Page MenuHome Accel-ppp

Некорректная работа proxy-arp
Closed, ResolvedPublicBUG

Description

При proxy-arp=2 accel-ppp генерирует некорректные ответы.
eth.src == mac адресу сервера
arp.sender mac == mac адресу абонента.
При наличии изоляции между абонентами (ради чего и включается proxy-arp) связи между абонентами не будет, соответственно смысла в таком proxy-arp нет. В Sender mac address должен быть MAC accel.

photo_2021-10-18_20-22-59.jpg (281×513 px, 21 KB)

[ipoe]
verbose=1
username=username
shared=1
ifcfg=1
mode=L2
start=up
ip-unnumbered=1
proxy-arp=2
idle-timeout=0
soft-terminate=1

Details

Protocol
General
Version
1.12.0-149-gff91c73

Event Timeline

I can confirm that linux kernel learns from arp.src.hw_mac, not from eth.src. It means that current behaviour for proxy_arp=2 is useless. If no l2 isolation, then proxy_arp is not required. in case of isolation, linux clients will not be able not communicate to each other

My env:

root@deb11:~# uname -a
Linux deb11 5.14.0-2-arm64 #1 SMP Debian 5.14.9-2 (2021-10-03) aarch64 GNU/Linux

attaching an example of arp packet with different eth.src and arp.src.hw_mac (3.pcap)

send this arp packet: ip netns exec A tcpreplay -i veth1 3.pcap

23:39:02.539528 a6:0c:83:63:76:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.1 tell 1.1.1.2, length 28
23:39:03.558823 a6:0c:83:63:76:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.1 tell 1.1.1.2, length 28
23:39:04.463191 00:11:22:33:44:55 > a6:0c:83:63:76:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 1.1.1.1 is-at da:c9:9a:4c:0b:82, length 28
23:39:04.463226 a6:0c:83:63:76:ff > da:c9:9a:4c:0b:82, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 45970, offset 0, flags [DF], proto ICMP (1), length 84)
1.1.1.2 > 1.1.1.1: ICMP echo request, id 13509, seq 74, length 64
23:39:04.463231 a6:0c:83:63:76:ff > da:c9:9a:4c:0b:82, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 46131, offset 0, flags [DF], proto ICMP (1), length 84)
1.1.1.2 > 1.1.1.1: ICMP echo request, id 13509, seq 75, length 64
23:39:04.582376 a6:0c:83:63:76:ff > da:c9:9a:4c:0b:82, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 46373, offset 0, flags [DF], proto ICMP (1), length 84)

Dimka88 changed the task status from Open to Confirmed.Oct 18 2021, 22:49

@ProLan please try to apply patch below:

diff --git a/accel-pppd/ctrl/ipoe/arp.c b/accel-pppd/ctrl/ipoe/arp.c
index fa6858d..41ed1eb 100644
--- a/accel-pppd/ctrl/ipoe/arp.c
+++ b/accel-pppd/ctrl/ipoe/arp.c
@@ -109,13 +109,9 @@ static void arp_ctx_read(struct _arphdr *ah)
                        pthread_mutex_unlock(&ipoe->lock);
                        goto out;
                }
+       }
 
-               if (ipoe->opt_arp == 2)
-                       memcpy(ah2.ar_sha, ses2->hwaddr, ETH_ALEN);
-               else
-                       memcpy(ah2.ar_sha, ipoe->hwaddr, ETH_ALEN);
-       } else
-               memcpy(ah2.ar_sha, ipoe->hwaddr, ETH_ALEN);
+       memcpy(ah2.ar_sha, ipoe->hwaddr, ETH_ALEN);
 
        pthread_mutex_unlock(&ipoe->lock);

@svlobanov - patch in production, working good

Dimka88 claimed this task.