Bug 25006

Summary: cannot ignore arp (ifconfig -arp doesn't work)
Product: Base System Reporter: fujiwara <fujiwara>
Component: kernAssignee: ru <ru>
Status: Closed FIXED    
Severity: Affects Only Me CC: fujiwara
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description fujiwara 2001-02-11 17:10:01 UTC 
  ifconfig ether_interface -arp

  but cannot ignore ARP.
  We want to use static arp configuration for firewall.

Fix: patch from OpenBSD.
I checked only ethernet interface.
Comment 1 brooks 2001-06-02 20:56:39 UTC 
I took a look at this and verified that yes, it is a bug and the patch
does fix it (at least for Ethernet).  One potential minor issue with it is
that you still end up with "incomplete" ARP entries for hosts you don't
have static entries for.  I think that's pretty much harmless though.
Below is an updated patch against a May 30th current.  The only real
changes from the origional are Token Ring support and a comment change.

-- Brooks

Index: net/if_ethersubr.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.93
diff -u -r1.93 if_ethersubr.c
--- net/if_ethersubr.c	2001/05/02 16:12:58	1.93
+++ net/if_ethersubr.c	2001/06/02 17:35:17
@@ -542,6 +542,8 @@
 		break;
 
 	case ETHERTYPE_ARP:
+		if (ifp->if_flags & IFF_NOARP)
+			goto dropanyway;
 		schednetisr(NETISR_ARP);
 		inq = &arpintrq;
 		break;
@@ -638,6 +640,7 @@
 			return;
 		}
 #else /* NETATALK */
+		dropanyway:
 		if (ng_ether_input_orphan_p != NULL)
 			(*ng_ether_input_orphan_p)(ifp, m, eh);
 		else
Index: net/if_fddisubr.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_fddisubr.c,v
retrieving revision 1.50
diff -u -r1.50 if_fddisubr.c
--- net/if_fddisubr.c	2001/03/11 05:31:41	1.50
+++ net/if_fddisubr.c	2001/06/02 05:50:55
@@ -443,6 +443,8 @@
 			break;
 
 		case ETHERTYPE_ARP:
+			if (ifp->if_flags & IFF_NOARP)
+				goto dropanyway;
 #if !defined(__bsdi__) || _BSDI_VERSION >= 199401
 			schednetisr(NETISR_ARP);
 			inq = &arpintrq;
Index: net/if_iso88025subr.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_iso88025subr.c,v
retrieving revision 1.16
diff -u -r1.16 if_iso88025subr.c
--- net/if_iso88025subr.c	2001/03/18 05:43:25	1.16
+++ net/if_iso88025subr.c	2001/06/02 05:52:04
@@ -473,6 +473,8 @@
 			break;
 
 		case ETHERTYPE_ARP:
+			if (ifp->if_flags & IFF_NOARP)
+				goto dropanyway;
 			schednetisr(NETISR_ARP);
 			inq = &arpintrq;
 			break;
Index: netinet/if_ether.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.79
diff -u -r1.79 if_ether.c
--- netinet/if_ether.c	2001/03/27 12:34:58	1.79
+++ netinet/if_ether.c	2001/06/02 19:45:27
@@ -403,6 +403,8 @@
 		bcopy(LLADDR(sdl), desten, sdl->sdl_alen);
 		return 1;
 	}
+	if (ac->ac_if.if_flags & IFF_NOARP)
+		return 0;
 	/*
 	 * There is an arptab entry, but no ethernet address
 	 * response yet.  Replace the held mbuf with this
@@ -484,7 +486,8 @@
 
 #ifdef INET
 /*
- * ARP for Internet protocols on 10 Mb/s Ethernet.
+ * ARP for Internet protocols on IEEE 802 protocols (Ethernet, FDDI,
+ * and Token Ring).
  * Algorithm is that given in RFC 826.
  * In addition, a sanity check is performed on the sender
  * protocol address, to catch impersonators.

-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4
Comment 2 ru freebsd_committer freebsd_triage 2001-06-14 07:37:06 UTC 
Responsible Changed
From-To: freebsd-bugs->ru

I will handle it.
Comment 3 jlemon freebsd_committer freebsd_triage 2001-06-15 22:00:59 UTC 
State Changed
From-To: open->closed

Fix committed, thanks.