How to drop arps when protocol addrs of sender = target

How to drop arps when protocol addrs of sender = target

[Chris Schanzle]

I have a need to not respond to arps where the protocol address of the 
sender is the same as the target, which is the case when Windows clients 
try to ARP for the manually-configured address it is about to use.  If 
it gets a response, it disables the interface.  I currently respond 
because of a global arp entry ("arp ... -s ... netmask 0.0.0.0 pub"), 
which is required for my application.

I want to receive and respond to all other ARPs (e.g., for routers).

I cannot change the Windows clients.

It does not appear to me this can be done with iptables or arptables 
(comparisons between two fields in the packet).  Any suggestions before 
I start hacking on kernel code?

Thanks,

Chris Schanzle
[yes, the nospam *does* go to me.  :-]

Re: How to drop arps when protocol addrs of sender = target

[Cedric Blancher]

Le mer 10/09/2003 à 19:04, Chris Schanzle a écrit :
> I have a need to not respond to arps where the protocol address of the 
> sender is the same as the target, which is the case when Windows clients 
> try to ARP for the manually-configured address it is about to use.

It is not easy to achieve as you would need a specific match extensions
for that compares protocole source and destination addresses for
arptables or ebtables (iptables does not filter ARP). I wanted to write
something like this to spot wierd ARP stuff, but I do not have the time
for now. However, enhancing ebtables arp match is quite an easy thing. I
did not look at arptables, but it must be easy too.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE