dhcpcd-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

Re: Re: Remotely exploitable crash in dhcpcd

Jason A. Donenfeld

Tue Aug 01 19:31:34 2017
On Tue, Aug 1, 2017 at 8:51 PM, Roy Marples <roy@xxxxxxxxxxxx> wrote:
> On 26/06/2017 12:57, Jason A. Donenfeld wrote:
>> I saw this via tcpdump. I'm away til Weds but will send more extensive
>> debugging when home.
>
> I didn't get any extensive debugging :)

Sorry for the delay! I'll get on this...

>
> Anyway, I've fixed a few more outliers and committed the patch to trunk.
> It works fine for me on NetBSD and Linux
> There's a few outstanding todos but they are minor
>
>   *  Ideally kernels need a mechanism not to ARP announce on address
> addition. (I can adjust for this NetBSD at least - does Linux have a
> /proc knob?)

Yep!

/proc/sys/net/ipv4/eth0/...

arp_ignore - INTEGER
Define different modes for sending replies in response to
received ARP requests that resolve local target IP addresses:
0 - (default): reply for any local target IP address, configured
on any interface
1 - reply only if the target IP address is local address
configured on the incoming interface
2 - reply only if the target IP address is local address
configured on the incoming interface and both with the
sender's IP address are part from same subnet on this interface
3 - do not reply for local addresses configured with scope host,
only resolutions for global and link addresses are replied
4-7 - reserved
8 - do not reply for all local addresses

The max value from conf/{all,interface}/arp_ignore is used
when ARP request is received on the {interface}

arp_notify - BOOLEAN
Define mode for notification of address and device changes.
0 - (default): do nothing
1 - Generate gratuitous arp requests when device is brought up
   or hardware address changes.

arp_accept - BOOLEAN
Define behavior for gratuitous ARP frames who's IP is not
already present in the ARP table:
0 - don't create new entries in the ARP table
1 - create new entries in the ARP table

Both replies and requests type gratuitous arp will trigger the
ARP table to be updated, if this setting is on.

If the ARP table already contains the IP address of the
gratuitous arp frame, the arp table will be updated regardless
if this setting is on or off.

Talk soon,
Jason
Follow-Ups:
Re: Re: Remotely exploitable crash in dhcpcdJason A. Donenfeld
References:
Remotely exploitable crash in dhcpcdJason A. Donenfeld
Re: Remotely exploitable crash in dhcpcdJason A. Donenfeld
Re: Re: Remotely exploitable crash in dhcpcdRoy Marples
Re: Re: Remotely exploitable crash in dhcpcdJason A. Donenfeld
Re: Re: Remotely exploitable crash in dhcpcdRoy Marples
Re: Re: Remotely exploitable crash in dhcpcdRoy Marples
Re: Re: Remotely exploitable crash in dhcpcdJason A. Donenfeld
Re: Re: Remotely exploitable crash in dhcpcdJason A. Donenfeld
Re: Re: Remotely exploitable crash in dhcpcdRoy Marples
Re: Re: Remotely exploitable crash in dhcpcdJason A. Donenfeld
Re: Re: Remotely exploitable crash in dhcpcdRoy Marples
Archive administrator: postmaster@marples.name