Date: Fri, 19 Jan 2001 22:04:06 +0100 (CET) From: pantzer@ludd.luth.se To: FreeBSD-gnats-submit@freebsd.org Subject: kern/24465: Will process packets not for this host if using netgraph and ip forwarding. Message-ID: <200101192104.f0JL46504697@skalman.campus.luth.se>
next in thread | raw e-mail | index | archive | help
>Number: 24465
>Category: kern
>Synopsis: Will process packets not for this host if using netgraph and ip forwarding.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 19 13:10:02 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Mattias Pantzare
>Release: FreeBSD 4.2-STABLE i386
>Organization:
>Environment:
FreeBSD running vmware in bridged mode using netgraph and IP forwarding on.
>Description:
FreeBSD will respond to ethernet packets for other computers if IP forwarding
is on and netgraph is used for bridging. It will send packets with a mac
adress that is diffrent from the interfaces adress to the IP layer.
If IP forwaring is on then the IP layer will try to route the packets even if
they where sent to a diffrent computer.
>How-To-Repeat:
>Fix:
There is a check for the mac adress in ether_input in net/if_ethersubr.c:
/* Discard packet if upper layers shouldn't see it. This should
only happen when the interface is in promiscuous mode. */
if ((ifp->if_flags & IFF_PROMISC) != 0
&& (eh->ether_dhost[0] & 1) == 0
&& bcmp(eh->ether_dhost,
IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0) {
m_freem(m);
return;
}
That check will not be done if netgraph is used on the interface, from what I
can find it shoud be added to ng_ether_rcv_upper in netgraph/ng_ether.c
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101192104.f0JL46504697>