提交 23d268eb 编写于 作者: I Ihar Hrachyshka 提交者: David S. Miller

arp: honour gratuitous ARP _replies_

When arp_accept is 1, gratuitous ARPs are supposed to override matching
entries irrespective of whether they arrive during locktime. This was
implemented in commit 56022a8f ("ipv4: arp: update neighbour address
when a gratuitous arp is received and arp_accept is set")

There is a glitch in the patch though. RFC 2002, section 4.6, "ARP,
Proxy ARP, and Gratuitous ARP", defines gratuitous ARPs so that they can
be either of Request or Reply type. Those Reply gratuitous ARPs can be
triggered with standard tooling, for example, arping -A option does just
that.

This patch fixes the glitch, making both Request and Reply flavours of
gratuitous ARPs to behave identically.

As per RFC, if gratuitous ARPs are of Reply type, their Target Hardware
Address field should also be set to the link-layer address to which this
cache entry should be updated. The field is present in ARP over Ethernet
but not in IEEE 1394. In this patch, I don't consider any broadcasted
ARP replies as gratuitous if the field is not present, to conform the
standard. It's not clear whether there is such a thing for IEEE 1394 as
a gratuitous ARP reply; until it's cleared up, we will ignore such
broadcasts. Note that they will still update existing ARP cache entries,
assuming they arrive out of locktime time interval.
Signed-off-by: NIhar Hrachyshka <ihrachys@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 2432a3fb
...@@ -653,6 +653,7 @@ static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb) ...@@ -653,6 +653,7 @@ static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb)
unsigned char *arp_ptr; unsigned char *arp_ptr;
struct rtable *rt; struct rtable *rt;
unsigned char *sha; unsigned char *sha;
unsigned char *tha = NULL;
__be32 sip, tip; __be32 sip, tip;
u16 dev_type = dev->type; u16 dev_type = dev->type;
int addr_type; int addr_type;
...@@ -724,6 +725,7 @@ static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb) ...@@ -724,6 +725,7 @@ static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb)
break; break;
#endif #endif
default: default:
tha = arp_ptr;
arp_ptr += dev->addr_len; arp_ptr += dev->addr_len;
} }
memcpy(&tip, arp_ptr, 4); memcpy(&tip, arp_ptr, 4);
...@@ -842,8 +844,18 @@ static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb) ...@@ -842,8 +844,18 @@ static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb)
It is possible, that this option should be enabled for some It is possible, that this option should be enabled for some
devices (strip is candidate) devices (strip is candidate)
*/ */
is_garp = arp->ar_op == htons(ARPOP_REQUEST) && tip == sip && is_garp = tip == sip && addr_type == RTN_UNICAST;
addr_type == RTN_UNICAST;
/* Unsolicited ARP _replies_ also require target hwaddr to be
* the same as source.
*/
if (is_garp && arp->ar_op == htons(ARPOP_REPLY))
is_garp =
/* IPv4 over IEEE 1394 doesn't provide target
* hardware address field in its ARP payload.
*/
tha &&
!memcmp(tha, sha, dev->addr_len);
if (!n && if (!n &&
((arp->ar_op == htons(ARPOP_REPLY) && ((arp->ar_op == htons(ARPOP_REPLY) &&
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册