[Bug 260474] ping -e does not forward packets to specified next-hop

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 16 Dec 2021 15:52:44 UTC

            Bug ID: 260474
           Summary: ping -e does not forward packets to specified next-hop
           Product: Base System
           Version: 13.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: KOT@MATPOCKuH.Ru

"-e" option for ping should change next hop for outgoing packet, but it's
changes only source IP address for packet.
I'm checked this problem on clean FreeBSD 13.0-RELEASE VM image from site.
To reproduce this problem on machine without IPv6 access please follow this
# Create a two epairs
ifconfig epair1 plumb
ifconfig epair1a up
ifconfig epair2 plumb
ifconfig epair2a up

# Plug a epair1 into bridge1 and assign fd00:1::2 to bridge1
ifconfig bridge1 plumb addm epair1a
ifconfig bridge1 inet6 -ifdisabled fd00:1::2/64 auto_linklocal
# Run a jail gw1 which fd00:1::1 on bridge1
ifconfig epair1b name gw1
jail -c name=gw1 path=/ vnet vnet.interface=gw1 allow.raw_sockets=1 persist=1
jexec gw1 ifconfig gw1 inet6 -ifdisabled fd00:1::1/64 auto_linklocal
# Add a IPv6 default route via gw1
route -6 add default fd00:1::1

# Plug a epair2 into bridge2 and assign fd00:2::2 to bridge2
ifconfig bridge2 plumb addm epair2a
ifconfig bridge2 inet6 -ifdisabled fd00:2::2/64 auto_linklocal
# Run a jail gw2 which fd00:2::1 on bridge2
ifconfig epair2b name gw2
jail -c name=gw2 path=/ vnet vnet.interface=gw2 allow.raw_sockets=1 persist=1
jexec gw2 ifconfig gw2 inet6 -ifdisabled fd00:2::1/64 auto_linklocal

# Check reachability
ping -c 2 fd00:1::1
ping -c 2 fd00:2::1
# Check MAC addresses
ndp -a

# Next-hop fd00:2::1 is on bridge2, but packet sent via bridge1 to MAC of gw1:
tcpdump -c 1 -epni bridge1 icmp6 &
sleep 1
ping -e fd00:2::1 -c 1 fd00:3::1

I'm got: 
# ndp -a
Neighbor                             Linklayer Address  Netif Expire    S Flags
fd00:2::1                            02:57:8a:b2:5e:0b bridge2 29s       R 
fd00:1::1                            02:67:f1:0d:66:0b bridge1 32s       R 

And packet on bridge1:
15:49:30.303387 58:9c:fc:10:04:75 > 02:67:f1:0d:66:0b, ethertype IPv6 (0x86dd),
length 70: fd00:2::2 > fd00:3::1: ICMP6, echo request, seq 0, length 16
Source IP fd00:2::2 is a address for bridge2, and it's correct.
But packet found on bridge1 and "02:67:f1:0d:66:0b" is a MAC address of gw1.

This problem affects only FreeBSD13.
FreeBSD12 does not affected by this issue. To check on FreeBSD12 "-e" option
should be replaced which "-g".

You are receiving this mail because:
You are the assignee for the bug.