[Bug 285650] The address of a CARP BACKUP node can be used as the source of outgoing packets
Date: Tue, 25 Mar 2025 10:41:54 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285650
Bug ID: 285650
Summary: The address of a CARP BACKUP node can be used as the
source of outgoing packets
Product: Base System
Version: 14.2-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: fault.seg@laposte.net
Hello all, it seems that, even after the commit
https://cgit.freebsd.org/src/commit/?id=d6e1ae659b11a13a9c289424735394173907c1d3,
the IP address of a CARP BACKUP node can still be used as the source of
outgoing packets.
This only occurs:
- after a down/up of the corresponding interface
- and the VIP address is the first declared alias for the corresponding network
Steps to reproduce:
Deploy two CARP nodes on FreeBSD 14.2-RELEASE (reproduced also on 13.3):
- Node 1:
ifconfig_vmx2_alias0="inet 10.0.0.10 netmask 255.255.0.0 alias vhid 111 advskew
200 pass test"
ifconfig_vmx2_alias1="inet 10.0.0.1 netmask 255.255.0.0"
- Node 2:
ifconfig_vmx2_alias0="inet 10.0.0.10 netmask 255.255.0.0 alias vhid 111 advskew
200 pass test"
ifconfig_vmx2_alias1="inet 10.0.0.2 netmask 255.255.0.0"
On the BACKUP node:
- Outgoing packets to 10.0.0.0/16 use the correct local source address
- Restart the interface:
# ifconfig vmx2 down
kernel: carp: 111@vmx2: BACKUP -> INIT (hardware interface down)
kernel: carp: demoted by 240 to 480 (interface down)
# ifconfig vmx2 up
kernel: carp: 111@vmx2: INIT -> BACKUP (initialization complete)
kernel: carp: demoted by -240 to 240 (interface up)
- Outgoing packets to 10.0.0.0/16 now use the first declared IP address, which
is the CARP address in this case (in BACKUP state)
Any help to point out the cause of this unexpected behavior would be greatly
appreciated.
--
You are receiving this mail because:
You are the assignee for the bug.