add reject+blackhole keywords to install entries with RTF_BLACKHOLE

and RTF_REJECT, respectively PR: bin/79228 Submitted by: Dan Lukes <dan@obluda.cz> MFC after: 2 weeks
2008-03-18 21:45:27 +00:00 · 2008-03-18 21:45:27 +00:00 · e653f1f0f4
parent 999396482a
commit e653f1f0f4
2 changed files with 23 additions and 4 deletions
--- a/usr.sbin/arp/arp.8
+++ b/usr.sbin/arp/arp.8
@ -53,10 +53,14 @@
 .Nm
 .Fl s Ar hostname ether_addr
 .Op Cm temp
+.Op Cm reject
+.Op Cm backhole
 .Op Cm pub Op Cm only
 .Nm
 .Fl S Ar hostname ether_addr
 .Op Cm temp
+.Op Cm reject
+.Op Cm backhole
 .Op Cm pub Op Cm only
 .Nm
 .Fl f Ar filename
@ -148,6 +152,18 @@ This type of entry is created automatically if
 detects that a routing table entry for
 .Ar hostname
 already exists.
+.Pp
+If the
+.Cm reject
+keyword is specified the entry will be marked so that traffic to
+the host will be discarded and the sender will be notified the
+host is unreachable.
+The
+.Cm blackhole
+keyword is similar in that traffic discarded but the sender is
+not notified.
+These can be used to block external traffic to a host without
+using a firewall.
 .It Fl S Ar hostname ether_addr
 Is just like
 .Fl s
--- a/usr.sbin/arp/arp.c
+++ b/usr.sbin/arp/arp.c
@ -321,8 +321,7 @@ set(int argc, char **argv)
 			struct timeval tv;
 			gettimeofday(&tv, 0);
 			expire_time = tv.tv_sec + 20 * 60;
-		}
-		else if (strncmp(argv[0], "pub", 3) == 0) {
+		} else if (strncmp(argv[0], "pub", 3) == 0) {
 			flags |= RTF_ANNOUNCE;
 			doing_proxy = 1;
 			if (argc && strncmp(argv[1], "only", 3) == 0) {
@ -330,6 +329,10 @@ set(int argc, char **argv)
 				dst->sin_other = SIN_PROXY;
 				argc--; argv++;
 			}
+		} else if (strncmp(argv[0], "blackhole", 9) == 0) {
+			flags |= RTF_BLACKHOLE;
+		} else if (strncmp(argv[0], "reject", 6) == 0) {
+			flags |= RTF_REJECT;
 		} else if (strncmp(argv[0], "trail", 5) == 0) {
 			/* XXX deprecated and undocumented feature */
 			printf("%s: Sending trailers is no longer supported\n",
@ -627,8 +630,8 @@ usage(void)
 		"       arp [-n] [-i interface] -a",
 		"       arp -d hostname [pub]",
 		"       arp -d [-i interface] -a",
-		"       arp -s hostname ether_addr [temp] [pub [only]]",
-		"       arp -S hostname ether_addr [temp] [pub [only]]",
+		"       arp -s hostname ether_addr [temp] [reject] [blackhole] [pub [only]]",
+		"       arp -S hostname ether_addr [temp] [reject] [blackhole] [pub [only]]",
 		"       arp -f filename");
 	exit(1);
 }