From owner-freebsd-questions Thu Jan 2 2:48:14 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37B5537B401 for ; Thu, 2 Jan 2003 02:48:13 -0800 (PST) Received: from snowflake.hexanet.fr (snowflake.hexanet.fr [81.23.32.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73D8D43EC5 for ; Thu, 2 Jan 2003 02:48:12 -0800 (PST) (envelope-from y.grossel@hexanet.fr) Received: from snowflake (snowflake [127.0.0.1]) by snowflake.hexanet.fr (Postfix) with SMTP id 8D9E811E9 for ; Thu, 2 Jan 2003 11:48:11 +0100 (CET) Date: Thu, 2 Jan 2003 11:48:11 +0100 From: Yann GROSSEL To: freebsd-questions@freebsd.org Subject: promiscuous mode / strange ethernet packets duplication problem Message-Id: <20030102114811.6dc8c3b0.y.grossel@hexanet.fr> Organization: Hexanet X-Mailer: Sylpheed version 0.8.8 (GTK+ 1.2.10; i386-debian-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, We have several FreeBSD 4.7 boxes that put automatically all their interfaces into promiscuous mode during the boot process. What should I do to prevent this from happening ? Our boxes are connected on a D-Link switch. We have noticed a very weird behaviour from a few of these machines, I'll try yo explain it : Our switch has a standard MAC address aging value of 300 seconds. When one MAC address expires on the switch, the next packet targeted to this MAC address is broadcasted on all ports of the switch (because the switch doesn't remember anymore on what port the target MAC address is). That at least seems to be normal. But each time an ethernet packet broadcasted as descrbibed above arrives on the interfaces of our machines, these machines resend the packet to the network, decrementing the TTL value bye one. I mean, these machines are resending packets that are NOT targeted to them - neither the destination MAC address OR the destination IP address of the packet match the interface of the machine. This happends only on machines with interfaces in promiscuous mode AND with net.inet.ip.forwarding = 1. As several boxes have this problem, they resend packets to each others very quickly, generating a flood on the network. This flood only stop when all TTL of packets reach 0 or when the switch finally re-learn on what port is located the interface with the target MAC address. Does anybody have any clue about what this kind of problem may be ? Thanks for your answers Regards Yann -- Yann GROSSEL Email: y.grossel@hexanet.fr HEXANET NOC URL: http://www.hexanet.fr/ Tel: +33 (0)3 26 79 30 05 Fax: +33 (0)3 26 79 30 06 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message