Only delete the route if arplookup() tried to create it. Do not delete

RTF_STATIC routes. Do not check for RTF_HOST so as to avoid being DoSed
when an RTF_GENMASK route exists in the table.

Add a more verbose comment about exactly what this code does.

Submitted by:	ru

1 files changed, 13 insertions, 8 deletions

diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c
index 05b47e8..ab54fd9 100644
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@@ -921,16 +921,21 @@ arplookup(addr, create, proxy)
 		why = "gateway route is not ours";
 
 	if (why) {
-		if (create)
+		if (create) {
 			log(LOG_DEBUG, "arplookup %s failed: %s\n",
 			    inet_ntoa(sin.sin_addr), why);
-
-		/* If there are no references to this route, purge it */
-		if (rt->rt_refcnt <= 0 && (rt->rt_flags & RTF_WASCLONED)) {
-			rtrequest(RTM_DELETE,
-					(struct sockaddr *)rt_key(rt),
-					rt->rt_gateway, rt_mask(rt),
-					rt->rt_flags, 0);
+			/*
+			 * If there are no references to this Layer 2 route,
+			 * and it is a cloned route, and not static, and
+			 * arplookup() is creating the route, then purge
+			 * it from the routing table as it is probably bogus.
+			 */
+			if (((rt->rt_flags & (RTF_STATIC | RTF_WASCLONED)) ==
+			    RTF_WASCLONED) && (rt->rt_refcnt == 0))
+				rtrequest(RTM_DELETE,
+				    (struct sockaddr *)rt_key(rt),
+				    rt->rt_gateway, rt_mask(rt),
+				    rt->rt_flags, 0);
 		}
 		return (0);
 	}