From owner-freebsd-bugs Sun Jan 31 15:30:10 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA10542 for freebsd-bugs-outgoing; Sun, 31 Jan 1999 15:30:10 -0800 (PST) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA10492 for ; Sun, 31 Jan 1999 15:30:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.2/8.9.2) id PAA78495; Sun, 31 Jan 1999 15:30:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA10222 for ; Sun, 31 Jan 1999 15:27:21 -0800 (PST) (envelope-from iedowse@maths.tcd.ie) Received: from gosset.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 31 Jan 99 23:27:20 +0000 (GMT) Message-Id: <9901312327.aa23568@gosset.maths.tcd.ie> Date: Sun, 31 Jan 99 23:27:20 +0000 (GMT) From: iedowse@maths.tcd.ie Reply-To: iedowse@maths.tcd.ie To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: kern/9848: ARP proxyall extra sanity check Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 9848 >Category: kern >Synopsis: ARP proxyall extra sanity check >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jan 31 15:30:01 PST 1999 >Closed-Date: >Last-Modified: >Originator: Ian Dowse >Release: FreeBSD 3.0-STABLE i386 >Organization: School of Mathematics Trinity College Dublin >Environment: FreeBSD 3.0-STABLE i386, but applies to all versions net.link.ether.inet.proxyall=1 >Description: FreeBSD's ARP proxying, when enabled via sysctl, performs very few sanity checks before sending a proxy reply to an ARP request. It only checks that, according to the routing table, replies are not sent to the interface on which the target node is located. When ARP proxying is used on a router connecting two ethernet segments, accidentally connecting an interface to the wrong network is all too easy. In this case the routing table does not match the network topology so the interface check does no good; the network erupts quickly into an ARP battle :( The patch below provides an extra sanity check for ARP proxying. It checks that the request came in via the interface on which the sender is expected to be. In the case of a mismatch a warning is logged, and the ARP request is not proxied. >How-To-Repeat: >Fix: --- if_ether.c.orig Sun Jan 31 21:33:10 1999 +++ if_ether.c Sun Jan 31 21:49:02 1999 @@ -582,6 +582,32 @@ (void)memcpy(ea->arp_tha, ea->arp_sha, sizeof(ea->arp_sha)); (void)memcpy(ea->arp_sha, ac->ac_enaddr, sizeof(ea->arp_sha)); rtfree(rt); + + /* + * Also check that the node which sent the ARP packet + * is on the the interface we expect it to be on. This + * avoids ARP chaos if an interface is connected to the + * wrong network. + */ + sin.sin_addr = isaddr; + + rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL); + if (!rt) { + m_freem(m); + return; + } + if (rt->rt_ifp != &ac->ac_if) { + log(LOG_INFO, "arp_proxy: ignoring request" + " from %s via %s%d, expecting %s%d\n", + inet_ntoa(isaddr), ac->ac_if.if_name, + ac->ac_if.if_unit, rt->rt_ifp->if_name, + rt->rt_ifp->if_unit); + rtfree(rt); + m_freem(m); + return; + } + rtfree(rt); + #ifdef DEBUG_PROXY printf("arp: proxying for %s\n", inet_ntoa(itaddr)); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message