From owner-freebsd-bugs@FreeBSD.ORG Fri Mar 25 14:40:03 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C78E16A4CE for ; Fri, 25 Mar 2005 14:40:03 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24DC643D5A for ; Fri, 25 Mar 2005 14:40:03 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j2PEe3tf041369 for ; Fri, 25 Mar 2005 14:40:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j2PEe2f0041368; Fri, 25 Mar 2005 14:40:03 GMT (envelope-from gnats) Resent-Date: Fri, 25 Mar 2005 14:40:03 GMT Resent-Message-Id: <200503251440.j2PEe2f0041368@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dan Lukes Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74E3416A4CE for ; Fri, 25 Mar 2005 14:37:44 +0000 (GMT) Received: from kulesh.obluda.cz (kulesh.obluda.cz [193.179.22.243]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24CF343D1D for ; Fri, 25 Mar 2005 14:37:42 +0000 (GMT) (envelope-from dan@kulesh.obluda.cz) Received: from kulesh.obluda.cz (localhost.eunet.cz [127.0.0.1]) by kulesh.obluda.cz (8.13.3/8.13.3) with ESMTP id j2PEbcpP011884 for ; Fri, 25 Mar 2005 15:37:38 +0100 (CET) (envelope-from dan@kulesh.obluda.cz) Received: (from root@localhost) by kulesh.obluda.cz (8.13.3/8.13.1/Submit) id j2PEbcRh011883; Fri, 25 Mar 2005 15:37:38 +0100 (CET) (envelope-from dan) Message-Id: <200503251437.j2PEbcRh011883@kulesh.obluda.cz> Date: Fri, 25 Mar 2005 15:37:38 +0100 (CET) From: Dan Lukes To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/79228: [ PATCH ] extend /sbin/arp to be able to create blackhole records X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Dan Lukes List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2005 14:40:03 -0000 >Number: 79228 >Category: bin >Synopsis: [ PATCH ] extend /sbin/arp to be able to create blackhole records >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Mar 25 14:40:02 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Dan Lukes >Release: FreeBSD 5.4-PRERELEASE i386 >Organization: Obludarium >Environment: System: FreeBSD 5.4-PRERELEASE i386 src/usr.sbin/arp/arp.c,v 1.53.2.2 2005/02/13 12:23:52 maxim Exp $" >Description: Current ARP doesn't allow to set LLINFO route records containing RTF_BLACKHOLE or RTF_REJECT flags. Creating records with those flag may be usefull to block external traffic to a host without use of a firewall. As kernel can do it, there seems not to be reason to hide the functionality to userland. >How-To-Repeat: N/A >Fix: --- usr.sbin/arp/arp.c.ORIG Mon Feb 14 12:34:20 2005 +++ usr.sbin/arp/arp.c Fri Mar 25 15:01:35 2005 @@ -326,6 +326,10 @@ dst->sin_other = SIN_PROXY; argc--; argv++; } + } else if (strncmp(argv[0], "blackhole", 9) == 0) { + flags |= RTF_BLACKHOLE; + } else if (strncmp(argv[0], "reject", 6) == 0) { + flags |= RTF_REJECT; } else if (strncmp(argv[0], "trail", 5) == 0) { /* XXX deprecated and undocumented feature */ printf("%s: Sending trailers is no longer supported\n", @@ -616,8 +620,8 @@ " arp [-n] [-i interface] -a", " arp -d hostname [pub]", " arp -d -a", - " arp -s hostname ether_addr [temp] [pub]", - " arp -S hostname ether_addr [temp] [pub]", + " arp -s hostname ether_addr [temp] [pub [only]] [reject] [blackhole]", + " arp -S hostname ether_addr [temp] [pub [only]] [reject] [blackhole]", " arp -f filename"); exit(1); } >Release-Note: >Audit-Trail: >Unformatted: