Fix ARP reply handling changed in r286955.

If source of ARP request didn't pass the routing check (e.g. not in directly connected network), be polite and still answer the request instead of dropping frame. Reported by: quadro at irc@rusnet
2015-12-16 09:16:06 +00:00 · 2015-12-16 09:16:06 +00:00 · b2f4463134
commit b2f4463134
parent 3d03354a92
1 changed files with 12 additions and 4 deletions
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@ -855,12 +855,20 @@ match:
 		arp_check_update_lle(ah, isaddr, ifp, bridged, la);
 	else if (itaddr.s_addr == myaddr.s_addr) {
 		/*
-		 * Reply to our address, but no lle exists yet.
-		 * do we really have to create an entry?
+		 * Request/reply to our address, but no lle exists yet.
+		 * Try to create new llentry.
 		 */
 		la = lltable_alloc_entry(LLTABLE(ifp), 0, dst);
-		if (la == NULL)
-			goto drop;
+		if (la == NULL) {
+
+			/*
+			 * lle creation may fail if source address belongs
+			 * to non-directly connected subnet. However, we
+			 * will try to answer the request instead of dropping
+			 * frame.
+			 */
+			goto reply;
+		}
 		lltable_set_entry_addr(ifp, la, ar_sha(ah));

 		IF_AFDATA_WLOCK(ifp);