From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636])
	by passt.top (Postfix) with ESMTPS id B10735A026F
	for <passt-dev@passt.top>; Fri, 15 Sep 2023 16:20:50 +0200 (CEST)
Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-9adcb89b48bso110396066b.2
        for <passt-dev@passt.top>; Fri, 15 Sep 2023 07:20:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1694787650; x=1695392450; darn=passt.top;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=+3zDnx23CYCnPJiMhSmWyqU5Wn3ReyKImPC+8ZUtV5Y=;
        b=KkrN/Wl8mAt7chzcvNrZJLIZncwxHGs9WKNoYte7aMtY2CPgZufOvjbOndG2tlj5jl
         kOMkpb8nyq3Kw4YAuCKmbb1hcWtnOMM8KdJCdDOTeaE2p7XbM2h+vSfRsDV90RYauC9D
         P1Q7K2LXAYPaoIbUoESmL99GtmaFPsb3d5Jeglie7/NhcWN7Iu2J0D086h717HKktfPW
         DRkjkGAzojJ2oZ4tgkJZq49KjzLHvEbSyoANzyjVAdLDhYRWtBf4wwH8xLZ/Qc3wIgSV
         PxGe4jVsDVt9w4I4E06Nj2XIaVK7IkFRPYKV16VNuZdkUt4rFYyvblErSY+dML9uvyCu
         5Q7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694787650; x=1695392450;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=+3zDnx23CYCnPJiMhSmWyqU5Wn3ReyKImPC+8ZUtV5Y=;
        b=p1ivHWCeaZ7KHw2bFxM5jDeF5lu1oVRjtZ3lZWdL2P9vH1YEUlA+HNstsfbBv1DsoY
         W+5FL6cAr8IRKkixvJXeXKiLTvxBZbBnAgEl9JK6Ib2QN600nEfXzJ2UTxjr6fN2hPGH
         bjr1HhMSlNzo+ZkDt/BdH0BQCsUkbE8F/Wlxk77T7uKioLrxAiQclHwb/GP0P/fAYczE
         ud05mYiZ1SXCkDyF6FI3RytMYtiSjjeahnhrgesVPDUGxfguyAFMhk0h3LIJ31+ii6CI
         TpcHjHh3A7u0Hxt8wXltpDAYggXqLaVYtmi+1w58o3t/v2gZeDaaCZmnLRktzNV+ZRnT
         lN6Q==
X-Gm-Message-State: AOJu0YxxO8MFYDyib8ESx/KRRzWqTYMb33L/6ABF5ArV5jGUF5VTe6Cu
	9wn1XWxJ9DXux+A07gSf16JBG0V/oDCSpw==
X-Google-Smtp-Source: AGHT+IGu4Q0coWSBNzS+l1C9L3O1MqlXsy2BzQf/f2sCuoiHeIRnTf54ypbfueD4iEMgIHUYPCd4ig==
X-Received: by 2002:a17:906:73c3:b0:9a2:26d8:f184 with SMTP id n3-20020a17090673c300b009a226d8f184mr1479424ejl.51.1694787650039;
        Fri, 15 Sep 2023 07:20:50 -0700 (PDT)
Received: from localhost.localdomain ([37.252.81.99])
        by smtp.gmail.com with ESMTPSA id kt26-20020a170906aada00b0098f99048053sm2524748ejb.148.2023.09.15.07.20.49
        (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
        Fri, 15 Sep 2023 07:20:49 -0700 (PDT)
From: Nikolay Edigaryev <edigaryev@gmail.com>
To: passt-dev@passt.top
Subject: [PATCH] arp: only send ARP replies for --gateway address
Date: Fri, 15 Sep 2023 18:20:45 +0400
Message-Id: <20230915142045.73457-1-edigaryev@gmail.com>
X-Mailer: git-send-email 2.39.2 (Apple Git-144)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: VXD3DEOOY7CXVJQVSZ7XTCD23KIX7JVE
X-Message-ID-Hash: VXD3DEOOY7CXVJQVSZ7XTCD23KIX7JVE
X-MailFrom: edigaryev@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Nikolay Edigaryev <edigaryev@gmail.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20230915142045.73457-1-edigaryev@gmail.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/VXD3DEOOY7CXVJQVSZ7XTCD23KIX7JVE/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Problem: when passt/pasta are working in a broadcast domain with more
than one host machine, it will answer for all of these machines,
except for the one having --address. This is akin to ARP spoofing
and breaks connection with these machines if passt/pasta ARP reply
arrives before the original one.

Solution: only be responsible and send ARP replies
for the --gateway's address.
---
 arp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arp.c b/arp.c
index a35c1b6..f873491 100644
--- a/arp.c
+++ b/arp.c
@@ -67,8 +67,8 @@ int arp(const struct ctx *c, const struct pool *p)
 	    !memcmp(am->sip, am->tip, sizeof(am->sip)))
 		return 1;
 
-	/* Don't resolve our own address, either. */
-	if (!memcmp(am->tip, &c->ip4.addr, sizeof(am->tip)))
+	/* Don't resolve anything but gateway address. */
+	if (memcmp(am->tip, &c->ip4.gw, sizeof(am->tip)) != 0)
 		return 1;
 
 	ah->ar_op = htons(ARPOP_REPLY);
-- 
2.39.2 (Apple Git-144)