Date: Wed, 27 Mar 2002 23:00:35 +0700 (KRAT) From: Eugene Grosbein <eugen@grosbein.pp.ru> To: FreeBSD-gnats-submit@FreeBSD.org Cc: net@FreeBSD.org Subject: kern/36373: [PATCH] Introduction of non-strict IFF_NOARP semantics Message-ID: <200203271600.g2RG0ZV01130@D00015.dialonly.kemerovo.su>
next in thread | raw e-mail | index | archive | help
>Number: 36373
>Category: kern
>Synopsis: [PATCH] Introduction of non-strict IFF_NOARP semantics
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Mar 27 08:10:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Eugene Grosbein
>Release: FreeBSD 4.5-STABLE i386
>Organization:
Svyaz Service
>Environment:
System: FreeBSD D00015.dialonly.kemerovo.su 4.5-STABLE FreeBSD 4.5-STABLE #1: Tue Mar 26 19:19:56 KRAT 2002 eu@D00015.dialonly.kemerovo.su:/usr/local/obj/usr/local/src/sys/DADV i386
>Description:
FreeBSD currently handles flag NOARP for network interface
in the way that completely disables ARP for that interface.
It's often too strict for real world operations. Sometimes
we just want ARP table to be protected from modification
via public interface but host must respond to ARP queries
for its own MAC address. So, this host will cooperate with
known hosts only (using preloaded ARP table), can act as gateway
for them and those hosts are not forced to have static ARP
records themselves. The patches implementing such behavour
float around for long time. Here is an adaptaion of one such patch
for 4.5-STABLE. It introcudes new sysctl named
net.link.ether.inet.strict_noarp with default value of 1.
This value correspondes to current meaning of IFF_NOARP.
One can change it to 0 to enable host replies to ARP queries;
the ARP table is still protected from modifications
via interfces marked as NOARP.
>How-To-Repeat:
There is no problem, see above.
>Fix:
Apply this patch.
--- sys/netinet/if_ether.c.orig Fri Mar 22 17:50:23 2002
+++ sys/netinet/if_ether.c Sat Mar 23 15:52:10 2002
@@ -107,6 +107,7 @@
static int arp_maxtries = 5;
static int useloopback = 1; /* use loopback interface for local traffic */
static int arp_proxyall = 0;
+int strict_noarp = 1; /* used in src/net/if_ethersubr.c */
SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW,
&arp_maxtries, 0, "");
@@ -114,6 +115,8 @@
&useloopback, 0, "");
SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW,
&arp_proxyall, 0, "");
+SYSCTL_INT(_net_link_ether_inet, OID_AUTO, strict_noarp, CTLFLAG_RW,
+ &strict_noarp, 0, "");
static void arp_rtrequest __P((int, struct rtentry *, struct rt_addrinfo *));
static void arprequest __P((struct ifnet *,
@@ -441,7 +444,7 @@
* Probably should not allocate empty llinfo struct if we are
* not going to be sending out an arp request.
*/
- if (ifp->if_flags & IFF_NOARP) {
+ if (strict_noarp && (ifp->if_flags & IFF_NOARP)) {
m_freem(m);
return (0);
}
@@ -635,6 +638,7 @@
itaddr = myaddr;
goto reply;
}
+ if (strict_noarp || !(ifp->if_flags & IFF_NOARP)) {
la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
/* the following is not an error when doing bridging */
@@ -725,6 +729,7 @@
rt_key(rt), rt);
la->la_hold = 0;
}
+ }
}
reply:
if (op != ARPOP_REQUEST) {
--- sys/net/if_ethersubr.c.orig Fri Mar 22 17:50:04 2002
+++ sys/net/if_ethersubr.c Sat Mar 23 15:26:06 2002
@@ -97,6 +97,10 @@
extern u_char aarp_org_code[3];
#endif /* NETATALK */
+#ifdef INET
+extern int strict_noarp; /* defined in src/netinet/if_ether.c */
+#endif
+
/* netgraph node hooks for ng_ether(4) */
void (*ng_ether_input_p)(struct ifnet *ifp,
struct mbuf **mp, struct ether_header *eh);
@@ -559,11 +563,12 @@
break;
case ETHERTYPE_ARP:
- if (ifp->if_flags & IFF_NOARP) {
+ if (strict_noarp && (ifp->if_flags & IFF_NOARP)) {
/* Discard packet if ARP is disabled on interface */
m_freem(m);
return;
}
+
schednetisr(NETISR_ARP);
inq = &arpintrq;
break;
Eugene Grosbein
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203271600.g2RG0ZV01130>