Project

General

Profile

Actions

Bug #2959

closed

Duplicate packets on network interface running v4.6.1.1.g6e9a0-RELEASE

Added by stateless over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Networking
Target version:
-
Start date:
10/19/2016
Due date:
% Done:

0%

Estimated time:

Description

Hi,

I have an OpenBSD router and a DragonFly BSD machine.

The router configuration is as follows:

em1 is the first LAN interface.
em2 is the second LAN interface.
em7 is the span port.
bridge0 contains em1 and em7.

The DragonFly BSD machine is configured as follows:

bnx0 connects to em2 directly and uses DHCP to get an address. This is how I communicate with the machine.
bnx1 connects to em7, the span port, and it is configured as -arp promisc up (no ip address on the interface).

Now I connect my laptop to em1 on my router. I ping the DragonFly BSD box on the address that is assigned on bnx0.
Two ICMP echo requests arrive on the DragonFly BSD box, one on bnx0 and one on bnx1. This is expected.
However, I also get two ICMP echo replies back from bnx0. This doesn't seem correct.

I tried Linux and OpenBSD in place of the DragonFly BSD box and they do not behave like this. They send only one
ICMP echo reply.

Is anything I am missing?

Actions #1

Updated by sepherosa over 7 years ago

Do you have the tcpdump on dfly?

On Thu, Oct 20, 2016 at 4:00 AM,
<> wrote:

Issue #2959 has been reported by stateless.

----------------------------------------
Bug #2959: Duplicate packets on network interface running v4.6.1.1.g6e9a0-RELEASE
http://bugs.dragonflybsd.org/issues/2959

  • Author: stateless
  • Status: New
  • Priority: Normal
  • Assignee:
  • Category: Networking
  • Target version:
    ----------------------------------------
    Hi,

I have an OpenBSD router and a DragonFly BSD machine.

The router configuration is as follows:

em1 is the first LAN interface.
em2 is the second LAN interface.
em7 is the span port.
bridge0 contains em1 and em7.

The DragonFly BSD machine is configured as follows:

bnx0 connects to em2 directly and uses DHCP to get an address. This is how I communicate with the machine.
bnx1 connects to em7, the span port, and it is configured as -arp promisc up (no ip address on the interface).

Now I connect my laptop to em1 on my router. I ping the DragonFly BSD box on the address that is assigned on bnx0.
Two ICMP echo requests arrive on the DragonFly BSD box, one on bnx0 and one on bnx1. This is expected.
However, I also get two ICMP echo replies back from bnx0. This doesn't seem correct.

I tried Linux and OpenBSD in place of the DragonFly BSD box and they do not behave like this. They send only one
ICMP echo reply.

Is anything I am missing?

--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

--
Tomorrow Will Never Die

Actions #2

Updated by sepherosa over 7 years ago

sysctl net.inet.ip.check_interface=1 probably is what you want.

On Thu, Oct 20, 2016 at 9:33 AM,
<> wrote:

Issue #2959 has been updated by sepherosa.

Do you have the tcpdump on dfly?

On Thu, Oct 20, 2016 at 4:00 AM,
<> wrote:

Issue #2959 has been reported by stateless.

----------------------------------------
Bug #2959: Duplicate packets on network interface running v4.6.1.1.g6e9a0-RELEASE
http://bugs.dragonflybsd.org/issues/2959

  • Author: stateless
  • Status: New
  • Priority: Normal
  • Assignee:
  • Category: Networking
  • Target version:
    ----------------------------------------
    Hi,

I have an OpenBSD router and a DragonFly BSD machine.

The router configuration is as follows:

em1 is the first LAN interface.
em2 is the second LAN interface.
em7 is the span port.
bridge0 contains em1 and em7.

The DragonFly BSD machine is configured as follows:

bnx0 connects to em2 directly and uses DHCP to get an address. This is how I communicate with the machine.
bnx1 connects to em7, the span port, and it is configured as -arp promisc up (no ip address on the interface).

Now I connect my laptop to em1 on my router. I ping the DragonFly BSD box on the address that is assigned on bnx0.
Two ICMP echo requests arrive on the DragonFly BSD box, one on bnx0 and one on bnx1. This is expected.
However, I also get two ICMP echo replies back from bnx0. This doesn't seem correct.

I tried Linux and OpenBSD in place of the DragonFly BSD box and they do not behave like this. They send only one
ICMP echo reply.

Is anything I am missing?

--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

--
Tomorrow Will Never Die

----------------------------------------
Bug #2959: Duplicate packets on network interface running v4.6.1.1.g6e9a0-RELEASE
http://bugs.dragonflybsd.org/issues/2959#change-13005

  • Author: stateless
  • Status: New
  • Priority: Normal
  • Assignee:
  • Category: Networking
  • Target version:
    ----------------------------------------
    Hi,

I have an OpenBSD router and a DragonFly BSD machine.

The router configuration is as follows:

em1 is the first LAN interface.
em2 is the second LAN interface.
em7 is the span port.
bridge0 contains em1 and em7.

The DragonFly BSD machine is configured as follows:

bnx0 connects to em2 directly and uses DHCP to get an address. This is how I communicate with the machine.
bnx1 connects to em7, the span port, and it is configured as -arp promisc up (no ip address on the interface).

Now I connect my laptop to em1 on my router. I ping the DragonFly BSD box on the address that is assigned on bnx0.
Two ICMP echo requests arrive on the DragonFly BSD box, one on bnx0 and one on bnx1. This is expected.
However, I also get two ICMP echo replies back from bnx0. This doesn't seem correct.

I tried Linux and OpenBSD in place of the DragonFly BSD box and they do not behave like this. They send only one
ICMP echo reply.

Is anything I am missing?

--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

--
Tomorrow Will Never Die

Actions #3

Updated by stateless over 7 years ago

Hi,

I have not checked the sysctl knob yet as I am not at home. I will check it later tonight and report back.

tcpdump on bnx0 on dfly:

49.514650 00:30:18:c8:6b:0d > 34:64:a9:9a:5f:1c, ethertype IPv4 (0x0800), length 98: 10.0.0.6 > 10.0.2.2: ICMP echo request, id 60725, seq 257, length 64
49.514677 34:64:a9:9a:5f:1c > 00:30:18:c8:6b:0d, ethertype IPv4 (0x0800), length 98: 10.0.2.2 > 10.0.0.6: ICMP echo reply, id 60725, seq 257, length 64
49.514678 34:64:a9:9a:5f:1c > 00:30:18:c8:6b:0d, ethertype IPv4 (0x0800), length 98: 10.0.2.2 > 10.0.0.6: ICMP echo reply, id 60725, seq 257, length 64

34:64:a9:9a:5f:1c is the mac address of bnx0 on dfly. 00:30:18:c8:6b:0d is the mac address of the em2 interface on the router.

tcpdump on bnx1 on dfly:

46.085638 50:7b:9d:8e:d8:0c > 00:30:18:c8:6b:0b, ethertype IPv4 (0x0800), length 98: 10.0.0.6 > 10.0.2.2: ICMP echo request, id 38896, seq 4, length 64
46.085775 00:30:18:c8:6b:0b > 50:7b:9d:8e:d8:0c, ethertype IPv4 (0x0800), length 98: 10.0.2.2 > 10.0.0.6: ICMP echo reply, id 38896, seq 4, length 64
46.085935 00:30:18:c8:6b:0b > 50:7b:9d:8e:d8:0c, ethertype IPv4 (0x0800), length 98: 10.0.2.2 > 10.0.0.6: ICMP echo reply, id 38896, seq 4, length 64

50:7b:9d:8e:d8:0c is the mac address of my laptop and 00:30:18:c8:6b:0b is the mac address of the em1 interface on the router.

Actions #4

Updated by stateless over 7 years ago

These two tcpdump sequences are not from a simultaneous capture on both interfaces. But the results are as you expect if you do that.

Actions #5

Updated by stateless over 7 years ago

net.inet.ip.check_interface=1 did the trick!

What about making this the default?

Actions #6

Updated by sepherosa over 7 years ago

On Fri, Oct 21, 2016 at 12:26 AM,
<> wrote:

Issue #2959 has been updated by stateless.

net.inet.ip.check_interface=1 did the trick!

What about making this the default?

The reason is listed in the code: )

  • XXX - Setting ip_checkinterface mostly implements the receive side of
  • the Strong ES model described in RFC 1122, but since the routing table
  • and transmit implementation do not implement the Strong ES model,
  • setting this to 1 results in an odd hybrid. *
  • XXX - ip_checkinterface currently must be disabled if you use ipnat
  • to translate the destination address to another local interface. *
  • XXX - ip_checkinterface must be disabled if you add IP aliases
  • to the loopback interface instead of the interface where the
  • packets for those addresses are received.

Thanks,
sephe

Actions #7

Updated by stateless over 7 years ago

  • Status changed from New to Closed
Actions #8

Updated by stateless over 7 years ago

I see the same problem with ipv6 even with net.inet.ip.check_interface=1, any ideas?

Actions #9

Updated by sepherosa over 7 years ago

On Sun, Oct 23, 2016 at 3:57 AM,
<> wrote:

Issue #2959 has been updated by stateless.

I see the same problem with ipv6 even with net.inet.ip.check_interface=1, any ideas?

It only affects IPv4 input path. I will check IPv6 input path.

----------------------------------------
Bug #2959: Duplicate packets on network interface running v4.6.1.1.g6e9a0-RELEASE
http://bugs.dragonflybsd.org/issues/2959#change-13017

  • Author: stateless
  • Status: Closed
  • Priority: Normal
  • Assignee:
  • Category: Networking
  • Target version:
    ----------------------------------------
    Hi,

I have an OpenBSD router and a DragonFly BSD machine.

The router configuration is as follows:

em1 is the first LAN interface.
em2 is the second LAN interface.
em7 is the span port.
bridge0 contains em1 and em7.

The DragonFly BSD machine is configured as follows:

bnx0 connects to em2 directly and uses DHCP to get an address. This is how I communicate with the machine.
bnx1 connects to em7, the span port, and it is configured as -arp promisc up (no ip address on the interface).

Now I connect my laptop to em1 on my router. I ping the DragonFly BSD box on the address that is assigned on bnx0.
Two ICMP echo requests arrive on the DragonFly BSD box, one on bnx0 and one on bnx1. This is expected.
However, I also get two ICMP echo replies back from bnx0. This doesn't seem correct.

I tried Linux and OpenBSD in place of the DragonFly BSD box and they do not behave like this. They send only one
ICMP echo reply.

Is anything I am missing?

--
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account

--
Tomorrow Will Never Die

Actions

Also available in: Atom PDF