Bug 24465

Summary: Will process packets not for this host if using netgraph and ip forwarding.
Product: Base System Reporter: pantzer <pantzer>
Component: kernAssignee: Archie Cobbs <archie>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.2-STABLE   
Hardware: Any   
OS: Any   

Description pantzer 2001-01-19 21:10:02 UTC 
FreeBSD will respond to ethernet packets for other computers if IP forwarding
is on and netgraph is used for bridging. It will send packets with a mac
adress that is diffrent from the interfaces adress to the IP layer.

If IP forwaring is on then the IP layer will try to route the packets even if
they where sent to a diffrent computer.

Fix: 

There is a check for the mac adress in ether_input in net/if_ethersubr.c:

        /* Discard packet if upper layers shouldn't see it. This should
           only happen when the interface is in promiscuous mode. */
        if ((ifp->if_flags & IFF_PROMISC) != 0
            && (eh->ether_dhost[0] & 1) == 0
            && bcmp(eh->ether_dhost,
              IFP2AC(ifp)->ac_enaddr, ETHER_ADDR_LEN) != 0) {
                m_freem(m);
                return;
        }

That check will not be done if netgraph is used on the interface, from what I 
can find it shoud be added to ng_ether_rcv_upper in netgraph/ng_ether.c
Comment 1 Johan Karlsson freebsd_committer freebsd_triage 2001-01-20 16:10:53 UTC 
Responsible Changed
From-To: freebsd-bugs->archie

Over to netgraph maintainer.
Comment 2 Archie Cobbs freebsd_committer freebsd_triage 2001-02-19 22:50:10 UTC 
State Changed
From-To: open->closed

Problem fixed in 5.0-current and 4.x-stable.