Duplicate ICMP messages
Dan Nelson
dnelson at allantgroup.com
Thu Mar 18 07:32:36 PST 2004
In the last episode (Mar 18), Nigel Houghton said:
> I have a FreeBSD 4.9 box with three network interfaces setup as follows:
>
> fxp0 - 172.16.20.2
> fxp1 - 192.168.1.2
> bge0 - promiscuous mode, no-arp
>
> fxp0 is connected to a netgear switch, fxp1 is connected to a Cisco
> 2900xl and bge0 is also connected to the Cisco but is listening on a
> span port to everything transmitted on the 192.168.1.0/24 subnet.
>
> Here's the weirdness, when sending an ICMP Echo request to fxp1 from
> the switch at 192.168.1.254 duplicate replies are seen coming back.
> The same thing happens when sending the same requests from fxp1 to
> any other address on the subnet. When the bge0 interface is brought
> down the issue goes away and everything is normal.
>
> systat shows the requests going out and the same number of replies
> coming back in. ipfw is being used to deny all icmp via bge0.
You can run tcpdump -e to see the MAC addresses of the cards sending
both ICMP messages. That will at least let you verify if the 2nd echo
is coming out of bge0. Is bge0 configured with any IP addresses? I've
got a similar 4.9 setup with 4 monitoring interfaces and haven't ever
seen those cards send anything, or seen dupes sent from the regular
nic.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-hackers
mailing list