[Bug 283730] Route table (fib) not checked for incoming packet for IP assigned to interface in different fib

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 29 Dec 2024 21:11:47 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283730

            Bug ID: 283730
           Summary: Route table (fib) not checked for incoming packet for
                    IP assigned to interface in different fib
           Product: Base System
           Version: 14.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: xistence@0x58.com

I've got the following setup:

- ix0 (192.168.1.1/24) in fib 0
- ix1 (172.16.100.1/24) in fib 1

I would expect that when pinging from 192.168.1.2 to 172.16.100.1 that the
packet would get dropped because there is no route in the route table for fib 0
to fib 1.

However:

% ping 172.16.100.1
PING 172.16.100.1 (172.16.100.1): 56 data bytes
64 bytes from 172.16.100.1: icmp_seq=0 ttl=64 time=8.360 ms
64 bytes from 172.16.100.1: icmp_seq=1 ttl=64 time=10.080 ms
^C
--- 172.16.100.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 8.360/9.220/10.080/0.860 ms


# setfib 0 netstat -rn -4
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
127.0.0.1          link#7             UH          lo0
192.168.1.0/24     link#9             U        vlan10
192.168.1.1        link#7             UHS         lo0

# setfib 1 netstat -rn -4
Routing tables (fib: 1)

Internet:
Destination        Gateway            Flags     Netif Expire
127.0.0.1          link#7             UHS         lo0
172.16.100.0/24    link#25            U           ix1
172.16.100.1       link#7             UHS         lo0

This creates an issue with my more complicated setup where I have two separate
WAN interfaces with 0/0 routes for each:

- vlan4088 - WAN 01 (192.0.2.5/24) - fib 0 has 0/0 route
- vlan10 - 192.168.10.1/24 - fib 0
- vlan4087 - WAN 02 (198.51.100.10/24) - fib 1 has 0/0 route
- vlan20 - 192.168.20.1/24 - fib 1

The goal here is to have traffic from vlan 10 always exit vlan4088, and traffic
from vlan 20 always exit vlan 4087.

With the explicit goal that if traffic from vlan 10 needs to be routed to
198.51.100.10 it goes out vlan4088 -> internet -> vlan4087 interface.

This works correctly from the FreeBSD router itself:

setfib 0 traceroute 198.51.100.10

Will correctly follow the 0/0 route out WAN 01 -> internet and packets will hit
vlan4087 as an interface and get processed correctly.

Vice-versa works as well:

setfib 1 traceroute 192.0.2.5

Follows the 0/0 route in fib 1 to go WAN 02 -> internet -> vlan4088.

However a device sitting on VLAN 10 that wants to run traceroute to
198.51.100.10 will show that it is a single hop.

% traceroute 198.51.100.10
traceroute to 198.51.100.10 (198.51.100.10), 64 hops max, 40 byte packets
 1  198.51.100.10 (198.51.100.10)  6.243 ms  4.197 ms  3.829 ms

This is off course unexpected, since VLAN 10 is not in the same FIB as VLAN
4087 and there is no route there.

-- 
You are receiving this mail because:
You are the assignee for the bug.