When we have a published ARP entry for some IP address, do reply on

ARP requests only on the network where this IP address belong, to. Before this change we did replied on all interfaces. This could lead to an IP address conflict with host we are doing ARP proxy for. PR: kern/75634 Reviewed by: andre
svn path=/head/; revision=149451
2024-11-25 18:12:57 +01:00 · 2005-08-25 13:25:57 +00:00 · 2005-08-25 13:25:57 +00:00 · 510b360fc0 · 2020-12-20 02:59:44 +00:00
commit 510b360fc0
parent b3130703e6
1 changed files with 9 additions and 0 deletions
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@ -851,6 +851,15 @@ reply:
 			       inet_ntoa(itaddr));
 #endif
 		} else {
+			/*
+			 * Return proxied ARP replies only on the interface
+			 * where this network resides. Otherwise we may
+			 * conflict with the host we are proxying for.
+			 */
+			if (rt->rt_ifp != ifp) {
+				RT_UNLOCK(rt);
+				goto drop;
+			}
 			sdl = SDL(rt->rt_gateway);
 			(void)memcpy(ar_tha(ah), ar_sha(ah), ah->ar_hln);
 			(void)memcpy(ar_sha(ah), LLADDR(sdl), ah->ar_hln);