kernel/5012: non-promiscuous vlan interface receives all network traffic

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

kernel/5012: non-promiscuous vlan interface receives all network traffic

Flag-4
>Number:         5012
>Category:       kernel
>Synopsis:       non-promiscuous vlan interface receives all network traffic
>Confidential:   yes
>Severity:       serious
>Priority:       high
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:      
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Feb 09 17:30:01 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Fredrik Ljungberg
>Release:        3.8
>Organization:
net
>Environment:
        System      : OpenBSD 3.8
        Architecture: OpenBSD.i386
        Machine     : i386
>Description:
       
        A vlan interface that is not in promiscuous mode receives all
        network traffic when its parent interface is in promiscuous mode.
>How-To-Repeat:
       
        Setup:
        Connect three hosts to a hub (not a switch). Configure vlan
        interface on each host, and give them unique IP addresses:

        hostA# ifconfig vlan0 vlan 100 vlandev em0
        hostA# ifconfig vlan0 inet 192.168.53.1 up

        hostB# ifconfig vlan0 vlan 100 vlandev em0
        hostB# ifconfig vlan0 inet 192.168.53.2 up

        hostC# ifconfig vlan0 vlan 100 vlandev em0
        hostC# ifconfig vlan0 inet 192.168.53.3 up

        On hostC add a packet filter with a "block return" rule, for
        example:

        cat <<EOF  > /tmp/pf.conf
        scrub in
        block return in proto { tcp, udp } from any to any
        pass out keep state
        pass in proto tcp from any to any port 22 keep state
        EOF

        And enable the filter
        pfctl -e -f /tmp/pf.conf

        Now start ssh between hostA and hostB:

        hostA# ssh root@192.168.53.2

        Now if the parent interfcae of vlan0 on hostC, is put into
        promiscuous modue, for example by starting mopd or tcpdump:

        hostC# mopd em0

        the traffic between hostA and hostB is visible to the
        non-promiscuous interface vlan0, and the block return rule
        will cancel the ssh between hostA and hostB.

>Fix:
        It is probably more efficient to always match destination
        address for a non broadcast or multicast packets, than to
        either keep interface flags for the physical interface, or dig
        it up when ether_input() is run from vlan_input().

        if_ethersubr.c patch:

--- if_ethersubr.c-OpenBSD38    Sun Jun 19 01:05:15 2005
+++ if_ethersubr.c      Wed Feb  1 18:49:18 2006
@@ -636,8 +636,7 @@
         * If packet is unicast and we're in promiscuous mode, make sure it
         * is for us.  Drop otherwise.
         */
-       if ((m->m_flags & (M_BCAST|M_MCAST)) == 0 &&
-           (ifp->if_flags & IFF_PROMISC)) {
+       if ((m->m_flags & (M_BCAST|M_MCAST)) == 0) {
                if (bcmp(ac->ac_enaddr, (caddr_t)eh->ether_dhost,
                    ETHER_ADDR_LEN)) {
                        m_freem(m);


>Release-Note:
>Audit-Trail:
>Unformatted: