[NETVIRT-415] IPv6 Service :Rogue Neighbor Advertisement packets are not dropping at table=40 Created: 10/Jan/17  Updated: 05/Apr/18  Resolved: 05/Apr/18

Status: Resolved
Project: netvirt
Component/s: General
Affects Version/s: Boron
Fix Version/s: None

Type: Bug Priority: Medium
Reporter: mahesh loni Assignee: Sridhar Gaddam
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All

Attachments: File test-pcap.7z    
External issue ID: 7503

 Description   

Steps followed :
1.Sending the Rogue NA packets from VM1 to VM2 using scapy tool and packets are not dropping at table=40

ODL

VM1(Attacker VM) --> VM2 (Victim VM)

VM details and default route entry 'fe80::f816:3eff:fe03:6107' :

Attack VM1 ipv6 address : '2001:db8:2fff:0:f816:3eff:fe85:de74'
Mac address : 'fa:16:3e:85:de:74'
Victim VM2 ipv6 address : '2001:db8:2fff:0:f816:3eff:fee9:9284'
Mac address : 'fa:16:3e:e9:92:84'
Target ipv6 address ( Default -route : tgt='fe80::f816:3eff:fe03:6107' and its mac address : fa:16:3e:03:61:07

1. Before sending the rouge NA packets to Victim VM

root@ubuntu-sg:~# ip neighbor show
2001:db8:2fff:0:f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe03:6107 dev ens3 lladdr fa:16:3e:03:61:07 router REACHABLE

2. After Sending the NA from VM1 to VM2 with target spoof mac using the scapy tool. 'fe80::f816:3eff:fe03:6107' and changing the mac address : 00:00:00:00:00:0c

And in VM2 ( Victim VM) is compromising with spoof target mac address :
root@ubuntu-sg:~# ip neighbor show
2001:db8:2fff:0:f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe03:6107 dev ens3 lladdr 00:00:00:00:00:0c DELAY
root@ubuntu-sg:~# ip neighbor show
2001:db8:2fff:0:f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe03:6107 dev ens3 lladdr 00:00:00:00:00:0c STALE
root@ubuntu-sg:~# ip neighbor show
2001:db8:2fff:0:f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe03:6107 dev ens3 lladdr 00:00:00:00:00:0c DELAY
root@ubuntu-sg:~# ip neighbor show
2001:db8:2fff:0:f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe03:6107 dev ens3 lladdr 00:00:00:00:00:0c DELAY
root@ubuntu-sg:~# ip neighbor show
2001:db8:2fff:0:f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe85:de74 dev ens3 lladdr fa:16:3e:85:de:74 STALE
fe80::f816:3eff:fe03:6107 dev ens3 lladdr 00:00:00:00:00:0c DELAY

its not dropping at table=40

Attaching the packet capture at both the VMs.

 Comments   
Comment by mahesh loni [ 10/Jan/17 ]

Attachment test-pcap.7z has been added with description: both the VMs pcaps are attached

Comment by Sam Hague [ 05/Apr/18 ]

This is on the legacy netvirt which is deprecated.

Generated at Wed Feb 07 20:21:30 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.