API tools faq
paste
gugus

pf in bridge mode - UDP/ICMP fragmentation bug

gugus
Aug 29th, 2016
178
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.47 KB | None | 0 0
raw download clone embed print report
  1. root@:~ # fetch https://raw.githubusercontent.com/ocochard/BSDRP/master/tools/BSDRP-lab-bhyve.sh
  2. root@:~ # fetch http://dev.bsdrp.net/FreeBSD/BSDRP-1.9998-full-amd64-vga.img.xz
  3. root@:~ # sh BSDRP-lab-bhyve.sh -i BSDRP-1.9998-full-amd64-vga.img.xz -n 3
  4. BSD Router Project (http://bsdrp.net) - bhyve full-meshed lab script
  5. Setting-up a virtual lab with 3 VM(s):
  6. - Working directory: /tmp/BSDRP
  7. - Each VM have 1 core(s) and 256M RAM
  8. - Switch mode: bridge + tap
  9. - 0 LAN(s) between all VM
  10. - Full mesh Ethernet links between each VM
  11. VM 1 have the following NIC:
  12. - vtnet0 connected to VM 2.
  13. - vtnet1 connected to VM 3.
  14. VM 2 have the following NIC:
  15. - vtnet0 connected to VM 1.
  16. - vtnet1 connected to VM 3.
  17. VM 3 have the following NIC:
  18. - vtnet0 connected to VM 1.
  19. - vtnet1 connected to VM 2.
  20. For connecting to VM'serial console, you can use:
  21. - VM 1 : cu -l /dev/nmdm1B
  22. - VM 2 : cu -l /dev/nmdm2B
  23. - VM 3 : cu -l /dev/nmdm3B
  24.  
  25.  
  26. === VM 1 ===
  27.  
  28. sysrc ifconfig_vtnet0="inet 10.0.0.1/24"
  29. service netif restart
  30.  
  31. === VM 2 ====
  32. sysrc ifconfig_vtnet0="up"
  33. sysrc ifconfig_vtnet1="up"
  34. sysrc cloned_interfaces="bridge0"
  35. sysrc ifconfig_bridge0="addm vtnet0 addm vtnet1 up"
  36. sysrc pf_enable=yes
  37. cat > /etc/pf.conf <<EOF
  38. set skip on lo0
  39. scrub
  40. pass
  41. EOF
  42. service netif restart
  43. service pf start
  44.  
  45. === VM 3 ===
  46.  
  47. sysrc ifconfig_vtnet1="inet 10.0.0.3/24"
  48. service netif restart
  49.  
  50. Then start a tcpdump on VM3 on vtnet1 (interface toward VM2)
  51. tcpdump -pni vtnet1 -c 10
  52.  
  53. === From VM1 ====
  54.  
  55. root@:~ # ping -c 1 -s 1500 10.0.0.3
  56. PING 10.0.0.3 (10.0.0.3): 1500 data bytes
  57.  
  58. --- 10.0.0.3 ping statistics ---
  59. 1 packets transmitted, 0 packets received, 100.0% packet loss
  60.  
  61. === Check output on VM 3 ===
  62.  
  63. 16:41:22.903866 20:00:40:01:73:28 > 45:00:05:dc:cd:f5, ethertype Unknown (0x0a00), length 1500:
  64. 0x0000: 0001 0a00 0003 0800 caf2 de04 0000 57c4 ..............W.
  65. 0x0010: 65b2 000d d6e2 0809 0a0b 0c0d 0e0f 1011 e...............
  66. 0x0020: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
  67. 0x0030: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
  68. 0x0040: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
  69. 0x0050: 4243 4445 4647 4849 4a4b 4c4d 4e4f 5051 BCDEFGHIJKLMNOPQ
  70. 0x0060: 5253 5455 5657 5859 5a5b 5c5d 5e5f 6061 RSTUVWXYZ[\]^_`a
  71. 0x0070: 6263 6465 6667 6869 6a6b 6c6d 6e6f 7071 bcdefghijklmnopq
  72. 0x0080: 7273 7475 7677 7879 7a7b 7c7d 7e7f 8081 rstuvwxyz{|}~...
  73. 0x0090: 8283 8485 8687 8889 8a8b 8c8d 8e8f 9091 ................
  74. 0x00a0: 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 ................
  75. 0x00b0: a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 ................
  76. 0x00c0: b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 ................
  77. 0x00d0: c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 ................
  78. 0x00e0: d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 ................
  79. 0x00f0: e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 ................
  80. 0x0100: f2f3 f4f5 f6f7 f8f9 fafb fcfd feff 0001 ................
  81. 0x0110: 0203 0405 0607 0809 0a0b 0c0d 0e0f 1011 ................
  82. 0x0120: 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 ...............!
  83. 0x0130: 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 "#$%&'()*+,-./01
  84. 0x0140: 3233 3435 3637 3839 3a3b 3c3d 3e3f 4041 23456789:;<=>?@A
  85.  
  86. === From VM1, panic generation ===
  87. Generate large number of UDP fragmented traffic to VM3 for crashing VM2:
  88.  
  89. netblast 10.0.0.3 9090 1500 30
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!