lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAA93jw5w5eQEHVQWsKyQghELUdQVpefQHr2JcjdA5eyTxPr_Ng@mail.gmail.com>
Date: Tue, 9 Jan 2024 07:49:16 -0500
From: Dave Taht <dave.taht@...il.com>
To: Felix Fietkau <nbd@....name>
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH net-next] net: bridge: do not send arp replies if src and
 target hw addr is the same

On Thu, Jan 4, 2024 at 9:54 AM Felix Fietkau <nbd@....name> wrote:
>
> There are broken devices in the wild that handle duplicate IP address
> detection by sending out ARP requests for the IP that they received from a
> DHCP server and refuse the address if they get a reply.
> When proxyarp is enabled, they would go into a loop of requesting an address
> and then NAKing it again.
>
> Link: https://github.com/openwrt/openwrt/issues/14309
> Signed-off-by: Felix Fietkau <nbd@....name>
> ---
>  net/bridge/br_arp_nd_proxy.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/net/bridge/br_arp_nd_proxy.c b/net/bridge/br_arp_nd_proxy.c
> index c7869a286df4..3a2770938374 100644
> --- a/net/bridge/br_arp_nd_proxy.c
> +++ b/net/bridge/br_arp_nd_proxy.c
> @@ -204,7 +204,10 @@ void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br,
>                         if ((p && (p->flags & BR_PROXYARP)) ||
>                             (f->dst && (f->dst->flags & BR_PROXYARP_WIFI)) ||
>                             br_is_neigh_suppress_enabled(f->dst, vid)) {
> -                               if (!vid)
> +                               replied = true;
> +                               if (!memcmp(n->ha, sha, dev->addr_len))
> +                                       replied = false;
> +                               else if (!vid)
>                                         br_arp_send(br, p, skb->dev, sip, tip,
>                                                     sha, n->ha, sha, 0, 0);
>                                 else
> @@ -212,7 +215,6 @@ void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br,
>                                                     sha, n->ha, sha,
>                                                     skb->vlan_proto,
>                                                     skb_vlan_tag_get(skb));
> -                               replied = true;
>                         }
>
>                         /* If we have replied or as long as we know the
> --
> 2.43.0
>
>

Acked-by: Dave Taht <dave.taht@...il.com>

-- 
40 years of net history, a couple songs:
https://www.youtube.com/watch?v=D9RGX6QFm5E
Dave Täht CSO, LibreQos

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ