From owner-freebsd-questions Thu Jan 2 11:39: 9 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E97F37B493 for ; Thu, 2 Jan 2003 11:39:05 -0800 (PST) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E61F43EA9 for ; Thu, 2 Jan 2003 11:39:04 -0800 (PST) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com[24.147.188.198]) by rwcrmhc51.attbi.com (rwcrmhc51) with ESMTP id <2003010219390305100205gee>; Thu, 2 Jan 2003 19:39:03 +0000 Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.198] (may be forged)) by be-well.ilk.org (8.12.6/8.12.6) with ESMTP id h02Jd2GZ074566; Thu, 2 Jan 2003 14:39:03 -0500 (EST) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.6/8.12.6/Submit) id h02Jd2Qp074563; Thu, 2 Jan 2003 14:39:02 -0500 (EST) X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-questions-local@be-well.ilk.org using -f To: Yann GROSSEL Cc: "Bill Moran" , freebsd-questions@FreeBSD.ORG Subject: Re: promiscuous mode / strange ethernet packets duplication problem References: <20030102151706.459fc2fc.y.grossel@hexanet.fr> From: Lowell Gilbert Date: 02 Jan 2003 14:39:02 -0500 In-Reply-To: <20030102151706.459fc2fc.y.grossel@hexanet.fr> Message-ID: <44hecrmje1.fsf@be-well.ilk.org> Lines: 69 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Yann GROSSEL writes: > On Thu, 02 Jan 2003 08:56:42 -0500 > "Bill Moran" wrote: > > > There's your answer. Any machine with forwarding turned on will resend > > a packet that isn't destin for it. That's by design. > > It doesn't make much sense to me that you'd have a lot of machines with > > forwarding turned on. Usually only gateways use this. Honestly, I > > can't thing of any reason to have forwarding on if your machine only > > has 1 IP address. > > > > >As several boxes have this problem, they resend packets to each others > > >very quickly, generating a flood on the network. This flood only stop > > >when all TTL of packets reach 0 or when the switch finally re-learn > > >on what port is located the interface with the target MAC address. > > > > > >Does anybody have any clue about what this kind of problem may be ? > > > > Turn forwarding of on all but your gateways. > > Mhhh. > > Gateways are designed to forward packets from network to network. If a > machine wants to send a packet to a remote network, it will send that > packet to the gateway by putting the gateway interface MAC address in the > destination field of the ethernet packet. The gateway will know that it > must forward the packet because of that. And it will know where to forward > the packet by looking to the destination IP address field of the packet. Yep. > Here the machines are "forwarding" ethernet packets with a destination > MAC address field set to ANOTHER machine of our network. In other words, > these packets are NOT targetted to the "gateways", neither from their > MAC address destination field nor from their IP address destination field. The machines doing the forwarding don't know that. > So why are these packets "forwarded" ? That's what a router does; when it receives a packet that isn't for itself, it forwards the packet towards the destination. Your FreeBSD machines, by running in promiscuous mode, are receiving *all* the packets on their bit of the wire, and are correct to do so. [A host on that net could send *all* of its packets to a gateway, even the ones to the local net, and expect them to get to the right places. This "one-armed router" configuration is legitimate and occasionally useful.] Here's what's probably happening: the MAC address mapping times out on the network switch before it times out on the routing hosts ("gateways"). Then the switch sends those packets to the routing hosts. The routing hosts normally would be screening out those packets on the NIC, because the destination MAC address doesn't belong to the host, but because it's in promiscuous mode, it sends the packet to the IP stack anyway. The IP stack knows how to reach the destination IP address from the packet, and does so. The correct solution is one of two things: make sure that the switch doesn't time out its MAC address mappings any faster than the hosts do, or make sure that the the forwarding machines don't get into promiscuous mode unless they're supposed to. Going further out on a limb, I'll guess that the switch is not refreshing its mappings from passing traffic like an ARP host would, and a smarter switch wouldn't have this problem. Good luck. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message