From nobody@FreeBSD.org  Thu Nov 21 17:38:14 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id D3353AFD
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 21 Nov 2013 17:38:14 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id A93DE266D
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 21 Nov 2013 17:38:14 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rALHcEpq095511
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 21 Nov 2013 17:38:14 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rALHcE7P095510;
	Thu, 21 Nov 2013 17:38:14 GMT
	(envelope-from nobody)
Message-Id: <201311211738.rALHcE7P095510@oldred.freebsd.org>
Date: Thu, 21 Nov 2013 17:38:14 GMT
From: Shawn Webb <lattera@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [vimage] IPv6 link-local collisions on epair[n]b devices
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         184149
>Category:       kern
>Synopsis:       [vimage] IPv6 link-local collisions on epair[n]b devices
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 21 17:40:01 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Shawn Webb
>Release:        FreeBSD 11-RELEASE
>Organization:
>Environment:
FreeBSD shawn-vm-host 11.0-CURRENT FreeBSD 11.0-CURRENT #56 e78422d(soldierx/lattera/aslr)-dirty: Thu Nov 21 01:18:36 EST 2013     shawn@shawn-vm-host:/usr/obj/usr/src/sys/SEC  amd64
>Description:
Certain epair[n]b devices can get collisions with other epair[n]b devices due to the MAC address not being random enough. I have a box with a number of vnet jails. Devices epair9b and epair13b shared the same IPv6 link-local address due to how the link-local address was automatically generated from the MAC address. Patch for review included.
>How-To-Repeat:
ifconfig bridge0 create
ifconfig epair9a create
ifconfig bridge0 addm epair9a
ifconfig epair13a create
ifconfig bridge0 addm epair13a
ifconfg epair9a up
ifconfig epair13a up
ifconfig epair9b up
ifconfig epair13b up
>Fix:
diff --git a/sys/net/if_epair.c b/sys/net/if_epair.c
index 03e379b..d64940f 100644
--- a/sys/net/if_epair.c
+++ b/sys/net/if_epair.c
@@ -722,6 +722,8 @@ epair_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
                ifp = scb->ifp;
                /* Assign a hopefully unique, locally administered etheraddr. */
                eaddr[0] = 0x02;
+        eaddr[1] = (uint8_t)(arc4random() % 0xff);
+        eaddr[2] = (uint8_t)(arc4random() % 0xff);
                eaddr[3] = (ifp->if_index >> 8) & 0xff;
                eaddr[4] = ifp->if_index & 0xff;
                eaddr[5] = 0x0b;
@@ -817,6 +819,8 @@ epair_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
        ifp->if_snd.ifq_maxlen = ifqmaxlen;
        /* Assign a hopefully unique, locally administered etheraddr. */
        eaddr[0] = 0x02;
+    eaddr[1] = (uint8_t)(arc4random() % 0xff);
+    eaddr[2] = (uint8_t)(arc4random() % 0xff);
        eaddr[3] = (ifp->if_index >> 8) & 0xff;
        eaddr[4] = ifp->if_index & 0xff;
        eaddr[5] = 0x0a;

>Release-Note:
>Audit-Trail:
>Unformatted:
