Hi,
While trying to setup nfsroot with BOOTP protocol, we discovered a
serious bug with incorrect ARP handling. [ Kernel: 2.1.129 ]
It appears that while the kenerl is waiting for a reply to a BOOTP
request sent earlier, it mishandles ARP requests. In particular,
it replies to every "arp who-has THIS_IP" with "THIS_IP is MY_NIC_ADDR":
that is, publish its own NIC address as matching EVERY local IP.
Effectively, this means it operates as a NIC proxy (well, it doesn't
really do anything but reply to ARP requests...).
As a result, other machines in the network become confused, eventually
leading to serious networking problems.
We suspect the problems is in net/ipv4/ipconfig.c:c_bootp_route_lookup()
(hooked during initialization instead of the default route lookup
function).
Any hints ?
Oren.
__________________________________________________________________________
______ ____ ___ ___ _ __ \
MOSIX Development Group ) ) ) ) ) ( ' ) \ / Oren Laadan \
The Hebrew University / / / / / \ / / [email protected] \
of Jerusalem, Israel ( ( (___( ___) _(_ __/ \_______________________)
http://www.mosix.cs.huji.ac.il
Hi,
> It appears that while the kenerl is waiting for a reply to a BOOTP
> request sent earlier, it mishandles ARP requests. In particular,
> it replies to every "arp who-has THIS_IP" with "THIS_IP is MY_NIC_ADDR":
> that is, publish its own NIC address as matching EVERY local IP.
A quick test showed that this problem does not occur on 2.0.X kernels.
I'm not sure where exactly within 2.1.X history it appeared.
Also - a temporary, ugly and rude hack, but most importantly - that
works for me. At least until there an "official" patch. It works by
checking within arp_rcv() if the interface is even configured to some
IP, and if not - just drop the packet. So here's a hack to the file
/net/ipv4/arp.c:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*** /net/ipv4/arp.c Thu Dec 3 18:12:56 1998
--- /net/ipv4/arp.c Thu Dec 3 18:14:26 1998
***************
*** 550,555 ****
--- 550,567 ----
arp->ar_pln != 4)
goto out;
+ #if 1
+ /* XXX rude hack to prevent ARP replies during BOOTP */
+ {
+ struct in_ifaddr *ifa = in_dev->ifa_list;
+ for ( ; ifa; ifa = ifa->ifa_next)
+ if (ifa->ifa_local || ifa->ifa_address)
+ break;
+ if (!ifa)
+ goto out;
+ }
+ #endif
+
switch (dev_type) {
default:
if (arp->ar_pro != __constant_htons(ETH_P_IP))
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am not sure, though, whether maybe I should put this piece of code
actually in icmp_rcv(), which is logically correct, however - I wasn't
sure if there were any other *bad* side effects.
I welcome all comments :-)
Oren.
__________________________________________________________________________
______ ____ ___ ___ _ __ \
MOSIX Development Group ) ) ) ) ) ( ' ) \ / Oren Laadan \
The Hebrew University / / / / / \ / / [email protected] \
of Jerusalem, Israel ( ( (___( ___) _(_ __/ \_______________________)
http://www.mosix.cs.huji.ac.il