On 2013/07/16 15:43, Matthew Oyer wrote: > Just spent a long time troubleshooting a tiny typo in a gre tunnel due to > some odd symptoms. > > We had 2 machines a,b. machine a is configured properly with a gre tunnel, > machine b has its return (or origin ip) typo'd. Traffic is being sent from b > to a, but shows in pflog. It looks as if openbsd is already performing a > conditional to then dump to pflog instead of blindly sending the traffic > back. It would be nice if this condition threw an error in /var/log/messages > (gre mismatch) etc or (got x ip, expected y)
Logging this sounds like a possible remote attack vector (unless throttled it's a possible log overflow, or an easy way to lock the machine at SPLTTY especially if it uses serial console). Does this show up in netstat -ss at all? That would generally be the more appropriate place to have this type of thing. (If not, we are currently in API/ABI lock for 5.4 so if there's no counter for this, it can't be added at the moment anyway, but might be possible later).
