipconfig. All appeared normal. Then I spent some time recompiling NetScanTools Pro while playing around with various options in the addrinfo hints structure passed into getaddrinfo. That was not fruitful. Nothing I did could make the getaddrinfo function return the AAAA record. I was seeing the 11004 WSANO_DATA error. So I put that aside and looked more carefully at the IPv6 networking subsystem.
Next I tried to see if it was NetScanTools failing or something deeper. So I tried using command line "ping -6 ipv6.google.com". This failed with a message effectively admitting that it couldn't resolve the hostname to an IPv6. Good - sort of. Next I tried the other way doing a "ping -6 2001:4860:b006::69". That came back with even more ominous wording "Ping transmit failed. General Failure.". But I could use both command line ping and NetScanTools Pro IPv6 Ping to contact Link-Local IPv6 addresses on my local network - as I should be able to do. The IPv6 routing table didn't yield any real clues either.
Using both NetScanTools Pro, ipconfig and various netsh command line things I was able to see that while isatap was active, I was not seeing teredo - I had seen it before when using command line ping and when using NetScanTools Pro. Teredo was what I wanted to try decoding with Wireshark. NetScanTools Pro showed me that Teredo was there but it had an admin status of 'Down'. So I tried various netsh commands to reactivate Teredo. They all appeared to work, but Teredo never reappeared in the list of hidden devices in Device Manager. I tried the solutions floating around on the internet for making sure IPv6 was active and getting Teredo to show up in Device Manager, but still no luck.
A little history might help. I had recently installed VMware Workstation 7.1.4 on that machine because it's a test machine and I needed lots of OS's available. Could it be that? I don't know for sure because I spent time on VMware forums looking for similar problems - but didn't see any. It could have been a Windows Update patch that turned off Teredo, but I just don't know for sure. The two VMware Virtual Ethernet Adapters both had link-local fe80 IPv6 addresses, so IPv6 wasn't entirely dead. AND of all things, I could start Windows Server 2008 in a virtual machine with all of it's IPv6 functions working perfectly including NetScanTools Pro. I did find this page dealing with firewall settings for Teredo and found that everything was OK: http://support.microsoft.com/kb/968510
So today I spent lots of time with the netsh commands. I used "netsh interface IP show config" to see all the interfaces similar to ipconfig. By doing a "netsh interface ipv6 show interface" I could see all the active connections. What was missing was Teredo. I used "netsh interface set interface teredo set state default" to make sure it was there and it answered OK. But still no Teredo. Then I found this interesting command "netsh interface IPv6 show teredo". It said the State was 'offline' and the Error value was "client is in a managed network". Progress. Big progress.
So I put that error string into google and found a reference to this blog: http://blogs.msdn.com/b/p2p/archive/2007/03/22/teredo-and-the-pnrp-global-cloud.aspx
Essentially Teredo detected (incorrectly) that the machine was in a corporate environment - this is probably due to multiple OS's and several switches being active with all their chatter. So the fix was to use "Netsh interface teredo set state enterpriseclient". Once I did that, there was no need for rebooting or anything. "netsh interface IPv6 show teredo" now showed the correct info like Local Mapping and External NAT Mapping. And all of a sudden both command line ping and NetScanTools Pro IPv6 enabled tools began to work again.
I guess the thing that bugs me is this: why is there this huge dependency on Teredo for IPv6 in Windows 7? If I ask for a name resolution using getaddrinfo with a hint of AF_INET6 I EXPECT a response if AAAA records are coming back from the default dhcp assigned system DNS. It shouldn't matter that IPv6 is fully enabled on the system using Teredo or anything else. So my workaround will be to write EXTRA CODE to resend an AAAA or PTR record request from my own private resolver on failure of getaddrinfo because I can't trust it. I hope someone at Microsoft reads this and helps me understand why it was behaving this way.
All I wanted to do was try to decode Teredo traffic with Wireshark...
NetScanTools Developer and Sharkfest '11 attendee