Date: Tue, 9 Oct 2001 02:20:02 -0700 (PDT) From: "Crist J. Clark" <cristjc@earthlink.net> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/31130: ipfw tee functionality causes malfunction and security hole Message-ID: <200110090920.f999K2X17814@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/31130; it has been noted by GNATS.
From: "Crist J. Clark" <cristjc@earthlink.net>
To: tburgess@whitley.unimelb.edu.au
Cc: freebsd-gnats-submit@FreeBSD.ORG,
tburgess-sent@whitley.unimelb.edu.au
Subject: Re: kern/31130: ipfw tee functionality causes malfunction and security hole
Date: Tue, 9 Oct 2001 02:14:17 -0700
Yep. I can easily replicate this. If I ping a box with,
01000 tee 2222 icmp from any to any
I see,
01:22:38.769793 0:c0:f0:5a:6c:a 0:90:27:13:25:40 0800 98: 192.168.64.60 > 172.16.0.1: icmp: echo request
01:22:38.770281 0:90:27:13:25:40 0:c0:f0:5a:6c:a 0800 98: 192.168.64.30 > 192.168.64.60: icmp: echo reply
01:22:39.776983 0:c0:f0:5a:6c:a 0:90:27:13:25:40 0800 98: 192.168.64.60 > 172.16.0.1: icmp: echo request
01:22:39.777441 0:90:27:13:25:40 0:c0:f0:5a:6c:a 0800 98: 192.168.64.30 > 192.168.64.60: icmp: echo reply
.
.
.
On the wire and the packets never get routed to the "real" 172.16.0.1.
Trying to figure out if,
a) This is the expected behavior, but is poorly documented, or
b) Something is broken.
I'm thinking (b), but still wading through src/sys/netinet to verify.
--
Crist J. Clark cjclark@alum.mit.edu
cjclark@jhu.edu
cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110090920.f999K2X17814>