Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Mar 2005 15:37:38 +0100 (CET)
From:      Dan Lukes <dan@obluda.cz>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   bin/79228: [ PATCH ] extend /sbin/arp to be able to create blackhole records
Message-ID:  <200503251437.j2PEbcRh011883@kulesh.obluda.cz>
Resent-Message-ID: <200503251440.j2PEe2f0041368@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 


>Number:         79228
>Category:       bin
>Synopsis:       [ PATCH ] extend /sbin/arp to be able to create blackhole records
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 25 14:40:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Dan Lukes
>Release:        FreeBSD 5.4-PRERELEASE i386
>Organization:
Obludarium
>Environment:
System: FreeBSD 5.4-PRERELEASE i386
src/usr.sbin/arp/arp.c,v 1.53.2.2 2005/02/13 12:23:52 maxim Exp $"

>Description:
	Current ARP doesn't allow to set LLINFO route records containing 
RTF_BLACKHOLE or RTF_REJECT flags.

	Creating records with those flag may be usefull to block external 
traffic to a host without use of a firewall.

	As kernel can do it, there seems not to be reason to hide the 
functionality to userland.

>How-To-Repeat:
	N/A
>Fix:

	

--- usr.sbin/arp/arp.c.ORIG	Mon Feb 14 12:34:20 2005
+++ usr.sbin/arp/arp.c	Fri Mar 25 15:01:35 2005
@@ -326,6 +326,10 @@
 				dst->sin_other = SIN_PROXY;
 				argc--; argv++;
 			}
+		} else if (strncmp(argv[0], "blackhole", 9) == 0) {
+			flags |= RTF_BLACKHOLE;
+		} else if (strncmp(argv[0], "reject", 6) == 0) {
+			flags |= RTF_REJECT;
 		} else if (strncmp(argv[0], "trail", 5) == 0) {
 			/* XXX deprecated and undocumented feature */
 			printf("%s: Sending trailers is no longer supported\n",
@@ -616,8 +620,8 @@
 		"       arp [-n] [-i interface] -a",
 		"       arp -d hostname [pub]",
 		"       arp -d -a",
-		"       arp -s hostname ether_addr [temp] [pub]",
-		"       arp -S hostname ether_addr [temp] [pub]",
+		"       arp -s hostname ether_addr [temp] [pub [only]] [reject] [blackhole]",
+		"       arp -S hostname ether_addr [temp] [pub [only]] [reject] [blackhole]",
 		"       arp -f filename");
 	exit(1);
 }
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503251437.j2PEbcRh011883>