Date: Thu, 6 Dec 2001 10:48:16 +0700 From: Eugene Grosbein <eugen@www.svzserv.kemerovo.su> To: Ruslan Ermilov <ru@FreeBSD.ORG> Cc: Eugene Grosbein <eugen@grosbein.pp.ru>, net@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: NOARP - gateway must answer and have frozen ARP table Message-ID: <20011206104816.A10151@svzserv.kemerovo.su> In-Reply-To: <20011205193859.B79705@sunbay.com>; from ru@FreeBSD.ORG on Wed, Dec 05, 2001 at 07:38:59PM %2B0200 References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 05, 2001 at 07:38:59PM +0200, Ruslan Ermilov wrote: > The below patch implements this facility, activated by setting the > net.link.ether.inet.static_arp sysctl to a non-zero value. It also > fixes an mbuf leak in arpresolve() if IFF_NOARP flag is set on an > interface, and an address resolution is attempted over it. > > I am also going to add support for static ARP table to rc.conf(5), > which should address PR conf/23063. > > Let me know what do you think about the patch. I tried this and this works. But our configuration demands that modifications of ARP table must be ignored only for some of interfaces while others (non-public) can use ARP. So that your patch is still useless :( Perhaps, sysctl should change meaning of NOARP flag? This would allow more flexible per-interface scheme. Or it might be possible to use hw.atamodes scheme. Eugene Grosbein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011206104816.A10151>