NetBSD Problem Report #48971

From darrenr@netbsd.org  Mon Jul  7 16:34:43 2014
Return-Path: <darrenr@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 7F583A653D
	for <gnats-bugs@gnats.NetBSD.org>; Mon,  7 Jul 2014 16:34:43 +0000 (UTC)
Message-Id: <20140707163443.12AE914A1CF@mail.netbsd.org>
Date: Mon,  7 Jul 2014 16:34:43 +0000 (UTC)
From: darrenr@netbsd.org
Reply-To: darrenr@netbsd.org
To: gnats-bugs@gnats.NetBSD.org
Subject: ICMP redirects should not be issued for active bridge
X-Send-Pr-Version: 3.95

>Number:         48971
>Category:       kern
>Synopsis:       ICMP redirects should not be issued for active bridge
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 07 16:35:00 +0000 2014
>Last-Modified:  Mon Jul 07 18:30:01 +0000 2014
>Originator:     Darren Reed
>Release:        NetBSD 6.1_STABLE
>Organization:
NetBSD
>Environment:


System: NetBSD homeworld.netbsd.org 6.1_STABLE NetBSD 6.1_STABLE (NBMAIL) #0: Tue Jun 10 18:49:40 UTC 2014 spz@franklin.NetBSD.org:/home/netbsd/6/amd64/obj/sys/arch/amd64/compile/NBMAIL amd64
Architecture: x86_64
Machine: amd64
>Description:
See http://mail-index.netbsd.org/tech-net/2014/07/05/msg004689.html

NetBSD is issuing ICMP redirects for packets that should never be finding
their way into the IP input code path when bridging is enabled.

This may be because the configuration where a network interface that has
an IP address assigned to it being added to a bridge is unsupported. If
so then this is not documented.
>How-To-Repeat:
Using ESXi as the host for a NetBSD VM, if I grant the NetBSD VM the ability
to engage promiscuous mode then doing this:
ifconfig bridge0 create
brconfig bridge0 add wm0
... where wm0 has an IP address assigned is enough to start the VM
generating redirects for packets that it should not (use tcpdump to
observe.) Adding another interface to the bridge with "brconfig bridge0
add wm1" does not fix the ICMP redirect problem.
>Fix:


>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/48971: ICMP redirects should not be issued for active bridge
Date: Mon, 7 Jul 2014 20:26:04 +0200

 Could you show a sample packet and example network configuration?

 Martin

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.