260474 – ping -e does not forward packets to specified next-hop

Bug 260474 - ping -e does not forward packets to specified next-hop

Summary: ping -e does not forward packets to specified next-hop

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	13.0-STABLE
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-16 15:52 UTC by Dmitry Afanasiev
Modified:	2021-12-23 08:38 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dmitry Afanasiev 2021-12-16 15:52:44 UTC

"-e" option for ping should change next hop for outgoing packet, but it's changes only source IP address for packet.
I'm checked this problem on clean FreeBSD 13.0-RELEASE VM image from site.
To reproduce this problem on machine without IPv6 access please follow this steps:
# Create a two epairs
ifconfig epair1 plumb
ifconfig epair1a up
ifconfig epair2 plumb
ifconfig epair2a up

# Plug a epair1 into bridge1 and assign fd00:1::2 to bridge1
ifconfig bridge1 plumb addm epair1a
ifconfig bridge1 inet6 -ifdisabled fd00:1::2/64 auto_linklocal
# Run a jail gw1 which fd00:1::1 on bridge1
ifconfig epair1b name gw1
jail -c name=gw1 path=/ vnet vnet.interface=gw1 allow.raw_sockets=1 persist=1
jexec gw1 ifconfig gw1 inet6 -ifdisabled fd00:1::1/64 auto_linklocal
# Add a IPv6 default route via gw1
route -6 add default fd00:1::1

# Plug a epair2 into bridge2 and assign fd00:2::2 to bridge2
ifconfig bridge2 plumb addm epair2a
ifconfig bridge2 inet6 -ifdisabled fd00:2::2/64 auto_linklocal
# Run a jail gw2 which fd00:2::1 on bridge2
ifconfig epair2b name gw2
jail -c name=gw2 path=/ vnet vnet.interface=gw2 allow.raw_sockets=1 persist=1
jexec gw2 ifconfig gw2 inet6 -ifdisabled fd00:2::1/64 auto_linklocal

# Check reachability
ping -c 2 fd00:1::1
ping -c 2 fd00:2::1
# Check MAC addresses
ndp -a

# Next-hop fd00:2::1 is on bridge2, but packet sent via bridge1 to MAC of gw1:
tcpdump -c 1 -epni bridge1 icmp6 &
sleep 1
ping -e fd00:2::1 -c 1 fd00:3::1

I'm got: 
# ndp -a
Neighbor                             Linklayer Address  Netif Expire    S Flags
fd00:2::1                            02:57:8a:b2:5e:0b bridge2 29s       R 
fd00:1::1                            02:67:f1:0d:66:0b bridge1 32s       R 

And packet on bridge1:
15:49:30.303387 58:9c:fc:10:04:75 > 02:67:f1:0d:66:0b, ethertype IPv6 (0x86dd), length 70: fd00:2::2 > fd00:3::1: ICMP6, echo request, seq 0, length 16
Source IP fd00:2::2 is a address for bridge2, and it's correct.
But packet found on bridge1 and "02:67:f1:0d:66:0b" is a MAC address of gw1.

This problem affects only FreeBSD13.
FreeBSD12 does not affected by this issue. To check on FreeBSD12 "-e" option should be replaced which "-g".

Comment 1 Dmitry Afanasiev 2021-12-23 08:38:19 UTC

FreeBSD stable/13-n248589-defb7da9772 also affected by this issue.

Check on VM from:
https://download.freebsd.org/ftp/snapshots/VM-IMAGES/13.0-STABLE/amd64/20211216/FreeBSD-13.0-STABLE-amd64-20211216-defb7da9772-248589.raw.xz