DragonFlyBSD Kernel Audit
← dashboard
DF-0301

Missing replay protection on CARP advertisements: L2-adjacent DoS of failover

Summary

carp_proto_input_c(:1148) TODO: XXX Replay protection goes here. After HMAC verify, 64-bit counter accepted unconditionally. Attacker on same L2 captures multicast CARP adv (224.0.0.18) then replays indefinitely after master fails -> BACKUP never promotes -> virtual IP black-holed. No crypto key needed, pure replay.