Hello,
recently I was performing some checks that relate to the "Strong Host
Model" and "Weak Host Model", and I noticed that OpenBSD was behaving
different than I expected. I always assumed that the network stack of
OpenBSD was following the "Strong Host Model", but I might be wrong with
that:
Basically the Strong Host Model means that the network stack "accepts
locally destined packets if the destination IP address in the packet
matches an IP address assigned to the network interface on which the
packet was received."
FreeBSD and NetBSD have a sysctl property for this, called
"net.inet.ip.check_interface", which defaults to 0 (Weak Host Model).
However for OpenBSD I haven't seen such a property at all.
Basically my setup consisted of the following virtual machines and
network interfaces (IP-Forwarding disabled):
VM 1 (OpenBSD 6.5):
em0: 192.168.100.1/24 ("Internal Network")
em1: 10.0.0.97/24 ("NAT")
VM 2 (Ubuntu Server 18.10):
ens33: 192.168.100.2/24 ("Internal Network")
----
As expected, ens33 of VM2 can communicate with em0 of VM1, since both
interfaces are associated with the same Virtualbox network, and both IP
addresses are part of the same /24 subnet.
ens33 of VM2 can't directly communicate with em1 of VM1, since the IP
addresses are part of different subnets and no routes were configured.
Then I performed 2 tests:
Test 1:
Perform an arping from ens33/VM2 (192.168.100.2) to 10.0.0.97 (VM1). The
packet was NOT answered by VM1.
Test 2:
Set the following route on VM2: ip r add 10.0.0.0/24 via 192.168.100.1.
Then send an ICMP echo request to 10.0.0.97 (VM1), originating from
192.168.100.2 (VM2). VM1 replied with an ICMP echo reply (with a source
MAC address of interface em0).
While the behaviour of Test 1 indicates that the Strong Host Model is
followed, Test 2 shows the behaviour of a "Weak Host Model".
What of both is actually supposed to be the default for OpenBSD? Is
there any kernel parameter to control these behaviours, like
net.inet.ip.check_interface for FreeBSD or NetBSD?
Thanks,
Bastian
