From dan@kulesh.obluda.cz  Fri Mar 25 14:37:44 2005
Return-Path: <dan@kulesh.obluda.cz>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 74E3416A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 25 Mar 2005 14:37:44 +0000 (GMT)
Received: from kulesh.obluda.cz (kulesh.obluda.cz [193.179.22.243])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 24CF343D1D
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 25 Mar 2005 14:37:42 +0000 (GMT)
	(envelope-from dan@kulesh.obluda.cz)
Received: from kulesh.obluda.cz (localhost.eunet.cz [127.0.0.1])
	by kulesh.obluda.cz (8.13.3/8.13.3) with ESMTP id j2PEbcpP011884
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 25 Mar 2005 15:37:38 +0100 (CET)
	(envelope-from dan@kulesh.obluda.cz)
Received: (from root@localhost)
	by kulesh.obluda.cz (8.13.3/8.13.1/Submit) id j2PEbcRh011883;
	Fri, 25 Mar 2005 15:37:38 +0100 (CET)
	(envelope-from dan)
Message-Id: <200503251437.j2PEbcRh011883@kulesh.obluda.cz>
Date: Fri, 25 Mar 2005 15:37:38 +0100 (CET)
From: Dan Lukes <dan@obluda.cz>
Reply-To: Dan Lukes <dan@obluda.cz>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [ PATCH ] extend /sbin/arp to be able to create blackhole records
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         79228
>Category:       bin
>Synopsis:       [patch] extend arp(8) to be able to create blackhole records
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-net
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 25 14:40:02 GMT 2005
>Closed-Date:    Tue Mar 01 10:14:26 EST 2011
>Last-Modified:  Tue Mar  1 20:10:12 UTC 2011
>Originator:     Dan Lukes
>Release:        FreeBSD 5.4-PRERELEASE i386
>Organization:
Obludarium
>Environment:
System: FreeBSD 5.4-PRERELEASE i386
src/usr.sbin/arp/arp.c,v 1.53.2.2 2005/02/13 12:23:52 maxim Exp $"

>Description:
	Current ARP doesn't allow to set LLINFO route records containing 
RTF_BLACKHOLE or RTF_REJECT flags.

	Creating records with those flag may be usefull to block external 
traffic to a host without use of a firewall.

	As kernel can do it, there seems not to be reason to hide the 
functionality to userland.

>How-To-Repeat:
	N/A
>Fix:

	

--- usr.sbin/arp/arp.c.ORIG	Mon Feb 14 12:34:20 2005
+++ usr.sbin/arp/arp.c	Fri Mar 25 15:01:35 2005
@@ -326,6 +326,10 @@
 				dst->sin_other = SIN_PROXY;
 				argc--; argv++;
 			}
+		} else if (strncmp(argv[0], "blackhole", 9) == 0) {
+			flags |= RTF_BLACKHOLE;
+		} else if (strncmp(argv[0], "reject", 6) == 0) {
+			flags |= RTF_REJECT;
 		} else if (strncmp(argv[0], "trail", 5) == 0) {
 			/* XXX deprecated and undocumented feature */
 			printf("%s: Sending trailers is no longer supported\n",
@@ -616,8 +620,8 @@
 		"       arp [-n] [-i interface] -a",
 		"       arp -d hostname [pub]",
 		"       arp -d -a",
-		"       arp -s hostname ether_addr [temp] [pub]",
-		"       arp -S hostname ether_addr [temp] [pub]",
+		"       arp -s hostname ether_addr [temp] [pub [only]] [reject] [blackhole]",
+		"       arp -S hostname ether_addr [temp] [pub [only]] [reject] [blackhole]",
 		"       arp -f filename");
 	exit(1);
 }
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: vwe 
Responsible-Changed-When: Sun Mar 9 20:46:12 UTC 2008 
Responsible-Changed-Why:  

Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=79228 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/79228: commit references a PR
Date: Tue, 18 Mar 2008 21:45:32 +0000 (UTC)

 sam         2008-03-18 21:45:27 UTC
 
   FreeBSD src repository
 
   Modified files:
     usr.sbin/arp         arp.8 arp.c 
   Log:
   add reject+blackhole keywords to install entries with RTF_BLACKHOLE
   and RTF_REJECT, respectively
   
   PR:             bin/79228
   Submitted by:   Dan Lukes <dan@obluda.cz>
   MFC after:      2 weeks
   
   Revision  Changes    Path
   1.26      +16 -0     src/usr.sbin/arp/arp.8
   1.67      +7 -4      src/usr.sbin/arp/arp.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 

From: Dan Lukes <dan@obluda.cz>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/79228: [patch] extend arp(8) to be able to create blackhole
 records
Date: Thu, 10 Dec 2009 11:50:53 +0100

 Already commited and MFCed into 7-R
 
 It seems it will not be MFCed into 6-R anymore.
 
 This PR should be closed.
 
 				Dan
State-Changed-From-To: open->closed 
State-Changed-By: eadler 
State-Changed-When: Tue Mar 1 10:14:25 EST 2011 
State-Changed-Why:  
This PR is fixed in head, 8.x and 7.x, but will not be merged to 6.x now 
that that branch is unsupported, sorry 

http://www.freebsd.org/cgi/query-pr.cgi?pr=79228 

From: Dan Lukes <dan@obluda.cz>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/79228: [patch] extend arp(8) to be able to create blackhole
 records
Date: Tue, 01 Mar 2011 21:05:22 +0100

 Not true, it doesn't work in 8.x nor in HEAD. It disappeared during 
 rewrite of network stack.
 
 But current problem is not related to this PR, so there is no reason to 
 unclose it.
 
 This PR has been submited in 2005, reviewed and committed in 2008, I 
 requested it's close in 2009. Not surprising when outdated a lot in 2011 ...
 
 Anyway, thank to anybody who spent time to solve the problem ...
 
 Dan
>Unformatted:
