Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Feb 2012 11:40:09 GMT
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: misc/164914: interface still accept packets even without IP address
Message-ID:  <201202091140.q19Be9Dm067707@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/164914; it has been noted by GNATS.

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Eugen Konkov <kes-kes@yandex.ru>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/164914: interface still accept packets even without IP
 address
Date: Thu, 9 Feb 2012 15:35:20 +0400

 On Wed, Feb 08, 2012 at 09:42:59PM +0000, Eugen Konkov wrote:
 E> >How-To-Repeat:
 E> ..............CLIENT
 E> .........vlan70:10.7.18.90
 E> ........../...............\
 E> SERVER1....................SERVER2
 E> vlan70:10.7.18.2          vlan70:10.7.18.1
 E> vlan408:10.7.19.54<-->vlan408:10.7.19.53
 E> 
 E> If I move IP 10.7.18.1 from SERVER2:vlan70 to SERVER1:vlan70
 E> 
 E> ..............CLIENT
 E> .........vlan70:10.7.18.90
 E> ........../...............\
 E> SERVER1....................SERVER2
 E> vlan70:10.7.18.2          vlan70:NOIP_HERE_NOW
 E> vlan70:10.7.18.1
 E> vlan408:10.7.19.54<-->vlan408:10.7.19.53
 E> 
 E> Traffic still flows through SERVER2
 E> 
 E> This is very interesting feature or maybe a bug? wich touch security issues:
 E> some host on LAN can send packets to MAC address of FreeBSD server, now server accept packets even if frame is not in its subnet and pass them further %-)
 
 This is not a bug, but the way IP and Ethernet works. If a box receives
 a frame that has its linklevel address, then the frame is passes to
 appropriate protocol layer. And if IP protocol receives a packet that
 is destined to some address we don't have, and forwarding is enabled,
 then the packet is forwarded.
 
 -- 
 Totus tuus, Glebius.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202091140.q19Be9Dm067707>