[DragonFlyBSD - Bug #2959] Duplicate packets on network interface running v4.6.1.1.g6e9a0-RELEASE

bugtracker-admin at leaf.dragonflybsd.org bugtracker-admin at leaf.dragonflybsd.org
Thu Oct 20 19:21:13 PDT 2016

Issue #2959 has been updated by sepherosa.

On Fri, Oct 21, 2016 at 12:26 AM,
<bugtracker-admin at leaf.dragonflybsd.org> wrote:
> Issue #2959 has been updated by stateless.
> net.inet.ip.check_interface=1 did the trick!
> What about making this the default?

The reason is listed in the code: )

 * XXX - Setting ip_checkinterface mostly implements the receive side of
 * the Strong ES model described in RFC 1122, but since the routing table
 * and transmit implementation do not implement the Strong ES model,
 * setting this to 1 results in an odd hybrid.
 * XXX - ip_checkinterface currently must be disabled if you use ipnat
 * to translate the destination address to another local interface.
 * XXX - ip_checkinterface must be disabled if you add IP aliases
 * to the loopback interface instead of the interface where the
 * packets for those addresses are received.


Bug #2959: Duplicate packets on network interface running v4.6.1.1.g6e9a0-RELEASE

* Author: stateless
* Status: New
* Priority: Normal
* Assignee: 
* Category: Networking
* Target version: 

I have an OpenBSD router and a DragonFly BSD machine.

The router configuration is as follows:

em1 is the first LAN interface.
em2 is the second LAN interface.
em7 is the span port.
bridge0 contains em1 and em7.

The DragonFly BSD machine is configured as follows:

bnx0 connects to em2 directly and uses DHCP to get an address.  This is how I communicate with the machine.
bnx1 connects to em7, the span port, and it is configured as -arp promisc up (no ip address on the interface).

Now I connect my laptop to em1 on my router.  I ping the DragonFly BSD box on the address that is assigned on bnx0.
Two ICMP echo requests arrive on the DragonFly BSD box, one on bnx0 and one on bnx1.  This is expected.
However, I also get _two_ ICMP echo replies back from bnx0.  This doesn't seem correct.

I tried Linux and OpenBSD in place of the DragonFly BSD box and they do not behave like this.  They send only one
ICMP echo reply.

Is anything I am missing?

