From owner-freebsd-bugs Mon Aug 17 13:10:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA07667 for freebsd-bugs-outgoing; Mon, 17 Aug 1998 13:10:07 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA07596 for ; Mon, 17 Aug 1998 13:10:04 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id NAA27809; Mon, 17 Aug 1998 13:10:01 -0700 (PDT) Received: from Berkeley.Gambit.Msk.SU (berkeley.gambit.msk.su [194.190.206.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA06282 for ; Mon, 17 Aug 1998 13:02:55 -0700 (PDT) (envelope-from laskavy@Berkeley.Gambit.Msk.SU) Received: (from laskavy@localhost) by Berkeley.Gambit.Msk.SU (8.8.8/8.8.8) id AAA19437; Tue, 18 Aug 1998 00:02:20 +0400 (MSD) (envelope-from laskavy) Message-Id: <199808172002.AAA19437@Berkeley.Gambit.Msk.SU> Date: Tue, 18 Aug 1998 00:02:20 +0400 (MSD) From: "Сергей С. Ласкавый" Reply-To: laskavy@Berkeley.Gambit.Msk.SU To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: kern/7649: /sys/netinet/if_ether.c: "permanent" records in ARP table are not really permanent Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 7649 >Category: kern >Synopsis: /sys/netinet/if_ether.c: "permanent" records in ARP table are not really permanent >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 17 13:10:00 PDT 1998 >Last-Modified: >Originator: Сергей С. Ласкавый >Organization: The FreeBSD Documentation Project >Release: FreeBSD 2.2.7-STABLE i386 >Environment: /sys/netinet/if_ether.c: $Id: if_ether.c,v 1.34.2.2 1997/05/14 16:43:56 tegge Exp $ >Description: Permanent records in ARP table can be overriden by remote host requests. >How-To-Repeat: server# arp -s foo 1:2:3:4:5:6 # set the "real" address server$ arp -a # now arp table entry is OK foo (10.0.0.1) at 1:2:3:4:5:6 permanent server$ sleep 300 # wait for 5 minutes, or maybe even 10 server$ arp foo # hey, that host can update our ARP table! foo (10.0.0.1) at 8:0:20:1:2:3 permanent >Fix: The original patch is for 2.1-STABLE system. Patch for 2.2-STABLE will be similar. *** if_ether.c Mon Aug 17 15:16:55 1998 --- if_ether.c.orig Mon Aug 17 15:06:07 1998 *************** *** 453,473 **** la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0); if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) { if (sdl->sdl_alen && ! bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen)) { ! if (rt->rt_expire) ! log(LOG_NOTICE, "arp info overwritten for %s by %s\n", ! inet_ntoa(isaddr), ether_sprintf(ea->arp_sha)); ! else { ! log(LOG_WARNING, "arp: attempt to overwrite stat ic entry for %s by %s\n",inet_ntoa(isaddr), ether_sprintf(ea->arp_sha)); ! goto skip_static; ! } ! } (void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha)); sdl->sdl_alen = sizeof(ea->arp_sha); if (rt->rt_expire) rt->rt_expire = time.tv_sec + arpt_keep; rt->rt_flags &= ~RTF_REJECT; - skip_static: la->la_asked = 0; if (la->la_hold) { (*ac->ac_if.if_output)(&ac->ac_if, la->la_hold, --- 453,466 ---- la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0); if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) { if (sdl->sdl_alen && ! bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen)) ! log(LOG_INFO, "arp info overwritten for %s by %s\n", ! inet_ntoa(isaddr), ether_sprintf(ea->arp_sha)); (void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha)); sdl->sdl_alen = sizeof(ea->arp_sha); if (rt->rt_expire) rt->rt_expire = time.tv_sec + arpt_keep; rt->rt_flags &= ~RTF_REJECT; la->la_asked = 0; if (la->la_hold) { (*ac->ac_if.if_output)(&ac->ac_if, la->la_hold, >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message