Date: Sun, 28 Jan 2001 07:56:47 +0100 (CET) From: drwilco@drwilco.net To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: kern/24720: Bridging code does not always check activation (w/patch) Message-ID: <200101280656.f0S6ul800782@hera.drwilco.net>
next in thread | raw e-mail | index | archive | help
>Number: 24720
>Category: kern
>Synopsis: Bridging code does not always check activation (w/patch)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 29 08:20:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Rogier R. Mulhuijzen
>Release: FreeBSD 4.2-STABLE & FreeBSD 5.0-CURRENT
>Organization:
>Environment:
Running stable on gateway with BRIDGE, but bridging switched off with sysctl
>Description:
When the kernel is compiled with BRIDGE certain checks are skipped. Even when the bridging has been disabled with the net.link.ether.bridge sysctl. This has the effect that when 2 interfaces are plugged into the same switch/bridge (but are on a different subnet) ARP requests are answered on both interfaces for the same IP with different MAC addresses.
>How-To-Repeat:
configure 2 NICs, plug both into the same hub/switch/bridge, start 'tcpdump -i <interface> arp' on both interfaces, ping 1 IP from a 2nd host and watch the sparks fly.
>Fix:
in sys/netinet/if_ether.c there are 2 places where an #ifdef BRIDGE assumes the bridging code is actually activated. Patch applies cleanly to both STABLE and CURRENT (both not more than a few days old)
--- sys/netinet/if_ether.c.old Wed Jan 24 01:05:06 2001
+++ sys/netinet/if_ether.c Sun Jan 28 06:46:27 2001
@@ -59,6 +59,10 @@
#include <net/route.h>
#include <net/netisr.h>
#include <net/if_llc.h>
+#ifdef BRIDGE
+#include <net/ethernet.h>
+#include <net/bridge.h>
+#endif
#include <netinet/in.h>
#include <netinet/in_var.h>
@@ -525,14 +529,16 @@
* of the receive interface. (This will change slightly
* when we have clusters of interfaces).
*/
- {
+ if (!do_bridge) {
#else
- if (ia->ia_ifp == &ac->ac_if) {
+ {
#endif
- maybe_ia = ia;
- if ((itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) ||
- (isaddr.s_addr == ia->ia_addr.sin_addr.s_addr))
- break;
+ if (ia->ia_ifp == &ac->ac_if) {
+ maybe_ia = ia;
+ if ((itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) ||
+ (isaddr.s_addr == ia->ia_addr.sin_addr.s_addr))
+ break;
+ }
}
if (maybe_ia == 0) {
m_freem(m);
@@ -561,17 +567,21 @@
}
la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
-#ifndef BRIDGE /* the following is not an error when doing bridging */
- if (rt->rt_ifp != &ac->ac_if) {
- if (log_arp_wrong_iface)
- log(LOG_ERR, "arp: %s is on %s%d but got reply from %6D on %s%d\n",
- inet_ntoa(isaddr),
- rt->rt_ifp->if_name, rt->rt_ifp->if_unit,
- ea->arp_sha, ":",
- ac->ac_if.if_name, ac->ac_if.if_unit);
- goto reply;
- }
+#ifdef BRIDGE
+ if (!do_bridge) { /* the following is not an error when doing bridging */
+#else
+ {
#endif
+ if (rt->rt_ifp != &ac->ac_if) {
+ if (log_arp_wrong_iface)
+ log(LOG_ERR, "arp: %s is on %s%d but got reply from %6D on %s%d\n",
+ inet_ntoa(isaddr),
+ rt->rt_ifp->if_name, rt->rt_ifp->if_unit,
+ ea->arp_sha, ":",
+ ac->ac_if.if_name, ac->ac_if.if_unit);
+ goto reply;
+ }
+ }
if (sdl->sdl_alen &&
bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen)) {
if (rt->rt_expire)
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101280656.f0S6ul800782>