From meno.abels@adviser.com  Thu Dec  8 08:25:34 2005
Return-Path: <meno.abels@adviser.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 37DC216A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  8 Dec 2005 08:25:34 +0000 (GMT)
	(envelope-from meno.abels@adviser.com)
Received: from smtp.adviser.com (adviser.com [217.20.119.125])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2A28C43D75
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  8 Dec 2005 08:25:17 +0000 (GMT)
	(envelope-from meno.abels@adviser.com)
Received: from p213.54.95.83.tisdip.tiscali.de ([213.54.95.83] helo=[192.168.74.63])
	by smtp.adviser.com with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.54 (FreeBSD))
	id 1EkH5P-000HMK-32
	for FreeBSD-gnats-submit@freebsd.org; Thu, 08 Dec 2005 09:25:07 +0100
Message-Id: <4397EDE1.2080204@adviser.com>
Date: Thu, 08 Dec 2005 09:25:05 +0100
From: Meno Abels <meno.abels@adviser.com>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] arp mixup if carp and bridge used

>Number:         90096
>Category:       kern
>Synopsis:       [net] [patch] arp mixup if carp and bridge used
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    thompsa
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 08 08:30:04 GMT 2005
>Closed-Date:    Tue Jun 12 07:23:05 GMT 2007
>Last-Modified:  Tue Jun 12 07:23:05 GMT 2007
>Originator:     Meno Abels
>Release:        FreeBSD 6.0-RELEASE i386
>Organization:
Adviser COM
>Environment:
System: FreeBSD sshd 6.0-RELEASE FreeBSD 6.0-RELEASE #1: Thu Jul 28 23:45:40 MEST 2005 
root@tiger.de.20six.net:/jails/tiger/usr/obj/jails/tiger/usr/src_6.0/sys/GENERIC i386
 
>Description:
If a carp interface is configured on a bridged interface the arp requests
to the carp ipnumber are not answered with the ethernet address of the carp
interface. The arp is answered with the ethernet address of the real
interface which causes that carp not works rightly.
>How-To-Repeat:
Ping and tcpdump and arp -d (carp ipnummer)
>Fix:
    I changed the lookup order in in_arpinput to:
       - check is it our ipnumber
       - lookup all carp interfaces.
       - check is bridged or our interface
 
    I changed in ether_input that if bridges are used that the local carp
    interfaces are not processed by the bridge.
 
    This patch is made for 6.0 but should also useful in the 5.x line.
    Where the same problem is visible.
 
    If needed i can make also the 5.x line patch. But this should be easy
    only remove the if_bridge path in if_ethersubr. The if_bridge doesn't
    exists in 5.x.
 
 Index: sys/netinet/if_ether.c
 ===================================================================
 RCS file: /jails/cvs/var/freebsd.cvs/src/sys/netinet/if_ether.c,v
 retrieving revision 1.137.2.4
 diff -u -r1.137.2.4 if_ether.c
 --- sys/netinet/if_ether.c      7 Oct 2005 01:51:29 -0000       1.137.2.4
 +++ sys/netinet/if_ether.c      6 Dec 2005 19:39:03 -0000
 @@ -631,17 +631,17 @@
          * XXX: This is really ugly!
          */
         LIST_FOREACH(ia, INADDR_HASH(itaddr.s_addr), ia_hash) {
 -               if ((bridged || (ia->ia_ifp == ifp)) &&
 -                   itaddr.s_addr == ia->ia_addr.sin_addr.s_addr)
 -                       goto match;
 +               if (itaddr.s_addr != ia->ia_addr.sin_addr.s_addr)
 +                       continue;
  #ifdef DEV_CARP
                 if (ifp->if_carp != NULL &&
 -                   carp_iamatch(ifp->if_carp, ia, &isaddr, &enaddr) &&
 -                   itaddr.s_addr == ia->ia_addr.sin_addr.s_addr) {
 +                   carp_iamatch(ifp->if_carp, ia, &isaddr, &enaddr)) {
                         carp_match = 1;
                         goto match;
                 }
  #endif
 +               if (bridged || (ia->ia_ifp == ifp))
 +                       goto match;
         }
         LIST_FOREACH(ia, INADDR_HASH(isaddr.s_addr), ia_hash)
                 if ((bridged || (ia->ia_ifp == ifp)) &&
 cvs diff: Diffing sys/netinet/libalias
 cvs diff: Diffing sys/net
 Index: sys/net/if_ethersubr.c
 ===================================================================
 RCS file: /jails/cvs/var/freebsd.cvs/src/sys/net/if_ethersubr.c,v
 retrieving revision 1.193.2.4.2.2
 diff -u -r1.193.2.4.2.2 if_ethersubr.c
 --- sys/net/if_ethersubr.c      23 Oct 2005 02:37:28 -0000      
 1.193.2.4.2.2
 +++ sys/net/if_ethersubr.c      8 Dec 2005 08:07:38 -0000
 @@ -604,16 +604,23 @@
          * will always return the original packet if we need to
          * process it locally.
          */
 -       if (ifp->if_bridge) {
 +       const struct ifnet *ismycarp = 0;
 +#ifdef DEV_CARP
 +       if (ifp->if_carp && (ifp->if_bridge || BDG_ACTIVE(ifp))) {
 +               ismycarp = carp_forus(ifp->if_carp, eh->ether_dhost);
 +       }
 +#endif
 +       if (!ismycarp && ifp->if_bridge) {
                 BRIDGE_INPUT(ifp, m);
                 if (m == NULL)
                         return;
         }
 
         /* Check for bridging mode */
 -       if (BDG_ACTIVE(ifp) )
 +       if (!ismycarp && BDG_ACTIVE(ifp)) {
                 if ((m = bridge_in_ptr(ifp, m)) == NULL)
                         return;
 +       }
 
         /* First chunk of an mbuf contains good entropy */
         if (harvest.ethernet)
 
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Dec 8 17:06:07 GMT 2005 
Responsible-Changed-Why:  
Rescue this PR from the 'pending' category. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=90096 
State-Changed-From-To: open->feedback 
State-Changed-By: thompsa 
State-Changed-When: Sun Oct 8 19:23:38 UTC 2006 
State-Changed-Why:  
This was fixed about three months ago in RELENG_6 and should work 
in 6.2. It would be great if you could grab a 6.2-BETA or update 
to stable and test it. 


Responsible-Changed-From-To: freebsd-bugs->thompsa 
Responsible-Changed-By: thompsa 
Responsible-Changed-When: Sun Oct 8 19:23:38 UTC 2006 
Responsible-Changed-Why:  
This was fixed about three months ago in RELENG_6 and should work 
in 6.2. It would be great if you could grab a 6.2-BETA or update 
to stable and test it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=90096 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Tue Jun 12 07:22:37 UTC 2007 
State-Changed-Why:  
Feedback timeout (> 6 months). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=90096 
>Unformatted:
