Site Navigation

Date:      Thu, 27 Sep 2001 00:32:38 +0200 (CEST)
From:      Dan Lukes <dan@obluda.cz>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/30854: bootpd/bootpgw change - skip ARP modifications by option
Message-ID:  <200109262232.f8QMWcd41938@xkulesh.vol.cz>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         30854
>Category:       bin
>Synopsis:       bootpd/bootpgw change - skip ARP modifications by option
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 26 15:40:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Dan Lukes
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
Obludarium
>Environment:
System: FreeBSD 4.4-STABLE #31: Thu Sep 20 23:06:53 CEST 2001 i386

>Description:
	I have pre-set ARP table with permanent records (MAC addresses) 
for all possible directly connected IP address. It complicate IP address 
spoofing a lot. I want retain distribution of IP adresses (and other
options) via BOOTP (central management is easy).

	The bootpd and bootpgw replace already present ARP permanent 
records with temporary ones. I want disable this functionality by option.

	The new [-a] option force bootpd and bootpgw to skip the ARP table
modifications.
	
	(Yes, I know, skilled user can change the MAC address of NIC, so
spoofing is still possible - but it's better than nothing)

>How-To-Repeat:
	N/A
>Fix:

--- libexec/bootpd/bootpd.c.ORIG	Sat Dec 16 23:43:25 2000
+++ libexec/bootpd/bootpd.c	Thu Sep 27 00:01:40 2001
@@ -151,6 +151,7 @@
 	15 * 60L,					/* tv_sec */
 	0							/* tv_usec */
 };
+int noarp = FALSE;				/* skip modifications of ARP table */
 
 /*
  * General
@@ -272,6 +273,9 @@
 			break;
 		switch (argv[0][1]) {
 
+		case 'a':				/* don't modify the ARP table */
+			noarp = TRUE;
+			break;
 		case 'c':				/* chdir_path */
 			if (argv[0][2]) {
 				stmp = &(argv[0][2]);
@@ -588,7 +592,8 @@
 usage()
 {
 	fprintf(stderr,
-			"usage:  bootpd [-d level] [-i] [-s] [-t timeout] [configfile [dumpfile]]\n");
+			"usage:  \nbootpd [-a] [-c path] [-d level] [-i] [-s] [-t timeout] [configfile [dumpfile]]\n");
+	fprintf(stderr, "\t -a\tdon't modify ARP table\n");
 	fprintf(stderr, "\t -c n\tset current directory\n");
 	fprintf(stderr, "\t -d n\tset debug level\n");
 	fprintf(stderr, "\t -i\tforce inetd mode (run as child of inetd)\n");
@@ -1066,10 +1071,12 @@
 		if (haf == 0)
 			haf = HTYPE_ETHERNET;
 
-		if (debug > 1)
-			report(LOG_INFO, "setarp %s - %s",
-				   inet_ntoa(dst), haddrtoa(ha, len));
-		setarp(s, &dst, haf, ha, len);
+		if ( noarp == FALSE ) {
+			if (debug > 1)
+				report(LOG_INFO, "setarp %s - %s",
+					   inet_ntoa(dst), haddrtoa(ha, len));
+			setarp(s, &dst, haf, ha, len);
+		}
 	}
 
 	if ((forward == 0) &&
--- libexec/bootpd/bootpgw/bootpgw.c.ORIG	Sat Dec 16 23:43:25 2000
+++ libexec/bootpd/bootpgw/bootpgw.c	Thu Sep 27 00:01:40 2001
@@ -130,6 +130,7 @@
 u_char maxhops = 4;				/* Number of hops allowed for requests. */
 u_int minwait = 3;				/* Number of seconds client must wait before
 						   its bootrequest packets are forwarded. */
+int noarp = FALSE;				/* skip modifications of ARP table */
 
 /*
  * General
@@ -246,6 +247,9 @@
 			break;
 		switch (argv[0][1]) {
 
+		case 'a':				/* don't modify the ARP table */
+			noarp = TRUE;
+			break;
 		case 'd':				/* debug level */
 			if (argv[0][2]) {
 				stmp = &(argv[0][2]);
@@ -511,7 +515,8 @@
 usage()
 {
 	fprintf(stderr,
-			"usage:  bootpgw [-d level] [-i] [-s] [-t timeout] server\n");
+			"usage:  \nbootpgw [-a] [-d level] [-h count] [-i] [-s] [-t timeout] [-w time] server\n");
+	fprintf(stderr, "\t -a\tdon't modify ARP table\n");
 	fprintf(stderr, "\t -d n\tset debug level\n");
 	fprintf(stderr, "\t -h n\tset max hop count\n");
 	fprintf(stderr, "\t -i\tforce inetd mode (run as child of inetd)\n");
@@ -656,19 +661,21 @@
 	send_addr.sin_addr = bp->bp_yiaddr;
 	send_addr.sin_port = htons(bootpc_port);
 
-	/* Create an ARP cache entry for the client. */
-	ha = bp->bp_chaddr;
-	len = bp->bp_hlen;
-	if (len > MAXHADDRLEN)
-		len = MAXHADDRLEN;
-	haf = (int) bp->bp_htype;
-	if (haf == 0)
-		haf = HTYPE_ETHERNET;
+	if ( noarp == FALSE ) {
+		/* Create an ARP cache entry for the client. */
+		ha = bp->bp_chaddr;
+		len = bp->bp_hlen;
+		if (len > MAXHADDRLEN)
+			len = MAXHADDRLEN;
+		haf = (int) bp->bp_htype;
+		if (haf == 0)
+			haf = HTYPE_ETHERNET;
 
-	if (debug > 1)
-		report(LOG_INFO, "setarp %s - %s",
-			   inet_ntoa(bp->bp_yiaddr), haddrtoa(ha, len));
-	setarp(s, &bp->bp_yiaddr, haf, ha, len);
+		if (debug > 1)
+			report(LOG_INFO, "setarp %s - %s",
+				   inet_ntoa(dst), haddrtoa(ha, len));
+		setarp(s, &dst, haf, ha, len);
+	}
 
 	/* Send reply with same size packet as request used. */
 	if (sendto(s, pktbuf, pktlen, 0,
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109262232.f8QMWcd41938>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact