kernel: fix bridge proxyarp issue with some broken DHCP clients

There are broken devices in the wild that handle duplicate IP address detection by sending out ARP requests for the IP that they received from a DHCP server and refuse the address if they get a reply. When proxyarp is enabled, they would go into a loop of requesting an address and then NAKing it again. Fixes: https://github.com/openwrt/openwrt/issues/14309 Signed-off-by: Felix Fietkau <nbd@nbd.name>
2025-02-20 17:32:57 +00:00 · 2024-01-05 11:58:15 +01:00 · 2024-01-05 11:58:15 +01:00 · c1ad78318c
commit c1ad78318c
parent 4a5d1d0e95
2 changed files with 74 additions and 0 deletions
--- a/target/linux/generic/pending-5.15/151-net-bridge-do-not-send-arp-replies-if-src-and-target.patch
+++ b/target/linux/generic/pending-5.15/151-net-bridge-do-not-send-arp-replies-if-src-and-target.patch
@ -0,0 +1,37 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 4 Jan 2024 15:21:21 +0100
+Subject: [PATCH] net: bridge: do not send arp replies if src and target hw
+ addr is the same
+
+There are broken devices in the wild that handle duplicate IP address
+detection by sending out ARP requests for the IP that they received from a
+DHCP server and refuse the address if they get a reply.
+When proxyarp is enabled, they would go into a loop of requesting an address
+and then NAKing it again.
+
+Link: https://github.com/openwrt/openwrt/issues/14309
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/bridge/br_arp_nd_proxy.c
+++ b/net/bridge/br_arp_nd_proxy.c
+@@ -204,7 +204,10 @@ void br_do_proxy_suppress_arp(struct sk_
+ 			if ((p && (p->flags & BR_PROXYARP)) ||
+ 			    (f->dst && (f->dst->flags & (BR_PROXYARP_WIFI |
+ 							 BR_NEIGH_SUPPRESS)))) {
+-				if (!vid)
+				replied = true;
+				if (!memcmp(n->ha, sha, dev->addr_len))
+					replied = false;
+				else if (!vid)
+ 					br_arp_send(br, p, skb->dev, sip, tip,
+ 						    sha, n->ha, sha, 0, 0);
+ 				else
+@@ -212,7 +215,6 @@ void br_do_proxy_suppress_arp(struct sk_
+ 						    sha, n->ha, sha,
+ 						    skb->vlan_proto,
+ 						    skb_vlan_tag_get(skb));
+-				replied = true;
+ 			}
+ 
+ 			/* If we have replied or as long as we know the
--- a/target/linux/generic/pending-6.1/151-net-bridge-do-not-send-arp-replies-if-src-and-target.patch
+++ b/target/linux/generic/pending-6.1/151-net-bridge-do-not-send-arp-replies-if-src-and-target.patch
@ -0,0 +1,37 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Thu, 4 Jan 2024 15:21:21 +0100
+Subject: [PATCH] net: bridge: do not send arp replies if src and target hw
+ addr is the same
+
+There are broken devices in the wild that handle duplicate IP address
+detection by sending out ARP requests for the IP that they received from a
+DHCP server and refuse the address if they get a reply.
+When proxyarp is enabled, they would go into a loop of requesting an address
+and then NAKing it again.
+
+Link: https://github.com/openwrt/openwrt/issues/14309
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/bridge/br_arp_nd_proxy.c
+++ b/net/bridge/br_arp_nd_proxy.c
+@@ -204,7 +204,10 @@ void br_do_proxy_suppress_arp(struct sk_
+ 			if ((p && (p->flags & BR_PROXYARP)) ||
+ 			    (f->dst && (f->dst->flags & (BR_PROXYARP_WIFI |
+ 							 BR_NEIGH_SUPPRESS)))) {
+-				if (!vid)
+				replied = true;
+				if (!memcmp(n->ha, sha, dev->addr_len))
+					replied = false;
+				else if (!vid)
+ 					br_arp_send(br, p, skb->dev, sip, tip,
+ 						    sha, n->ha, sha, 0, 0);
+ 				else
+@@ -212,7 +215,6 @@ void br_do_proxy_suppress_arp(struct sk_
+ 						    sha, n->ha, sha,
+ 						    skb->vlan_proto,
+ 						    skb_vlan_tag_get(skb));
+-				replied = true;
+ 			}
+ 
+ 			/* If we have replied or as long as we know the