Date: Mon, 26 Jun 2006 10:39:05 GMT From: Colin Petrie <cpetrie@xcalibre.co.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/99484: enabling net.inet.ip.fastforwarding breaks rfc2644 Message-ID: <200606261039.k5QAd5jB024756@www.freebsd.org> Resent-Message-ID: <200606261040.k5QAeSPB040099@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 99484 >Category: kern >Synopsis: enabling net.inet.ip.fastforwarding breaks rfc2644 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 26 10:40:28 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Colin Petrie >Release: 6.1-RELEASE >Organization: >Environment: FreeBSD xxxxxxxx 6.1-RELEASE FreeBSD 6.1-RELEASE #1: Mon May 15 12:15:49 BST 2006 root@xxxxxxxx:/usr/src/sys/i386/compile/ROUTER i386 >Description: When net.inet.ip.fastforwarding=1, FreeBSD 6.1-RELEASE will forward packets to network prefix broadcast addresses. This is in violation of RFC2644 (Changing the Default for Directed Broadcasts in Routers) (while ping'ing 217.8.240.255) # sysctl net.inet.ip.fastforwarding=1 # tcpdump -qnei vlan200 ether broadcast and icmp 11:28:37.473427 00:30:48:84:ff:b1 > ff:ff:ff:ff:ff:ff, IPv4, length 154: 217.133.19.77 > 217.8.240.255: ICMP echo request, id 3408, seq 0, length 120 11:28:38.569223 00:30:48:84:ff:b1 > ff:ff:ff:ff:ff:ff, IPv4, length 154: 217.133.19.77 > 217.8.240.255: ICMP echo request, id 3408, seq 0, length 120 # sysctl net.inet.ip.fastforwarding=0 # tcpdump -qnei vlan200 ether broadcast and icmp (no packets returned) >How-To-Repeat: sysctl net.inet.ip.fastforwarding=1 Then ping the broadcast address on a LAN from a host on a different subnet >Fix: sysctl net.inet.ip.fastforwarding=0 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606261039.k5QAd5jB024756>