Date: Mon, 27 Nov 2000 14:19:25 +0300 From: "Oleg A. Paraschenko" <prof@infosite.ru> To: <cjclark@alum.mit.edu>, "Dominick LaTrappe" <seraf@2600.COM> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: static ARP tables Message-ID: <007201c05863$e65f8480$0701a8c0@dkn> References: <200011252212.PAA26585@faith.cs.utah.edu> <Pine.NEB.4.21.0011261501020.15375-100000@phalse.2600.com> <20001126123153.D70192@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello!
> > What I'd really like to see is a 'static' flag that can be added to
> > individual ARP table entries. I have several networks with servers and
> > routers whose MAC/IP/switchport associtions should never change, but
also
> > workstations that change all the time.
> -s hostname ether_addr
> Create an ARP entry for the host called hostname with the Ether-
> net address ether_addr. The Ethernet address is given as six hex
> bytes separated by colons. The entry will be permanent unless
> the word temp is given in the command. ^^^^^^^^^
>
In FreeBSD 2.2.7 term 'permanent' means that kernel will not delete ARP
entry after time of inactivity of workstation. Any host on network can
change IP, and kernel will say 'arp: %s moved from %6D to %6D', even if
IP/MAC is set to 'permanent'.
> >
> > I'm going to try to work on a patch for this, though maybe someone
already
> > knows a hack?
>
I chanhed '/sys/netinet/if_ether.c' in order to disable IP/MAC changes.
---- Old file
...
la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
if (sdl->sdl_alen &&
bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen))
log(LOG_INFO, "arp: %s moved from %6D to %6D\n",
inet_ntoa(isaddr), (u_char *)LLADDR(sdl), ":",
ea->arp_sha, ":");
(void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha));
sdl->sdl_alen = sizeof(ea->arp_sha);
...
----- New file
...
if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
#ifndef DONT_MOVE_ARP
if (sdl->sdl_alen &&
bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen))
log(LOG_INFO, "arp: %s moved from %6D to %6D\n",
inet_ntoa(isaddr), (u_char *)LLADDR(sdl), ":",
ea->arp_sha, ":");
(void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha));
#else // DONT_MOVE_ARP
if (sdl->sdl_alen &&
bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen))
{
log(LOG_INFO, "arp: %s will not be moved from %6D to %6D\n",
inet_ntoa(isaddr), (u_char *)LLADDR(sdl), ":",
ea->arp_sha, ":");
} else {
(void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha));
}
#endif // DONT_MOVE_ARP
sdl->sdl_alen = sizeof(ea->arp_sha);
...
--------
Probably it is not what you want, but you can start with it.
Bye!
----
Oleg
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007201c05863$e65f8480$0701a8c0>