Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 26 Apr 1998 18:33:33 +0300
From:      Alexander Matey <lx@hosix.ntu-kpi.kiev.ua>
To:        freebsd-hackers@FreeBSD.ORG
Subject:   Static ARP (IFF_NOARP usage in ethernet interfaces)
Message-ID:  <19980426183333.38119@hosix.ntu-kpi.kiev.ua>

next in thread | raw e-mail | index | archive | help

--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=us-ascii

    Hi!

    I'd like to discuss the usage of IFF_NOARP flag in if_ether.c -- the
place where ethernet arp is implemented.
    One time I've tried to make arp work in static mode on an ethernet 
interface. Static arp here should be understood as a mode where all who-has
requests from outside are ignored and similar requests from our host are not
broadcasted. However you're still able to manage arp table manually by the
help of arp(8). This was what I needed.
    But all my tries to disable arp requests/replies on a particular
ethernet interface have failed (ifconfig xxx -arp). IFF_NOARP flag seemed
to be ignored, so I decided to look through kernel sources (FreeBSD 2.2.6-
RELEASE). I've realized that the only place where IFF_NOARP have been used 
was netatalk/aarp.c -- appletalk arp implementation.
    Therefore I've done a patch for if_ether.c which takes into account
the state of IFF_NOARP flag and completely disables arp requests and replies 
on a particular ethernet interface. If kernel is compiled with -DARP_HACK it
changes the behavior of -arp option to answering who-has queries but leaves
broadcasting of these queries from our side disabled.
    Is it possible to commit these changes to -stable (maybe -current) 
branches ? I think it would be of use to people.
    Any suggestions will be appreciated.

    Attached.

    bye, lx.

--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch-aa

--- /sys/netinet/if_ether.c.org	Wed May 14 19:43:56 1997
+++ /sys/netinet/if_ether.c	Sun Apr 26 16:47:25 1998
@@ -277,8 +277,14 @@
 	register struct ether_header *eh;
 	register struct ether_arp *ea;
 	struct sockaddr sa;
 
+/* PATCH BEGIN -lx- */
+	if((ac->ac_if.if_flags & IFF_NOARP) != 0) {
+		return;
+	}
+/* PATCH END */
+
 	if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL)
 		return;
 	m->m_len = sizeof(*ea);
 	m->m_pkthdr.len = sizeof(*ea);
@@ -353,8 +359,14 @@
 	    sdl->sdl_family == AF_LINK && sdl->sdl_alen != 0) {
 		bcopy(LLADDR(sdl), desten, sdl->sdl_alen);
 		return 1;
 	}
+/* PATCH BEGIN -lx- */
+	if((ac->ac_if.if_flags & IFF_NOARP) != 0) {
+		m_freem(m);
+		return (0);
+	} 
+/* PATCH END */
 	/*
 	 * There is an arptab entry, but no ethernet address
 	 * response yet.  Replace the held mbuf with this
 	 * latest one.
@@ -399,8 +411,13 @@
 		splx(s);
 		if (m == 0 || (m->m_flags & M_PKTHDR) == 0)
 			panic("arpintr");
 		if (m->m_len >= sizeof(struct arphdr) &&
+/* PATCH BEGIN -lx- */
+#ifndef ARP_HACK
+                    (m->m_pkthdr.rcvif->if_flags & IFF_NOARP) == 0 &&
+#endif
+/* PATCH END */
 		    (ar = mtod(m, struct arphdr *)) &&
 		    ntohs(ar->ar_hrd) == ARPHRD_ETHER &&
 		    m->m_len >=
 		      sizeof(struct arphdr) + 2 * ar->ar_hln + 2 * ar->ar_pln)
@@ -481,8 +498,16 @@
 		   ea->arp_sha, ":", inet_ntoa(isaddr));
 		itaddr = myaddr;
 		goto reply;
 	}
+
+/* PATCH BEGIN -lx- */
+#ifdef ARP_HACK
+	if ((ac->ac_if.if_flags & IFF_NOARP) != 0) {
+		goto reply;
+	}
+#endif
+/* PATCH END */
 	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
 	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
 		if (sdl->sdl_alen &&
 		    bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen))

--ew6BAiZeqk4r7MaW--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980426183333.38119>