Commit 56022a8f authored by Salam Noureddine's avatar Salam Noureddine Committed by David S. Miller

ipv4: arp: update neighbour address when a gratuitous arp is received and arp_accept is set

Gratuitous arp packets are useful in switchover scenarios to update
client arp tables as quickly as possible. Currently, the mac address
of a neighbour is only updated after a locktime period has elapsed
since the last update. In most use cases such delays are unacceptable
for network admins. Moreover, the "updated" field of the neighbour
stucture doesn't record the last time the address of a neighbour
changed but records any change that happens to the neighbour. This is
clearly a bug since locktime uses that field as meaning "addr_updated".
With this observation, I was able to perpetuate a stale address by
sending a stream of gratuitous arp packets spaced less than locktime
apart. With this change the address is updated when a gratuitous arp
is received and the arp_accept sysctl is set.
Signed-off-by: default avatarSalam Noureddine <noureddine@aristanetworks.com>
Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e8243534
...@@ -732,6 +732,7 @@ static int arp_process(struct sk_buff *skb) ...@@ -732,6 +732,7 @@ static int arp_process(struct sk_buff *skb)
int addr_type; int addr_type;
struct neighbour *n; struct neighbour *n;
struct net *net = dev_net(dev); struct net *net = dev_net(dev);
bool is_garp = false;
/* arp_rcv below verifies the ARP header and verifies the device /* arp_rcv below verifies the ARP header and verifies the device
* is ARP'able. * is ARP'able.
...@@ -898,10 +899,12 @@ static int arp_process(struct sk_buff *skb) ...@@ -898,10 +899,12 @@ static int arp_process(struct sk_buff *skb)
It is possible, that this option should be enabled for some It is possible, that this option should be enabled for some
devices (strip is candidate) devices (strip is candidate)
*/ */
is_garp = arp->ar_op == htons(ARPOP_REQUEST) && tip == sip &&
inet_addr_type(net, sip) == RTN_UNICAST;
if (n == NULL && if (n == NULL &&
(arp->ar_op == htons(ARPOP_REPLY) || ((arp->ar_op == htons(ARPOP_REPLY) &&
(arp->ar_op == htons(ARPOP_REQUEST) && tip == sip)) && inet_addr_type(net, sip) == RTN_UNICAST) || is_garp))
inet_addr_type(net, sip) == RTN_UNICAST)
n = __neigh_lookup(&arp_tbl, &sip, dev, 1); n = __neigh_lookup(&arp_tbl, &sip, dev, 1);
} }
...@@ -914,8 +917,10 @@ static int arp_process(struct sk_buff *skb) ...@@ -914,8 +917,10 @@ static int arp_process(struct sk_buff *skb)
agents are active. Taking the first reply prevents agents are active. Taking the first reply prevents
arp trashing and chooses the fastest router. arp trashing and chooses the fastest router.
*/ */
override = time_after(jiffies, n->updated + override = time_after(jiffies,
NEIGH_VAR(n->parms, LOCKTIME)); n->updated +
NEIGH_VAR(n->parms, LOCKTIME)) ||
is_garp;
/* Broadcast replies and request packets /* Broadcast replies and request packets
do not assert neighbour reachability. do not assert neighbour reachability.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment