From laskavy@Berkeley.Gambit.Msk.SU  Mon Aug 17 13:02:57 1998
Received: from Berkeley.Gambit.Msk.SU (berkeley.gambit.msk.su [194.190.206.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA06282
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 17 Aug 1998 13:02:55 -0700 (PDT)
          (envelope-from laskavy@Berkeley.Gambit.Msk.SU)
Received: (from laskavy@localhost)
	by Berkeley.Gambit.Msk.SU (8.8.8/8.8.8) id AAA19437;
	Tue, 18 Aug 1998 00:02:20 +0400 (MSD)
	(envelope-from laskavy)
Message-Id: <199808172002.AAA19437@Berkeley.Gambit.Msk.SU>
Date: Tue, 18 Aug 1998 00:02:20 +0400 (MSD)
From: " . " <laskavy@Berkeley.Gambit.Msk.SU>
Reply-To: laskavy@Berkeley.Gambit.Msk.SU
To: FreeBSD-gnats-submit@freebsd.org
Subject: /sys/netinet/if_ether.c: "permanent" records in ARP table are not really permanent
X-Send-Pr-Version: 3.2

>Number:         7649
>Category:       kern
>Synopsis:       [MFC] /sys/netinet/if_ether.c: "permanent" records in ARP table are not really permanent
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    fenner
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 17 13:10:00 PDT 1998
>Closed-Date:    Tue Aug 3 07:15:41 PDT 1999
>Last-Modified:  Tue Aug  3 07:16:00 PDT 1999
>Originator:      . 
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
The FreeBSD Documentation Project
>Environment:

/sys/netinet/if_ether.c:
     $Id: if_ether.c,v 1.34.2.2 1997/05/14 16:43:56 tegge Exp $

>Description:

	Permanent records in ARP table can be overriden by remote host requests.

>How-To-Repeat:

	server# arp -s foo 1:2:3:4:5:6	# set the "real" address

	server$ arp -a		# now arp table entry is OK
	foo (10.0.0.1) at 1:2:3:4:5:6 permanent

	server$ sleep 300	# wait for 5 minutes, or maybe even 10

	server$ arp foo		# hey, that host can update our ARP table!
	foo (10.0.0.1) at 8:0:20:1:2:3 permanent

>Fix:

	The original patch is for 2.1-STABLE system.
	Patch for 2.2-STABLE will be similar.

*** if_ether.c	Mon Aug 17 15:16:55 1998
--- if_ether.c.orig	Mon Aug 17 15:06:07 1998
***************
*** 453,473 ****
  	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
  	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
  		if (sdl->sdl_alen &&
! 		    bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen)) {
! 			if (rt->rt_expire)
! 				log(LOG_NOTICE, "arp info overwritten for %s by %s\n",
! 			    	inet_ntoa(isaddr), ether_sprintf(ea->arp_sha));
! 			else {
! 				log(LOG_WARNING, "arp: attempt to overwrite stat
ic entry for %s by %s\n",inet_ntoa(isaddr), ether_sprintf(ea->arp_sha));
! 				goto skip_static;
! 			}
! 		}
  		(void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha));
  		sdl->sdl_alen = sizeof(ea->arp_sha);
  		if (rt->rt_expire)
  			rt->rt_expire = time.tv_sec + arpt_keep;
  		rt->rt_flags &= ~RTF_REJECT;
- skip_static:
  		la->la_asked = 0;
  		if (la->la_hold) {
  			(*ac->ac_if.if_output)(&ac->ac_if, la->la_hold,
--- 453,466 ----
  	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
  	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
  		if (sdl->sdl_alen &&
! 		    bcmp((caddr_t)ea->arp_sha, LLADDR(sdl), sdl->sdl_alen))
! 			log(LOG_INFO, "arp info overwritten for %s by %s\n",
! 			    inet_ntoa(isaddr), ether_sprintf(ea->arp_sha));
  		(void)memcpy(LLADDR(sdl), ea->arp_sha, sizeof(ea->arp_sha));
  		sdl->sdl_alen = sizeof(ea->arp_sha);
  		if (rt->rt_expire)
  			rt->rt_expire = time.tv_sec + arpt_keep;
  		rt->rt_flags &= ~RTF_REJECT;
  		la->la_asked = 0;
  		if (la->la_hold) {
  			(*ac->ac_if.if_output)(&ac->ac_if, la->la_hold,
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->suspended 
State-Changed-By: fenner 
State-Changed-When: Wed Sep 16 17:04:30 PDT 1998 
State-Changed-Why:  
Awaiting merge 


Responsible-Changed-From-To: freebsd-bugs->fenner 
Responsible-Changed-By: fenner 
Responsible-Changed-When: Wed Sep 16 17:04:30 PDT 1998 
Responsible-Changed-Why:  
I committed as part of rev 1.48 of if_ether.c 
State-Changed-From-To: suspended->closed 
State-Changed-By: billf 
State-Changed-When: Tue Aug 3 07:15:41 PDT 1999 
State-Changed-Why:  
RELENG_2_2 is a dead branch. 
>Unformatted:
