From fujiwara@f.rcac.tdi.co.jp  Sun Feb 11 09:08:21 2001
Return-Path: <fujiwara@f.rcac.tdi.co.jp>
Received: from f.rcac.tdi.co.jp (spacecraft2.f.rcac.tdi.co.jp [211.15.38.174])
	by hub.freebsd.org (Postfix) with SMTP id 8702637B491
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Feb 2001 09:08:20 -0800 (PST)
Received: (qmail 963 invoked by uid 100); 11 Feb 2001 17:08:16 -0000
Message-Id: <20010211170816.962.qmail@f.rcac.tdi.co.jp>
Date: 11 Feb 2001 17:08:16 -0000
From: fujiwara@rcac.tdi.co.jp
Reply-To: fujiwara@rcac.tdi.co.jp
To: FreeBSD-gnats-submit@freebsd.org
Cc: fujiwara@rcac.tdi.co.jp
Subject: cannot ignore arp (ifconfig -arp doesn't work)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         25006
>Category:       kern
>Synopsis:       cannot ignore arp (ifconfig -arp doesn't work)
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    ru
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 11 09:10:01 PST 2001
>Closed-Date:    Fri Jun 15 14:00:59 PDT 2001
>Last-Modified:  Fri Jun 15 14:01:19 PDT 2001
>Originator:     Kazunori_Fujiwara
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
TDI Co.,LTD
>Environment:
System: FreeBSD spacecraft.f.rcac.tdi.co.jp 5.0-CURRENT FreeBSD 5.0-CURRENT #1: Mon Feb 12 01:44:52 JST 2001 fujiwara@spacecraft.f.rcac.tdi.co.jp:/usr/src/sys/compile/SPACECRAFT i386

	current, stable, 4.2-RELEASE, ....

>Description:

  ifconfig ether_interface -arp

  but cannot ignore ARP.
  We want to use static arp configuration for firewall.

>How-To-Repeat:


>Fix:
patch from OpenBSD.
I checked only ethernet interface.

Index: net/if_ethersubr.c
===================================================================
RCS file: /FreeBSD-CVS/src/sys/net/if_ethersubr.c,v
retrieving revision 1.90
diff -u -r1.90 if_ethersubr.c
--- net/if_ethersubr.c	2001/02/10 00:10:13	1.90
+++ net/if_ethersubr.c	2001/02/10 10:50:06
@@ -539,6 +539,8 @@
 		break;
 
 	case ETHERTYPE_ARP:
+		if (ifp->if_flags & IFF_NOARP)
+			goto dropanyway;
 		schednetisr(NETISR_ARP);
 		inq = &arpintrq;
 		break;
@@ -635,6 +637,7 @@
 			return;
 		}
 #else /* NETATALK */
+		dropanyway:
 		if (ng_ether_input_orphan_p != NULL)
 			(*ng_ether_input_orphan_p)(ifp, m, eh);
 		else
Index: net/if_fddisubr.c
===================================================================
RCS file: /FreeBSD-CVS/src/sys/net/if_fddisubr.c,v
retrieving revision 1.49
diff -u -r1.49 if_fddisubr.c
--- net/if_fddisubr.c	2001/02/04 13:12:56	1.49
+++ net/if_fddisubr.c	2001/02/10 10:47:10
@@ -444,6 +444,8 @@
 			break;
 
 		case ETHERTYPE_ARP:
+			if (ifp->if_flags & IFF_NOARP)
+				goto dropanyway;
 #if !defined(__bsdi__) || _BSDI_VERSION >= 199401
 			schednetisr(NETISR_ARP);
 			inq = &arpintrq;
Index: if_ether.c
===================================================================
RCS file: /FreeBSD-CVS/src/sys/netinet/if_ether.c,v
retrieving revision 1.78
diff -u -r1.78 if_ether.c
--- netinet/if_ether.c	2001/02/10 00:10:18	1.78
+++ netinet/if_ether.c	2001/02/11 16:44:38
@@ -403,6 +403,9 @@
 		bcopy(LLADDR(sdl), desten, sdl->sdl_alen);
 		return 1;
 	}
+	if (ac->ac_if.if_flags & IFF_NOARP)
+		return 0;
+
 	/*
 	 * There is an arptab entry, but no ethernet address
 	 * response yet.  Replace the held mbuf with this

>Release-Note:
>Audit-Trail:

From: Brooks Davis <brooks@one-eyed-alien.net>
To: freebsd-bugs@freebsd.org
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: kern/25006: cannot ignore arp (ifconfig -arp doesn't work)
Date: Sat, 2 Jun 2001 12:56:39 -0700

 --IiVenqGWf+H9Y6IX
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 I took a look at this and verified that yes, it is a bug and the patch
 does fix it (at least for Ethernet).  One potential minor issue with it is
 that you still end up with "incomplete" ARP entries for hosts you don't
 have static entries for.  I think that's pretty much harmless though.
 Below is an updated patch against a May 30th current.  The only real
 changes from the origional are Token Ring support and a comment change.
 
 -- Brooks
 
 Index: net/if_ethersubr.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sys/net/if_ethersubr.c,v
 retrieving revision 1.93
 diff -u -r1.93 if_ethersubr.c
 --- net/if_ethersubr.c	2001/05/02 16:12:58	1.93
 +++ net/if_ethersubr.c	2001/06/02 17:35:17
 @@ -542,6 +542,8 @@
  		break;
 =20
  	case ETHERTYPE_ARP:
 +		if (ifp->if_flags & IFF_NOARP)
 +			goto dropanyway;
  		schednetisr(NETISR_ARP);
  		inq =3D &arpintrq;
  		break;
 @@ -638,6 +640,7 @@
  			return;
  		}
  #else /* NETATALK */
 +		dropanyway:
  		if (ng_ether_input_orphan_p !=3D NULL)
  			(*ng_ether_input_orphan_p)(ifp, m, eh);
  		else
 Index: net/if_fddisubr.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sys/net/if_fddisubr.c,v
 retrieving revision 1.50
 diff -u -r1.50 if_fddisubr.c
 --- net/if_fddisubr.c	2001/03/11 05:31:41	1.50
 +++ net/if_fddisubr.c	2001/06/02 05:50:55
 @@ -443,6 +443,8 @@
  			break;
 =20
  		case ETHERTYPE_ARP:
 +			if (ifp->if_flags & IFF_NOARP)
 +				goto dropanyway;
  #if !defined(__bsdi__) || _BSDI_VERSION >=3D 199401
  			schednetisr(NETISR_ARP);
  			inq =3D &arpintrq;
 Index: net/if_iso88025subr.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sys/net/if_iso88025subr.c,v
 retrieving revision 1.16
 diff -u -r1.16 if_iso88025subr.c
 --- net/if_iso88025subr.c	2001/03/18 05:43:25	1.16
 +++ net/if_iso88025subr.c	2001/06/02 05:52:04
 @@ -473,6 +473,8 @@
  			break;
 =20
  		case ETHERTYPE_ARP:
 +			if (ifp->if_flags & IFF_NOARP)
 +				goto dropanyway;
  			schednetisr(NETISR_ARP);
  			inq =3D &arpintrq;
  			break;
 Index: netinet/if_ether.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v
 retrieving revision 1.79
 diff -u -r1.79 if_ether.c
 --- netinet/if_ether.c	2001/03/27 12:34:58	1.79
 +++ netinet/if_ether.c	2001/06/02 19:45:27
 @@ -403,6 +403,8 @@
  		bcopy(LLADDR(sdl), desten, sdl->sdl_alen);
  		return 1;
  	}
 +	if (ac->ac_if.if_flags & IFF_NOARP)
 +		return 0;
  	/*
  	 * There is an arptab entry, but no ethernet address
  	 * response yet.  Replace the held mbuf with this
 @@ -484,7 +486,8 @@
 =20
  #ifdef INET
  /*
 - * ARP for Internet protocols on 10 Mb/s Ethernet.
 + * ARP for Internet protocols on IEEE 802 protocols (Ethernet, FDDI,
 + * and Token Ring).
   * Algorithm is that given in RFC 826.
   * In addition, a sanity check is performed on the sender
   * protocol address, to catch impersonators.
 
 --=20
 Any statement of the form "X is the one, true Y" is FALSE.
 PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4
 
 --IiVenqGWf+H9Y6IX
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.4 (GNU/Linux)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE7GUT3XY6L6fI4GtQRAn/DAKCoBZLWIvZ/5jt+g9Mj8Zz4rEehHQCgwOAd
 N6SSwBE2i5Ra1vVTEViU0BY=
 =Zgrx
 -----END PGP SIGNATURE-----
 
 --IiVenqGWf+H9Y6IX--
Responsible-Changed-From-To: freebsd-bugs->ru 
Responsible-Changed-By: ru 
Responsible-Changed-When: Wed Jun 13 23:37:06 PDT 2001 
Responsible-Changed-Why:  
I will handle it. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25006 
State-Changed-From-To: open->closed 
State-Changed-By: jlemon 
State-Changed-When: Fri Jun 15 14:00:59 PDT 2001 
State-Changed-Why:  
Fix committed, thanks. 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25006 
>Unformatted:
