On Fri, Sep 15, 2023 at 06:20:45PM +0400, Nikolay Edigaryev wrote:
> Problem: when passt/pasta are working in a broadcast domain with more
> than one host machine,

Oof.  So, at present, passt/pasta is really not designed to have more
than a single machine on the "tap" side.  Changing the ARP behaviour
is likely to be the least of the problems with that setup.

I do have plans to change that so we can handle multiple logical guest
side machines, but accomplishing that is a ways off.

> it will answer for all of these machines,
> except for the one having --address. This is akin to ARP spoofing
> and breaks connection with these machines if passt/pasta ARP reply
> arrives before the original one.
> 
> Solution: only be responsible and send ARP replies
> for the --gateway's address.
> ---
>  arp.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arp.c b/arp.c
> index a35c1b6..f873491 100644
> --- a/arp.c
> +++ b/arp.c
> @@ -67,8 +67,8 @@ int arp(const struct ctx *c, const struct pool *p)
>  	    !memcmp(am->sip, am->tip, sizeof(am->sip)))
>  		return 1;
>  
> -	/* Don't resolve our own address, either. */
> -	if (!memcmp(am->tip, &c->ip4.addr, sizeof(am->tip)))
> +	/* Don't resolve anything but gateway address. */
> +	if (memcmp(am->tip, &c->ip4.gw, sizeof(am->tip)) != 0)
>  		return 1;
>  
>  	ah->ar_op = htons(ARPOP_REPLY);

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson