On Wed, Mar 09, 2011 at 01:08:47AM +0100, Alexander Bluhm wrote:
> Hi,
>
> In IPv4 we log a message when someone is spoofing our arp cache.
>
> Mar 9 01:03:51 q0 /bsd: arp info overwritten for 10.188.50.10 by
> 00:01:02:03:04:05 on ne3
>
> Do we want a similar message for IPv6 neighbor discovery protocol?
>
> Mar 9 01:03:30 q0 /bsd: ndp info overwritten for
> fdd7:e83e:66bc:0001:0215:58ff:fe7c:cb62 by 00:01:02:03:04:05 on ne3
>
> ok?
>
OMG that logic in nd6_nbr.c is insanely twisted.
Looks OK (with my limited IPv6 knowledge).
> bluhm
>
>
> Index: netinet6/nd6.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6.c,v
> retrieving revision 1.85
> diff -u -p -r1.85 nd6.c
> --- netinet6/nd6.c 28 Jun 2010 16:48:15 -0000 1.85
> +++ netinet6/nd6.c 7 Mar 2011 19:56:42 -0000
> @@ -1571,6 +1571,10 @@ fail:
> * 1 -- y -- (7) * STALE
> */
>
> + if (llchange) {
> + log(LOG_INFO, "ndp info overwritten for %s by %s on %s\n",
> + ip6_sprintf(from), ether_sprintf(lladdr), ifp->if_xname);
> + }
> if (lladdr) { /* (3-5) and (7) */
> /*
> * Record source link-layer address
> Index: netinet6/nd6_nbr.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6_nbr.c,v
> retrieving revision 1.55
> diff -u -p -r1.55 nd6_nbr.c
> --- netinet6/nd6_nbr.c 8 Feb 2010 11:56:09 -0000 1.55
> +++ netinet6/nd6_nbr.c 7 Mar 2011 19:56:21 -0000
> @@ -750,6 +750,11 @@ nd6_na_input(struct mbuf *m, int off, in
> /*
> * Update link-local address, if any.
> */
> + if (llchange) {
> + log(LOG_INFO, "ndp info overwritten for %s "
> + "by %s on %s\n", ip6_sprintf(&taddr6),
> + ether_sprintf(lladdr), ifp->if_xname);
> + }
> if (lladdr) {
> sdl->sdl_alen = ifp->if_addrlen;
> bcopy(lladdr, LLADDR(sdl), ifp->if_addrlen);
>
--
:wq Claudio
