Hi,

In IPv4 we log a message when someone is spoofing our arp cache.

Mar  9 01:03:51 q0 /bsd: arp info overwritten for 10.188.50.10 by 
00:01:02:03:04:05 on ne3

Do we want a similar message for IPv6 neighbor discovery protocol?

Mar  9 01:03:30 q0 /bsd: ndp info overwritten for 
fdd7:e83e:66bc:0001:0215:58ff:fe7c:cb62 by 00:01:02:03:04:05 on ne3

ok?

bluhm


Index: netinet6/nd6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.85
diff -u -p -r1.85 nd6.c
--- netinet6/nd6.c      28 Jun 2010 16:48:15 -0000      1.85
+++ netinet6/nd6.c      7 Mar 2011 19:56:42 -0000
@@ -1571,6 +1571,10 @@ fail:
         *      1       --      y       --      (7) * STALE
         */
 
+       if (llchange) {
+               log(LOG_INFO, "ndp info overwritten for %s by %s on %s\n",
+                   ip6_sprintf(from), ether_sprintf(lladdr), ifp->if_xname);
+       }
        if (lladdr) {           /* (3-5) and (7) */
                /*
                 * Record source link-layer address
Index: netinet6/nd6_nbr.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6_nbr.c,v
retrieving revision 1.55
diff -u -p -r1.55 nd6_nbr.c
--- netinet6/nd6_nbr.c  8 Feb 2010 11:56:09 -0000       1.55
+++ netinet6/nd6_nbr.c  7 Mar 2011 19:56:21 -0000
@@ -750,6 +750,11 @@ nd6_na_input(struct mbuf *m, int off, in
                        /*
                         * Update link-local address, if any.
                         */
+                       if (llchange) {
+                               log(LOG_INFO, "ndp info overwritten for %s "
+                                   "by %s on %s\n", ip6_sprintf(&taddr6),
+                                   ether_sprintf(lladdr), ifp->if_xname);
+                       }
                        if (lladdr) {
                                sdl->sdl_alen = ifp->if_addrlen;
                                bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen);

Reply via email to