From lx@hosix.ntu-kpi.kiev.ua  Mon Apr 27 15:41:27 1998
Received: from ntu-kpi.kiev.ua (root@ntu-kpi.kiev.ua [195.178.136.20])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA29070
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 27 Apr 1998 15:40:29 -0700 (PDT)
          (envelope-from lx@hosix.ntu-kpi.kiev.ua)
Received: from fobos.ntu-kpi.kiev.ua (fobos.ntu-kpi.kiev.ua [10.100.0.6])
          by ntu-kpi.kiev.ua (8.8.8/8.7.3) with ESMTP id BAA14367
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 28 Apr 1998 01:38:55 +0300 (EEST)
Received: from hosix.ntu-kpi.kiev.ua (lx.hosix.ntu-kpi.kiev.ua [10.100.23.72])
          by fobos.ntu-kpi.kiev.ua (unknown/censored) with ESMTP id BAA15417
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 28 Apr 1998 01:38:55 +0300 (EEST)
Received: (from root@localhost)
	by hosix.ntu-kpi.kiev.ua (8.8.8/8.8.7) id BAA01959;
	Tue, 28 Apr 1998 01:38:19 +0300 (EEST)
	(envelope-from lx)
Message-Id: <199804272238.BAA01959@hosix.ntu-kpi.kiev.ua>
Date: Tue, 28 Apr 1998 01:38:19 +0300 (EEST)
From: lx@hosix.ntu-kpi.kiev.ua
Reply-To: lx@hosix.ntu-kpi.kiev.ua
To: FreeBSD-gnats-submit@freebsd.org
Subject: IFF_NOARP does not affect ethernet interfaces.
X-Send-Pr-Version: 3.2

>Number:         6432
>Category:       kern
>Synopsis:       IFF_NOARP does not affect ethernet interfaces.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 27 15:50:00 PDT 1998
>Closed-Date:    Tue Jun 26 01:27:42 PDT 2001
>Last-Modified:  Tue Jun 26 01:28:52 PDT 2001
>Originator:     Alexander Matey
>Release:        FreeBSD 2.2.6-STABLE i386
>Organization:
National Technical University of Ukraine /KPI/
>Environment:

    FreeBSD 2.2.6-STABLE, with ethernet network interfaces configured.

>Description:

    Setting IFF_NOARP (by the help of ifconfig <iface> -arp) on a particular
ethernet interface has no effect. This flag is ignored by the kernel for
ethernet interfaces.

>How-To-Repeat:

    Configure any ethernet interface. Set IFF_NOARP on it through ifconfig
<iface> -arp. Then tcpdump -i <iface> arp host <our host>

>Fix:
	
    Patch to netinet/if_ether.c included which fixes this. -DARP_HACK enables 
replies to who-has arp queries but still leaves requests disabled.

--- /sys/netinet/if_ether.c.org	Wed May 14 19:43:56 1997
+++ /sys/netinet/if_ether.c	Sun Apr 26 16:47:25 1998
@@ -277,8 +277,14 @@
 	register struct ether_header *eh;
 	register struct ether_arp *ea;
 	struct sockaddr sa;
 
+/* PATCH BEGIN -lx- */
+	if((ac->ac_if.if_flags & IFF_NOARP) != 0) {
+		return;
+	}
+/* PATCH END */
+
 	if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL)
 		return;
 	m->m_len = sizeof(*ea);
 	m->m_pkthdr.len = sizeof(*ea);
@@ -353,8 +359,14 @@
 	    sdl->sdl_family == AF_LINK && sdl->sdl_alen != 0) {
 		bcopy(LLADDR(sdl), desten, sdl->sdl_alen);
 		return 1;
 	}
+/* PATCH BEGIN -lx- */
+	if((ac->ac_if.if_flags & IFF_NOARP) != 0) {
+		m_freem(m);
+		return (0);
+	} 
+/* PATCH END */
 	/*
 	 * There is an arptab entry, but no ethernet address
 	 * response yet.  Replace the held mbuf with this
 	 * latest one.
@@ -399,8 +411,13 @@
 		splx(s);
 		if (m == 0 || (m->m_flags & M_PKTHDR) == 0)
 			panic("arpintr");
 		if (m->m_len >= sizeof(struct arphdr) &&
+/* PATCH BEGIN -lx- */
+#ifndef ARP_HACK
+                    (m->m_pkthdr.rcvif->if_flags & IFF_NOARP) == 0 &&
+#endif
+/* PATCH END */
 		    (ar = mtod(m, struct arphdr *)) &&
 		    ntohs(ar->ar_hrd) == ARPHRD_ETHER &&
 		    m->m_len >=
 		      sizeof(struct arphdr) + 2 * ar->ar_hln + 2 * ar->ar_pln)
@@ -481,8 +498,16 @@
 		   ea->arp_sha, ":", inet_ntoa(isaddr));
 		itaddr = myaddr;
 		goto reply;
 	}
+
+/* PATCH BEGIN -lx- */
+#ifdef ARP_HACK
+	if ((ac->ac_if.if_flags & IFF_NOARP) != 0) {
+		goto reply;
+	}
+#endif
+/* PATCH END */
 	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
 	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
 		if (sdl->sdl_alen &&
 		    bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen))
>Release-Note:
>Audit-Trail:

From: David Greenman <dg@root.com>
To: lx@hosix.ntu-kpi.kiev.ua
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: kern/6432: IFF_NOARP does not affect ethernet interfaces. 
Date: Mon, 27 Apr 1998 17:34:31 -0700

 >+/* PATCH BEGIN -lx- */
 
    A note for anyone considering integrating this patch: Please do NOT commit
 it in it's current form. The gratuitous comments must be removed first. The
 patch also needs to be carefully reviewed for correctness. I'm also unlear
 what the ARP_HACK ifdefs are all about.
 
 -DG
 
 David Greenman
 Co-founder/Principal Architect, The FreeBSD Project

From: Eivind Eklund <eivind@yes.no>
To: lx@hosix.ntu-kpi.kiev.ua
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: kern/6432: IFF_NOARP does not affect ethernet interfaces.
Date: Tue, 28 Apr 1998 02:37:07 +0200

 On Tue, Apr 28, 1998 at 01:38:19AM +0300, lx@hosix.ntu-kpi.kiev.ua wrote:
 > >Fix:
 > 	
 > Patch to netinet/if_ether.c included which fixes this. -DARP_HACK
 > enables replies to who-has arp queries but still leaves requests
 > disabled.
 
 For whoever commits this: Any new options should be described in LINT,
 and contained in conf/options.
 
 Alexander: If you provide patches that people don't have to do any
 extra work on before committing, you're likely to get a much quicker
 turnaround.  It's just human nature.
 
 For your patch, this would include the following differences:
 - Additional patches for LINT and conf/options
 - Follow the exact style of the original file, e.g. having spaces
   after all instances of 'if'.
 - Remove 'PATCH BEGIN' and 'PATCH END' at the beginning and end of
   each changed section.
 
 Please don't get me wrong; we are grateful for patches almost in any
 condition.  But the ones that are easy to apply and have the style in
 order are more likely to be processed quickly.
 
 Eivind.

From: Bill Fenner <fenner@parc.xerox.com>
To: lx@hosix.ntu-kpi.kiev.ua
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/6432: IFF_NOARP does not affect ethernet interfaces. 
Date: Tue, 28 Apr 1998 17:37:57 PDT

 I dug up some email that I exchanged with Garrett in 1996(!!) about
 IFF_NOARP, in which I said:
 
 1) Ignore incoming ARP requests for my address, but still allow ARP to fill
 up the ARP table and still send out ARP requests for others.
 2) Reply to incoming ARP requests for my address, but don't allow ARP to
 fill up the ARP table and don't send out ARP requests for others.
 3) Ignore incoming ARP requests for my address, don't allow ARP to
 fill up the arp table or send out ARP requests for others.
 
 It looks like your implementation does (3) without "options ARP_HACK"
 and (2) with.  I think that we ended up dropping this because we didn't
 want to decide which semantics to implement and were reluctant to add
 any more flags to allow all 3 behaviors.  (Not to mention how things
 with decisions attached to them tend to filter to the bottom of to-do
 lists...)
 
 I had envisioned something like a per-interface sysctl to configure the
 style of ARP handling on each interface, but guess that doesn't really
 fit with the sysctl architecture.
 
   Bill
State-Changed-From-To: open->analyzed 
State-Changed-By: phk 
State-Changed-When: Wed Apr 29 07:43:49 PDT 1998 
State-Changed-Why:  
now awaiting the final decision/patch 

From: Alexander Matey <lx@hosix.ntu-kpi.kiev.ua>
To: bug-followup@FreeBSD.ORG
Cc:  
Subject: Re: kern/6432: IFF_NOARP does not affect ethernet interfaces
Date: Sun, 4 Apr 1999 14:49:56 +0300

 --EVF5PPMfhYS0aIcm
 Content-Type: text/plain; charset=us-ascii
 
 Hello,
 
 This is a carefully reviewed and updated version of the patch set
 included in the original PR. I've removed unnecessary comments, 
 followed the style of the original files and included additional 
 patches to LINT and conf/options.
 
 Patches were made and tested against a fresh 3.1-STABLE.
 
 -- 
 Alexander Matey
 Kyiv, Ukraine
 
 --EVF5PPMfhYS0aIcm
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="static_arp.diff"
 
 diff -cr sys/conf/options sys.new/conf/options
 *** sys/conf/options	Mon Feb  8 21:05:55 1999
 --- sys.new/conf/options	Sun Apr  4 14:13:21 1999
 ***************
 *** 68,73 ****
 --- 68,74 ----
   SYSVSHM		opt_sysvipc.h
   UCONSOLE
   ICMP_BANDLIM
 + STATIC_ARP_HACK
   
   # POSIX kernel options
   P1003_1B	opt_posix.h
 diff -cr sys/i386/conf/LINT sys.new/i386/conf/LINT
 *** sys/i386/conf/LINT	Mon Mar 29 20:59:38 1999
 --- sys.new/i386/conf/LINT	Sun Apr  4 14:13:35 1999
 ***************
 *** 482,487 ****
 --- 482,494 ----
   options	DUMMYNET
   options	BRIDGE
   
 + # STATIC_ARP_HACK enables sending responses to ARP who-has queries 
 + # received on an ethernet interface with ARP disabled (see ifconfig(8) for
 + # info on -arp parameter). Default is to disable ARP completely on 
 + # such interface. With ARP disabled internal ARP table should be setup 
 + # manually with arp(8) before any routing daemons have been started.
 + options         STATIC_ARP_HACK
 + 
   #
   # ATM (HARP version) options
   #
 diff -cr sys/netinet/if_ether.c sys.new/netinet/if_ether.c
 *** sys/netinet/if_ether.c	Thu Mar  4 06:04:48 1999
 --- sys.new/netinet/if_ether.c	Sun Apr  4 14:13:49 1999
 ***************
 *** 42,47 ****
 --- 42,48 ----
   
   #include "opt_inet.h"
   #include "opt_bdg.h"
 + #include "opt_static_arp_hack.h"
   
   #include <sys/param.h>
   #include <sys/kernel.h>
 ***************
 *** 285,290 ****
 --- 286,294 ----
   	register struct ether_arp *ea;
   	struct sockaddr sa;
   
 + 	if ((ac->ac_if.if_flags & IFF_NOARP) != 0) {
 + 		return;
 + 	}
   	if ((m = m_gethdr(M_DONTWAIT, MT_DATA)) == NULL)
   		return;
   	m->m_len = sizeof(*ea);
 ***************
 *** 363,368 ****
 --- 367,376 ----
   		bcopy(LLADDR(sdl), desten, sdl->sdl_alen);
   		return 1;
   	}
 + 	if ((ac->ac_if.if_flags & IFF_NOARP) != 0) {
 + 		m_freem(m);
 + 		return (0);
 + 	} 
   	/*
   	 * There is an arptab entry, but no ethernet address
   	 * response yet.  Replace the held mbuf with this
 ***************
 *** 408,413 ****
 --- 416,424 ----
   		if (m == 0 || (m->m_flags & M_PKTHDR) == 0)
   			panic("arpintr");
   		if (m->m_len >= sizeof(struct arphdr) &&
 + #ifndef STATIC_ARP_HACK
 +                     (m->m_pkthdr.rcvif->if_flags & IFF_NOARP) == 0 &&
 + #endif
   		    (ar = mtod(m, struct arphdr *)) &&
   		    ntohs(ar->ar_hrd) == ARPHRD_ETHER &&
   		    m->m_len >=
 ***************
 *** 503,508 ****
 --- 514,524 ----
   		itaddr = myaddr;
   		goto reply;
   	}
 + #ifdef STATIC_ARP_HACK
 + 	if ((ac->ac_if.if_flags & IFF_NOARP) != 0) {
 + 		goto reply;
 + 	}
 + #endif
   	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
   	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
   #ifndef BRIDGE /* the following is not an error when doing bridging */
 
 --EVF5PPMfhYS0aIcm--
 
State-Changed-From-To: analyzed->closed 
State-Changed-By: ru 
State-Changed-When: Tue Jun 26 01:27:42 PDT 2001 
State-Changed-Why:  
Superseded by PR kern/25006. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=6432 
>Unformatted:
