From owner-freebsd-net  Wed Dec  5 19:48:17 2001
Delivered-To: freebsd-net@freebsd.org
Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80])
	by hub.freebsd.org (Postfix) with ESMTP
	id DED8037B419; Wed,  5 Dec 2001 19:48:11 -0800 (PST)
Received: (from eugen@localhost)
	by www.svzserv.kemerovo.su (8.11.6/8.11.6) id fB63mGI11006;
	Thu, 6 Dec 2001 10:48:16 +0700 (KRAT)
	(envelope-from eugen)
Date: Thu, 6 Dec 2001 10:48:16 +0700
From: Eugene Grosbein <eugen@www.svzserv.kemerovo.su>
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: Eugene Grosbein <eugen@grosbein.pp.ru>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011206104816.A10151@svzserv.kemerovo.su>
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205193859.B79705@sunbay.com>; from ru@FreeBSD.ORG on Wed, Dec 05, 2001 at 07:38:59PM +0200
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 07:38:59PM +0200, Ruslan Ermilov wrote:

> The below patch implements this facility, activated by setting the
> net.link.ether.inet.static_arp sysctl to a non-zero value.  It also
> fixes an mbuf leak in arpresolve() if IFF_NOARP flag is set on an
> interface, and an address resolution is attempted over it.
> 
> I am also going to add support for static ARP table to rc.conf(5),
> which should address PR conf/23063.
> 
> Let me know what do you think about the patch.

I tried this and this works. But our configuration demands 
that modifications of ARP table must be ignored only for some of interfaces
while others (non-public) can use ARP. So that your patch is still useless :(

Perhaps, sysctl should change meaning of NOARP flag?
This would allow more flexible per-interface scheme.
Or it might be possible to use hw.atamodes scheme.

Eugene Grosbein

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message