From owner-freebsd-bugs Fri Jan 19 13:10:21 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 888D737B699 for ; Fri, 19 Jan 2001 13:10:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f0JLA3w70161; Fri, 19 Jan 2001 13:10:03 -0800 (PST) (envelope-from gnats) Received: from skalman.campus.luth.se (skalman.campus.luth.se [130.240.197.52]) by hub.freebsd.org (Postfix) with ESMTP id 3166D37B400 for ; Fri, 19 Jan 2001 13:04:08 -0800 (PST) Received: (from pantzer@localhost) by skalman.campus.luth.se (8.11.1/8.11.0) id f0JL46504697; Fri, 19 Jan 2001 22:04:06 +0100 (CET) (envelope-from pantzer) Message-Id: <200101192104.f0JL46504697@skalman.campus.luth.se> Date: Fri, 19 Jan 2001 22:04:06 +0100 (CET) From: pantzer@ludd.luth.se Reply-To: pantzer@ludd.luth.se To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/24465: Will process packets not for this host if using netgraph and ip forwarding. Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 24465 >Category: kern >Synopsis: Will process packets not for this host if using netgraph and ip forwarding. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 19 13:10:02 PST 2001 >Closed-Date: >Last-Modified: >Originator: Mattias Pantzare >Release: FreeBSD 4.2-STABLE i386 >Organization: >Environment: FreeBSD running vmware in bridged mode using netgraph and IP forwarding on. >Description: FreeBSD will respond to ethernet packets for other computers if IP forwarding is on and netgraph is used for bridging. It will send packets with a mac adress that is diffrent from the interfaces adress to the IP layer. If IP forwaring is on then the IP layer will try to route the packets even if they where sent to a diffrent computer. >How-To-Repeat: >Fix: There is a check for the mac adress in ether_input in net/if_ethersubr.c: /* Discard packet if upper layers shouldn't see it. This should only happen when the interface is in promiscuous mode. */ if ((ifp->if_flags & IFF_PROMISC) != 0 && (eh->ether_dhost[0] & 1) == 0 && bcmp(eh->ether_dhost, IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0) { m_freem(m); return; } That check will not be done if netgraph is used on the interface, from what I can find it shoud be added to ng_ether_rcv_upper in netgraph/ng_ether.c >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message