Peter N. M. Hansteen wrote:
> Harald Dunkel <[EMAIL PROTECTED]> writes:
>
>> Sorry to wake this thread up again, but this problem is a severe
>> security risk. IMHO it is unacceptable that a hardware failure on
>> one NIC of a firewall can put the whole network at risk, just because
>> the mapping between NICs and interface names gets mixed up, and PF
>> suddenly treats the Internet as a subnet of the company LAN.
>
> Semi-random reordering of network interfaces would be a severe
> problem, no doubt. However, my hazy memory was that reordering would
> not occur as you describe, but ICBW, please correct me if this has
> actually been demonstrated to happen.
>
I can post 2 dmesg logs of the same machine with the NIC
names mixed up. Somehow 2 NICs disappeared on a reboot. On
the next reboot they were back. Attached is the diff.
In the bad configuration the NIC with 00:30:48:d2:9a:06 is
called "em2", in the good one it is called "em4". Maybe you
can imagine how PF screws up, if this NIC would have been
physically connected to the Internet.
Surely it is unusual that a NIC "disappears" somehow. Maybe
there is something wrong with my hardware, but this can always
happen. I would like to have a secure setup even if there is a
hardware failure.
Regards
Harri
===========================================================================
--- dmesg4 2008-11-07 10:05:27.000000000 +0100
+++ dmesg6 2008-11-07 10:06:40.000000000 +0100
@@ -1,4 +1,4 @@
-# dmesg
+# dmesg
OpenBSD 4.3 (RAID.MP) #0: Wed Oct 1 14:07:35 CEST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAID.MP
real mem = 3487612928 (3326MB)
@@ -14,7 +14,7 @@
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
-cpu0: Intel(R) Xeon(R) CPU E3110 @ 3.00GHz, 2992.85 MHz
+cpu0: Intel(R) Xeon(R) CPU E3110 @ 3.00GHz, 2992.89 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 6MB 64b/line 16-way L2 cache
cpu0: apic clock running at 332MHz
@@ -64,12 +64,14 @@
em1 at pci6 dev 0 function 1 "Intel PRO/1000 QP (82571EB)" rev 0x06: apic 2
int 18 (irq 11), address 00:15:17:91:5a:80
ppb6 at pci5 dev 4 function 0 vendor "IDT", unknown product 0x8018 rev 0x0e
pci7 at ppb6 bus 8
+em2 at pci7 dev 0 function 0 "Intel PRO/1000 QP (82571EB)" rev 0x06: apic 2
int 17 (irq 10), address 00:15:17:91:5a:83
+em3 at pci7 dev 0 function 1 "Intel PRO/1000 QP (82571EB)" rev 0x06: apic 2
int 16 (irq 5), address 00:15:17:91:5a:82
ppb7 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 2 int 16
(irq 5)
pci8 at ppb7 bus 13
-em2 at pci8 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: apic 2 int
16 (irq 5), address 00:30:48:d2:9a:06
+em4 at pci8 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: apic 2 int
16 (irq 5), address 00:30:48:d2:9a:06
ppb8 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: apic 2 int 17
(irq 11)
pci9 at ppb8 bus 15
-em3 at pci9 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int
17 (irq 10), address 00:30:48:d2:9a:07
+em5 at pci9 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int
17 (irq 10), address 00:30:48:d2:9a:07
uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 23
(irq 10)
uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 22
(irq 11)
uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 2 int 18
(irq 11)
@@ -91,7 +93,7 @@
ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 2 int 17
(irq 10)
iic0 at ichiic0
lm1 at iic0 addr 0x2d: W83627HF
-iic0: addr 0x2f 05=61 06=fb 07=61 08=fb 09=64 0a=64 0b=5e 0c=c8 0d=a3 0e=7b
0f=13 10=94 11=9d 12=89 13=ff 14=21 15=72 16=cf 17=7b 18=cb 19=cd 1a=c9 1b=01
1c=28 1d=9c 1e=80 1f=80 20=21 21=20 23=0f 25=0f 27=0f 29=0f 2b=0f 2d=0f 2f=02
30=ee 31=0f 33=0f 35=0f 3b=ff 3c=ff 3d=ff 3e=ff 3f=ff 40=09 46=f7 47=ef 48=ff
49=7e 4a=3f 4d=fc 4e=0e 50=06 51=02 52=01 58=28 59=01 5c=1f 5e=ff 5f=03 60=ac
61=73 62=ff 64=a5 65=7c 66=ff 67=ff 68=3f 6a=2a 6b=19 6c=7c 6d=65 6e=e3 6f=b9
70=8a 71=70 72=e5 73=bb 74=e5 75=bb 76=e3 77=b9 78=53 79=4e 7a=55 7b=50 7c=53
7d=4e 7e=55 7f=50 80=53 81=4e 82=55 83=50 84=53 85=4e 86=55 87=50 88=32 89=2d
8a=55 8b=50 8c=32 8d=2d 8e=55 8f=50 90=07 91=68 92=07 93=68 94=07 95=68 96=07
97=68 98=07 99=68 9a=07 9b=68 9c=07 9d=68 9e=07 9f=68 a0=07 a1=68 a2=07 a3=68
a4=ff a5=ff a6=ff a7=ff ae=ff af=ff b2=3f b3=3f b6=3f b7=3f b8=3f b9=3f ba=3f
bb=89 bc=89 bd=89 be=89 bf=89 c0=89 c1=89 c2=89 c3=02 c4=03 c5=7f c6=ff c9=ff
ca=ff cb=ff cc=ff cd=ff ce=ff cf=ff d0=10 d1=64 d2=64 d
3=64 d4=64
d6=e0 d7=ff d8=f1 da=80 db=01 dc=80 dd=01 de=80 df=01 e0=bb e1=c0 e2=82 e3=ff
e4=80 e5=6e e6=fd e7=13 e8=11 e9=10 ea=20 eb=ea ec=ff ed=ff ee=ff ef=ff f6=60
f7=80 f8=1b fa=ff fd=10 words 00=00ff 01=00ff 02=00ff 03=00ff 04=00ff 05=61ff
06=fbff 07=61ff 08=ebff 09=64ff 0a=64ff 0b=5eff 0c=c8ff 0d=a3ff 0e=7bff 0f=13ff
+iic0: addr 0x2f 05=61 06=fb 07=61 08=fb 09=64 0a=64 0b=5e 0c=c8 0d=a3 0e=7b
0f=13 10=94 11=9d 12=89 13=ff 14=21 15=72 16=cf 17=7c 18=cb 19=cd 1a=c9 1b=05
1c=26 1d=a0 1e=80 1f=80 20=20 21=20 22=08 23=0f 25=0f 27=0f 29=0f 2b=0f 2d=0f
2f=02 30=ee 31=0f 33=0f 35=0f 3b=ff 3c=ff 3d=ff 3e=ff 3f=ff 40=09 46=f7 47=ef
48=ff 49=7e 4a=3f 4d=fc 4e=0e 50=06 51=02 52=01 58=28 59=01 5c=1f 5e=ff 5f=03
60=ac 61=73 62=ff 64=a5 65=7c 66=ff 67=ff 68=3f 6a=2a 6b=19 6c=7c 6d=65 6e=e3
6f=b9 70=8a 71=70 72=e5 73=bb 74=e5 75=bb 76=e3 77=b9 78=53 79=4e 7a=55 7b=50
7c=53 7d=4e 7e=55 7f=50 80=53 81=4e 82=55 83=50 84=53 85=4e 86=55 87=50 88=32
89=2d 8a=55 8b=50 8c=32 8d=2d 8e=55 8f=50 90=07 91=68 92=07 93=68 94=07 95=68
96=07 97=68 98=07 99=68 9a=07 9b=68 9c=07 9d=68 9e=07 9f=68 a0=07 a1=68 a2=07
a3=68 a4=ff a5=ff a6=ff a7=ff ae=ff af=ff b2=3f b3=3f b6=3f b7=3f b8=3f b9=3f
ba=3f bb=89 bc=89 bd=89 be=89 bf=89 c0=89 c1=89 c2=89 c3=02 c4=03 c5=7f c6=ff
c9=ff ca=ff cb=ff cc=ff cd=ff ce=ff cf=ff d0=10 d1=64 d
2=64 d3=64
d4=64 d6=e0 d7=ff d8=f0 d9=80 da=80 db=01 dc=80 dd=01 de=80 df=01 e0=bb e1=c0
e2=82 e3=ff e4=80 e5=6a e6=fd e7=13 e8=13 e9=13 ea=e0 eb=22 ec=ff ed=ff ee=ff
ef=ff f6=60 f7=80 f8=1b fa=ff fd=10 words 00=00ff 01=00ff 02=00ff 03=00ff
04=00ff 05=61ff 06=fbff 07=61ff 08=fbff 09=64ff 0a=64ff 0b=5eff 0c=c8ff 0d=a3ff
0e=7bff 0f=13ff
iic0: addr 0x48 00=7f 01=00 03=50 04=7f 05=00 07=50 08=7f 09=00 0b=50 0c=7f
0d=00 0f=50 10=7f 11=00 13=50 14=7f 15=00 17=50 18=7f 19=00 1b=50 1c=7f 1d=00
1f=50 20=7f 21=00 23=50 24=7f 25=00 27=50 28=7f 29=00 2b=50 2c=7f 2d=00 2f=50
30=7f 31=00 33=50 34=7f 35=00 37=50 38=7f 39=00 3b=50 3c=7f 3d=00 3f=50 40=7f
41=00 43=50 44=7f 45=00 47=50 48=7f 49=00 4b=50 4c=7f 4d=00 4f=50 50=7f 51=00
53=50 54=7f 55=00 57=50 58=7f 59=00 5b=50 5c=7f 5d=00 5f=50 60=7f 61=00 63=50
64=7f 65=00 67=50 68=7f 69=00 6b=50 6c=7f 6d=00 6f=50 70=7f 71=00 73=50 74=7f
75=00 77=50 78=7f 79=00 7b=50 7c=7f 7d=00 7f=50 80=7f 81=00 83=50 84=7f 85=00
87=50 88=7f 89=00 8b=50 8c=7f 8d=00 8f=50 90=7f 91=00 93=50 94=7f 95=00 97=50
98=7f 99=00 9b=50 9c=7f 9d=00 9f=50 a0=7f a1=00 a3=50 a4=7f a5=00 a7=50 a8=7f
a9=00 ab=50 ac=7f ad=00 af=50 b0=7f b1=00 b3=50 b4=7f b5=00 b7=50 b8=7f b9=00
bb=50 bc=7f bd=00 bf=50 c0=7f c1=00 c3=50 c4=7f c5=00 c7=50 c8=7f c9=00 cb=50
cc=7f cd=00 cf=50 d0=7f d1=00 d3=50 d4=7f d5=00 d7=50 d
8=7f d9=00
db=50 dc=7f dd=00 df=50 e0=7f e1=00 e3=50 e4=7f e5=00 e7=50 e8=7f e9=00 eb=50
ec=7f ed=00 ef=50 f0=7f f1=00 f3=50 f4=7f f5=00 f7=50 f8=7f f9=00 fb=50 fc=7f
fd=00 ff=50 words 00=7f00 01=00ff 02=4b00 03=5000 04=7f00 05=00ff 06=4b00
07=5000 08=7f00 09=00ff 0a=4b00 0b=5000 0c=7f00 0d=00ff 0e=4b00 0f=5000
iic0: addr 0x49 00=7f 01=00 03=50 04=7f 05=00 07=50 08=7f 09=00 0b=50 0c=7f
0d=00 0f=50 10=7f 11=00 13=50 14=7f 15=00 17=50 18=7f 19=00 1b=50 1c=7f 1d=00
1f=50 20=7f 21=00 23=50 24=7f 25=00 27=50 28=7f 29=00 2b=50 2c=7f 2d=00 2f=50
30=7f 31=00 33=50 34=7f 35=00 37=50 38=7f 39=00 3b=50 3c=7f 3d=00 3f=50 40=7f
41=00 43=50 44=7f 45=00 47=50 48=7f 49=00 4b=50 4c=7f 4d=00 4f=50 50=7f 51=00
53=50 54=7f 55=00 57=50 58=7f 59=00 5b=50 5c=7f 5d=00 5f=50 60=7f 61=00 63=50
64=7f 65=00 67=50 68=7f 69=00 6b=50 6c=7f 6d=00 6f=50 70=7f 71=00 73=50 74=7f
75=00 77=50 78=7f 79=00 7b=50 7c=7f 7d=00 7f=50 80=7f 81=00 83=50 84=7f 85=00
87=50 88=7f 89=00 8b=50 8c=7f 8d=00 8f=50 90=7f 91=00 93=50 94=7f 95=00 97=50
98=7f 99=00 9b=50 9c=7f 9d=00 9f=50 a0=7f a1=00 a3=50 a4=7f a5=00 a7=50 a8=7f
a9=00 ab=50 ac=7f ad=00 af=50 b0=7f b1=00 b3=50 b4=7f b5=00 b7=50 b8=7f b9=00
bb=50 bc=7f bd=00 bf=50 c0=7f c1=00 c3=50 c4=7f c5=00 c7=50 c8=7f c9=00 cb=50
cc=7f cd=00 cf=50 d0=7f d1=00 d3=50 d4=7f d5=00 d7=50 d
8=7f d9=00
db=50 dc=7f dd=00 df=50 e0=7f e1=00 e3=50 e4=7f e5=00 e7=50 e8=7f e9=00 eb=50
ec=7f ed=00 ef=50 f0=7f f1=00 f3=50 f4=7f f5=00 f7=50 f8=7f f9=00 fb=50 fc=7f
fd=00 ff=50 words 00=7f00 01=00ff 02=4b00 03=5000 04=7f00 05=00ff 06=4b00
07=5000 08=7f00 09=00ff 0a=4b00 0b=5000 0c=7f00 0d=00ff 0e=4b00 0f=5000
spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM ECC PC2-6400CL5
