Date: Sat, 14 May 2016 01:03:18 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 209491] Broadcast storm with ipfw+natd+gateway Message-ID: <bug-209491-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D209491 Bug ID: 209491 Summary: Broadcast storm with ipfw+natd+gateway Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: cejkar@fit.vutbr.cz After commit 290383 (replace fastforward path with tryforward), there is atleast one possible system configuration, which can be source of broadcast storm. Simply put in your /etc/rc.conf: firewall_enable=3D"YES" firewall_type=3D"OPEN" natd_enable=3D"YES" natd_interface=3D"em0" gateway_enable=3D"YES" After reboot, you have a divert rule in ipfw with runnig natd: 00050 divert 8668 ip4 from any to any via em0 Then, simply send a broadcast to this system, and it responds with 2 * (TTL= - 1) broadcasts sent back. Have atleast two of these systems on one local subnet with configured samba server, which sends one broadcast per minute, and this is practically sufficient to shut down your site with broadcast storm. Pre-290383 system just receives the broadcast: 08:55:25.167489 IP 10.0.2.4.21680 > 10.0.2.255.netbios-ns: [|SMB] After-290383 system with IP 10.0.2.15 receives the broadcast, and then resp= onds with 126 broadcasts with reowned(translated) source address: 09:02:33.939027 IP 10.0.2.4.21490 > 10.0.2.255.netbios-ns: [|SMB] 09:02:33.939255 IP 10.0.2.15.21490 > 10.0.2.255.netbios-ns: [|SMB] 09:02:33.939303 IP 10.0.2.15.21490 > 10.0.2.255.netbios-ns: [|SMB] 09:02:33.939472 IP 10.0.2.15.44294 > 10.0.2.255.netbios-ns: [|SMB] 09:02:33.939524 IP 10.0.2.15.44294 > 10.0.2.255.netbios-ns: [|SMB] 09:02:33.939630 IP 10.0.2.15.40288 > 10.0.2.255.netbios-ns: [|SMB] 09:02:33.939661 IP 10.0.2.15.40288 > 10.0.2.255.netbios-ns: [|SMB] ... (I thought that it was just one or two replied broadcasts, but in my testing environment in VirtualBox with two systems, one sending broadcast and one storming, it really showed this output and I could not find any other explanation of this. However, example above with one samba server and three storming systems was really real...) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-209491-8>