From owner-freebsd-bugs  Fri Jul 19  2:30:17 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8F02837B400
	for <freebsd-bugs@hub.freebsd.org>; Fri, 19 Jul 2002 02:30:03 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CC4A643E64
	for <freebsd-bugs@hub.freebsd.org>; Fri, 19 Jul 2002 02:30:02 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6J9U2JU004903
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 19 Jul 2002 02:30:02 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6J9U2cv004902;
	Fri, 19 Jul 2002 02:30:02 -0700 (PDT)
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F2D5A37B400
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 19 Jul 2002 02:25:25 -0700 (PDT)
Received: from gw2b.svzserv.kemerovo.su (gw2b.svzserv.kemerovo.su [213.184.65.83])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7131243E42
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 19 Jul 2002 02:25:23 -0700 (PDT)
	(envelope-from sa@gw2b.svzserv.kemerovo.su)
Received: from gw2b.svzserv.kemerovo.su (localhost [127.0.0.1])
	by gw2b.svzserv.kemerovo.su (8.12.5/8.12.5) with ESMTP id g6J8L8qJ014990
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 19 Jul 2002 16:21:08 +0800 (KRAST)
	(envelope-from sa@gw2b.svzserv.kemerovo.su)
Received: (from root@localhost)
	by gw2b.svzserv.kemerovo.su (8.12.5/8.12.5/Submit) id g6J8L85h014989;
	Fri, 19 Jul 2002 16:21:08 +0800 (KRAST)
Message-Id: <200207190821.g6J8L85h014989@gw2b.svzserv.kemerovo.su>
Date: Fri, 19 Jul 2002 16:21:08 +0800 (KRAST)
From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: kern/40763: [UPDATED PATCH] Introduction of non-strict IFF_NOARP semantics
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         40763
>Category:       kern
>Synopsis:       [UPDATED PATCH] Introduction of non-strict IFF_NOARP semantics
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 19 02:30:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 4.6-STABLE i386
>Organization:
Svyaz Service JSC
>Environment:
System: FreeBSD gw2b.svzserv.kemerovo.su 4.6-STABLE FreeBSD 4.6-STABLE #2: Tue Jul 16 12:08:52 KRAST 2002 sa@gw2b.svzserv.kemerovo.su:/usr/obj/usr/src/sys/GW2 i386

>Description:
	This PR obsoletes kern/36373 providing patch for 4.6-STABLE.

        FreeBSD currently handles flag NOARP for network interface
        in the way that completely disables ARP for that interface.
        It's often too strict for real world operations. Sometimes
        we just want ARP table to be protected from modification
        via public interface but gateway must respond to ARP queries
        for its own MAC address. So, this host can cooperate with
        known hosts only (using preloaded ARP table) and can act as gateway
        for them and those hosts are not forced to have static ARP
        records themselves. The patches implementing such behavour
        float around for long time. Here is an adaptaion of one such patch
        for 4.6-STABLE. It introduces new sysctl named
        net.link.ether.inet.strict_noarp with default value of 1.
        This value corresponds to current meaning of IFF_NOARP.
        One can change it to 0 to enable host to reply to ARP queries;
        the ARP table is still protected from modifications
        via interfaces marked as NOARP.
	
>How-To-Repeat:

        There is no problem, see above.

>Fix:

        Apply this patch.

Index: sys/net/if_ethersubr.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.70.2.27
diff -u -r1.70.2.27 if_ethersubr.c
--- sys/net/if_ethersubr.c	9 Jul 2002 09:11:41 -0000	1.70.2.27
+++ sys/net/if_ethersubr.c	19 Jul 2002 05:59:50 -0000
@@ -99,6 +99,10 @@
 extern u_char	aarp_org_code[3];
 #endif /* NETATALK */
 
+#ifdef INET
+extern int	strict_noarp;		/* defined in src/netinet/if_ether.c */
+#endif
+
 /* netgraph node hooks for ng_ether(4) */
 void	(*ng_ether_input_p)(struct ifnet *ifp,
 		struct mbuf **mp, struct ether_header *eh);
@@ -691,11 +695,12 @@
 		break;
 
 	case ETHERTYPE_ARP:
-		if (ifp->if_flags & IFF_NOARP) {
+		if (strict_noarp && (ifp->if_flags & IFF_NOARP)) {
 			/* Discard packet if ARP is disabled on interface */
 			m_freem(m);
 			return;
 		}
+
 		schednetisr(NETISR_ARP);
 		inq = &arpintrq;
 		break;
Index: sys/netinet/if_ether.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.64.2.19
diff -u -r1.64.2.19 if_ether.c
--- sys/netinet/if_ether.c	18 Jun 2002 00:15:31 -0000	1.64.2.19
+++ sys/netinet/if_ether.c	19 Jul 2002 05:59:50 -0000
@@ -107,6 +107,7 @@
 static int	arp_maxtries = 5;
 static int	useloopback = 1; /* use loopback interface for local traffic */
 static int	arp_proxyall = 0;
+int	strict_noarp = 1;	 /* used in src/net/if_ethersubr.c */
 
 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW,
 	   &arp_maxtries, 0, "");
@@ -114,6 +115,8 @@
 	   &useloopback, 0, "");
 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW,
 	   &arp_proxyall, 0, "");
+SYSCTL_INT(_net_link_ether_inet, OID_AUTO, strict_noarp, CTLFLAG_RW,
+	   &strict_noarp, 0, "");
 
 static void	arp_rtrequest __P((int, struct rtentry *, struct rt_addrinfo *));
 static void	arprequest __P((struct ifnet *,
@@ -456,7 +459,7 @@
 	 * Probably should not allocate empty llinfo struct if we are
 	 * not going to be sending out an arp request.
 	 */
-	if (ifp->if_flags & IFF_NOARP) {
+	if (strict_noarp && (ifp->if_flags & IFF_NOARP)) {
 		m_freem(m);
 		return (0);
 	}
@@ -651,6 +654,7 @@
 		itaddr = myaddr;
 		goto reply;
 	}
+	if (strict_noarp || !(ifp->if_flags & IFF_NOARP)) {
 	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
 	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
 		/* the following is not an error when doing bridging */
@@ -740,6 +744,7 @@
 				rt_key(rt), rt);
 			la->la_hold = 0;
 		}
+	}
 	}
 reply:
 	if (op != ARPOP_REQUEST) {

Eugene Grosbein
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message