Extra sanity check when arp proxyall is enabled. Don't send an arp

reply if the requesting machine isn't on the interface we believe
it should be. Prevents arp wars when you plug cables in the wrong
way around.

PR:		9848
Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
Not objected to by:	wollman

1 files changed, 26 insertions, 0 deletions

diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c
index 1125455..97dc239 100644
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@@ -666,6 +666,32 @@ reply:
 			(void)memcpy(ea->arp_tha, ea->arp_sha, sizeof(ea->arp_sha));
 			(void)memcpy(ea->arp_sha, ac->ac_enaddr, sizeof(ea->arp_sha));
 			rtfree(rt);
+
+			/*
+			 * Also check that the node which sent the ARP packet
+			 * is on the the interface we expect it to be on. This
+			 * avoids ARP chaos if an interface is connected to the
+			 * wrong network.
+			 */
+			sin.sin_addr = isaddr;
+
+			rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL);
+			if (!rt) {
+				m_freem(m);
+				return;
+			}
+			if (rt->rt_ifp != &ac->ac_if) {
+				log(LOG_INFO, "arp_proxy: ignoring request"
+				    " from %s via %s%d, expecting %s%d\n",
+				    inet_ntoa(isaddr), ac->ac_if.if_name,
+				    ac->ac_if.if_unit, rt->rt_ifp->if_name,
+				    rt->rt_ifp->if_unit);
+				rtfree(rt);
+				m_freem(m);
+				return;
+			}
+			rtfree(rt);
+
 #ifdef DEBUG_PROXY
 			printf("arp: proxying for %s\n",
 			       inet_ntoa(itaddr));