Bug #14692
openMangled link-local addresses are being logged
0%
Description
My system is logging discarded ping request messages from a link-local address, as is expected.
Here is an example of some of these messages:
Aug 17 13:23:56 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:23:52 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:23:48 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:09:03 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:08:59 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:08:55 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:16 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxxb00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:12 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:08 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
All of these messages begin with fe80:5, which is not a valid link-local address format. In order to see if these are the actual messages, I used wireshark. I found that the addresses are being mangled. All of the actual addresses begin with fe80::, not fe80:5, so the addresses are being mangled.
ASIDE: I don't know what hosts or routers are the source of these messages. I will investigate that separately.
Updated by Daryl Morse 9 months ago
Daryl Morse wrote:
My system is logging discarded ping request messages from a link-local address, as is expected.
Here is an example of some of these messages:
Aug 17 13:23:56 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:23:52 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:23:48 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:09:03 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:08:59 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 13:08:55 kernel cannot forward src fe80:5::1cce:5fff:fe02:61b6, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:16 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxxb00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:12 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1
Aug 17 12:17:08 kernel cannot forward src fe80:5::2a0:a50f:fc8a:6ea0, dst 2001:569:xxxx:b00:1:b3ff:fedd:9f24, nxt 58, rcvif hn0, outif hn1All of these messages begin with fe80:5, which is not a valid link-local address format. In order to see if these are the actual messages, I used wireshark. I found that the addresses are being mangled. All of the actual addresses begin with fe80::, not fe80:5, so the addresses are being mangled.
ASIDE: I don't know what hosts or routers are the source of these messages. I will investigate that separately.
I have no idea what host or router is responsible for the messages. Regardless of whether there is a reason for them to be sent, they are being mangled by FreeBSD or pfSense, which must be a bug.