Project

General

Profile

Actions

Bug #12790

closed

Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN

Added by Azamat Khakimyanov 4 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Interfaces
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:

Description

Created based on https://forum.netgate.com/topic/169727/link-local-address-behavior-when-spoofing-wan-interface-mac-address
Client tested on 21.05_2 but I tested on 22.01-RELEASE (amd64) built on Mon Feb 07 16:37:59 UTC 2022

When I used MAC Spoofing (MAC: 00:90:0b:18:ac:ca) on WAN (igb0) with 'IPv4/IPv6: DHCP' and rebooted SG-5100 I got
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN
options=e100bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:90:0b:18:ac:ca
hwaddr 00:90:0b:7a:84:4d
inet6 fe80::290:bff:fe18:acca%igb0 prefixlen 64 scopeid 0x1
inet6 2001:470:71:839:290:bff:fe18:acca prefixlen 64 autoconf
inet6 2001:470:71:839::1146 prefixlen 128
inet 172.21.36.148 netmask 0xffffff00 broadcast 172.21.36.255
inet 192.168.100.121 netmask 0xffffff00 broadcast 192.168.100.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
so Link-Local IPv6 address were created based on this spoofed MAC.

BUT if I add IP Alias bundled with WAN interface and reboot I got
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN
options=e100bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:90:0b:18:ac:ca
hwaddr 00:90:0b:7a:84:4d
inet6 fe80::290:bff:fe7a:844 d%igb0 prefixlen 64 scopeid 0x1
inet6 2001:470:71:839:290:bff:fe7a:844d prefixlen 64 autoconf
inet6 2001:470:71:839::1146 prefixlen 128
inet 172.21.36.148 netmask 0xffffff00 broadcast 172.21.36.255
inet 192.168.100.121 netmask 0xffffff00 broadcast 192.168.100.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
so in this case Link-Local IPv6 address were changed and created based on hardware MAC but not based on spoofed MAC.
So adding IP Alias changed the logic of creating the Link-Local IPv6 address.


Related issues

Related to Bug #12794: Link-local address does not reset after removing MAC address spoofingResolvedViktor Gurov

Actions
Actions #1

Updated by Viktor Gurov 4 months ago

  • Project changed from pfSense Plus to pfSense
  • Category changed from Interfaces to Interfaces
  • Assignee set to Viktor Gurov
  • Affected Plus Version deleted (22.01)
  • Affected Version set to 2.6.0
Actions #2

Updated by Viktor Gurov 4 months ago

  • Related to Bug #12794: Link-local address does not reset after removing MAC address spoofing added
Actions #3

Updated by Azamat Khakimyanov 3 months ago

Tested on 22.05-DEVELOPMENT (built on Sun Mar 20 06:19:27 UTC 2022) with patch from https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/613 applied.
Now Link Local IPv6 were the same, doesn't matter if there was or there wasn't Virtual IP on WAN and this Link Local IPv6 was created based on Spoofed MAC address.

This bug can be marked as resolved after commiting this patch.

Actions #4

Updated by Viktor Gurov 3 months ago

  • Status changed from New to Feedback
Actions #5

Updated by Viktor Gurov 3 months ago

  • Target version set to 2.7.0
  • Plus Target Version set to 22.05
Actions #6

Updated by Jim Pingle 2 months ago

  • Subject changed from Link-Local IPv6 address on WAN with MAC Spoofing is not the same if you have or not IP Alias on WAN to Link-Local IPv6 address on WAN with MAC spoofing changes if there is an IP Alias on WAN

Updating subject for release notes.

Actions #7

Updated by Danilo Zrenjanin 2 months ago

  • Status changed from Feedback to Resolved

Tested with version below:

2.7.0-DEVELOPMENT (amd64)
built on Sat Apr 16 06:18:29 UTC 2022
FreeBSD 12.3-STABLE

Adding IP Alias type VIP doesn't impact the Link-Local IPv6 address. Marking this ticket resolved.

Actions

Also available in: Atom PDF