| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20171027.224818.1467938250125086766.davem@davemloft.net> Date: Fri, 27 Oct 2017 22:48:18 +0900 (KST) From: David Miller <davem@...emloft.net> To: echaudro@...hat.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH net-next] arp: Ignore packets with an all zero sender mac address From: Eelco Chaudron <echaudro@...hat.com> Date: Thu, 26 Oct 2017 10:37:01 +0200 > Some applications/devices seem to forget their MAC address when > performing some kind of a failover which triggers (something that > looks like) a gratuities arp. > > The ARP packet looks something like this: > > Address Resolution Protocol (reply) > Hardware type: Ethernet (1) > Protocol type: IPv4 (0x0800) > Hardware size: 6 > Protocol size: 4 > Opcode: reply (2) > Sender MAC address: 00:00:00:00:00:00 > Sender IP address: 10.0.0.1 > Target MAC address: 00:00:00:00:00:00 > Target IP address: 255.255.255.255 > > This will result in existing arp entries being overwritten with an all > zero mac address. Until the arp entry times out this host can no > longer initiate a connection to this device. > > Checking for and ignoring invalid mac addresses will solve this > problem. > > Signed-off-by: Eelco Chaudron <echaudro@...hat.com> I really have trouble justifying this fully. I looked at a bunch of ARP implementations, and I see no special checks about the link level address other than to make sure it isn't "our" address. Whatever is generating these weird ARP packets should be fixed instead. Thank you.
Powered by blists - more mailing lists