Hi,
On 15/02/2019 03:49, Linus Lüssing wrote:
On Fri, Feb 15, 2019 at 12:16:31AM +0800, Marek Lindner wrote:
On Thursday, 14 February 2019 23:51:00 HKT Linus Lüssing wrote:
So far, gratuitous ARP Replies were ignored for DAT processing as it contains a broadcast MAC address. This patch changes this and allows snooping such ARP messages, too.
Gratuitous ARP Replies were ignored since this commit: ab361a9ccc5 ("batman-adv: filter ARP packets with invalid MAC addresses in
DAT")
You're kind enough to mention when the filter was introduced but fail to explain why the filter introduced in the past was has outlived its usefulness or how the new behavior addresses the previous concerns.
That patch added filtering for both zero and broadcast MAC addresses. While the original premise is correct - we do not want those addresses in the DAT, the assumption that a broadcast MAC address as ARP target MAC address were invalid, is wrong. Gratuitous ARP Replies are valid packets.
So that patch was a bit too strict in that regard, I think. For gratuitous ARP it's enough to ignore the (Target MAC/Target IP) pair. Snooping the (Sender MAC/Sender IP) should be fine.
Is there any situation where an OS would reject a gracious ARP? Or are they always blindly accepted and processed accordingly? If they have any protection against any misuse, I guess batman-adv should try to do the same.
Cheers,