From: Gardner Buchanan <gbuchana@home.com> To: freebsd-hackers@FreeBSD.org Subject: 3.1R broadcast ICMP bug? Message-ID: <XFMail.990513222354.gbuchana@home.com>
next in thread | raw e-mail | index | archive | help
I've been having some problems with my Cable Internet provider and
in the course of diagnosing them I've noticed what I think is a
bug in 3.1R.
As usual, some moron was flooding the local subnet with broadcast
pings. To my horror though, I could see that my 3.1R kernel was
actually answering them, despite the fact that it is set not to:
# sysctl net.inet.icmp.bmcastecho
net.inet.icmp.bmcastecho: 0
Here's a tcpdump:
# tcpdump -nep -s 2048 icmp
21:48:24.845521 0:0:e8:76:19:98 ff:ff:ff:ff:ff:ff 0800 106: 90.0.0.1 >
255.255.255.255: icmp: echo request
21:48:24.846326 8:0:2b:94:a2:4e 0:60:5c:7d:eb:a0 0800 106: 24.112.xx.xx >
90.0.0 .1: icmp: echo reply
21:48:43.378044 0:0:e8:76:19:98 ff:ff:ff:ff:ff:ff 0800 106: 90.0.0.1 >
255.255.255.255: icmp: echo request
21:48:43.378824 8:0:2b:94:a2:4e 0:60:5c:7d:eb:a0 0800 106: 24.112.xx.xx >
90.0.0.1: icmp: echo reply
21:48:56.012685 0:e0:29:f:2b:98 ff:ff:ff:ff:ff:ff 0800 106: 24.112.130.161 >
255.255.255.255: icmp: echo request
21:48:56.013525 8:0:2b:94:a2:4e 0:60:5c:7d:eb:a0 0800 106: 24.112.xx.xx >
24.112.130.161: icmp: echo reply
Netstat thinks that none of these were broadcasts:
# netstat -p icmp
icmp:
73 calls to icmp_error
0 errors not generated 'cuz old message was icmp
Output histogram:
echo reply: 6697
destination unreachable: 13
time exceeded: 60
0 messages with bad code fields
0 messages < minimum length
0 bad checksums
0 messages with bad length
0 multicast echo requests ignored
0 multicast timestamp requests ignored
Input histogram:
echo reply: 4
destination unreachable: 14
echo: 6697
6697 message responses generated
ICMP address mask responses are disabled
My Ethernet NICs are DEC DE204's using 'le':
le0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 24.112.xx.xx netmask 0xfffffc00 broadcast 24.112.87.255
ether 08:00:2b:94:a2:4e
le1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255
ether 08:00:2b:94:9e:2d
le0 is the interface that's involved here. Notice the netmask.
Could that have something to do with it?
If I purposely do a broadcast ping on my inside network, that
interface does correctly ignore the ICMP echo request and it is
accounted for correctly in netstat -p icmp.
I wouldn't want to alert CERT over this or anything, but I'd
sure like to know how to fix it.
Any ideas?
============================================================
Gardner Buchanan <gbuchana@home.com>
Ottawa, ON FreeBSD: Where you want to go. Today.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990513222354.gbuchana>