From owner-freebsd-bugs@FreeBSD.ORG Thu Feb 9 11:40:10 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A2E0106564A for ; Thu, 9 Feb 2012 11:40:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0D8DC8FC0A for ; Thu, 9 Feb 2012 11:40:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q19Be9XY067708 for ; Thu, 9 Feb 2012 11:40:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q19Be9Dm067707; Thu, 9 Feb 2012 11:40:09 GMT (envelope-from gnats) Date: Thu, 9 Feb 2012 11:40:09 GMT Message-Id: <201202091140.q19Be9Dm067707@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Gleb Smirnoff Cc: Subject: Re: misc/164914: interface still accept packets even without IP address X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Gleb Smirnoff List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2012 11:40:10 -0000 The following reply was made to PR misc/164914; it has been noted by GNATS. From: Gleb Smirnoff To: Eugen Konkov Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/164914: interface still accept packets even without IP address Date: Thu, 9 Feb 2012 15:35:20 +0400 On Wed, Feb 08, 2012 at 09:42:59PM +0000, Eugen Konkov wrote: E> >How-To-Repeat: E> ..............CLIENT E> .........vlan70:10.7.18.90 E> ........../...............\ E> SERVER1....................SERVER2 E> vlan70:10.7.18.2 vlan70:10.7.18.1 E> vlan408:10.7.19.54<-->vlan408:10.7.19.53 E> E> If I move IP 10.7.18.1 from SERVER2:vlan70 to SERVER1:vlan70 E> E> ..............CLIENT E> .........vlan70:10.7.18.90 E> ........../...............\ E> SERVER1....................SERVER2 E> vlan70:10.7.18.2 vlan70:NOIP_HERE_NOW E> vlan70:10.7.18.1 E> vlan408:10.7.19.54<-->vlan408:10.7.19.53 E> E> Traffic still flows through SERVER2 E> E> This is very interesting feature or maybe a bug? wich touch security issues: E> some host on LAN can send packets to MAC address of FreeBSD server, now server accept packets even if frame is not in its subnet and pass them further %-) This is not a bug, but the way IP and Ethernet works. If a box receives a frame that has its linklevel address, then the frame is passes to appropriate protocol layer. And if IP protocol receives a packet that is destined to some address we don't have, and forwarding is enabled, then the packet is forwarded. -- Totus tuus, Glebius.