Package: ucarp
Version: 1.5.2+git20192404.1a9aaf7-1
Severity: wishlist
There happened to be a need to add a no spoofing option for our use case,
similar to a case in https://github.com/jedisct1/UCarp/issues/19.
So we decided to implement --no-spoof option just like in the
https://github.com/jedisct1/UCarp/pull/20 proposal. I'm attaching a patch file
that we used for patching the source files, it's been tested and seems to be
working correctly.
It would be nice for the patch to be added into ucarp package.
Best wishes
Karolis Ž.
-- System Information:
Debian Release: 11.8
APT prefers oldstable-security
APT policy: (500, 'oldstable-security'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.119-kvm (SMP w/4 CPU threads)
Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ucarp depends on:
ii ifupdown 0.8.36
ii libc6 2.36-9+deb12u2
ii libpcap0.8 1.10.0-2
ii net-tools 2.10-0.1
Versions of packages ucarp recommends:
ii iproute2 5.10.0-4
ucarp suggests no packages.
-- no debconf information
Description: Add command line option for disabling MAC address spoofing
Author: Karolis Žilionis <karoliszilio...@gmail.com>
Forwarded: no
Last-Update: 2023-11-27
--- a/src/carp.c
+++ b/src/carp.c
@@ -244,13 +244,17 @@
ch.carp_cksum = 0;
sum = cksum(&ch, sizeof ch);
ch.carp_cksum = htons(sum);
-
- eh.ether_shost[0] = 0x00;
- eh.ether_shost[1] = 0x00;
- eh.ether_shost[2] = 0x5e;
- eh.ether_shost[3] = 0x00;
- eh.ether_shost[4] = 0x00;
- eh.ether_shost[5] = vhid;
+
+ if (no_spoof) {
+ memcpy(eh.ether_shost, hwaddr, sizeof hwaddr);
+ } else {
+ eh.ether_shost[0] = 0x00;
+ eh.ether_shost[1] = 0x00;
+ eh.ether_shost[2] = 0x5e;
+ eh.ether_shost[3] = 0x00;
+ eh.ether_shost[4] = 0x00;
+ eh.ether_shost[5] = vhid;
+ }
if (no_mcast) {
eh.ether_dhost[0] = 0xff;
--- a/src/globals.h
+++ b/src/globals.h
@@ -29,6 +29,7 @@
GLOBAL0(signed char daemonize);
GLOBAL0(signed char ignoreifstate);
GLOBAL0(signed char no_mcast);
+GLOBAL0(signed char no_spoof);
GLOBAL(int syslog_facility, DEFAULT_FACILITY);
GLOBAL0(char *vaddr_arg);
GLOBAL0(char *xparam);
--- a/src/ucarp.c
+++ b/src/ucarp.c
@@ -43,6 +43,7 @@
"--daemonize (-B): run in background\n"
"--ignoreifstate (-S): ignore interface state (down, no carrier)\n"
"--nomcast (-M): use broadcast (instead of multicast) advertisements\n"
+ "--nospoof (-F): do not spoof source MAC address\n"
"--facility=<facility> (-f): set syslog facility (default=daemon)\n"
"--xparam=<value> (-x): extra parameter to send to up/down scripts\n"
"\n"
@@ -257,6 +258,10 @@
no_mcast = 1;
break;
}
+ case 'F': {
+ no_spoof = 1;
+ break;
+ }
default: {
usage();
}
--- a/src/ucarp_p.h
+++ b/src/ucarp_p.h
@@ -1,7 +1,7 @@
#ifndef __CARP_P_H__
#define __CARP_P_H__ 1
-static const char *GETOPT_OPTIONS = "i:s:v:p:Pa:hb:k:x:nu:d:Dr:zf:Bo:SM";
+static const char *GETOPT_OPTIONS = "i:s:v:p:Pa:hb:k:x:nu:d:Dr:zf:Bo:SMF";
static struct option long_options[] = {
{ "interface", 1, NULL, 'i' },
@@ -24,6 +24,7 @@
{ "daemonize", 0, NULL, 'B' },
{ "ignoreifstate", 0, NULL, 'S' },
{ "nomcast", 0, NULL, 'M' },
+ { "nospoof", 0, NULL, 'F'},
{ "passfile", 1, NULL, 'o' },
{ "xparam", 1, NULL, 'x' },
{ NULL, 0, NULL, 0 }
