From pantzer@skalman.campus.luth.se  Fri Jan 19 13:04:09 2001
Return-Path: <pantzer@skalman.campus.luth.se>
Received: from skalman.campus.luth.se (skalman.campus.luth.se [130.240.197.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3166D37B400
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 19 Jan 2001 13:04:08 -0800 (PST)
Received: (from pantzer@localhost)
	by skalman.campus.luth.se (8.11.1/8.11.0) id f0JL46504697;
	Fri, 19 Jan 2001 22:04:06 +0100 (CET)
	(envelope-from pantzer)
Message-Id: <200101192104.f0JL46504697@skalman.campus.luth.se>
Date: Fri, 19 Jan 2001 22:04:06 +0100 (CET)
From: pantzer@ludd.luth.se
Reply-To: pantzer@ludd.luth.se
To: FreeBSD-gnats-submit@freebsd.org
Subject: Will process packets not for this host if using netgraph and ip forwarding.
X-Send-Pr-Version: 3.2

>Number:         24465
>Category:       kern
>Synopsis:       Will process packets not for this host if using netgraph and ip forwarding.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    archie
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 19 13:10:02 PST 2001
>Closed-Date:    Mon Feb 19 14:50:10 PST 2001
>Last-Modified:  Mon Feb 19 14:50:37 PST 2001
>Originator:     Mattias Pantzare
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
>Environment:

FreeBSD running vmware in bridged mode using netgraph and IP forwarding on.

>Description:

FreeBSD will respond to ethernet packets for other computers if IP forwarding
is on and netgraph is used for bridging. It will send packets with a mac
adress that is diffrent from the interfaces adress to the IP layer.

If IP forwaring is on then the IP layer will try to route the packets even if
they where sent to a diffrent computer.
 
	

>How-To-Repeat:

	

>Fix:

There is a check for the mac adress in ether_input in net/if_ethersubr.c:

        /* Discard packet if upper layers shouldn't see it. This should
           only happen when the interface is in promiscuous mode. */
        if ((ifp->if_flags & IFF_PROMISC) != 0
            && (eh->ether_dhost[0] & 1) == 0
            && bcmp(eh->ether_dhost,
              IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0) {
                m_freem(m);
                return;
        }

That check will not be done if netgraph is used on the interface, from what I 
can find it shoud be added to ng_ether_rcv_upper in netgraph/ng_ether.c 

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->archie 
Responsible-Changed-By: johan 
Responsible-Changed-When: Sat Jan 20 08:10:53 PST 2001 
Responsible-Changed-Why:  
Over to netgraph maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24465 
State-Changed-From-To: open->closed 
State-Changed-By: archie 
State-Changed-When: Mon Feb 19 14:50:10 PST 2001 
State-Changed-Why:  
Problem fixed in 5.0-current and 4.x-stable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=24465 
>Unformatted:
