Patchwork [RFC] arp announce, arp_proxy and windows ip conflict verification

login
register
mail settings
Submitter Denys Fedoryshchenko
Date March 1, 2009, 11:44 a.m.
Message ID <200903011344.45814.denys@visp.net.lb>
Download mbox | patch
Permalink /patch/23913/
State Accepted
Delegated to: David Miller
Headers show

Comments

Denys Fedoryshchenko - March 1, 2009, 11:44 a.m.
Windows (XP at least) hosts on boot, with configured static ip, performing 
address conflict detection, which is defined in RFC3927.
Here is quote of important information:

"
An ARP announcement is identical to the ARP Probe described above, 
except    that now the sender and target IP addresses are both set 
to the host's newly selected IPv4 address. 
"

But it same time this goes wrong with RFC5227.
"
The 'sender IP address' field MUST be set to all zeroes; this is to avoid
polluting ARP caches in other hosts on the same link in the case
where the address turns out to be already in use by another host.
"

When ARP proxy configured, it must not answer to both cases, because 
it is address conflict verification in any case. For Windows it is just 
causing to detect false "ip conflict". Already there is code for RFC5227, so 
just trivially we just check also if source ip == target ip.

Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb>
---
David Miller - March 13, 2009, 11:02 p.m.
From: Denys Fedoryschenko <denys@visp.net.lb>
Date: Sun, 1 Mar 2009 13:44:45 +0200

> Windows (XP at least) hosts on boot, with configured static ip, performing 
> address conflict detection, which is defined in RFC3927.
> Here is quote of important information:
> 
> "
> An ARP announcement is identical to the ARP Probe described above, 
> except    that now the sender and target IP addresses are both set 
> to the host's newly selected IPv4 address. 
> "
> 
> But it same time this goes wrong with RFC5227.
> "
> The 'sender IP address' field MUST be set to all zeroes; this is to avoid
> polluting ARP caches in other hosts on the same link in the case
> where the address turns out to be already in use by another host.
> "
> 
> When ARP proxy configured, it must not answer to both cases, because 
> it is address conflict verification in any case. For Windows it is just 
> causing to detect false "ip conflict". Already there is code for RFC5227, so 
> just trivially we just check also if source ip == target ip.
> 
> Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb>

Patch applied to net-next-2.6

Although, It's a shame that I had to munge such a simple patch so
much, between the bad comment formatting and the trailing whitespace
characters.

Please be mindful of this in future patch submissions.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Eric W. Biederman - June 30, 2009, 10:55 p.m.
Denys Fedoryschenko <denys@visp.net.lb> writes:

> Windows (XP at least) hosts on boot, with configured static ip, performing 
> address conflict detection, which is defined in RFC3927.
> Here is quote of important information:
>
> "
> An ARP announcement is identical to the ARP Probe described above, 
> except    that now the sender and target IP addresses are both set 
> to the host's newly selected IPv4 address. 
> "
>
> But it same time this goes wrong with RFC5227.
> "
> The 'sender IP address' field MUST be set to all zeroes; this is to avoid
> polluting ARP caches in other hosts on the same link in the case
> where the address turns out to be already in use by another host.
> "
>
> When ARP proxy configured, it must not answer to both cases, because 
> it is address conflict verification in any case. For Windows it is just 
> causing to detect false "ip conflict". Already there is code for RFC5227, so 
> just trivially we just check also if source ip == target ip.

I have a problem with this patch.  It stops gratuitous arps updating
my arp cache.  I'm still trying to figure out what the correct behaviour
should be.

Perhaps making the goto out; become if (sip == 0) goto out;

Eric



>
> Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb>
> ---
>
> diff --git a/net-next-2.6/net/ipv4/arp.c b/linux-net-next-a/net/ipv4/arp.c
> index 3f6b735..5afaf2a 100644
> --- a/net-next-2.6/net/ipv4/arp.c
> +++ b/linux-net-next-a/net/ipv4/arp.c
> @@ -801,8 +801,11 @@ static int arp_process(struct sk_buff *skb)
>   *  cache.
>   */
>  
> -	/* Special case: IPv4 duplicate address detection packet (RFC2131) */
> -	if (sip == 0) {
> +	/* 
> +	*  Special case: IPv4 duplicate address detection packet (RFC2131)
> +	*  and Gratuitous ARP/ARP Announce. (RFC3927, Section 2.4) 
> +	*/
> +	if (sip == 0 || tip == sip) {
>  		if (arp->ar_op == htons(ARPOP_REQUEST) &&
>  		    inet_addr_type(net, tip) == RTN_LOCAL &&
>  		    !arp_ignore(in_dev, sip, tip))
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net-next-2.6/net/ipv4/arp.c b/linux-net-next-a/net/ipv4/arp.c
index 3f6b735..5afaf2a 100644
--- a/net-next-2.6/net/ipv4/arp.c
+++ b/linux-net-next-a/net/ipv4/arp.c
@@ -801,8 +801,11 @@  static int arp_process(struct sk_buff *skb)
  *  cache.
  */
 
-	/* Special case: IPv4 duplicate address detection packet (RFC2131) */
-	if (sip == 0) {
+	/* 
+	*  Special case: IPv4 duplicate address detection packet (RFC2131)
+	*  and Gratuitous ARP/ARP Announce. (RFC3927, Section 2.4) 
+	*/
+	if (sip == 0 || tip == sip) {
 		if (arp->ar_op == htons(ARPOP_REQUEST) &&
 		    inet_addr_type(net, tip) == RTN_LOCAL &&
 		    !arp_ignore(in_dev, sip, tip))