Date: Wed, 18 Jul 2001 12:03:09 +0930 (CST) From: grog@lemis.com To: FreeBSD-gnats-submit@freebsd.org Subject: kern/29054: bootp replies from multi-homed host have invalid source address Message-ID: <20010718023309.DCF8A6ACBC@wantadilla.lemis.com>
next in thread | raw e-mail | index | archive | help
>Number: 29054 >Category: kern >Synopsis: bootp replies from multi-homed host have invalid source address >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 17 19:40:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Greg Lehey >Release: FreeBSD 4-STABLE >Organization: IBM Australia Ltd. >Environment: Multi-homed FreeBSD box running 4-STABLE and bootparamd >Description: A network boot from a multi-homed FreeBSD box fails because the bootp reply comes on the wrong address. The system in question, echunga.lemis.com, has three interfaces: xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 inet 192.109.197.82 netmask 0xffffffc0 broadcast 192.109.197.127 inet6 fe80::250:daff:fecf:17d3%xl0 prefixlen 64 scopeid 0x1 ether 00:50:da:cf:17:d3 media: autoselect (100baseTX <full-duplex>) status: active supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP 100baseTX <hw-loopback> ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.109.197.137 netmask 0xffffffc0 broadcast 192.109.197.191 inet6 fe80::280:adff:feb7:c9c7%ed1 prefixlen 64 scopeid 0x3 ether 00:80:ad:b7:c9:c7 ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 192.109.197.137 --> 139.130.136.129 netmask 0xffffffc0 A boot request arrives from an IBM RS/6000 on the 192.109.197.64/26 interface: 11:49:59.954427 0.0.0.0.68 > 255.255.255.255.67: xid:0x4013efe secs:1654 [|bootp] [tos 0x40] The reply comes on this network (interface xl0), and it the correct interface address (.82), the source address belongs to interface ed1: 11:49:59.963240 192.109.197.137.67 > 255.255.255.255.68: xid:0x4013efe secs:1654 Y:192.109.197.78 S:192.109.197.82 [|bootp] [tos 0x10] Since this message is a broadcast, the RS/6000 appears to accept it: 11:49:59.965464 arp who-has 192.109.197.82 tell 192.109.197.78 11:49:59.965553 arp reply 192.109.197.82 is-at 0:50:da:cf:17:d3 Next, the RS/6000 send a request to the specified address. Again the reply comes from the wrong interface address. 11:49:59.967973 192.109.197.78.68 > 192.109.197.82.67: xid:0x4013f0c secs:1654 [|bootp] [tos 0x40] 11:49:59.968760 192.109.197.137.67 > 255.255.255.255.68: xid:0x4013f0c secs:1654 Y:192.109.197.78 S:192.109.197.82 [|bootp] [tos 0x10] Since the address is not valid, the RS/6000 drops it. This results in a hang: 11:49:59.972663 192.109.197.78.68 > 192.109.197.82.67: xid:0x4013f10 secs:1654 [|bootp] [tos 0x40] 11:49:59.973486 192.109.197.137.67 > 255.255.255.255.68: xid:0x4013f10 secs:1654 Y:192.109.197.78 S:192.109.197.82 [|bootp] [tos 0x10] 11:49:59.975113 192.109.197.78.68 > 192.109.197.82.67: xid:0x4013f14 secs:1654 [|bootp] [tos 0x40] 11:49:59.975930 192.109.197.137.67 > 255.255.255.255.68: xid:0x4013f14 secs:1654 Y:192.109.197.78 S:192.109.197.82 [|bootp] [tos 0x10] 11:49:59.979787 192.109.197.78.68 > 192.109.197.82.67: xid:0x4013f17 secs:1654 [|bootp] [tos 0x40] 11:49:59.980593 192.109.197.137.67 > 255.255.255.255.68: xid:0x4013f17 secs:1654 Y:192.109.197.78 S:192.109.197.82 file ""[|bootp] [tos 0x10] 11:49:59.982232 192.109.197.78.68 > 192.109.197.82.67: htype-#6 hlen:6 xid:0x4013f1b secs:1654 [|bootp] [tos 0x40] 11:50:01.988901 192.109.197.78.68 > 192.109.197.82.67: htype-#6 hlen:6 xid:0x40146f2 secs:1656 file ""[|bootp] [tos 0x40] >How-To-Repeat: May be difficult. The machine is available for testing. >Fix: Not known. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010718023309.DCF8A6ACBC>