Date: Sat, 27 Jul 2013 13:36:21 -0400 (EDT) From: dave@daveg.ca To: FreeBSD-gnats-submit@freebsd.org Subject: kern/180893: Packets received with own LLADDR confuse things. Message-ID: <20130727173621.364E55C036@virtual.accountingreality.com> Resent-Message-ID: <201307271750.r6RHo0ZP000213@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 180893 >Category: kern >Synopsis: Packets received with own LLADDR confuse things. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Jul 27 17:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: David Gilbert <dave@daveg.ca> >Release: FreeBSD 9.2-BETA1 amd64 >Organization: DaveG.ca >Environment: System: FreeBSD virtual.accountingreality.com 9.2-BETA1 FreeBSD 9.2-BETA1 #10 r253638: Thu Jul 25 20:03:07 EDT 2013 root@virtual.accountingreality.com:/usr/obj/usr/src/sys/VRA amd64 This change seems to be pertinant to many revisions of FreeBSD. The patch itself is against the 9-STABLE tree. >Description: Some errant network equipment (including the simulation of a network by VMware, as an example) will reflect back multicast packets to the sender. This breaks protocols such as DAD and makes IPv6 nearly impossible to use on these networks. Now, the argument could be made to fix these network elements, but there is an elegant solution that improves the quality of FreeBSD: To refuse packets that have a source ethernet address of the receiving interface. If you consider this notion, you can quickly and easily accept that an interface should never "receive" a packet from it's own MAC address. This behaviour mirrors Linux behavior and I assume Windows behavior. I won't claim to be experienced in kernel matters, but I chose the location for this modification to allow BPF to "see" the packets (for network diagnosis). This test, however, could be moved within this function or even given a sysctl knob. >How-To-Repeat: Simply install FreeBSD-9.1 on VMWare and enable IPv6. DAD will fail. >Fix: Index: if_ethersubr.c =================================================================== --- if_ethersubr.c (revision 253638) +++ if_ethersubr.c (working copy) @@ -636,6 +636,17 @@ ETHER_BPF_MTAP(ifp, m); /* + * Drop the frame if it appears to be sent by us. That is: + * it appears to have the same LLADDR. + */ + if(bcmp(eh->ether_shost, IF_LLADDR(ifp), ETHER_ADDR_LEN) == 0) { + if_printf(ifp, "Dropped packet that claims to be from me!\n"); + ifp->if_ierrors++; + m_freem(m); + return; + } + + /* * If the CRC is still on the packet, trim it off. We do this once * and once only in case we are re-entered. Nothing else on the * Ethernet receive path expects to see the FCS. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130727173621.364E55C036>