kern/180893: Packets received with own LLADDR confuse things.

dave at daveg.ca dave at daveg.ca
Sat Jul 27 17:50:01 UTC 2013 

>Number:         180893
>Category:       kern
>Synopsis:       Packets received with own LLADDR confuse things.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jul 27 17:50:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     David Gilbert <dave at daveg.ca>
>Release:        FreeBSD 9.2-BETA1 amd64
>Organization:
DaveG.ca
>Environment:
System: FreeBSD virtual.accountingreality.com 9.2-BETA1 FreeBSD 9.2-BETA1 #10 r253638: Thu Jul 25 20:03:07 EDT 2013 root at virtual.accountingreality.com:/usr/obj/usr/src/sys/VRA amd64


	This change seems to be pertinant to many revisions of FreeBSD.
The patch itself is against the 9-STABLE tree.
>Description:
	Some errant network equipment (including the simulation of a network
by VMware, as an example) will reflect back multicast packets to the sender.
This breaks protocols such as DAD and makes IPv6 nearly impossible to use
on these networks.

	Now, the argument could be made to fix these network elements, but
there is an elegant solution that improves the quality of FreeBSD: To refuse
packets that have a source ethernet address of the receiving interface.  If
you consider this notion, you can quickly and easily accept that an interface
should never "receive" a packet from it's own MAC address.

	This behaviour mirrors Linux behavior and I assume Windows behavior.

	I won't claim to be experienced in kernel matters, but I chose the
location for this modification to allow BPF to "see" the packets (for
network diagnosis).  This test, however, could be moved within this function
or even given a sysctl knob.
>How-To-Repeat:
	Simply install FreeBSD-9.1 on VMWare and enable IPv6.  DAD will
fail.
>Fix:


Index: if_ethersubr.c
===================================================================
--- if_ethersubr.c	(revision 253638)
+++ if_ethersubr.c	(working copy)
@@ -636,6 +636,17 @@
 	ETHER_BPF_MTAP(ifp, m);
 
 	/*
+	 * Drop the frame if it appears to be sent by us.  That is:
+	 * it appears to have the same LLADDR.
+	 */
+	if(bcmp(eh->ether_shost, IF_LLADDR(ifp), ETHER_ADDR_LEN) == 0) {
+   	        if_printf(ifp, "Dropped packet that claims to be from me!\n");
+		ifp->if_ierrors++;
+		m_freem(m);
+		return;
+	}
+
+	/*
 	 * If the CRC is still on the packet, trim it off. We do this once
 	 * and once only in case we are re-entered. Nothing else on the
 	 * Ethernet receive path expects to see the FCS.


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list