From 2166c5872e9b792f8a0284b29e3fab8f2f2607a5 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Thu, 19 Aug 2021 19:44:31 +0200 Subject: [PATCH] arp: Don't answer announcements from guest or namespace Depending on the configuration, the host might have the same address. Don't answer them to avoid a duplicate IP address detection. Signed-off-by: Stefano Brivio --- arp.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arp.c b/arp.c index 547057c..17fad9f 100644 --- a/arp.c +++ b/arp.c @@ -57,6 +57,12 @@ int arp(struct ctx *c, struct ethhdr *eh, size_t len) ah->ar_op != htons(ARPOP_REQUEST)) return 1; + /* Discard announcements (but not 0.0.0.0 "probes"): we might have the + * same IP address, hide that. + */ + if (*((uint32_t *)&am->sip) && !memcmp(am->sip, am->tip, 4)) + return 1; + ah->ar_op = htons(ARPOP_REPLY); memcpy(am->tha, am->sha, ETH_ALEN); memcpy(am->sha, c->mac, ETH_ALEN);