bin/79228: [ PATCH ] extend /sbin/arp to be able to create
blackhole records
Dan Lukes
dan at obluda.cz
Fri Mar 25 06:40:03 PST 2005
>Number: 79228
>Category: bin
>Synopsis: [ PATCH ] extend /sbin/arp to be able to create blackhole records
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 25 14:40:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Dan Lukes
>Release: FreeBSD 5.4-PRERELEASE i386
>Organization:
Obludarium
>Environment:
System: FreeBSD 5.4-PRERELEASE i386
src/usr.sbin/arp/arp.c,v 1.53.2.2 2005/02/13 12:23:52 maxim Exp $"
>Description:
Current ARP doesn't allow to set LLINFO route records containing
RTF_BLACKHOLE or RTF_REJECT flags.
Creating records with those flag may be usefull to block external
traffic to a host without use of a firewall.
As kernel can do it, there seems not to be reason to hide the
functionality to userland.
>How-To-Repeat:
N/A
>Fix:
--- usr.sbin/arp/arp.c.ORIG Mon Feb 14 12:34:20 2005
+++ usr.sbin/arp/arp.c Fri Mar 25 15:01:35 2005
@@ -326,6 +326,10 @@
dst->sin_other = SIN_PROXY;
argc--; argv++;
}
+ } else if (strncmp(argv[0], "blackhole", 9) == 0) {
+ flags |= RTF_BLACKHOLE;
+ } else if (strncmp(argv[0], "reject", 6) == 0) {
+ flags |= RTF_REJECT;
} else if (strncmp(argv[0], "trail", 5) == 0) {
/* XXX deprecated and undocumented feature */
printf("%s: Sending trailers is no longer supported\n",
@@ -616,8 +620,8 @@
" arp [-n] [-i interface] -a",
" arp -d hostname [pub]",
" arp -d -a",
- " arp -s hostname ether_addr [temp] [pub]",
- " arp -S hostname ether_addr [temp] [pub]",
+ " arp -s hostname ether_addr [temp] [pub [only]] [reject] [blackhole]",
+ " arp -S hostname ether_addr [temp] [pub [only]] [reject] [blackhole]",
" arp -f filename");
exit(1);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list