Re: [PATCH 1/1] ipv4: arp: Always update neighbour address when a gratuitous arp is received

[Hannes Frederic Sowa <hannes@stressinduktion.org>]

On Thu, Dec 19, 2013 at 09:41:12PM -0800, Salam Noureddine wrote:
> Gratuitous arp packets are useful in switchover scenarios to update
> client arp tables as quickly as possible. Currently, the mac address
> of a neighbour is only updated after a locktime period has elapsed
> since the last update. In most use cases such delays are unacceptable
> for network admins. Moreover, the "updated" field of the neighbour
> stucture doesn't record the last time the address of a neighbour
> changed but records any change that happens to theneighbour. This is
> clearly a bug since locktime uses that field as meaning "addr_updated".
> With this observation, I was able to perpetuate a stale address by
> sending a stream of gratuitous arp packets spaced less than locktime
> apart.
> 
> Signed-off-by: Salam Noureddine <noureddine@aristanetworks.com>
> ---
>  net/ipv4/arp.c |    5 ++++-
>  1 files changed, 4 insertions(+), 1 deletions(-)
> 
> diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
> index 7808093..ab13347 100644
> --- a/net/ipv4/arp.c
> +++ b/net/ipv4/arp.c
> @@ -910,7 +910,10 @@ static int arp_process(struct sk_buff *skb)
>  		   agents are active. Taking the first reply prevents
>  		   arp trashing and chooses the fastest router.
>  		 */
> -		override = time_after(jiffies, n->updated + n->parms->locktime);
> +		override = time_after(jiffies,
> +				      n->updated + n->parms->locktime) ||
> +			   (tip == sip &&
> +			    inet_addr_type(net, sip) == RTN_UNICAST);
>  
>  		/* Broadcast replies and request packets
>  		   do not assert neighbour reachability.

Hm, that is hard to decipher in a few months (or years). Maybe a small
function like

static bool is_garp(...)
{
	...
}

would self-document the code. They normally get inlined so there is no
additional runtime overhead.

Thanks,

  Hannes