From owner-freebsd-net@FreeBSD.ORG Wed Nov 10 14:06:51 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8602316A4D7 for ; Wed, 10 Nov 2004 14:06:51 +0000 (GMT) Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5718343D48 for ; Wed, 10 Nov 2004 14:06:50 +0000 (GMT) (envelope-from ticso@cicely12.cicely.de) Received: from cicely5.cicely.de (cicely5.cicely.de [IPv6:3ffe:400:8d0:301:200:92ff:fe9b:20e7]) (authenticated bits=0) iAAE6JaI065211 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Wed, 10 Nov 2004 15:06:21 +0100 (CET) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (cicely12.cicely.de [IPv6:3ffe:400:8d0:301::12]) by cicely5.cicely.de (8.12.10/8.12.10) with ESMTP id iAAE5usu048799 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 10 Nov 2004 15:05:56 +0100 (CET) (envelope-from ticso@cicely12.cicely.de) Received: from cicely12.cicely.de (localhost [127.0.0.1]) by cicely12.cicely.de (8.12.11/8.12.11) with ESMTP id iAAE5tr9031772; Wed, 10 Nov 2004 15:05:55 +0100 (CET) (envelope-from ticso@cicely12.cicely.de) Received: (from ticso@localhost) by cicely12.cicely.de (8.12.11/8.12.11/Submit) id iAAE5t2G031771; Wed, 10 Nov 2004 15:05:55 +0100 (CET) (envelope-from ticso) Date: Wed, 10 Nov 2004 15:05:54 +0100 From: Bernd Walter To: Sean Chittenden Message-ID: <20041110140554.GN98623@cicely12.cicely.de> References: <7070775A-331F-11D9-A34C-000A95C705DC@chittenden.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7070775A-331F-11D9-A34C-000A95C705DC@chittenden.org> X-Operating-System: FreeBSD cicely12.cicely.de 5.2-CURRENT alpha User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.9 required=3.0 tests=BAYES_00 autolearn=ham version=2.64 X-Spam-Report: * -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on cicely12.cicely.de cc: net@freebsd.org Subject: Re: Ability to live lock 5.3 via routing... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ticso@cicely.de List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2004 14:06:52 -0000 On Wed, Nov 10, 2004 at 05:50:10AM -0800, Sean Chittenden wrote: > Pretty easy for me to reproduce. The machine live locks so I can't get > anything out of it, serial console or otherwise. :( Imagine a machine > with two NICs, fxp0 and fxp1 (though it could be any two NICs). The > following commands should lead to a lock: > > # Add the primary address on the external NIC > ifconfig fxp0 192.168.1.2 netmask 255.255.255.0 media 100baseTX > mediaopt full-duplex > > # Add the default gateway > route add default 192.168.1.1 > > # Add a network to the internal interface > ifconfig fxp1 10.10.10.1 netmask 255.255.255.0 media 100baseTX mediaopt > full-duplex > > # On the external interface, on the same VLAN, there are two other > networks. > # Add aliases that way the machine can participate on those networks. > ifconfig fxp0 alias 192.168.2.250 netmask 255.255.255.255 > ifconfig fxp0 alias 192.168.3.250 netmask 255.255.255.255 You should use the correct netmask for the networks: e.g.: ifconfig fxp0 alias 192.168.2.250 netmask 255.255.255.0 or: ifconfig fxp0 alias 192.168.2.250/24 /32 is only correct if you are adding an alias for a network you already participate. > # Add a route so that machines on the internal network can get > # to the 192.168.2.0/24 network. This command succeeds. > route add -net 192.168.2.250/24 192.168.2.250 If you add network routes you should better use the network address (192.168.2.0 in this case). But the complete route is only required because the above alias has the wrong netmask. You should just remove it. > # Add a route so that machines on the internal network can also > # get to the 192.168.3.0/24 network. This command results in a hard > # lock of the system. > route add -net 192.168.3.250/24 192.168.3.250 Same as last route. But it shouldn't hard lock anyway. -- B.Walter BWCT http://www.bwct.de bernd@bwct.de info@bwct.de