[openwrt/openwrt] kernel: fix bridge proxyarp issue with some broken DHCP clients

LEDE Commits lede-commits at lists.infradead.org
Fri Jan 5 03:57:00 PST 2024 

nbd pushed a commit to openwrt/openwrt.git, branch openwrt-23.05:
https://git.openwrt.org/49bde576794af27a7472965ef0124570dfbe9323

commit 49bde576794af27a7472965ef0124570dfbe9323
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Fri Jan 5 11:58:15 2024 +0100

    kernel: fix bridge proxyarp issue with some broken DHCP clients
    
    There are broken devices in the wild that handle duplicate IP address
    detection by sending out ARP requests for the IP that they received from a
    DHCP server and refuse the address if they get a reply.
    When proxyarp is enabled, they would go into a loop of requesting an address
    and then NAKing it again.
    
    Fixes: https://github.com/openwrt/openwrt/issues/14309
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
    (cherry picked from commit c1ad78318c3e6421e60dd187477f38ca5f9a5752)
---
 ...do-not-send-arp-replies-if-src-and-target.patch | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/target/linux/generic/pending-5.15/151-net-bridge-do-not-send-arp-replies-if-src-and-target.patch b/target/linux/generic/pending-5.15/151-net-bridge-do-not-send-arp-replies-if-src-and-target.patch
new file mode 100644
index 0000000000..f420d210c2
--- /dev/null
+++ b/target/linux/generic/pending-5.15/151-net-bridge-do-not-send-arp-replies-if-src-and-target.patch
@@ -0,0 +1,37 @@
+From: Felix Fietkau <nbd at nbd.name>
+Date: Thu, 4 Jan 2024 15:21:21 +0100
+Subject: [PATCH] net: bridge: do not send arp replies if src and target hw
+ addr is the same
+
+There are broken devices in the wild that handle duplicate IP address
+detection by sending out ARP requests for the IP that they received from a
+DHCP server and refuse the address if they get a reply.
+When proxyarp is enabled, they would go into a loop of requesting an address
+and then NAKing it again.
+
+Link: https://github.com/openwrt/openwrt/issues/14309
+Signed-off-by: Felix Fietkau <nbd at nbd.name>
+---
+
+--- a/net/bridge/br_arp_nd_proxy.c
++++ b/net/bridge/br_arp_nd_proxy.c
+@@ -204,7 +204,10 @@ void br_do_proxy_suppress_arp(struct sk_
+ 			if ((p && (p->flags & BR_PROXYARP)) ||
+ 			    (f->dst && (f->dst->flags & (BR_PROXYARP_WIFI |
+ 							 BR_NEIGH_SUPPRESS)))) {
+-				if (!vid)
++				replied = true;
++				if (!memcmp(n->ha, sha, dev->addr_len))
++					replied = false;
++				else if (!vid)
+ 					br_arp_send(br, p, skb->dev, sip, tip,
+ 						    sha, n->ha, sha, 0, 0);
+ 				else
+@@ -212,7 +215,6 @@ void br_do_proxy_suppress_arp(struct sk_
+ 						    sha, n->ha, sha,
+ 						    skb->vlan_proto,
+ 						    skb_vlan_tag_get(skb));
+-				replied = true;
+ 			}
+ 
+ 			/* If we have replied or as long as we know the

More information about the lede-commits mailing list