Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Aug 1998 00:02:20 +0400 (MSD)
From:      "Сергей С. Ласкавый" <laskavy@Berkeley.Gambit.Msk.SU>
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   kern/7649: /sys/netinet/if_ether.c: "permanent" records in ARP table are not really permanent
Message-ID:  <199808172002.AAA19437@Berkeley.Gambit.Msk.SU>
next in thread | raw e-mail | index | archive | help 


>Number:         7649
>Category:       kern
>Synopsis:       /sys/netinet/if_ether.c: "permanent" records in ARP table are not really permanent
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 17 13:10:00 PDT 1998
>Last-Modified:
>Originator:     Сергей С. Ласкавый
>Organization:
The FreeBSD Documentation Project
>Release:        FreeBSD 2.2.7-STABLE i386
>Environment:

/sys/netinet/if_ether.c:
     $Id: if_ether.c,v 1.34.2.2 1997/05/14 16:43:56 tegge Exp $

>Description:

	Permanent records in ARP table can be overriden by remote host requests.

>How-To-Repeat:

	server# arp -s foo 1:2:3:4:5:6	# set the "real" address

	server$ arp -a		# now arp table entry is OK
	foo (10.0.0.1) at 1:2:3:4:5:6 permanent

	server$ sleep 300	# wait for 5 minutes, or maybe even 10

	server$ arp foo		# hey, that host can update our ARP table!
	foo (10.0.0.1) at 8:0:20:1:2:3 permanent

>Fix:

	The original patch is for 2.1-STABLE system.
	Patch for 2.2-STABLE will be similar.

*** if_ether.c	Mon Aug 17 15:16:55 1998
--- if_ether.c.orig	Mon Aug 17 15:06:07 1998
***************
*** 453,473 ****
  	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
  	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
  		if (sdl->sdl_alen &&
! 		    bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen)) {
! 			if (rt->rt_expire)
! 				log(LOG_NOTICE, "arp info overwritten for %s by %s\n",
! 			    	inet_ntoa(isaddr), ether_sprintf(ea->arp_sha));
! 			else {
! 				log(LOG_WARNING, "arp: attempt to overwrite stat
ic entry for %s by %s\n",inet_ntoa(isaddr), ether_sprintf(ea->arp_sha));
! 				goto skip_static;
! 			}
! 		}
  		(void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha));
  		sdl->sdl_alen = sizeof(ea->arp_sha);
  		if (rt->rt_expire)
  			rt->rt_expire = time.tv_sec + arpt_keep;
  		rt->rt_flags &= ~RTF_REJECT;
- skip_static:
  		la->la_asked = 0;
  		if (la->la_hold) {
  			(*ac->ac_if.if_output)(&ac->ac_if, la->la_hold,
--- 453,466 ----
  	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
  	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
  		if (sdl->sdl_alen &&
! 		    bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen))
! 			log(LOG_INFO, "arp info overwritten for %s by %s\n",
! 			    inet_ntoa(isaddr), ether_sprintf(ea->arp_sha));
  		(void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha));
  		sdl->sdl_alen = sizeof(ea->arp_sha);
  		if (rt->rt_expire)
  			rt->rt_expire = time.tv_sec + arpt_keep;
  		rt->rt_flags &= ~RTF_REJECT;
  		la->la_asked = 0;
  		if (la->la_hold) {
  			(*ac->ac_if.if_output)(&ac->ac_if, la->la_hold,
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808172002.AAA19437>