From nobody Sun Dec 29 21:11:47 2024 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YLsNz6X0Yz5jpV5 for ; Sun, 29 Dec 2024 21:11:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YLsNz35cMz4Sjm for ; Sun, 29 Dec 2024 21:11:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1735506707; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=edEsfB9/W3HxIClsHDSl4RrSd8W+pL0aiSF9eov9uJ0=; b=U8pjI79uU09JNPAAIzxd/b3ApbAJT7z+k6ZiXsxHVmhbVGRz+DplVe+mBpYnw9qPrg1Q0v XV4fXHPBNOSnqWEqVfmCQKJu0bk0ZlBntXCl2FCJhpojICjsHtUzn4we3/NgYUfKuSazDB t9RZTPXors+dIPJYv5kaXTWSSGPFzNgNo2rErE1fzOH9JHOqVhuG6efQKt7k1ScI2JX1+H VeqKWPx5XBL5wsM3wlEu8Tufk2nknXCgt7GJwt0YsRLtS4ch4x4KbBF+TB3mcf3CGnYFFS 0dUvml90NoeMdSWCRJ7xWI25hp3ZZgjkIFJK0YylNgCACnD87Kcr2ND4wB1szg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1735506707; a=rsa-sha256; cv=none; b=sYHGnv83+eDR8Zk94kpLxvrSLTdof0Ng0A7iCtZgt6CZDJ9AqKRvHoDxQTM4UDAC268vGc KVf/GJXkITpH2ql3StOmMbyHHOf0DWkFKWz45hYLyMQi1SmklOx/mFHrW6kAqeaKxO9i5Z 6edGeTkJvhRMEaSJgzJdHJswu3SCu5BHkcWf7WLFZumWkRYAwbXTepewRZir5KUMh2sBWJ 9BwJh7JFf8fX4C1eS4VrxjLN5ZpBeqYfDXTQtjW13+Ns9Ht0rkNmRcJG287t3omOvhbANt M5ZsUHHJYy8jG5giThQfNEc/jS3eGItv7QoRhOYuOGEmO+T7603p7Dkh9OZokg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YLsNz2SJDzQdr for ; Sun, 29 Dec 2024 21:11:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4BTLBla6035574 for ; Sun, 29 Dec 2024 21:11:47 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4BTLBlKA035563 for bugs@FreeBSD.org; Sun, 29 Dec 2024 21:11:47 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 283730] Route table (fib) not checked for incoming packet for IP assigned to interface in different fib Date: Sun, 29 Dec 2024 21:11:47 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: xistence@0x58.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D283730 Bug ID: 283730 Summary: Route table (fib) not checked for incoming packet for IP assigned to interface in different fib Product: Base System Version: 14.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: xistence@0x58.com I've got the following setup: - ix0 (192.168.1.1/24) in fib 0 - ix1 (172.16.100.1/24) in fib 1 I would expect that when pinging from 192.168.1.2 to 172.16.100.1 that the packet would get dropped because there is no route in the route table for f= ib 0 to fib 1. However: % ping 172.16.100.1 PING 172.16.100.1 (172.16.100.1): 56 data bytes 64 bytes from 172.16.100.1: icmp_seq=3D0 ttl=3D64 time=3D8.360 ms 64 bytes from 172.16.100.1: icmp_seq=3D1 ttl=3D64 time=3D10.080 ms ^C --- 172.16.100.1 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev =3D 8.360/9.220/10.080/0.860 ms # setfib 0 netstat -rn -4 Routing tables Internet: Destination Gateway Flags Netif Expire 127.0.0.1 link#7 UH lo0 192.168.1.0/24 link#9 U vlan10 192.168.1.1 link#7 UHS lo0 # setfib 1 netstat -rn -4 Routing tables (fib: 1) Internet: Destination Gateway Flags Netif Expire 127.0.0.1 link#7 UHS lo0 172.16.100.0/24 link#25 U ix1 172.16.100.1 link#7 UHS lo0 This creates an issue with my more complicated setup where I have two separ= ate WAN interfaces with 0/0 routes for each: - vlan4088 - WAN 01 (192.0.2.5/24) - fib 0 has 0/0 route - vlan10 - 192.168.10.1/24 - fib 0 - vlan4087 - WAN 02 (198.51.100.10/24) - fib 1 has 0/0 route - vlan20 - 192.168.20.1/24 - fib 1 The goal here is to have traffic from vlan 10 always exit vlan4088, and tra= ffic from vlan 20 always exit vlan 4087. With the explicit goal that if traffic from vlan 10 needs to be routed to 198.51.100.10 it goes out vlan4088 -> internet -> vlan4087 interface. This works correctly from the FreeBSD router itself: setfib 0 traceroute 198.51.100.10 Will correctly follow the 0/0 route out WAN 01 -> internet and packets will= hit vlan4087 as an interface and get processed correctly. Vice-versa works as well: setfib 1 traceroute 192.0.2.5 Follows the 0/0 route in fib 1 to go WAN 02 -> internet -> vlan4088. However a device sitting on VLAN 10 that wants to run traceroute to 198.51.100.10 will show that it is a single hop. % traceroute 198.51.100.10 traceroute to 198.51.100.10 (198.51.100.10), 64 hops max, 40 byte packets 1 198.51.100.10 (198.51.100.10) 6.243 ms 4.197 ms 3.829 ms This is off course unexpected, since VLAN 10 is not in the same FIB as VLAN 4087 and there is no route there. --=20 You are receiving this mail because: You are the assignee for the bug.=