Project

General

Profile

Actions

Bug #14692

open

Mangled link-local addresses are being logged

Added by Daryl Morse over 1 year ago. Updated 9 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
System Logs
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:
amd64

Description

My system is logging discarded ping request messages from a link-local address, as is expected.

Here is an example of some of these messages:

Aug 17 13:23:56 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:23:52 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:23:48 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:09:03 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:08:59 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:08:55 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:16 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxxb00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:12 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:08 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1

All of these messages begin with fe80:5, which is not a valid link-local address format. In order to see if these are the actual messages, I used wireshark. I found that the addresses are being mangled. All of the actual addresses begin with fe80::, not fe80:5, so the addresses are being mangled.

ASIDE: I don't know what hosts or routers are the source of these messages. I will investigate that separately.

Actions #1

Updated by Daryl Morse 9 months ago

Daryl Morse wrote:

My system is logging discarded ping request messages from a link-local address, as is expected.

Here is an example of some of these messages:

Aug 17 13:23:56 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:23:52 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:23:48 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:09:03 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:08:59 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:08:55 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:16 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxxb00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:12 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:08 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1

All of these messages begin with fe80:5, which is not a valid link-local address format. In order to see if these are the actual messages, I used wireshark. I found that the addresses are being mangled. All of the actual addresses begin with fe80::, not fe80:5, so the addresses are being mangled.

ASIDE: I don't know what hosts or routers are the source of these messages. I will investigate that separately.

I have no idea what host or router is responsible for the messages. Regardless of whether there is a reason for them to be sent, they are being mangled by FreeBSD or pfSense, which must be a bug.

Actions

Also available in: Atom PDF