[PATCH] net: Don't proxy arp respond if iif == rt->dst.dev if private VLAN is disabled

[PATCH] net: Don't proxy arp respond if iif == rt->dst.dev if private VLAN is disabled

[Thomas Graf]

Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed
the behavior of arp proxy to send arp replies back out on the interface
the request came in even if the private VLAN feature is disabled.

Previously we checked rt->dst.dev != skb->dev for in scenarios, when
proxy arp is enabled on for the netdevice and also when individual proxy
neighbour entries have been added.

This patch adds the check back for the pneigh_lookup() scenario.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
---
 net/ipv4/arp.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 59402be..63e4989 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -863,7 +863,8 @@ static int arp_process(struct sk_buff *skb)
 			if (addr_type == RTN_UNICAST  &&
 			    (arp_fwd_proxy(in_dev, dev, rt) ||
 			     arp_fwd_pvlan(in_dev, dev, rt, sip, tip) ||
-			     pneigh_lookup(&arp_tbl, net, &tip, dev, 0))) {
+			     (rt->dst.dev != dev &&
+			      pneigh_lookup(&arp_tbl, net, &tip, dev, 0)))) {
 				n = neigh_event_ns(&arp_tbl, sha, &sip, dev);
 				if (n)
 					neigh_release(n);
-- 
1.7.7.6

Re: [PATCH] net: Don't proxy arp respond if iif == rt->dst.dev if private VLAN is disabled

[Jesper Dangaard Brouer]

On Fri, 2012-02-10 at 15:07 +0100, Thomas Graf wrote:
> Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed
> the behavior of arp proxy to send arp replies back out on the interface
> the request came in even if the private VLAN feature is disabled.
> 
> Previously we checked rt->dst.dev != skb->dev for in scenarios, when
> proxy arp is enabled on for the netdevice and also when individual proxy
> neighbour entries have been added.
> 
> This patch adds the check back for the pneigh_lookup() scenario.
> 
> Signed-off-by: Thomas Graf <tgraf@suug.ch>

Acked-by: Jesper Dangaard Brouer <hawk@comx.dk>

Re: [PATCH] net: Don't proxy arp respond if iif == rt->dst.dev if private VLAN is disabled

[David Miller]

From: Thomas Graf <tgraf@suug.ch>
Date: Fri, 10 Feb 2012 15:07:11 +0100

> Commit 653241 (net: RFC3069, private VLAN proxy arp support) changed
> the behavior of arp proxy to send arp replies back out on the interface
> the request came in even if the private VLAN feature is disabled.
> 
> Previously we checked rt->dst.dev != skb->dev for in scenarios, when
> proxy arp is enabled on for the netdevice and also when individual proxy
> neighbour entries have been added.
> 
> This patch adds the check back for the pneigh_lookup() scenario.
> 
> Signed-off-by: Thomas Graf <tgraf@suug.ch>

Applied, thanks Thomas.