From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 74CB05A0271
	for <passt-dev@passt.top>; Mon, 18 Sep 2023 06:17:44 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1695010660;
	bh=6+Hq6fbTSIc4lT1Wg5jhVhc4mD38RnK3u4+5iRVg1lY=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=E+pE/WusslohfbHR/jMsiTWkQ5vfIVBB+qIF0F92BrUCSLpFDSVMoVVleTMlKz7Px
	 FquihnwW11X/YYI6adyOmch2jmtzs3U0oVkdYpm+oaaVHrATtrJDZmBiWvucUeOQL2
	 m02O/wxrbV2uHw+Jt3oqcBeZTHO4XKlR+GEOrjTc=
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Rps2r53Hcz4x5j; Mon, 18 Sep 2023 14:17:40 +1000 (AEST)
Date: Mon, 18 Sep 2023 12:26:03 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Nikolay Edigaryev <edigaryev@gmail.com>
Subject: Re: [PATCH] arp: only send ARP replies for --gateway address
Message-ID: <ZQe1O6CqIqQWmcaM@zatzit>
References: <20230915142045.73457-1-edigaryev@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="IjtgFL6uaRJijDVn"
Content-Disposition: inline
In-Reply-To: <20230915142045.73457-1-edigaryev@gmail.com>
Message-ID-Hash: G2PJKBGYKW5A4SSU5JAJBLB3SIAZAIVP
X-Message-ID-Hash: G2PJKBGYKW5A4SSU5JAJBLB3SIAZAIVP
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZQe1O6CqIqQWmcaM@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/G2PJKBGYKW5A4SSU5JAJBLB3SIAZAIVP/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--IjtgFL6uaRJijDVn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Sep 15, 2023 at 06:20:45PM +0400, Nikolay Edigaryev wrote:
> Problem: when passt/pasta are working in a broadcast domain with more
> than one host machine,

Oof.  So, at present, passt/pasta is really not designed to have more
than a single machine on the "tap" side.  Changing the ARP behaviour
is likely to be the least of the problems with that setup.

I do have plans to change that so we can handle multiple logical guest
side machines, but accomplishing that is a ways off.

> it will answer for all of these machines,
> except for the one having --address. This is akin to ARP spoofing
> and breaks connection with these machines if passt/pasta ARP reply
> arrives before the original one.
>=20
> Solution: only be responsible and send ARP replies
> for the --gateway's address.
> ---
>  arp.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>=20
> diff --git a/arp.c b/arp.c
> index a35c1b6..f873491 100644
> --- a/arp.c
> +++ b/arp.c
> @@ -67,8 +67,8 @@ int arp(const struct ctx *c, const struct pool *p)
>  	    !memcmp(am->sip, am->tip, sizeof(am->sip)))
>  		return 1;
> =20
> -	/* Don't resolve our own address, either. */
> -	if (!memcmp(am->tip, &c->ip4.addr, sizeof(am->tip)))
> +	/* Don't resolve anything but gateway address. */
> +	if (memcmp(am->tip, &c->ip4.gw, sizeof(am->tip)) !=3D 0)
>  		return 1;
> =20
>  	ah->ar_op =3D htons(ARPOP_REPLY);

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--IjtgFL6uaRJijDVn
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmUHtTQACgkQzQJF27ox
2Gcdtg//YaDgxX1KA6LFw4TZeECKoqVuglHFi5s0gvBUEH1rm4K/lI+R43DDK6uX
G6XCCw4a6sqf6Gr5C6K0EfSxPnyvdeoWdG5AIym69tt2y1Z1leot9WMb5D3o8Iib
1bCDX8swqe7pgH4zPgvMkQwsDuTtF5zlUp734yPaPrVXySoP0EUhQWyV9HvncE8y
wiZrSCBRSRewJ1KMTJVQ6leQ3NH84Osb9L9TwSfWIP1vpqFyXdF8gJxp4nPIUvma
uHQjLoESFpQhs7xwokwsnPIFTnIiDbf4Gll002bi9nr7HTRpT1tLEAujRFzl42kg
BMzs/DeNLQ6f/SZUBgRgXj+WfVSWRTt6BWOMiW3knMxZkKQXvVDo3ijxdNbyXfUI
0FpMfMGjeym/5QhYcTiLKmfoDLLVX4esWRpzBiE/qVYccs7YF79r0BEXKUNmva49
Mb+OC5AAgFH42A8B5vhLzsObWWi3zUL78iWNpHyXmAv3k1ndXmwttznKADfarhWE
qoyH2eluIyFD1zSOyyV5ImFNw/RyuBvWXy5Yc0yYbPj+6b7fgIIsnihuOueIsggU
SWcti+BSVldwcvSWyjeVCk8kJ3n+3miTtckLaECKYsBdb/nx1PD1uWzHaF122MT8
z9BQC1xJGa+3XOLV3BTA1412VPCU8eoYRWsyAFl8KC3+IjCanuU=
=RJ58
-----END PGP SIGNATURE-----

--IjtgFL6uaRJijDVn--