From owner-freebsd-hackers Thu May 13 19:24:48 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp.on.rogers.wave.ca (smtp.on.rogers.wave.ca [24.112.32.20]) by hub.freebsd.org (Postfix) with ESMTP id 42D7014BE7 for ; Thu, 13 May 1999 19:24:42 -0700 (PDT) (envelope-from gbuchana@home.com) Received: from cr1004936-b.slnt1.on.wave.home.com ([24.112.85.94]:1047 "EHLO localhost.on.rogers.wave.ca" ident: "NO-IDENT-SERVICE") by smtp.on.rogers.wave.ca with ESMTP id <522199-18779>; Thu, 13 May 1999 22:20:45 -0400 Content-Length: 2782 Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT MIME-Version: 1.0 Date: Thu, 13 May 1999 22:23:54 -0400 (EDT) Reply-To: gbuchana@home.com From: Gardner Buchanan To: freebsd-hackers@FreeBSD.org Subject: 3.1R broadcast ICMP bug? Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've been having some problems with my Cable Internet provider and in the course of diagnosing them I've noticed what I think is a bug in 3.1R. As usual, some moron was flooding the local subnet with broadcast pings. To my horror though, I could see that my 3.1R kernel was actually answering them, despite the fact that it is set not to: # sysctl net.inet.icmp.bmcastecho net.inet.icmp.bmcastecho: 0 Here's a tcpdump: # tcpdump -nep -s 2048 icmp 21:48:24.845521 0:0:e8:76:19:98 ff:ff:ff:ff:ff:ff 0800 106: 90.0.0.1 > 255.255.255.255: icmp: echo request 21:48:24.846326 8:0:2b:94:a2:4e 0:60:5c:7d:eb:a0 0800 106: 24.112.xx.xx > 90.0.0 .1: icmp: echo reply 21:48:43.378044 0:0:e8:76:19:98 ff:ff:ff:ff:ff:ff 0800 106: 90.0.0.1 > 255.255.255.255: icmp: echo request 21:48:43.378824 8:0:2b:94:a2:4e 0:60:5c:7d:eb:a0 0800 106: 24.112.xx.xx > 90.0.0.1: icmp: echo reply 21:48:56.012685 0:e0:29:f:2b:98 ff:ff:ff:ff:ff:ff 0800 106: 24.112.130.161 > 255.255.255.255: icmp: echo request 21:48:56.013525 8:0:2b:94:a2:4e 0:60:5c:7d:eb:a0 0800 106: 24.112.xx.xx > 24.112.130.161: icmp: echo reply Netstat thinks that none of these were broadcasts: # netstat -p icmp icmp: 73 calls to icmp_error 0 errors not generated 'cuz old message was icmp Output histogram: echo reply: 6697 destination unreachable: 13 time exceeded: 60 0 messages with bad code fields 0 messages < minimum length 0 bad checksums 0 messages with bad length 0 multicast echo requests ignored 0 multicast timestamp requests ignored Input histogram: echo reply: 4 destination unreachable: 14 echo: 6697 6697 message responses generated ICMP address mask responses are disabled My Ethernet NICs are DEC DE204's using 'le': le0: flags=8843 mtu 1500 inet 24.112.xx.xx netmask 0xfffffc00 broadcast 24.112.87.255 ether 08:00:2b:94:a2:4e le1: flags=8843 mtu 1500 inet 192.168.0.10 netmask 0xffffff00 broadcast 192.168.0.255 ether 08:00:2b:94:9e:2d le0 is the interface that's involved here. Notice the netmask. Could that have something to do with it? If I purposely do a broadcast ping on my inside network, that interface does correctly ignore the ICMP echo request and it is accounted for correctly in netstat -p icmp. I wouldn't want to alert CERT over this or anything, but I'd sure like to know how to fix it. Any ideas? ============================================================ Gardner Buchanan Ottawa, ON FreeBSD: Where you want to go. Today. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message