>Number: 164914
>Category: misc
>Synopsis: interface still accept packets even without IP address
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Feb 08 21:50:08 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Eugen Konkov
>Release: 9.0-CURRENT
>Organization:
ISP FreeLine
>Environment:
# uname -a
FreeBSD 9.0-CURRENT FreeBSD 9.0-CURRENT #4: Fri Jun 10 01:30:12 UTC 2011
@:/usr/obj/usr/src/sys/PAE_KES i386
>Description:
SERVER2
# ifconfig vlan70
vlan70: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:30:67:9d:8f:26
inet6 fe80::230:67ff:fe9d:8f26%vlan70 prefixlen 64 scopeid 0xa
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 70 parent interface: re0
# ifconfig vlan408
vlan408: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:30:67:9d:8f:26
inet 10.11.19.53 netmask 0xfffffff8 broadcast 10.11.19.55
inet6 fe80::230:67ff:fe9d:8f26%vlan408 prefixlen 64 scopeid 0x22
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 408 parent interface: re0
# tcpdump -n -i vlan70
tcpdump: WARNING: vlan70: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan70, link-type EN10MB (Ethernet), capture size 65535 bytes
23:29:17.882594 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1416932,
ack 2420899, length 60: IP 192.168.24.17.50762 > 88.81.253.182.80: Flags [.],
ack 3084092892, win 16544, length 0
23:29:18.358144 CDPv1, ttl: 120s, Device-ID 'unknown', length 74
23:29:18.532881 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1416933,
ack 2420910, length 60: IP 192.168.24.17.50762 > 88.81.253.182.80: Flags [.],
ack 2761, win 16560, length 0
^C
3 packets captured
14 packets received by filter
0 packets dropped by kernel
# tcpdump -n -i vlan408
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan408, link-type EN10MB (Ethernet), capture size 65535 bytes
23:32:18.587860 IP 10.11.19.53.22 > 10.10.1.40.2897: Flags [P.], seq
2116288012:2116288208, ack 3239226069, win 65535, length 196
23:32:18.588346 IP 10.10.1.40.2897 > 10.11.19.53.22: Flags [.], ack 196, win
65219, length 0
23:32:18.613808 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426479,
ack 2439179, length 60: IP 192.168.24.17.50836 > 38.113.165.86.443: Flags [F.],
seq 659475120, ack 3124981189, win 16559, length 0
23:32:18.771754 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426480,
ack 2439181, length 60: IP 192.168.24.17.50836 > 38.113.165.86.443: Flags [.],
ack 2, win 16559, length 0
23:32:18.780879 ARP, Request who-has 10.11.19.51 tell 10.11.19.52, length 42
23:32:18.894536 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426481,
ack 2439188, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.],
ack 1476863292, win 16560, length 0
23:32:18.898075 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426482,
length 56: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.], ack 2761, win
16560, length 0
23:32:18.919120 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426484,
ack 2439192, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.],
ack 8281, win 16560, length 0
23:32:18.939557 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426486,
ack 2439196, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.],
ack 13801, win 16560, length 0
23:32:18.940032 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426487,
length 56: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.], ack 16561, win
16560, length 0
23:32:18.961147 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426488,
ack 2439200, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.],
ack 19321, win 16560, length 0
23:32:18.978187 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426490,
ack 2439201, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.],
ack 24841, win 16560, length 0
>How-To-Repeat:
..............CLIENT
.........vlan70:10.7.18.90
........../...............\
SERVER1....................SERVER2
vlan70:10.7.18.2 vlan70:10.7.18.1
vlan408:10.7.19.54<-->vlan408:10.7.19.53
If I move IP 10.7.18.1 from SERVER2:vlan70 to SERVER1:vlan70
..............CLIENT
.........vlan70:10.7.18.90
........../...............\
SERVER1....................SERVER2
vlan70:10.7.18.2 vlan70:NOIP_HERE_NOW
vlan70:10.7.18.1
vlan408:10.7.19.54<-->vlan408:10.7.19.53
Traffic still flows through SERVER2
This is very interesting feature or maybe a bug? wich touch security issues:
some host on LAN can send packets to MAC address of FreeBSD server, now server
accept packets even if frame is not in its subnet and pass them further %-)
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
