> Yes. Thats what the code in sys/netinet/if_arp.c:in_arpinput() ensures (or
> at least, tries to).

To be honest, while I may be missing something, I don't see where it
even tries.  Here's the code that locates the struct in_ifaddr for
the incoming request:

	/*
	 * Search for a matching interface address
	 * or any address on the interface to use
	 * as a dummy address in the rest of this function
	 */
	INADDR_TO_IA(itaddr, ia);
	if (ia == NULL) {
		INADDR_TO_IA(isaddr, ia);
			if (ia == NULL) {
				IFP_TO_IA(ifp, ia);
				if (ia == NULL) goto out;
			}
	}
	myaddr = ia->ia_addr.sin_addr;

If itaddr is 127.0.0.1, INADDR_TO_IA() will return a pointer to the ifaddr
for 127.0.0.1 no matter what interface the ifaddr is attached to, and myaddr
will also be 127.0.0.1.  `ia' is never touched after this point, so when
it gets to

reply:
	if (op != ARPOP_REQUEST) {
	out:
		m_freem(m);
		return;
	}
	if (in_hosteq(itaddr, myaddr)) {
		/* I am the target */
		bcopy((caddr_t)ar_sha(ah), (caddr_t)ar_tha(ah), ah->ar_hln);
		bcopy(LLADDR(ifp->if_sadl), (caddr_t)ar_sha(ah), ah->ar_hln);
	} else {

itaddr (127.0.0.1) matches myaddr (127.0.0.1) and it sends a reply.

This doesn't look good to me.

Dennis Ferguson