netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Proxy arp is broken: test program included

from [Charles Howes] [Permanent Link][Original]
To: netdev@xxxxxxxxxxx, linux-net@xxxxxxxxxxxxxxxx, davem@xxxxxxxxxx, ak@xxxxxx, kuznet@xxxxxxxxxxxxx
Subject: Proxy arp is broken: test program included
From: Charles Howes <croot@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 3 Oct 2000 08:28:18 -0700 (PDT)
Sender: owner-netdev@xxxxxxxxxxx 
Hello!

I've found a bug in the proxy arp code that's in 2.2.x and
2.4.0-test8, probably the latest 2.4.0-testx-prex, and probably every
kernel (ok, I didn't test 2.0.x nor 1.2.x).

The problem: you can use the arp command to add and delete proxy arp
entries, but sometimes the arp command doesn't work.  In 2.2.15,
entries can't be deleted, and in 2.4.0 they can't be added.  Strace shows
that the 'arp' program is working, it's the kernel that's at fault.

I was attempting to make a transparent firewall using proxy arp at the
time this bug was discovered.  Major egg on face when it worked in
testing but not in production.

I've included a short test program that shows the problem.

-----------------------8<---cut here---8<--------------
#!/bin/sh
# Arp bug tester by Charles Howes -- chowes@xxxxxxxxxxxxx
# 2000-10-03 08:24:13

CLASSC=10.0.2
IP1=$CLASSC.1
IP2=$CLASSC.2
# If you make PUB="", it works, but that's not what we're testing.
#PUB=
PUB=pub

# Set up an ip address so that you can set up proxy arp entries:
ifconfig eth0:1 $IP1
# Add one:
arp -Ds $IP2 eth0 $PUB
# Delete one:
arp -d $IP2 $PUB
# These arps add and then delete an entry.  They may work correctly
#the first time, that's why the results are ignored here.
#There should be nothing in the arp table about $IP2, right?

A=`arp -n | md5sum -`
   arp -Ds $IP2 eth0 $PUB
B=`arp -n | md5sum -`
   arp -d $IP2 $PUB
C=`arp -n | md5sum -`

# If the add and delete commands worked right, A=C and A!=B
# If unrelated arp entries show up in the arp table, this test will be
# disrupted; but really, new arp entries are rare enough that this
# shouldn't be a problem.  If it is a problem, unplug your ethernet card 
# and/or stop running portscans of your local subnet during this test.
if [ "$A" = "$C" -a "$A" != "$B" ]; then
  echo "That worked right!"
  exit 0
fi

# Ok, it didn't work right; in what way did it fail?
# When a pub arp entry is deleted, it shows up as 'incomplete' for a while
if arp -n | fgrep "$IP2 " | grep -qiv incomplete; then
  echo "I found $IP2 in your arp table after trying to delete it."
else
  echo "I didn't find $IP2 in your arp table after trying to add it."
fi
exit 2
-----------------------8<---cut here---8<--------------

--
Charles Howes -- chowes@xxxxxxxxxxxxxxxxxxx
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Proxy arp is broken: test program included, Charles Howes <=
Previous by Date:  Re: [patch] tcp_tw in 2.4, Andrew Morton
Next by Date:  Re: [patch] tcp_tw in 2.4, kuznet
Previous by Thread:  how many u32 filters?, Rafal Maszkowski
Next by Thread:  Coding style changes, Keyshaun
Indexes:  [Date] [Thread] [Top] [All Lists]