From owner-freebsd-bugs@FreeBSD.ORG  Sun Jun 11 08:10:20 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4CB2016A41B
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 11 Jun 2006 08:10:20 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A8D5343D45
	for <freebsd-bugs@hub.freebsd.org>;
	Sun, 11 Jun 2006 08:10:19 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k5B8AJuc093688
	for <freebsd-bugs@freefall.freebsd.org>; Sun, 11 Jun 2006 08:10:19 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k5B8AJvV093684;
	Sun, 11 Jun 2006 08:10:19 GMT (envelope-from gnats)
Resent-Date: Sun, 11 Jun 2006 08:10:19 GMT
Resent-Message-Id: <200606110810.k5B8AJvV093684@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Dmitry Sergienko <dmitry@trifle.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1DF1A16A418
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 11 Jun 2006 08:01:12 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 83F6743D48
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sun, 11 Jun 2006 08:01:11 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k5B81BMY060142
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 11 Jun 2006 08:01:11 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k5B81B9E060141;
	Sun, 11 Jun 2006 08:01:11 GMT (envelope-from nobody)
Message-Id: <200606110801.k5B81B9E060141@www.freebsd.org>
Date: Sun, 11 Jun 2006 08:01:11 GMT
From: Dmitry Sergienko <dmitry@trifle.net>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Cc: 
Subject: kern/98799: fastforwarding routes packets to network ip address
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Jun 2006 08:10:20 -0000


>Number:         98799
>Category:       kern
>Synopsis:       fastforwarding routes packets to network ip address
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 11 08:10:18 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry Sergienko
>Release:        6.1-PRERELEASE
>Organization:
Trifle Co., Ltd.
>Environment:
FreeBSD sprinter.apex.dp.ua 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #4: Fri Feb 17 00:03:43 EET 2006     root@sprinter.apex.dp.ua:/usr/obj/usr/src/sys/SPRINTER  i386

>Description:
When enabling net.inet.ip.fastforwarding any ip packet (i.e. ping) to network ip address is being forwarded to broadcast MAC address.

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet 172.16.128.33 netmask 0xfffffff8 broadcast 172.16.128.39
        ether 00:0e:0c:a8:50:a3
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active

vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 172.16.128.78 netmask 0xffffffe0 broadcast 172.16.128.95
        ether 00:0e:0c:a8:50:a3
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
        vlan: 2 parent interface: em0

# arp -n 172.16.128.32
? (172.16.128.32) at ff:ff:ff:ff:ff:ff on em0 permanent [ethernet]

and now we send ping from 172.16.128.88 to 172.16.128.32:

# tcpdump -nepi em0 icmp
19:00:09.957790 00:15:f2:5c:58:31 > 00:0e:0c:a8:50:a3, ethertype IPv4 (0x0800), length 98: 172.16.128.88 > 172.16.128.32: ICMP echo request, id 57092, seq 0, length 64
19:00:09.957798 00:0e:0c:a8:50:a3 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 98: 172.16.128.88 > 172.16.128.32: ICMP echo request, id 57092, seq 0, length 64

When fastforwarding is off no packet to broadcast MAC address is being forwarded:

# sysctl net.inet.ip.fastforwarding=0
net.inet.ip.fastforwarding: 1 -> 0
# tcpdump -nepi em0  icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes
^C
0 packets captured
626434 packets received by filter
0 packets dropped by kernel


Below is a dump of sysctl net.inet variables:
net.inet.ip.portrange.randomtime: 45
net.inet.ip.portrange.randomcps: 10
net.inet.ip.portrange.randomized: 1
net.inet.ip.portrange.reservedlow: 0
net.inet.ip.portrange.reservedhigh: 1023
net.inet.ip.portrange.hilast: 65535
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.last: 65535
net.inet.ip.portrange.first: 49152
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.forwarding: 1
net.inet.ip.redirect: 1
net.inet.ip.ttl: 64
net.inet.ip.rtexpire: 3600
net.inet.ip.rtminexpire: 10
net.inet.ip.rtmaxcache: 128
net.inet.ip.sourceroute: 0
net.inet.ip.intr_queue_maxlen: 50
net.inet.ip.intr_queue_drops: 10106094
net.inet.ip.accept_sourceroute: 0
net.inet.ip.keepfaith: 0
net.inet.ip.gifttl: 30
net.inet.ip.same_prefix_carp_only: 0
net.inet.ip.subnets_are_local: 0
net.inet.ip.dummynet.debug: 0
net.inet.ip.dummynet.red_max_pkt_size: 1500
net.inet.ip.dummynet.red_avg_pkt_size: 512
net.inet.ip.dummynet.red_lookup_depth: 256
net.inet.ip.dummynet.max_chain_len: 16
net.inet.ip.dummynet.expire: 1
net.inet.ip.dummynet.search_steps: 430788827
net.inet.ip.dummynet.searches: 430303593
net.inet.ip.dummynet.extract_heap: 16
net.inet.ip.dummynet.ready_heap: 16
net.inet.ip.dummynet.curr_time: 40209021
net.inet.ip.dummynet.hash_size: 64
net.inet.ip.fastforwarding: 0
net.inet.ip.fw.dyn_keepalive: 1
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.static_count: 35
net.inet.ip.fw.dyn_max: 4096
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.verbose_limit: 100
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.one_pass: 0
net.inet.ip.fw.autoinc_step: 100
net.inet.ip.fw.enable: 1
net.inet.ip.maxfragpackets: 1056
net.inet.ip.maxfragsperpacket: 16
net.inet.ip.fragpackets: 0
net.inet.ip.check_interface: 0
net.inet.ip.random_id: 0
net.inet.ip.sendsourcequench: 0
net.inet.ip.process_options: 1
net.inet.icmp.maskrepl: 0
net.inet.icmp.icmplim: 200
net.inet.icmp.bmcastecho: 0
net.inet.icmp.reply_src: 
net.inet.icmp.icmplim_output: 1
net.inet.icmp.log_redirect: 0
net.inet.icmp.drop_redirect: 0
net.inet.icmp.maskfake: 0
net.inet.tcp.rfc1323: 1
net.inet.tcp.mssdflt: 512
net.inet.tcp.keepidle: 7200000
net.inet.tcp.keepintvl: 75000
net.inet.tcp.sendspace: 32768
net.inet.tcp.recvspace: 65536
net.inet.tcp.keepinit: 75000
net.inet.tcp.delacktime: 100
net.inet.tcp.hostcache.purge: 0
net.inet.tcp.hostcache.expire: 3600
net.inet.tcp.hostcache.count: 13
net.inet.tcp.hostcache.bucketlimit: 30
net.inet.tcp.hostcache.hashsize: 512
net.inet.tcp.hostcache.cachelimit: 15360
net.inet.tcp.reass.overflows: 0
net.inet.tcp.reass.maxqlen: 48
net.inet.tcp.reass.cursegments: 0
net.inet.tcp.reass.maxsegments: 2112
net.inet.tcp.insecure_rst: 0
net.inet.tcp.rfc3390: 1
net.inet.tcp.rfc3042: 1
net.inet.tcp.drop_synfin: 0
net.inet.tcp.delayed_ack: 1
net.inet.tcp.blackhole: 0
net.inet.tcp.log_in_vain: 0
net.inet.tcp.newreno: 1
net.inet.tcp.local_slowstart_flightsize: 4
net.inet.tcp.slowstart_flightsize: 1
net.inet.tcp.path_mtu_discovery: 1
net.inet.tcp.sack.globalholes: 0
net.inet.tcp.sack.globalmaxholes: 65536
net.inet.tcp.sack.maxholes: 128
net.inet.tcp.sack.enable: 1
net.inet.tcp.inflight.stab: 20
net.inet.tcp.inflight.max: 1073725440
net.inet.tcp.inflight.min: 6144
net.inet.tcp.inflight.debug: 0
net.inet.tcp.inflight.enable: 1
net.inet.tcp.isn_reseed_interval: 0
net.inet.tcp.icmp_may_rst: 1
net.inet.tcp.pcbcount: 111
net.inet.tcp.do_tcpdrain: 1
net.inet.tcp.tcbhashsize: 512
net.inet.tcp.minmssoverload: 0
net.inet.tcp.minmss: 216
net.inet.tcp.syncache.rexmtlimit: 3
net.inet.tcp.syncache.hashsize: 512
net.inet.tcp.syncache.count: 0
net.inet.tcp.syncache.cachelimit: 15359
net.inet.tcp.syncache.bucketlimit: 30
net.inet.tcp.syncookies: 1
net.inet.tcp.always_keepalive: 1
net.inet.tcp.rexmit_slop: 200
net.inet.tcp.rexmit_min: 30
net.inet.tcp.msl: 30000
net.inet.udp.checksum: 1
net.inet.udp.maxdgram: 9216
net.inet.udp.recvspace: 41600
net.inet.udp.strict_mcast_mship: 0
net.inet.udp.blackhole: 0
net.inet.udp.log_in_vain: 0
net.inet.raw.recvspace: 8192
net.inet.raw.maxdgram: 8192
net.inet.accf.unloadable: 0

>How-To-Repeat:

>Fix:
Workaround is to disable fastforwarding.

>Release-Note:
>Audit-Trail:
>Unformatted: