Subject: kern/7497: "permanent" ARP entries can be overwritten
To: None <gnats-bugs@gnats.netbsd.org>
From: Zdenek Salvet <salvet@ics.muni.cz>
List: netbsd-bugs
Date: 04/29/1999 11:21:02
>Number: 7497
>Category: kern
>Synopsis: "permanent" ARP entries can be overwritten
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Apr 29 11:20:00 1999
>Last-Modified:
>Originator: Zdenek Salvet
>Organization:
Masaryk University, Brno, Czech Republic
>Release: 1.3.3
>Environment:
>Description:
"permanent" ARP entries can be overwritten by ARP packet
this is the same problem as kern/7489 nad 7490, just submitting the fix
>How-To-Repeat:
>Fix:
--- sys/netinet/if_arp.c.old Thu Apr 29 19:39:10 1999
+++ sys/netinet/if_arp.c.new Thu Apr 29 20:10:28 1999
@@ -580,9 +580,21 @@
if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
if (sdl->sdl_alen &&
bcmp((caddr_t)ar_sha(ah), LLADDR(sdl), sdl->sdl_alen))
- log(LOG_INFO, "arp info overwritten for %s by %s\n",
+ if ( rt->rt_flags & RTF_STATIC) {
+ log(LOG_ERR, "%s tried to overwrite arp info for %s\n",
+ lla_snprintf(ar_sha(ah), ah->ar_hln),
+ in_fmtaddr(isaddr));
+ goto out;
+ } else if (rt->rt_ifp!=ifp) {
+ log(LOG_INFO, "%s tried to overwrite arp info for %s (diff. interface)\n",
+ lla_snprintf(ar_sha(ah), ah->ar_hln),
+ in_fmtaddr(isaddr));
+ goto out;
+ } else {
+ log(LOG_INFO, "arp info overwritten for %s by %s\n",
in_fmtaddr(isaddr),
lla_snprintf(ar_sha(ah), ah->ar_hln));
+ }
/*
* sanity check for the address length.
* XXX this does not work for protocols with variable address
>Audit-Trail:
>Unformatted: