sparc64/75735: misconfigured qfe ports
jacques brierre
jbrierre at bellsouth.net
Sun Jan 2 20:00:43 PST 2005
>Number: 75735
>Category: sparc64
>Synopsis: misconfigured qfe ports
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-sparc64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 03 04:00:42 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: jacques brierre
>Release: 5.3/Sparc64
>Organization:
Mean Mice Elf
>Environment:
FreeBSD sphynx 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 19:30:40 UTC 2004
root at bobbi.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC sparc64
>Description:
This is a Sun Ultra 2 - 2 UltraSparc-I Processor (168.01 MHz CPU)
has hme on-board NIC and QFE Sbus card...
ifconfig shows the ports network interfaces as hme0 (correct) and hme1-hme4 (the QFE I/Fs).
inet6 is set to NO, but ports initialize with duplicated ipv6 addresses:
hme0: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet 172.16.1.110 netmask 0xffff1900 broadcast 172.16.231.255
inet6 fe80::a00:20ff:fe85:7364%hme0 prefixlen 64 scopeid 0x1
ether 08:00:20:85:73:64
media: Ethernet autoselect (100baseTX)
status: active
hme1: flags=108802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet 172.16.1.200 netmask 0xffffff00 broadcast 172.16.1.255
inet6 fe80::a00:20ff:feb4:6ec%hme1 prefixlen 64 duplicated scopeid 0x2
ether 08:00:20:b4:06:ec
media: Ethernet autoselect
hme2: flags=108802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
ether 08:00:20:b4:06:ed
media: Ethernet autoselect
hme3: flags=108802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
ether 08:00:20:b4:06:ee
media: Ethernet autoselect
hme4: flags=108802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet 172.16.1.204 netmask 0xffffff00 broadcast 172.16.1.255
inet6 fe80::a00:20ff:feb4:6ef%hme4 prefixlen 64 duplicated scopeid 0x5
ether 08:00:20:b4:06:ef
media: Ethernet autoselect
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
bash-3.00#
bash-3.00# ifconfig hme1 down
bash-3.00# ifconfig hme4 up
bash-3.00# snort -vde -i hme4
Running in packet dump mode
Initializing Network Interface hme4
--== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface hme4
Jan 2 22:47:46 sphynx kernel: hme4: promiscuous mode enabled
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.3.0RC2 (Build 9)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2004 Sourcefire Inc, et al.
01/02-22:48:00.598250 ARP who-has 151.114.12.1 tell 151.114.12.253
Jan 2 22:48:14 sphynx kernel: arp: 172.16.1.50 is on hme4 but got reply from 00
:20:a6:4e:bb:d0 on hme0
01/02-22:48:14.826978 ARP who-has 172.16.1.2 tell 172.16.1.204
01/02-22:48:14.827106 ARP who-has 172.16.1.2 tell 172.16.1.204
01/02-22:48:17.819818 ARP who-has 172.16.1.2 tell 172.16.1.204
01/02-22:48:17.819944 ARP who-has 172.16.1.2 tell 172.16.1.204
01/02-22:48:20.811359 ARP who-has 172.16.1.2 tell 172.16.1.204
01/02-22:48:20.811439 ARP who-has 172.16.1.2 tell 172.16.1.204
01/02-22:48:23.827772 ARP who-has 172.16.1.2 tell 172.16.1.204
01/02-22:48:23.827897 ARP who-has 172.16.1.2 tell 172.16.1.204
01/02-22:48:29.821993 ARP who-has 172.16.1.2 tell 172.16.1.204
01/02-22:48:29.822197 ARP who-has 172.16.1.2 tell 172.16.1.204
^C
===============================================================================
Snort received 58 packets
Analyzed: 58(100.000%)
Dropped: 0(0.000%)
===============================================================================
Breakdown by protocol:
TCP: 0 (0.000%)
UDP: 0 (0.000%)
ICMP: 0 (0.000%)
ARP: 11 (18.966%)
EAPOL: 0 (0.000%)
IPv6: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 12 (20.690%)
DISCARD: 0 (0.000%)
===============================================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
Snort exiting
Jan 2 22:48:46 sphynx kernel: hme4: promiscuous mode disabled
bash-3.00# ifconfig hme4 down
WhenI enabled hme4, above, I immediately lost my ssh connection to the box (via hme0/default route). was able to regain it by disabling hme4 again.
>How-To-Repeat:
bring up any qfe interface...
>Fix:
don't use qfe?
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-sparc64
mailing list