#1324 arp_netlink should drop AF_BRIDGE netlink messages
This is a minor patch to a bug in the way netlink RTM_NEWNEIGH and RTM_DELNEIGH packets are handled.
The code in inetNetToMediaTable_data_access.c expects all such netlink messages to contain
an IP address so that if the length is not 4 (IPv4) nor 16 (IPv6), we get an snmp_log LOG_ERR
message.
snmpd[7769]: inetNetToMediaTable:_add_or_update_arpentry: unsupported address type, len = 0
Changes to bridge interfaces can generate netlink AF_BRIDGE family messages that do
not contain IP addresses. This is by design. These messages, along with AF_INET and AF_INET6
family types, are processed by agent/mibgroup/ip-mib/data_access/arp_netlink.c when they
should be silently dropped. The ARP code should ignore these packets since they are not
useful for ARP.
This patch checks for rtmp->ndm_family == AF_BRIDGE in arp_netlink.c:fillup_entry_info()
and if found, returns 0 so they are dropped.
This was checked on latest Debian Jessie (amd64) where I flapped interfaces that had
bonds in bridges and looked for the error messages seen above.
The patch is against latest branch V5-7-patches.
Thanks,
Sam Tannous
Cumulus Networks
stannous@cumulusnetworks.com
Now that I think about this a little more it might be better to only look at
AF_INET and AF_INET6 families explicitly.
This new patch returns 0 if the packet is not of the family AF_INET and not AF_INET6.
I tested this again on amd64 linux box with latest V5-7-patches.
--Sam Tannous
Thanks for the patch! It has been applied to the V5-7-patches branch and trunk.