Re: OpenBSD sends RSTs for gratuitous traffic

Tue, 15 Jun 2010 00:21:55 -0700 

On 6/14/2010 10:20 PM, Patrick Coleman wrote:

On Tue, Jun 15, 2010 at 1:03 PM, LeviaComm Networks NOC
<[email protected]>  wrote:

It would be best if you had a working switch to test with, the switch may be
forwarding packets to the OpenBSD box because its MAC table is broken.  The
switch may be the cause, please confirm that it isn't before making noise.
  I am sure that no one wants to waste time casing down a bug and then
finding out that it was the switch all along.


Sure, I acknowledge there may be something broken there. But tcpdump
on the OpenBSD box indicates the MAC addresses of the traffic received
do not match any MAC address on the OpenBSD box. In this case OpenBSD
should be simply discarding the packets, not transmitting spoofed RSTs
for TCP conversations it is not involved in.

The situation is basically the same as if OpenBSD was connected to a
hub, not a switch. In that case, it would be receiving every packet
traversing the local subnet.

I'm not denying I might have configured OpenBSD wrong somehow - if so,
any ideas as to where would be greatly appreciated.

Cheers,

Patrick


I just wanted to eliminate as much as possible before spending too much 
time on the problem.  I have a few questions about your setup:



How is your switch configured?  Is this the only switch?  If not, is it 
getting VLAN information from any other network appliance?  I take it 
from the fact that you are using a server in a router-on-a-stick 
configuration, your switches can't do routing, so, What are you using 
for routing?  What routing protocols are you using?  Or are you just 
using static routes on everything?



OpenBSD may be running the network in promiscuous mode, which would be 
why it is responding to MACs that it shouldn't.  If you aren't running a 
clean installation, I would recommend turning off everything except 
routed, including sshd and just use the console for now.  I would also 
recommend removing all your VLAN interfaces and reconnect only 2 then 
test with that, slowly adding VLANs back as they work.



One last thing, Is there a reason that you are doing a router-on-a-stick 
configuration?  I ask only because they tend to cause more headaches 
then they are worth, as Gigabit NICs are pretty much a dime-a-dozen 
nowadays.


-Christopher























					Reply via email to