From owner-freebsd-hackers  Mon Dec 21 09:17:45 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA21048
          for freebsd-hackers-outgoing; Mon, 21 Dec 1998 09:17:45 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from foonly.scimitar.org (cr323989-a.yec1.on.wave.home.com [24.112.82.27])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA21006;
          Mon, 21 Dec 1998 09:17:34 -0800 (PST)
          (envelope-from pnadeau@wave.home.com)
Received: from localhost (pnadeau@localhost)
	by foonly.scimitar.org (8.8.5/8.8.5) with SMTP id MAA14037;
	Mon, 21 Dec 1998 12:17:31 -0500 (EST)
X-Authentication-Warning: foonly.scimitar.org: pnadeau owned process doing -bs
Date: Mon, 21 Dec 1998 12:17:30 -0500 (EST)
From: Patrick Nadeau <pnadeau@wave.home.com>
X-Sender: pnadeau@foonly.scimitar.org
To: wollman@FreeBSD.ORG, hackers@FreeBSD.ORG
Subject: Locking arp entries
Message-ID: <Pine.BSF.3.95q.981221121308.14010B-100000@foonly.scimitar.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Originally sent to: wollman@freebsd.org

I recently had to make a mod to the kernel to fix a problem I had with
arp.  I'm letting you know in case anyone else is interested in it.

In a nutshell I have an internal ethernet on the 10 network.  I have a
number of machines on the inside and a multihomed FreeBSD box connected to
the Rogers @home service.  It serves as a firewall and does the NAT for
the machines on the inside. 

Somebody hooked up his machine to the Rogers network as 10.0.0.2.  This
caused gratuitous arp packets to reach my firewall and corrupt the arp
entries for my inside host 10.0.0.2, making it unreachable.

The problem persisted for a whole day and became so bad I decided to add a
routing flag RTF_LOCK and some logic in in_arpinput to ignore packets if
the flag is on.

I also added code to set the lock flag to arp(8).

I am mentioning this to you because I noticed the comment
    TODO: add "inuse/lock" bit
in if_ether.c and assumed somebody meant to get around to do it.

Let me know if you want to see the patches, it's not rocket science but it
really fixed my problem!



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message