Subject: kern/7003: NetBSD sends and receive IP pkts with multicast source address
To: None <gnats-bugs@gnats.netbsd.org>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: netbsd-bugs
Date: 02/14/1999 13:02:19
>Number: 7003
>Category: kern
>Synopsis: NetBSD sends and receive IP pkts with multicast source address
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Feb 14 13:05:00 1999
>Last-Modified:
>Originator: Jonathan Stone
>Organization:
>Release: NetBSD 1.3H as at November 15, 1998
>Environment:
System: NetBSD Cuisinart.Stanford.EDU 1.3I NetBSD 1.3I (CVS-EGCS) #3: Sat Jan 30 18:46:32 PST 1999 jonathan@Cuisinart.Stanford.EDU:/cuisinart/compile/CVS-EGCS pmax
>Description:
Under some circumstances, NetBSD 1.3H sends packets with a
class-D source address. This violates RFC-1112, sec. 6.2. [page 5}:
The IP source address of the outgoing datagram must be one of the
individual addresses corresponding to the outgoing interface.
A host group address must never be placed in the source address field
or anywhere in a source route or record route option of an outgoing
IP datagram.
Netbsd 1.3H also seems accepts such packet, passing them up to
userlevel, instead of silently dropping them. That contravenes
RFC-1112, sec. 7.2:
An incoming datagram is not rejected for having an IP time-to-live of
1 (i.e., the time-to-live should not automatically be decremented on
arriving datagrams that are not being forwarded). An incoming
^^^^^^^^^^^
datagram with an IP host group address in its source address field is
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
quietly discarded. An ICMP error message (Destination Unreachable,
^^^^^^^^^^^^^^^^^^
Time Exceeded, Parameter Problem, Source Quench, or Redirect) is
never generated in response to a datagram destined to an IP host
group.
>How-To-Repeat:
I configured a NetBSD 1.3H host as a multicast NTP server
by adding
broadcast 224.0.1.1 key 6 ttl 2
to /etc/ntp.conf on the multicast NTP server.
I configured a number of formerly-unicast hosts as
multicast peers, by adding:
enable auth monitor bclient # enable the good stuff
multicastclient 224.0.1.1
to the client NTP machines. The clients also contained
server <multicast-server-address>
lines. (authentication setup elided).
The clients received the multicast NTP just fine, but when
they attempt to do a unicast NTP query to the server,
(using the old unicast config), the server replies with
packets with a _source_ address of 224.0.1.1.
That's the first bug.
The second bug
>Fix:
The packet-input side is easy: add a check for a multicast
source address in ip_intr():
if (IN_MULTICAST(ip->ip_src.s_addr)) {
goto bad;
}
I'm not sure about the sending side.
``the same source works on Linux''.
ktrace shows that xntpd is doing sendto(). Perhaps it's an artifact
of sendto() to INADDR_ANY, on a socket which has been bound to
receive packets _from_ the multicast group address?
>Audit-Trail:
>Unformatted: