net: Don't proxy arp respond if iif == rt->dst.dev if private VLAN is disabled

Submitted by Thomas Graf on Feb. 10, 2012, 2:07 p.m.

Details

Message ID 1328882831-15300-1-git-send-email-tgraf@suug.ch
State Accepted
Delegated to: David Miller
Headers show

Commit Message

Thomas Graf Feb. 10, 2012, 2:07 p.m.
Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed
the behavior of arp proxy to send arp replies back out on the interface
the request came in even if the private VLAN feature is disabled.

Previously we checked rt->dst.dev != skb->dev for in scenarios, when
proxy arp is enabled on for the netdevice and also when individual proxy
neighbour entries have been added.

This patch adds the check back for the pneigh_lookup() scenario.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
---
 net/ipv4/arp.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

Comments

Jesper Dangaard Brouer Feb. 10, 2012, 2:54 p.m.
On Fri, 2012-02-10 at 15:07 +0100, Thomas Graf wrote:
> Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed
> the behavior of arp proxy to send arp replies back out on the interface
> the request came in even if the private VLAN feature is disabled.
> 
> Previously we checked rt->dst.dev != skb->dev for in scenarios, when
> proxy arp is enabled on for the netdevice and also when individual proxy
> neighbour entries have been added.
> 
> This patch adds the check back for the pneigh_lookup() scenario.
> 
> Signed-off-by: Thomas Graf <tgraf@suug.ch>

Acked-by: Jesper Dangaard Brouer <hawk@comx.dk>


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller Feb. 10, 2012, 8:13 p.m.
From: Thomas Graf <tgraf@suug.ch>
Date: Fri, 10 Feb 2012 15:07:11 +0100

> Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed
> the behavior of arp proxy to send arp replies back out on the interface
> the request came in even if the private VLAN feature is disabled.
> 
> Previously we checked rt->dst.dev != skb->dev for in scenarios, when
> proxy arp is enabled on for the netdevice and also when individual proxy
> neighbour entries have been added.
> 
> This patch adds the check back for the pneigh_lookup() scenario.
> 
> Signed-off-by: Thomas Graf <tgraf@suug.ch>

Applied, thanks Thomas.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch hide | download patch | download mbox

diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 59402be..63e4989 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -863,7 +863,8 @@  static int arp_process(struct sk_buff *skb)
 			if (addr_type == RTN_UNICAST  &&
 			    (arp_fwd_proxy(in_dev, dev, rt) ||
 			     arp_fwd_pvlan(in_dev, dev, rt, sip, tip) ||
-			     pneigh_lookup(&arp_tbl, net, &tip, dev, 0))) {
+			     (rt->dst.dev != dev &&
+			      pneigh_lookup(&arp_tbl, net, &tip, dev, 0)))) {
 				n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
 				if (n)
 					neigh_release(n);