Patchwork net: Don't proxy arp respond if iif == rt->dst.dev if private VLAN is disabled

login
register
mail settings
Submitter Thomas Graf
Date Feb. 10, 2012, 2:07 p.m.
Message ID <1328882831-15300-1-git-send-email-tgraf@suug.ch>
Download mbox | patch
Permalink /patch/140652/
State Accepted
Delegated to: David Miller
Headers show

Comments

Thomas Graf - Feb. 10, 2012, 2:07 p.m.
Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed
the behavior of arp proxy to send arp replies back out on the interface
the request came in even if the private VLAN feature is disabled.

Previously we checked rt->dst.dev != skb->dev for in scenarios, when
proxy arp is enabled on for the netdevice and also when individual proxy
neighbour entries have been added.

This patch adds the check back for the pneigh_lookup() scenario.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
---
 net/ipv4/arp.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
Jesper Dangaard Brouer - Feb. 10, 2012, 2:54 p.m.
On Fri, 2012-02-10 at 15:07 +0100, Thomas Graf wrote:
> Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed
> the behavior of arp proxy to send arp replies back out on the interface
> the request came in even if the private VLAN feature is disabled.
> 
> Previously we checked rt->dst.dev != skb->dev for in scenarios, when
> proxy arp is enabled on for the netdevice and also when individual proxy
> neighbour entries have been added.
> 
> This patch adds the check back for the pneigh_lookup() scenario.
> 
> Signed-off-by: Thomas Graf <tgraf@suug.ch>

Acked-by: Jesper Dangaard Brouer <hawk@comx.dk>


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - Feb. 10, 2012, 8:13 p.m.
From: Thomas Graf <tgraf@suug.ch>
Date: Fri, 10 Feb 2012 15:07:11 +0100

> Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed
> the behavior of arp proxy to send arp replies back out on the interface
> the request came in even if the private VLAN feature is disabled.
> 
> Previously we checked rt->dst.dev != skb->dev for in scenarios, when
> proxy arp is enabled on for the netdevice and also when individual proxy
> neighbour entries have been added.
> 
> This patch adds the check back for the pneigh_lookup() scenario.
> 
> Signed-off-by: Thomas Graf <tgraf@suug.ch>

Applied, thanks Thomas.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 59402be..63e4989 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -863,7 +863,8 @@  static int arp_process(struct sk_buff *skb)
 			if (addr_type == RTN_UNICAST  &&
 			    (arp_fwd_proxy(in_dev, dev, rt) ||
 			     arp_fwd_pvlan(in_dev, dev, rt, sip, tip) ||
-			     pneigh_lookup(&arp_tbl, net, &tip, dev, 0))) {
+			     (rt->dst.dev != dev &&
+			      pneigh_lookup(&arp_tbl, net, &tip, dev, 0)))) {
 				n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
 				if (n)
 					neigh_release(n);