Date: Sun, 26 Apr 1998 18:33:33 +0300 From: Alexander Matey <lx@hosix.ntu-kpi.kiev.ua> To: freebsd-hackers@FreeBSD.ORG Subject: Static ARP (IFF_NOARP usage in ethernet interfaces) Message-ID: <19980426183333.38119@hosix.ntu-kpi.kiev.ua>
next in thread | raw e-mail | index | archive | help
--ew6BAiZeqk4r7MaW Content-Type: text/plain; charset=us-ascii Hi! I'd like to discuss the usage of IFF_NOARP flag in if_ether.c -- the place where ethernet arp is implemented. One time I've tried to make arp work in static mode on an ethernet interface. Static arp here should be understood as a mode where all who-has requests from outside are ignored and similar requests from our host are not broadcasted. However you're still able to manage arp table manually by the help of arp(8). This was what I needed. But all my tries to disable arp requests/replies on a particular ethernet interface have failed (ifconfig xxx -arp). IFF_NOARP flag seemed to be ignored, so I decided to look through kernel sources (FreeBSD 2.2.6- RELEASE). I've realized that the only place where IFF_NOARP have been used was netatalk/aarp.c -- appletalk arp implementation. Therefore I've done a patch for if_ether.c which takes into account the state of IFF_NOARP flag and completely disables arp requests and replies on a particular ethernet interface. If kernel is compiled with -DARP_HACK it changes the behavior of -arp option to answering who-has queries but leaves broadcasting of these queries from our side disabled. Is it possible to commit these changes to -stable (maybe -current) branches ? I think it would be of use to people. Any suggestions will be appreciated. Attached. bye, lx. --ew6BAiZeqk4r7MaW Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=patch-aa --- /sys/netinet/if_ether.c.org Wed May 14 19:43:56 1997 +++ /sys/netinet/if_ether.c Sun Apr 26 16:47:25 1998 @@ -277,8 +277,14 @@ register struct ether_header *eh; register struct ether_arp *ea; struct sockaddr sa; +/* PATCH BEGIN -lx- */ + if((ac->ac_if.if_flags & IFF_NOARP) != 0) { + return; + } +/* PATCH END */ + if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL) return; m->m_len = sizeof(*ea); m->m_pkthdr.len = sizeof(*ea); @@ -353,8 +359,14 @@ sdl->sdl_family == AF_LINK && sdl->sdl_alen != 0) { bcopy(LLADDR(sdl), desten, sdl->sdl_alen); return 1; } +/* PATCH BEGIN -lx- */ + if((ac->ac_if.if_flags & IFF_NOARP) != 0) { + m_freem(m); + return (0); + } +/* PATCH END */ /* * There is an arptab entry, but no ethernet address * response yet. Replace the held mbuf with this * latest one. @@ -399,8 +411,13 @@ splx(s); if (m == 0 || (m->m_flags & M_PKTHDR) == 0) panic("arpintr"); if (m->m_len >= sizeof(struct arphdr) && +/* PATCH BEGIN -lx- */ +#ifndef ARP_HACK + (m->m_pkthdr.rcvif->if_flags & IFF_NOARP) == 0 && +#endif +/* PATCH END */ (ar = mtod(m, struct arphdr *)) && ntohs(ar->ar_hrd) == ARPHRD_ETHER && m->m_len >= sizeof(struct arphdr) + 2 * ar->ar_hln + 2 * ar->ar_pln) @@ -481,8 +498,16 @@ ea->arp_sha, ":", inet_ntoa(isaddr)); itaddr = myaddr; goto reply; } + +/* PATCH BEGIN -lx- */ +#ifdef ARP_HACK + if ((ac->ac_if.if_flags & IFF_NOARP) != 0) { + goto reply; + } +#endif +/* PATCH END */ la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0); if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) { if (sdl->sdl_alen && bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen)) --ew6BAiZeqk4r7MaW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980426183333.38119>