diff options
author | dwmalone <dwmalone@FreeBSD.org> | 2000-07-13 19:31:01 +0000 |
---|---|---|
committer | dwmalone <dwmalone@FreeBSD.org> | 2000-07-13 19:31:01 +0000 |
commit | 7fa1d09d5fa17bfa814f32b06839053cb8367d54 (patch) | |
tree | b1f54775bc579e754c18786c3d4d367a4b85fdea /sys/netinet/if_ether.c | |
parent | 195565731228c5c1ec70da505fa526705ed4d2ee (diff) | |
download | FreeBSD-src-7fa1d09d5fa17bfa814f32b06839053cb8367d54.zip FreeBSD-src-7fa1d09d5fa17bfa814f32b06839053cb8367d54.tar.gz |
Extra sanity check when arp proxyall is enabled. Don't send an arp
reply if the requesting machine isn't on the interface we believe
it should be. Prevents arp wars when you plug cables in the wrong
way around.
PR: 9848
Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
Not objected to by: wollman
Diffstat (limited to 'sys/netinet/if_ether.c')
-rw-r--r-- | sys/netinet/if_ether.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index 1125455..97dc239 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -666,6 +666,32 @@ reply: (void)memcpy(ea->arp_tha, ea->arp_sha, sizeof(ea->arp_sha)); (void)memcpy(ea->arp_sha, ac->ac_enaddr, sizeof(ea->arp_sha)); rtfree(rt); + + /* + * Also check that the node which sent the ARP packet + * is on the the interface we expect it to be on. This + * avoids ARP chaos if an interface is connected to the + * wrong network. + */ + sin.sin_addr = isaddr; + + rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL); + if (!rt) { + m_freem(m); + return; + } + if (rt->rt_ifp != &ac->ac_if) { + log(LOG_INFO, "arp_proxy: ignoring request" + " from %s via %s%d, expecting %s%d\n", + inet_ntoa(isaddr), ac->ac_if.if_name, + ac->ac_if.if_unit, rt->rt_ifp->if_name, + rt->rt_ifp->if_unit); + rtfree(rt); + m_freem(m); + return; + } + rtfree(rt); + #ifdef DEBUG_PROXY printf("arp: proxying for %s\n", inet_ntoa(itaddr)); |