tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

ARP probes dropped - breaks RFC 2131, 3927, 5227



Hi folks,

NetBSD has code that drops s.c. ARP probes (and therefore don't answer), see if_arp.c in_arpinput():

        /*
         * If the source IP address is zero, this is most likely a
         * confused host trying to use IP address zero. (Windoze?)
         * XXX: Should we bother trying to reply to these?
         */
        if (in_nullhost(isaddr)) {
                ARP_STATINC(ARP_STAT_RCVZEROSPA);
                goto out;
        }

ARP probes are used by DHCP in RFC 2131 (see e.g. section 4.4.1 p38), IPv4 Link-local addressing in RFC 3927 and further clarified in RFC 5227 (this is a good read on the topic btw!). Because NetBSD drops these, it won't defend its own IP addresses and other nodes implementing ARP probing according to these RFCs may end up using the addresses thinking they're not duplicate.

I believe Gratuitous ARP works though. So if they detect address duplication then an administrator will be notified and can correct the problem manually. But then we've turned zeroconf into non-zeroconf :-) and NetBSD users' addresses get pushed around :-(

For some data points I checked a couple of other implementations. It looks like OpenBSD, FreeBSD, Dragon Fly BSD, Open Solaris and Linux handles ARP probes:
http://fxr.watson.org/fxr/source/netinet/if_ether.c?v=OPENBSD#L561
http://fxr.watson.org/fxr/source/netinet/if_ether.c#L612 (FreeBSD)
http://fxr.watson.org/fxr/source/netinet/if_ether.c?v=DFBSD#L778
http://fxr.watson.org/fxr/source/net/ipv4/arp.c?v=linux-2.6#L805
http://fxr.watson.org/fxr/source/common/inet/arp/arp.c?v=OPENSOLARIS#L3555

I believe it is a simple fix, see below. Please let me know your thoughts. I'm a bit new to NetBSD so go easy :-)

Cheers!
/P

Index: src/sys/netinet/if_arp.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/if_arp.c,v
retrieving revision 1.147
diff -u -r1.147 if_arp.c
--- src/sys/netinet/if_arp.c    16 Sep 2009 15:23:04 -0000    1.147
+++ src/sys/netinet/if_arp.c    2 Nov 2009 18:19:50 -0000
@@ -969,16 +969,6 @@
    }

    /*
-     * If the source IP address is zero, this is most likely a
-     * confused host trying to use IP address zero. (Windoze?)
-     * XXX: Should we bother trying to reply to these?
-     */
-    if (in_nullhost(isaddr)) {
-        ARP_STATINC(ARP_STAT_RCVZEROSPA);
-        goto out;
-    }
-
-    /*
     * Search for a matching interface address
     * or any address on the interface to use
     * as a dummy address in the rest of this function
@@ -1054,6 +1044,14 @@
        goto out;
    }

+    /*
+     * If the source IP address is zero, then this is an ARP probe.
+     */
+    if (in_nullhost(isaddr)) {
+        ARP_STATINC(ARP_STAT_RCVZEROSPA);
+        goto reply;
+    }
+
    if (in_hosteq(isaddr, myaddr)) {
        ARP_STATINC(ARP_STAT_RCVLOCALSPA);
        log(LOG_ERR,





Home | Main Index | Thread Index | Old Index