-
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kernel: fix bridge proxyarp issue with some broken DHCP clients
There are broken devices in the wild that handle duplicate IP address detection by sending out ARP requests for the IP that they received from a DHCP server and refuse the address if they get a reply. When proxyarp is enabled, they would go into a loop of requesting an address and then NAKing it again. Fixes: openwrt/openwrt#14309 Signed-off-by: Felix Fietkau <nbd@nbd.name>
- Loading branch information
Showing
2 changed files
with
74 additions
and
0 deletions.
There are no files selected for viewing
37 changes: 37 additions & 0 deletions
37
...linux/generic/pending-5.15/151-net-bridge-do-not-send-arp-replies-if-src-and-target.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
From: Felix Fietkau <nbd@nbd.name> | ||
Date: Thu, 4 Jan 2024 15:21:21 +0100 | ||
Subject: [PATCH] net: bridge: do not send arp replies if src and target hw | ||
addr is the same | ||
|
||
There are broken devices in the wild that handle duplicate IP address | ||
detection by sending out ARP requests for the IP that they received from a | ||
DHCP server and refuse the address if they get a reply. | ||
When proxyarp is enabled, they would go into a loop of requesting an address | ||
and then NAKing it again. | ||
|
||
Link: https://github.com/openwrt/openwrt/issues/14309 | ||
Signed-off-by: Felix Fietkau <nbd@nbd.name> | ||
--- | ||
|
||
--- a/net/bridge/br_arp_nd_proxy.c | ||
+++ b/net/bridge/br_arp_nd_proxy.c | ||
@@ -204,7 +204,10 @@ void br_do_proxy_suppress_arp(struct sk_ | ||
if ((p && (p->flags & BR_PROXYARP)) || | ||
(f->dst && (f->dst->flags & (BR_PROXYARP_WIFI | | ||
BR_NEIGH_SUPPRESS)))) { | ||
- if (!vid) | ||
+ replied = true; | ||
+ if (!memcmp(n->ha, sha, dev->addr_len)) | ||
+ replied = false; | ||
+ else if (!vid) | ||
br_arp_send(br, p, skb->dev, sip, tip, | ||
sha, n->ha, sha, 0, 0); | ||
else | ||
@@ -212,7 +215,6 @@ void br_do_proxy_suppress_arp(struct sk_ | ||
sha, n->ha, sha, | ||
skb->vlan_proto, | ||
skb_vlan_tag_get(skb)); | ||
- replied = true; | ||
} | ||
|
||
/* If we have replied or as long as we know the |
37 changes: 37 additions & 0 deletions
37
.../linux/generic/pending-6.1/151-net-bridge-do-not-send-arp-replies-if-src-and-target.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
From: Felix Fietkau <nbd@nbd.name> | ||
Date: Thu, 4 Jan 2024 15:21:21 +0100 | ||
Subject: [PATCH] net: bridge: do not send arp replies if src and target hw | ||
addr is the same | ||
|
||
There are broken devices in the wild that handle duplicate IP address | ||
detection by sending out ARP requests for the IP that they received from a | ||
DHCP server and refuse the address if they get a reply. | ||
When proxyarp is enabled, they would go into a loop of requesting an address | ||
and then NAKing it again. | ||
|
||
Link: https://github.com/openwrt/openwrt/issues/14309 | ||
Signed-off-by: Felix Fietkau <nbd@nbd.name> | ||
--- | ||
|
||
--- a/net/bridge/br_arp_nd_proxy.c | ||
+++ b/net/bridge/br_arp_nd_proxy.c | ||
@@ -204,7 +204,10 @@ void br_do_proxy_suppress_arp(struct sk_ | ||
if ((p && (p->flags & BR_PROXYARP)) || | ||
(f->dst && (f->dst->flags & (BR_PROXYARP_WIFI | | ||
BR_NEIGH_SUPPRESS)))) { | ||
- if (!vid) | ||
+ replied = true; | ||
+ if (!memcmp(n->ha, sha, dev->addr_len)) | ||
+ replied = false; | ||
+ else if (!vid) | ||
br_arp_send(br, p, skb->dev, sip, tip, | ||
sha, n->ha, sha, 0, 0); | ||
else | ||
@@ -212,7 +215,6 @@ void br_do_proxy_suppress_arp(struct sk_ | ||
sha, n->ha, sha, | ||
skb->vlan_proto, | ||
skb_vlan_tag_get(skb)); | ||
- replied = true; | ||
} | ||
|
||
/* If we have replied or as long as we know the |