FreeBSD Mail Archives

Date:      Wed, 8 Feb 2012 21:42:59 GMT
From:      Eugen Konkov <kes-kes@yandex.ru>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   misc/164914: interface still accept packets even without IP address
Message-ID:  <201202082142.q18Lgxf8003583@red.freebsd.org>
Resent-Message-ID: <201202082150.q18Lo8cU064160@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         164914
>Category:       misc
>Synopsis:       interface still accept packets even without IP address
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 08 21:50:08 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Eugen Konkov
>Release:        9.0-CURRENT
>Organization:
ISP FreeLine
>Environment:
# uname -a
FreeBSD  9.0-CURRENT FreeBSD 9.0-CURRENT #4: Fri Jun 10 01:30:12 UTC 2011     @:/usr/obj/usr/src/sys/PAE_KES  i386

>Description:
SERVER2

# ifconfig vlan70
vlan70: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=3<RXCSUM,TXCSUM>
        ether 00:30:67:9d:8f:26
        inet6 fe80::230:67ff:fe9d:8f26%vlan70 prefixlen 64 scopeid 0xa
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 70 parent interface: re0
# ifconfig vlan408
vlan408: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=3<RXCSUM,TXCSUM>
        ether 00:30:67:9d:8f:26
        inet 10.11.19.53 netmask 0xfffffff8 broadcast 10.11.19.55
        inet6 fe80::230:67ff:fe9d:8f26%vlan408 prefixlen 64 scopeid 0x22
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 408 parent interface: re0
# tcpdump -n -i vlan70
tcpdump: WARNING: vlan70: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan70, link-type EN10MB (Ethernet), capture size 65535 bytes
23:29:17.882594 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1416932, ack 2420899, length 60: IP 192.168.24.17.50762 > 88.81.253.182.80: Flags [.], ack 3084092892, win 16544, length 0
23:29:18.358144 CDPv1, ttl: 120s, Device-ID 'unknown', length 74
23:29:18.532881 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1416933, ack 2420910, length 60: IP 192.168.24.17.50762 > 88.81.253.182.80: Flags [.], ack 2761, win 16560, length 0
^C
3 packets captured
14 packets received by filter
0 packets dropped by kernel
# tcpdump -n -i vlan408
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan408, link-type EN10MB (Ethernet), capture size 65535 bytes
23:32:18.587860 IP 10.11.19.53.22 > 10.10.1.40.2897: Flags [P.], seq 2116288012:2116288208, ack 3239226069, win 65535, length 196
23:32:18.588346 IP 10.10.1.40.2897 > 10.11.19.53.22: Flags [.], ack 196, win 65219, length 0
23:32:18.613808 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426479, ack 2439179, length 60: IP 192.168.24.17.50836 > 38.113.165.86.443: Flags [F.], seq 659475120, ack 3124981189, win 16559, length 0
23:32:18.771754 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426480, ack 2439181, length 60: IP 192.168.24.17.50836 > 38.113.165.86.443: Flags [.], ack 2, win 16559, length 0
23:32:18.780879 ARP, Request who-has 10.11.19.51 tell 10.11.19.52, length 42
23:32:18.894536 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426481, ack 2439188, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.], ack 1476863292, win 16560, length 0
23:32:18.898075 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426482, length 56: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.], ack 2761, win 16560, length 0
23:32:18.919120 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426484, ack 2439192, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.], ack 8281, win 16560, length 0
23:32:18.939557 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426486, ack 2439196, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.], ack 13801, win 16560, length 0
23:32:18.940032 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426487, length 56: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.], ack 16561, win 16560, length 0
23:32:18.961147 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426488, ack 2439200, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.], ack 19321, win 16560, length 0
23:32:18.978187 IP 10.7.18.90 > 10.11.19.54: GREv1, call 52218, seq 1426490, ack 2439201, length 60: IP 192.168.24.17.50824 > 88.81.253.184.80: Flags [.], ack 24841, win 16560, length 0


>How-To-Repeat:
..............CLIENT
.........vlan70:10.7.18.90
........../...............\
SERVER1....................SERVER2
vlan70:10.7.18.2          vlan70:10.7.18.1
vlan408:10.7.19.54<-->vlan408:10.7.19.53

If I move IP 10.7.18.1 from SERVER2:vlan70 to SERVER1:vlan70

..............CLIENT
.........vlan70:10.7.18.90
........../...............\
SERVER1....................SERVER2
vlan70:10.7.18.2          vlan70:NOIP_HERE_NOW
vlan70:10.7.18.1
vlan408:10.7.19.54<-->vlan408:10.7.19.53

Traffic still flows through SERVER2

This is very interesting feature or maybe a bug? wich touch security issues:
some host on LAN can send packets to MAC address of FreeBSD server, now server accept packets even if frame is not in its subnet and pass them further %-)
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202082142.q18Lgxf8003583>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation