On Tue, May 24, 2011 at 01:12:10PM -0500, Chris Wopat wrote: > On Mon, May 23, 2011 at 9:59 AM, Chris Wopat <m...@falz.net> wrote: > > Had a strange issue overnight. In short I had two OpenBSD boxes acting > > as routers denial of service my network with OSPFv3 multicast packets. > > This happened again today. This time it was on a third OpenBSD box. > The last time it happened it was happening what appeared to be > simultaneously from two freshly installed 4.9 AMD64 boxes. This box is > the same install and similar configuration as before. > > This time we were able to capture a sniff as well as a ktrace. > > http://falz.net/static/openbsd/ktrace-openbsd-49-2011-05-24.out (~170mb) > http://falz.net/static/openbsd/sniff-openbsd-49-2011-05-24.pcap (~50mb) > > The pcap file above shows 604941 packets in a period of 9.4 > seconds(!). All of the packets are: > > 66.170.7.139 > 224.0.0.5: OSPFv2-ls_upd 28: rtrid 66.170.0.14 backbone > [tos 0xc0] [ttl 1] >
Are you running 4.9 or -current? Up until the code generating the LSA update packets (and sending them) did not change between 4.8 and 4.9. In -current this code got rewritten to fix a issue. IIRC the problem was that an LS Update got so big that it did not fit into a MTU sized packet. If my memory serves me right then the result was this kind of packet storm. You should try and compile a -current ospfd on your 4.9 system. I think it should run without any problems. -- :wq Claudio
