kern/184149: [vimage] IPv6 link-local collisions on epair[n]b devices

Shawn Webb lattera at gmail.com
Thu Nov 21 17:40:02 UTC 2013 

>Number:         184149
>Category:       kern
>Synopsis:       [vimage] IPv6 link-local collisions on epair[n]b devices
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 21 17:40:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Shawn Webb
>Release:        FreeBSD 11-RELEASE
>Organization:
>Environment:
FreeBSD shawn-vm-host 11.0-CURRENT FreeBSD 11.0-CURRENT #56 e78422d(soldierx/lattera/aslr)-dirty: Thu Nov 21 01:18:36 EST 2013     shawn at shawn-vm-host:/usr/obj/usr/src/sys/SEC  amd64
>Description:
Certain epair[n]b devices can get collisions with other epair[n]b devices due to the MAC address not being random enough. I have a box with a number of vnet jails. Devices epair9b and epair13b shared the same IPv6 link-local address due to how the link-local address was automatically generated from the MAC address. Patch for review included.
>How-To-Repeat:
ifconfig bridge0 create
ifconfig epair9a create
ifconfig bridge0 addm epair9a
ifconfig epair13a create
ifconfig bridge0 addm epair13a
ifconfg epair9a up
ifconfig epair13a up
ifconfig epair9b up
ifconfig epair13b up
>Fix:
diff --git a/sys/net/if_epair.c b/sys/net/if_epair.c
index 03e379b..d64940f 100644
--- a/sys/net/if_epair.c
+++ b/sys/net/if_epair.c
@@ -722,6 +722,8 @@ epair_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
                ifp = scb->ifp;
                /* Assign a hopefully unique, locally administered etheraddr. */
                eaddr[0] = 0x02;
+        eaddr[1] = (uint8_t)(arc4random() % 0xff);
+        eaddr[2] = (uint8_t)(arc4random() % 0xff);
                eaddr[3] = (ifp->if_index >> 8) & 0xff;
                eaddr[4] = ifp->if_index & 0xff;
                eaddr[5] = 0x0b;
@@ -817,6 +819,8 @@ epair_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
        ifp->if_snd.ifq_maxlen = ifqmaxlen;
        /* Assign a hopefully unique, locally administered etheraddr. */
        eaddr[0] = 0x02;
+    eaddr[1] = (uint8_t)(arc4random() % 0xff);
+    eaddr[2] = (uint8_t)(arc4random() % 0xff);
        eaddr[3] = (ifp->if_index >> 8) & 0xff;
        eaddr[4] = ifp->if_index & 0xff;
        eaddr[5] = 0x0a;

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list