Message ID | 1437989630.20182.35.camel@edumazet-glaptop2.roam.corp.google.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Eric Dumazet <eric.dumazet@gmail.com> Date: Mon, 27 Jul 2015 11:33:50 +0200 > From: Eric Dumazet <edumazet@google.com> > > When arp is off on a device, and ioctl(SIOCGARP) is queried, > a buggy answer is given with MAC address of the device, instead > of the mac address of the destination/gateway. > > We filter out NUD_NOARP neighbours for /proc/net/arp, > we must do the same for SIOCGARP ioctl. > > Tested: ... > Signed-off-by: Eric Dumazet <edumazet@google.com> > Reported-by: Vytautas Valancius <valas@google.com> Applied, thanks Eric. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 2015-07-28 at 23:41 -0700, David Miller wrote:
> Applied, thanks Eric.
Thanks David
Note that IPv6 is completely broken after 'arp off' sequence.
ND destination MAC are a copy of eth0 MAC address, instead of the required multicast.
lpaa23:~# ip link set dev eth0 arp off
lpaa23:~# ping6 4444::555:0027
PING 4444::555:0027(4444::555:27) 56 data bytes
02:05:13.742684 00:1a:11:c3:0d:7f > 00:1a:11:c3:0d:7f, ethertype IPv6 (0x86dd), length 118: 4444::555:23 > 4444::555:27: ICMP6, echo request, seq 1, length 64
02:05:14.742200 00:1a:11:c3:0d:7f > 00:1a:11:c3:0d:7f, ethertype IPv6 (0x86dd), length 118: 4444::555:23 > 4444::555:27: ICMP6, echo request, seq 2, length 64
^C
--- 4444::555:0027 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 999ms
lpaa23:~# ip link set dev eth0 arp on
lpaa23:~# ip -6 neigh sh dev eth0
fe80::21a:11ff:fec3:d45 lladdr 00:1a:11:c3:0d:45 STALE
4444::555:26 FAILED
4444::555:25 FAILED
lpaa23:~# ping6 4444::555:0027
PING 4444::555:0027(4444::555:27) 56 data bytes
02:12:15.698654 00:1a:11:c3:0d:7f > 00:1a:11:c3:0d:7f, ethertype IPv6 (0x86dd), length 118: 4444::555:23 > 4444::555:27: ICMP6, echo request, seq 1, length 64
02:12:16.698249 00:1a:11:c3:0d:7f > 00:1a:11:c3:0d:7f, ethertype IPv6 (0x86dd), length 118: 4444::555:23 > 4444::555:27: ICMP6, echo request, seq 2, length 64
02:12:17.698224 00:1a:11:c3:0d:7f > 00:1a:11:c3:0d:7f, ethertype IPv6 (0x86dd), length 118: 4444::555:23 > 4444::555:27: ICMP6, echo request, seq 3, length 64
^C
--- 4444::555:0027 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
lpaa23:~# ip -6 neigh flush dev eth0
lpaa23:~# ip -6 neigh sh dev eth0
4444::555:24 FAILED
4444::555:28 FAILED
fe80::21a:11ff:fec3:d45 FAILED
4444::555:26 FAILED
4444::555:25 FAILED
Oh well...
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Wed, 2015-07-29 at 11:15 +0200, Eric Dumazet wrote: > On Tue, 2015-07-28 at 23:41 -0700, David Miller wrote: > > > Applied, thanks Eric. > Thanks David > > Note that IPv6 is completely broken after 'arp off' sequence. It seems we need to replicate what commit 6c8b4e3ff81b82fc153625e81e60af1d89de2c32 ("arp: flush arp cache on IFF_NOARP change") did for IPv4 Will test this and submit an official patch. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c index 933a92820d26..6c8b1fbafce8 100644 --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -1017,14 +1017,16 @@ static int arp_req_get(struct arpreq *r, struct net_device *dev) neigh = neigh_lookup(&arp_tbl, &ip, dev); if (neigh) { - read_lock_bh(&neigh->lock); - memcpy(r->arp_ha.sa_data, neigh->ha, dev->addr_len); - r->arp_flags = arp_state_to_flags(neigh); - read_unlock_bh(&neigh->lock); - r->arp_ha.sa_family = dev->type; - strlcpy(r->arp_dev, dev->name, sizeof(r->arp_dev)); + if (!(neigh->nud_state & NUD_NOARP)) { + read_lock_bh(&neigh->lock); + memcpy(r->arp_ha.sa_data, neigh->ha, dev->addr_len); + r->arp_flags = arp_state_to_flags(neigh); + read_unlock_bh(&neigh->lock); + r->arp_ha.sa_family = dev->type; + strlcpy(r->arp_dev, dev->name, sizeof(r->arp_dev)); + err = 0; + } neigh_release(neigh); - err = 0; } return err; }