From: Roy Marples <roy@marples.name>
Date: Tue, 15 Dec 2015 14:45:55 +0000 (+0000)
Subject: Test for ETHERTYPE_IP as the protocol type in the ARP BPF filter.
X-Git-Tag: v6.10.0~45
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24c3502f73f648527447ec6415873f3f3fd56498;p=thirdparty%2Fdhcpcd.git

Test for ETHERTYPE_IP as the protocol type in the ARP BPF filter.
---

diff --git a/arp.c b/arp.c
index b45201f1..a5274331 100644
--- a/arp.c
+++ b/arp.c
@@ -146,15 +146,18 @@ arp_packet(void *arg)
 		/* Families must match */
 		if (ar.ar_hrd != htons(ifp->family))
 			continue;
+#if 0
+		/* These checks are enforced in the BPF filter. */
 		/* Protocol must be IP. */
 		if (ar.ar_pro != htons(ETHERTYPE_IP))
 			continue;
-		if (ar.ar_pln != sizeof(arm.sip.s_addr))
-			continue;
 		/* Only these types are recognised */
 		if (ar.ar_op != htons(ARPOP_REPLY) &&
 		    ar.ar_op != htons(ARPOP_REQUEST))
 			continue;
+#endif
+		if (ar.ar_pln != sizeof(arm.sip.s_addr))
+			continue;
 
 		/* Get pointers to the hardware addreses */
 		hw_s = arp_buffer + sizeof(ar);
diff --git a/bpf-filter.h b/bpf-filter.h
index de9b277e..c8b027a4 100644
--- a/bpf-filter.h
+++ b/bpf-filter.h
@@ -34,8 +34,11 @@ static const struct bpf_insn arp_bpf_filter [] = {
 #ifndef BPF_SKIPTYPE
 	/* Make sure this is an ARP packet... */
 	BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12),
-	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_ARP, 0, 4),
+	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_ARP, 0, 6),
 #endif
+	/* Make sure this is for IP ... */
+	BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 16 + BPF_ETHCOOK),
+	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 4),
 	/* Make sure this is an ARP REQUEST... */
 	BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK),
 	BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REQUEST, 1, 0),